Professional Documents
Culture Documents
by
B.Ajay (18AT1A0506)
P.Ismail (18AT1A0551)
M.Ashok Reddy (18AT1A0521)
P.Janaki Ram Vamshi (18AT1A0552)
2018-2022
G.PULLAIAH COLLEGE OF ENGINEERING AND TECHNOLOGY
(Autonomous)
(Approved by AICTE | NAAC Accreditation with ‘A’ Grade | Accredited by NBA (ECE, CSE & EEE) |
Permanently Affiliated to JNTUA)
CERTIFICATE
This is to certify that the project report entitled “SesPHR : A Methodology for Secure
Sharing of Personal Health Records in the Cloud” being submitted by M.Ashok Reddy
(18AT1A0521) P.Ismail (18AT1A0551) B.Ajay (18AT1A0506) P.Janaki Ram Vamshi
(18AT1A0552) in partial fulfillment of the requirement for the award of the degree of
Bachelor of Technology in Computer Science and Engineering of G.Pullaiah College of
Engineering and Technology, Kurnool is a record of bonafide work carried out by them under
my guidance and supervision.
The results embodied in this project report have not been submitted to any other university or
institute for the award of any Degree or Diploma.
Date of Viva-Voce
ii
ACKNOWLEDGEMENT
Project Associates
M.Ashok Reddy (18AT1A0521)
P.Ismail (18AT1A0551)
B.Ajay (18AT1A0506)
P.Janaki Ram Vamshi (18AT1A0552)
iii
ABSTRACT
The widespread acceptance of cloud based services in the healthcare sector has
resulted in cost effective and convenient exchange of Personal Health Records (PHRs)
among several participating entities of the e-Health systems. Nevertheless, storing the
confidential health information to cloud servers is susceptible to revelation or theft
and calls for the development of methodologies that ensure the privacy of the PHRs.
Therefore, we propose a methodology called SeSPHR for secure sharing of the PHRs
in the cloud. The SeSPHR scheme ensures patient-centric control on the PHRs and
preserves the confidentiality of the PHRs. The patients store the encrypted PHRs on
the un-trusted cloud servers and selectively grant access to different types of users on
different portions of the PHRs. A semi-trusted proxy called Setup and Re-encryption
Server (SRS) is introduced to set up the public/private key pairs and to produce the re-
encryption keys. Moreover, the methodology is secure against insider threats and also
enforces a forward and backward access control. Furthermore, we formally analyze
and verify the working of SeSPHR methodology through the High Level Petri Nets
(HLPN). Performance evaluation regarding time consumption indicates that the
SeSPHR methodology has potential to be employed for securely sharing the PHRs in
the cloud.
iv
Contents
Contents Page no.
CHAPTER 1 INTRODUCTION
1.1 What is Cloud Computing? 1
1.1.1 Types of Cloud Computing 2
1.1.2 Limitations of Traditional Technology 5
1.1.3 Cloud Security 8
1.2 Objective 8
1.3 Scope 8
1.4 Thesis Contribution 9
CHAPTER 2 LITERATURE REVIEW
2.1 Cloud Computing 10
2.2 Security in Cloud 12
CHAPTER 3 SeSPHR MODEL
3.1 System Model 18
3.2 Cloud Maintenance 18
3.3 Encryption Module 19
3.4 Interaction Module 20
3.4.1 Admin Module 20
3.4.2 User Module 21
3.5 Proposed Partitioning Methodology 22
3.6 SeSPHR Services 23
3.7 SeSPHR Data Flow 24
3.8 SeSPHR Sequence Diagram 25
CHAPTER 4 RESULTS ANALYSIS
4.1 Experimental Methodology 27
4.1.1 System Requirements 27
4.1.2 Software Requirements 27
4.1.3 Required data for Analysis 27
4.2 Screenshots 29
CHAPTER 5 CONCLUSION AND FUTURE WORK
5.1 Conclusion 36
5.2 Future Work 36
v
6 References 38
vi
LIST OF FIGURES AND TABLES
Figures/Tables Page no.
vii
CHAPTER 1
INTRODUCTION
Advantages :
1)Low cost
2)Location Independent
3)Quick and Easily setup
4)Scalability and Reliability
Example : AWS , Windows azure
Advantages :
1)More Control
2)Security & Privacy
3)Improved Perfromance
Example : HP Data Centers , Ubuntu OS.
General Example : in Travelling Personal Vehicle is private Transportation.
3)Hybrid Cloud :
A hybrid cloud is a heterogeneous distributed system formed by combining facilities of public
cloud and private cloud. For this reason, they are also called heterogeneous clouds.
A major drawback of private deployments is the inability to scale on-demand and efficiently
address peak loads. Here public clouds are needed. Hence, a hybrid cloud takes advantage of
both public and private clouds.
Advantages :
1)Flexible & Secure
2)Cost Effective
3)Security
4)Risk Management
Examples : Amazon , Google , Cisco
General Examples : in Travelling Taxi is considered as Hybrid.
2)Service Model :
Based on the type of service provided by the service provider the Service model is divided into 3
categories.
1)IAAS (Infrastructure As A Service)
2)PAAS (Platform As A Service)
3)SAAS (Software As A Service)
Advantages
o Cost-Effective: Eliminates capital expense and reduces ongoing cost and IaaS customers
pay on a per-user basis, typically by the hour, week, or month.
o Website hosting: Running websites using IaaS can be less expensive than traditional
web hosting.
o Security: The IaaS Cloud Provider may provide better security than your existing
software.
o Maintenance: There is no need to manage the underlying data center or the introduction
of new releases of the development or underlying software. This is all handled by the
IaaS Cloud Provider.
Example : AWS
2)Platform As A Service :
PaaS is a category of cloud computing that provides a platform and environment to allow
developers to build applications and services over the internet. PaaS services are hosted in the
cloud and accessed by users simply via their web browser. A PaaS provider hosts the hardware
and software on its own infrastructure. As a result, PaaS frees users from having to install in-
house hardware and software to develop or run a new application. Thus, the development and
deployment of the application take place independent of the hardware. The consumer does not
manage or control the underlying cloud infrastructure including network, servers, operating
systems, or storage, but has control over the deployed applications and possibly configuration
settings for the application-hosting environment. To make it simple, take the example of an
annual day function, you will have two options either to create a venue or to rent a venue but the
function is the same.
o Cost-Effective: It charges for the services provided on a per-use basis thus eliminating
the expenses one may have for on-premises hardware and software.
o Efficiently managing the lifecycle: It is designed to support the complete web
application lifecycle: building, testing, deploying, managing, and updating.
o Efficiency: It allows for higher-level programming with reduced complexity thus, the
overall development of the application can be more effective.
Example : Windows Azure
3)Software As A Service :
Software-as-a-Service (SaaS) is a way of delivering services and applications over the Internet.
Instead of installing and maintaining software, we simply access it via the Internet, freeing
ourselves from the complex software and hardware management. It removes the need to install
and run applications on our own computers or in the data centers eliminating the expenses of
hardware as well as software maintenance. SaaS provides a complete software solution that you
purchase on a pay-as-you-go basis from a cloud service provider. Most SaaS applications can be
run directly from a web browser without any downloads or installations required. The SaaS
applications are sometimes called Web-based software, on-demand software, or hosted software.
Advantages
o Cost-Effective: Pay only for what you use.
o Reduced time: Users can run most SaaS apps directly from their web browser without
needing to download and install any software. This reduces the time spent in installation
and configuration and can reduce the issues that can get in the way of the software
deployment.
o Accessibility: We can Access app data from anywhere.
o Automatic updates: Rather than purchasing new software, customers rely on a SaaS
provider to automatically perform the updates.
o Scalability: It allows the users to access the services and features on-demand.
Example : Go To Meeting
this slows, you will end up paying for resources you don’t use. Furthermore, the value of physical servers
decreases year on year, so the return on investment of investing money in traditional IT infrastructure is
quite low.
Difference between cloud computing and traditional computing is shown below
Cloud Computing Traditional Computing
1) It refers to delivery of different services 1) It refers to delivery of different services on
such as data and programs through internet local server.
on different servers.
2) It takes place on third-party servers that 2) It takes place on physical hard drives and
is hosted by third-party hosting companies. website servers.
3) It is ability to access data anywhere at 3) User can access data only on system in
any time by user. which data is stored.
4) It is more cost effective as compared to 4) It is less cost effective as compared to cloud
tradition computing as operation and computing because one has to buy expensive
maintenance of server is shared among equipment’s to operate and maintain server.
several parties that in turn reduce cost of
public services.
5) It is more user-friendly as compared to 5) It is less user-friendly as compared to cloud
traditional computing because user can computing because data cannot be accessed
have access to data anytime anywhere anywhere and if user has to access data in
using internet. another system, then he need to save it in
external storage medium.
6) It requires fast, reliable and stable 6) It does not require any internet connection to
internet connection to access information access data or information.
anywhere at any time.
7) It provides more storage space and 7) It provides less storage as compared to cloud
servers as well as more computing power computing.
so that applications and software run must
faster and effectively.
1.3 Scope
It is important to mention that the scope of this project is limited to securing the PHR itself.
Moreover, it is assumed that communication between the client and SRS is secured by use of
standard protocols like, IPSec or SSL. These protocols are widely used over the internet and
are fully capable of securing communication. However, communication security is beyond the
scope of these protocols. The setup, key generation, and re-encryption phases are carried out at
SRS(Setup and Re-encryption Server).
The proposed methodology to share the PHRs in the cloud environment involves three entities
namely: (a) the cloud, (b) Setup and Re-encryption Server (SRS), and (c) the users. Brief
description about each of the entities is presented below.
(a) The patients (owners of the PHR who want to securely share the PHRs with others)
(b) The family members or friends of patients, doctors and physicians, health insurance
companies’ representatives, pharmacists, and researchers.
In SeSPHR methodology, the friends or family members are considered as private domain users
whereas all the other users are regarded as the public domain users. The users of both the private
and public domain may be granted various levels of access to the PHRs by the PHR owners. For
example, the users that belong to private domain may be given full access to the PHR, whereas
the public domain users, such as physicians, researchers, and pharmacists may be granted access
to some specific portions of the PHR. Moreover, the aforementioned users may be allowed full
access to the PHRs if deemed essential by the PHR owner. In other words, the SeSPHR
methodology allows the patients to exercise the fine-grained access control over the PHRs. All
of the users in the system are required to be registered with the SRS to receive the services of
the SRS. The registration is based on the roles of the users, for instance, doctor, researcher, and
pharmacist.
PHR Owner need to create an account to login into PHR owner account. If account already exist
he can directly login using username and password. After login PHR owner can access options
like view profile, add patient details, view key requests, view clinical reports, logout. If he enters
incorrect username and password he will not allowed to access the PHR owner account he is
specifying. The flowchart is shown in Fig 3.3.
o Personal Information;
o Medical information;
o Insurance related information;
o Prescription information;
However, it is noteworthy that the above said partitioning is not inflexible. It is at the discretion
of the user to partition the PHR into lesser or more number of partitions. The PHRs can be
conveniently partitioned and can be represented in formats, for example XML. Moreover, the
PHR owner may place more than one partition into same level of access control. Any particular
user might not be granted a full access on the health records and some of the PHR partitions
may be restricted to the user. For example, a pharmacist may be given access to prescription and
insurance related information whereas personal and medical information may be restricted for a
pharmacist. Likewise, family/friend may be given full access to the PHR. A researcher might
only need the access to the medical records while deidentifying the personal details of the
o Confidentiality
o DFD shows how the information moves through the system and how it is modified by
a series of transformations. It is a graphical technique that depicts information flow
and the transformations that are applied as data moves from input to output.DFD is
also known as bubble chart. A DFD may be used to represent a system at any level of
abstraction. DFD may be partitioned into levels that represent increasing information
flow and functional detail.
o Ram : 1 GB
o Database : MYSQL
The page will be directed to Apache tomcat server shown in the below figure.
Step 2 : Click on Tomcat Manager and Enter username as admin and no password required
click enter.
Step 4 : We need to login to cloud server using username as “ Server “ and password as “
Server “.
Step 6 : if you are a PHR owner you can login or if you are a new user you need to register
your account and login.
Step 8 : You want to add patient details so click on add patient details option and you need to
send request for encryption key to cloud.
Step 9 : In Cloud server they will generate symmetric public key to encrypt patient details
and give permission to enter patient details by PHR owner and allow to store the encrypted
PHR data in Cloud server.
Department of CSE, GPCET, Kurnool Page 32
Entering patient details after generating symmetric public key.
Step 10 : In PHR user you need to register as doctor or nurse. After that you need to login
and get the encrypted PHR in cloud server the you need to send key request to PHR owner by
specify PHR owner name and patient name.
Step 12 : In PHR user section you can have decrypted patient details of requested patient and
you can view it.
5.1 Conclusion
We proposed a methodology to securely store and transmission of the PHRs to the authorized entities
in the cloud. The methodology preserves the confidentiality of the PHRs and enforces a patient-centric
access control to different portions of the PHRs based on the access provided by the patients. We
implemented a fine-grained access control method in such a way that even the valid system users
cannot access those portions of the PHR for which they are not authorized. The PHR owners store the
encrypted data on the cloud and only the authorized users possessing valid re-encryption keys issued
by a semi-trusted proxy are able to decrypt the PHRs. The role of the semi-trusted proxy is to generate
and store the public/private key pairs for the users in the system. In addition to preserving the
confidentiality and ensuring patient-centric access control over the PHRs, the methodology also
administers the forward and backward access control for departing and the newly joining users,
respectively. Moreover, we formally analyzed and verified the working of SeSPHR methodology
through the HLPN, SMT-Lib, and the Z3 solver. The performance evaluation was done on the on the
basis of time consumed to generate keys, encryption and decryption operations, and turnaround time.
The experimental results exhibit the viability of the SeSPHR methodologyto securely share the PHRs
in the cloud environment.
14. M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou, “Scalable and secure sharing of personal
health records in cloud computing using attribute-based encryption,” IEEE Transactions on
Parallel and Distributed Systems, 2013, vol. 24, no. 1, pp. 131–143.
16.Z. Xiao and Y. Xiao, “Security and privacy in cloud computing,” IEEE Communications
Surveys and Tutorials, vol. 15, no. 2, pp. 1–17, Jul. 2012.
17.T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete
logarithms,” in Proceedings of CRYPTO 84 on Advances Cryptology, 1985, pp. 10-18.
19.D. Thilakanathan, S. Chen, S. Nepal, R. Calvo, and L. Alem, “A platform for secure
monitoring and sharing of generic health data in the Cloud,” Future Generation Computer
Systems, vol. 35, 2014, pp. 102-113.
21.T. Murata, “Petri Nets: Properties, Analysis and Applications, “Proceedings of the IEEE,
vol. 77, no. 4, pp. 541-580, Apr. 1989.
26.A. D. Caro, and V. Iovino, “jPBC: Java pairing based cryptography,” in IEEE Symposium
on Computers and Communications (ISCC), 2011, pp. 850-855.
27.L. Ibraimi, M. Asim, and M. Petkovic, Secure management of personal health records by
applying attribute-based encryption, Technical Report, University of Twente, 2009.
28.J. Pecarina, S. Pu, and J.-C. Liu, “SAPPHIRE: Anonymity for enhanced control and private
collaboration in healthcare clouds,” in Proceedings of the 4th IEEE International Conference
on Cloud Computing Technology and Science (CloudCom), 2012, pp. 99–106.
30.F. Xhafa, Fatos, J. Feng, Y. Zhang, X. Chen, and J. Li, “Privacyaware attribute-based PHR
sharing with user accountability in cloud computing,” The Journal of Supercomputing, 2014,
pp. 113.
31.C. Leng, H. Yu, J.Wang, and J. Huang, “Securing personal health records in the cloud by
enforcing sticky policies,” Telkomnika Indonesian Journal of Electrical Engineering, vol. 11,
no. 4, pp. 2200–2208, 2013.
32.D. H Tran, N. H.-Long, Z. Wei, N. W. Keong, “Towards security in sharing data on cloud-
based social networks,” in 8th International Conference on Information, Communications and
Signal Processing (ICICS), 2011, pp. 1-5.
33.X. Liang, Zhenfu Cao, Huang Lin, and Jun Shao. "Attribute based proxy re-encryption with
delegating capabilities." In Proceedings of the 4th International Symposium on Information,
Computer, and Communications Security, pp. 276286. ACM, 2009.
34.A. N. Khan, M.L. M. Kiah, S. U. Khan, Sajjad A. Madani, and Atta R. Khan. "A study of
incremental cryptography for security schemes in mobile cloud computing environments." In
Wireless Technology and Applications (ISWTA), 2013 IEEE Symposium on, pp. 62-67. IEEE,
2013.