Journal of Ambient Intelligence and Humanized Computing

https://doi.org/10.1007/s12652-021-02942-2

ORIGINAL RESEARCH

HCAC‑EHR: hybrid cryptographic access control for secure EHR

retrieval in healthcare cloud
P. Chinnasamy1   · P. Deepalakshmi2

Received: 21 May 2019 / Accepted: 1 February 2021

© The Author(s), under exclusive licence to Springer-Verlag GmbH, DE part of Springer Nature 2021

Abstract
Technology that is perfect is free of vulnerability. Technological growth offers users online data storage and access to it from
anywhere. Cloud computing is a model that provides data storage on a contract facility and a slew of different services. Today,
online data relating to health is inevitably stored and managed. These health records comprise data that includes X-ray images,
scanned images, therapy procedures, medical prescriptions, and patient information. Medical professionals use the stored
health data for diagnosis, patients for their understanding, and government and insurance companies for further follow-up.
Since multiple category of users want access to health data, data needs protection and to be stored with extreme security
before being stored online in the form of electronic health records (EHRs) with proper access control mechanisms. To this
end to provide secure cloud storage, we propose a novel scheme by implementing a hybrid cryptography algorithm in which
we use Improved Key Generation Scheme of RSA (IKGSR) algorithm to encrypt health data and Blowfish algorithm for
key encryption. We follow steganography-based access control for key sharing by means of substring indexing and keyword
search mechanism to efficiently retrieve the encrypted data. We measure performance evaluation as well as the security of
the proposed method and compare with existing hybrid method consider New York State Department of Health dataset. The
results clearly confirm that our method provides better security and also retrieves data efficiently.

Keywords  Cloud security · Steganography-based access control · Hybrid cryptography · Electronic health record (EHR) ·
Wildcard-fuzzy search · Health Care Cloud

1 Introduction HIS manages two types of computerized healthcare records

Cloud computing is a well-known technology that supplies
necessary data on demand using pay-per-use approach.
Cloud computing has gradually stepped into the healthcare
industry to enhance protective healthcare data delivery,
increase business agility, and reduce costs (Gallagher 2012).
In the current scenario, the Hospital Information System
(HIS) helps to arrive at an understanding of the technical
aspects of innovations in healthcare industry. Today, the
* P. Chinnasamy
chinnasamyponnusamy@gmail.com
P. Deepalakshmi
deepa.kumar@klu.ac.in
1
Department of Information Technology, Sri Shakthi Institute
of Engineering and Technology, Coimbatore, India
2
Department of Computer Science and Engineering,
Kalasalingam Academy of Research and Education,
Kirshnankoil 626126, India
namely Personal Health Records (PHRs) and electronic
health records (EHRs) (Medicare 2018). As per American
Health Information Management Association (AHIMA), the
PHR (AHIMA 2016) is a tool to collect, monitor and share
the past and current medical history of patients. This infor-
mation helps patients save money by letting them bypass
routinely repeated medical tests. The EHR is an electronic
version of a patients medical history, that is maintained by
the provider over time. It may include all of the key admin-
istrative clinical data relevant to that patients care under a
particular provider, including demographics, progress notes,
problems, medications, vital signs, past medical history,
immunizations, laboratory data and radiology reports The
EHR (Medicare 2018) automates access to information and
has the potential to streamline the clinician’s workflow. The
EHR is a significant milestone in medical history, assists in
the easy access of complete and relevant information for the
stack holders when stored in cloud computing.

13
Vol.:(0123456789)
 P. Chinnasamy, P. Deepalakshmi

The accessibility of electronic health system is down and may lead to the possibility

The unauthorized access to health care system may exist and there will be possibil-
Since patient history, medications get changed, human life will become critical.

There is a possibility that system performance and reliability are decreased

The privacy and security of the electronic data is leaked

ity to leak privacy and interpret the security services

Insurance companies will also not get accurate data
Privacy threat and hence patient data is leaked

of some unauthorized access

Fig. 1  A sample threat model of EHR

At present, security is a key issue for all kinds of cloud

service applications. To solve this problem, many research-
ers proposed encryption techniques. Encryption techniques, Impact
before transmitting data from sender to receiver, converts

Repudiation is the ability of users to deny the performance of specific actions. The
lowing actors, like Researchers, Cloud servers, Attenders, Doctor’s and Admin-
data to ciphertext using encoding methods. After receiving

following actors, like attendees, Researchers, Administration, and Doctors, can

Spoofing uses a false identity to try to gain access to a system. Only patients can

Threat action aimed at changing/modifying persistent data maliciously. The fol-

actors, like attendees, Researchers, Administration, Patients, and Doctors, can

access. The following actors, like attendees, Researchers, Administration, and

The danger of denying access to valid users. Only the cloud server can perform
Information Disclosure Action to read a file that cannot be accessed or read transit data. The following
the data, the receiver can view the original message after

Elevation of Privilege Privileged access to resources to compromise the system with unauthorized
following the appropriate decoding method with pertinent
decryption key. Symmetric/Private key methods like AES,
3DES, and Blowfish (Patil et al. 2016) use same key for
enciphering and deciphering. The RSA and Elgammal (Patil
et al. 2016) are examples of public key/asymmetric crypto-
system, which have two keys to encode and decode the data,
respectively. Therefore, an encryption scheme is needed that
offers enhanced security based on user aspects or privileges,

Patients can perform these operations in EHR

and not their identities.
perform repudiation operations in EHR

The threat model to an electronic health care system is

illustrated in Fig. 1. To be specific, the major threats to Elec-
istrators can do tampering in EHR

tronic Health System identified using STRIDE Microsoft

perform this operation in EHR

models as listed in Table 1 are spoofing, tampering, repudia-

perform spoofing in EHR

tion, information disclosure, denial of service and elevation

of privilege.
Table 1  The STRIDE model of EHR System

Traditional threat models fall into the following three

service denial

models such as adversary, software development and risk-

Description

based (Zhang and Liu 2010; Alhassan et al. 2016). Adver-

sary models are based on an attacker’s perspective act and
think like a hacker. Models for software development are
based on software features and are comprehensive. Risk-
based models are based on assets of information such as
credit card numbers or Personal Identification Numbers
Denial of Service

(PIN).
Threat types

Repudiation
Tampering

The author (Wainer et al. 2008) discussed the security

Spoofing

requirements of sensitive electronic health records based

on the CIA (Confidentiality, Integrity and Authentication/

13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
Access Control) properties. The greatest vulnerability in
terms of data security is in dealing with data leaks by insid-
ers, indicating that internal users access control (Coppolino
et al. 2017) is far more important than that of external users.
A key security aspect is access control that limits access to
sensitive information, provided in the form of role, attrib-
ute and identity-based access control (Kruse et al. 2017). In
Chinnasamy et al. (2020), reported that Role-Based Access
Control (RBAC) policies follow a need-to-know security
principle and satisfy least-access privileges. The RBAC,
thus, can be considered an appropriate model for the health-
care cloud.
To ensure secure storage and access to electronic health
records, the authors of (Chinnasamy et al. 2020; Chiuchisan
et al. 2017) adopted the following security requirements : (i)
Secure storage of EHR—Information of a patient is stored
electronically, as in cloud storage, either on a local machine
or on a shared server. The challenge here is to ensure safe
storage of sensitive health data, including where and how
it should be stored, (ii) it Safeguard from unauthorized
user access—In many cases, medical data have confiden-
tial information that requires protection, and access should
be avoided coming through unauthorized channels, (iii)
Physical Threats—Physical threats may exist where ever
accessing resources is based on either an organizational code
or RFID. This means that access privileges revoke should
happen immediately in cases when an employee leaves an
organization for good or bad reason.
The author (Chinnasamy et  al. 2020) sensed that the
motive of the adversaries who might be either legitimate or
unauthorized users is to collapse the entire system. In Zhang
and Liu (2010), the authors discussed various security
models and components for making healthcare application
clouds. In addition, they highlighted three important core
components applied to securing the heath data as encryption,
secure key sharing, and signature verification. The author,
(Alshehri et al. 2016) discussed the data breaches of patient
data, caused by insider attacks. In order to find the insider
attacks, the author constructed a threat model to minimize
the unauthorized access and improper use of data.
During literature review about protecting electronic
health data research, we got interest in answering to the fol-
lowing research questions :
1. How to achieve security for health cloud data?,
2. How can we solve the issue of safely sharing keys as
well as the health record data?
Symmetric key algorithms are faster than public-key cryp-
tosystems, but a major disadvantage lies in the secure
sharing of secret keys between two entities. To overcome
this issue, the public-key cryptosystem is used with two
different keys, a public key and a private key. However,
since the public cryptosystem has a problem in calculating
large exponential operations, it is a time-consuming pro-
cess. On the other hand, a hybrid cryptosystem that com-
bines both symmetric and asymmetric systems can offer
high security and better speed (Chinnasamy and Deepalak-
shmi 2018). Since hybrid systems take advantage of the
high speed of symmetric algorithms for a secure exchange
of keys, we adopt this concept to resolve the research ques-
tions we consider.
Encryption at client before outsourcing the data to
the cloud server helps to achieve stored data confidenti-
ality. Encrypted data reduces the ability of the server to
search for keywords, since the server cannot simply cre-
ate a search for plaintext keywords on encrypted data. A
person who accesses the data therefore needs the actual
keyword search functionality over encrypted cloud data for
efficient data recovery. To maintain users data confidenti-
ality, no information pertaining to the searched keyword
or retrieved record must be leaked.
Again through literature review, we gained the confi-
dence to solve the research questions we raised above in
following ways :
1. To provide security on the client side by implementing a
hybrid cryptography mechanisms before uploading data
into the cloud. Here, for the hybrid approach, we use the
combination of Improved Key Generation Scheme of
RSA (IKGSR) (Chinnasamy and Deepalakshmi 2018)
and Blowfish (Schneier 1996) algorithm
2. To ensure the safe exchange of key and data by introduc-
ing steganography-based access control.
The rest of the paper is organized in following way. Sec-
tion 2 discusses related works. Section 3 presents diverse
techniques adopted for the method proposed. Section 4 dis-
cusses in detail the proposed method. Section 5 discusses
the set-up of the simulation to implement the method pro-
posed. Section 6 analyzes the results and Sect. 7 discusses
the security implications of the proposed method. Finally,
we conclude our study along with future work Sect. 8.
2 Related works
In this session, we mention about some of the existing
works related to hybrid cryptographic mechanisms to
secure cloud storage, secure keyword search for encrypted
data, issues on key management and key hiding and finally
how it can be overcome using steganography-based access
control for health care data.
13

2.1 Hybrid cryptography
Kartit and Azougaghe (2016), presented a new hybrid
cryptographic scheme to secure cloud storage. The data is
encrypted using various key sizes of AES. The AES keys are
encrypted by using RSA-1024. Here, no intruder can decrypt
the original data because two different keys are needed for
decryption. In addition, a dual authentication mechanism is
used both in cloud storage and on the enterprise server to
decipher the data.
In addition to a Field Programmable Gate Array (FPGA),
by combining RSA and Blowfish algorithms, (Bansal and
Singh 2015) offered a hybrid mechanism. In terms of the
FPGA, this method effectively delivers high security at a
low cost. The problem, however, is the large key size (448
bits) and the fact that itis not applicable to multimedia data.
The author (Oladeji and Akomolafe 2017), created a
new data storage framework using a hybrid mechanism.
AES, Blake2b and Schnorr signature algorithms are used
to secure the data. The service provider does not know the
personal encryption method for enhanced security since data
encryption is performed on the side of the client before it
is uploaded to the cloud. This method supports multimedia
files such as audios, images, and videos as well.
Singh and Kaur (2015) suggested an encryption method
for user data before uploading it to the cloud using two meth-
ods. Use the RSA algorithm to encode the secret key, and
AES is used to encrypt user data. It also follows the same
process for decryption. This hybrid technique prevents cloud
attacks from Denial of Service (DoS). The drawback is that
compared to other techniques, it takes much more time to
complete the entire process.
Sarkar and Kumar (2016) proposed a framework using
a hybrid encryption scheme to ensure data security in the
cloud. This method also increases the security of cloud data
with high overhead and low communication costs.
The auhtors (Bouchti et al. 2016), offered a new Cryptog-
raphy-as-a-Service (CaaS) hybrid architecture that would
allow cloud clients to use their cryptographic operations
and keys. A homomorphic algorithm and RSA were used
to ensure data security for healthcare. The architecture pro-
posed is implemented at the OpenStack cloud’s lowest level.
The performance is analyzed with existing techniques in
terms of encryption and decryption times.
Maitri and Verma (2016), proposed to use a hybrid cryp-
tographic technique to secure cloud file storage. The key
integrity is achieved by hiding the key in the cover image
using the Least Significant Bit (LSB) steganography.
The author (Yong et al. 2012), analyzed and discussed the
performance of several types of cryptographic techniques
used in current cloud storage. Rahmani et al. (2013) offered
a new model of service based on the cloud concept of any-
thing-as-a-Service (XaaS). Encryption-as-a-Service for the
13
P. Chinnasamy, P. Deepalakshmi
cloud was proposed to reduce the security risk associated
with the encryption of service providers and to strengthen
security on the side of the client.
Liang et al. (2016) proposed a hybrid encryption tech-
nique with the AES-RSA used for encryption and decryption
in the cloud for lightweight data. The AES was used with an
improved RSA algorithm to ensure data privacy. It does not
apply to multimedia data for lightweight data only.
2.2 Keyword search on encrypted data
Raghavendra et al. (2016), presented a detailed overview of
several data retrieval techniques along with their benefits
and limitations over encrypted cloud data. Different keyword
search schemes have been discussed and analyzed in the
survey, based on parameters like security, scalability, query
efficiency and functionality. Since data sharing is a major
aspect of any growing technology, it has analyzed various
methods of data sharing based on user revocation, encryp-
tion methods, the privacy of identity and key distribution.
Raghavendra et al. (2016) proposed a novel solution for
generating an index to secure multi-user access control over
encrypted cloud data. The RSA is used for the generation of
encryption and substring index with the Chinese Remain-
der Theorem (CRT). Storage space, as well as computa-
tional overhead, has been reduced with the RSA-CRT. The
only limitation of this proposed method is that it cannot be
applied to texts and multimedia files.
Guo (2016), proposed an innovative structure for restrict-
ing access in semi-trusted cloud servers to EHRs stored. By
encrypting the entire tables of patients using CP-ABE, fine-
grained access control is achieved. This work allows search-
ing for assorted database fields by a range of users with
different privileges. The only drawback here is the duration
of time taken to encrypt and decrypt patients’ data tables in
their entirety.
Yang (2015) proposed data retrieval based on attributes
using an e-health cloud semantic keyword search. In addi-
tion to a search for synonymous keywords, this study uses
attribute-based encryption to achieve fine-grained access
control. With this feature, the study focuses on multiple
senders and a multi-user application scenario to provide
flexible searchable encryption (SE) technique.
Shekokar et al. (2015) designed a fuzzy keyword search
over encrypted data in cloud computing. Secure cloud stor-
age is created, using AES encryption and a fuzzy keyword
search for data retrieval. For exact keyword matching, the
wildcard-based technique is applied. However, since it does
not create an index of mapped words, the functionality of
the search procedure is slow.
Fu et al. (2014) developed a new Trie-based semantic
keyword search over encrypted cloud data. By the stem-
ming method, the stem sets are created to decrease the index
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
dimension. The Trie search index enables this technique
to maximize search efficiency. This technique is based on
an exact keyword search. No data can be retrieved with a
wrongly-entered keyword.
Tariq (2018) introduced a new scheme to search
encrypted data using dual encryption methodologies. The
fuzzy keyword search technique, in tandem with a wild-
card search, is used to retrieve encrypted data and upgrade
information security. This method is slower than traditional
algorithms.
Esposito et al. (2018), surveyed the integrity and storage
problem of healthcare data. The researchers have suggested
the blockchain technology as a strategy to enhance the integ-
rity and storage security of data. They introduced the off-
chain storage of data, where the data is stored outside the
blockchain in the conventional or distributed database. The
hashes of data are stored inside the blockchain.
Ali et al. (2017) developed data security for cloud envi-
ronment (DaSCE) protocol, a security system for cloud
storage, which offered guaranteed removal of key manage-
ment, access control, and file-assured deletion. The integrity
of data is achieved using the symmetric key and Message
Authentication Code (MAC). This model is based on struc-
tured High level petri nets (HLPN).
Zhang et al. (2019) suggested a stable and efficient public
key encryption with keyword search PEKS scheme called
Secure SEPSE to avoid off-line Keyword Guessing Attack
(KGA), where multiple key servers are used to enable the
encryption of keywords to free SEPSE from the one-point
failure problem. SEPSE can prevent the KGA, online, by
using the proposed block chain-assisted rate that limits
mechanism, where the number of server-derived keyword
requests for each user, in each epoch, is limited. The prac-
tical implementation of the block chain-assisted rate-lim-
iting mechanisms is done over ethereum. The results of
SEPSE mechanisms are efficient in terms of communica-
tion and computation costs. In the future, they are planned
to enhance the security, efficiency, and functionality of data
outsourcing.
Karame et al. (2019) studied about data confidentiality
against an adversary, who knows the encryption key and
has access to a large fraction of the ciphertext blocks. The
above problem can be solved by the Bastion scheme. The
security of this method is analyzed whereas the overhead of
this method is less compared to the existing scheme.
2.3 Issues on key management and key hiding
Fan et al. 2019, proposed a new method for verifying data
integrity known as protected identity based aggregate sig-
natures (SIBAS). SIBAS achieves outsourced data integ-
rity together with efficient key management using the
Shamir (t, n) threshold techniques. The efficiency of the
system proposed is compared with the current system in
terms of computing time, overhead communication and key
distribution.
Buchade and Ingle (2014), addressed various primary
cloud storage management techniques. Through applying
various cloud environments, they defined diverse key man-
agement techniques. They studied on-site and off-site key
management strategies at client, server, and key splitting
for various cloud environments such as public, private, and
group cloud.
Ruth et al. (2019), proposed a novel intrusion detection
mechanisms based on text along with safe cloud storage. In
this, double encryption technique achieves the secure data.
Steganography method is applied to improve data protection
to boost the efficiency of dual encryption framework. The
proposed output is tested against data-occupied encryption,
decryption, and memory. Proposed secure storage security
is tested against denial of service and man-in-middle attacks.
Gutub and Al-Ghamdi (2019), focused on improving
counting-based secret shares for enhanced security along-
side fast computing. To store the optimized shares they have
introduced image based steganography. The experimental
tests are carried out by changing the size of the key from 64,
128 and 256 bits. Proposed method performance is evaluated
against protection, robustness, and capability. The steganog-
raphy is very useful in sharing the keys between two parties
compared with other sharing methods.
Reshma et al. (2019), proposed a hybrid approach incor-
porating cryptography and steganography to integrate a
crypt text into an image to improve data protection and data
ownership for multimedia applications. Access control of the
proposed system is accomplished through the implementa-
tion of free CP-ABE pairing scheme. This method’s output
is measured against run-time of an algorithm.
The various applications of cryptography, steganogra-
phy and hybrid mechanisms were explored by Ajala et al.
(2019). With its strengths and drawbacks, they supported
the thorough comparison with different schemes. They said
proposed method also often enhanced security, as well as
safe communications, exchanging the keys in a secure way.
citearun, suggested a novel technique of hiding data to
carry out a hidden communication in military use. Here the
secret text / file is concealed in a cover image, and then trans-
ferred to the recipient. They’ve introduced LSB technique
to ensure safe key sharing in a cover picture. They merged
steganography with cryptography to create an unbreakable
communication device in the future. Hiding technique is
greatly improved, in addition to data compression efficiency.
Al-Farraji (2016), implemented a new binary-operated steg-
anography process. They conducted additional LSB-based
image/pixel value and ASCII value operations of the key
character value and then safe communication or hiding of
some sensitive information.
13

Vegh and Miclea (2015), have suggested a novel tech-
nique by combining digital signatures with encryption algo-
rithms to enhance device security. Here, they’ve split the pri-
vate key to prevent the unauthorized user from accessing the
device and defining user roles. This system’s protection is
improved by applying the steganography on the private keys.
Sirisha et al. (2015), developed a high-capacity technique
of hiding information based on steganography. The two
photos of the same scale are hidden here with reasonable
resolution. Additionally, the threshold secret sharing scheme
shamir (t, n) is used to securely distribute an image. This
method achieves the steganography reversibility property for
retrieving the hidden images. In addition, it provides high
efficiency compared with current approaches.
Reza tavoli and bakhshi (2016), suggested a technique to
use LSB technique to conceal text images. Through applying
steganography method they solved the question of sharing
confidential information over the internet. This approach was
implemented using system C#and.NET. This method’s out-
put is correlated with the current frequency domain and the
ratio of pixels. The protection of this system against existing
methods is improved.
Mai et al. (2013), described the steganography-based
access control system to conceal the health records within
their cardiogram. The authors implemented the suggested
model consists of two different stages including the embed-
ding and extraction processes using MATLAB. This
approach provides functionality like safeguarding the user’s
privacy, protecting health information confidentiality, reduc-
ing space for storage and making it much easier to upload
and download the data.
Lee et al. (2016), implemented a revolutionary system
for offering authorization, and restricted access through
steganography. The buffered data is transferred using their
proposed algorithm and then concealed within the cover
image using significantly improved steganography run-
length methodology. This system was implemented by
using improved LSB algorithm bit model. The experimen-
tal results demonstrated that it could provide higher perfor-
mance, better PSNR standards and offering suitable inte-
grated frames than other techniques.
Venkatraman and Geetha (2019), developed a new sys-
tem that provides hybrid encryption code data integrity and
security comprising blowfish and code genetic algorithms.
Experimental findings demonstrated that the designed SSIA
technique could offer acceptable protection and execute at
fast speed by using hybrid cryptographic protocols and steg-
anography approaches to securely transmit the cryptographic
keys.
13
P. Chinnasamy, P. Deepalakshmi
Bhase and Mangrulkar (2018), designed a methodology
for access control by applying visual cryptography, and
steganography techniques. They implemented a prototype
which actually splits the program into various degrees of
privileges and can award various read/write permissions
for the access to a particular level based on the users role.
Hosam (2019), suggested a hybrid approach to address
key management issues. The actual data is encrypted
through a secret Key using AES encryption method. The
256-bit key is again encrypted through the ECC algorithm.
Afterwards, using the LSB steganography process, the
ECC key is enclosed in the user’s picture. The solution
proposed was developed using OpenCV python scripts.
The effectiveness of the proposed system on the basis of
encryption, image quality values, is comparable to con-
ventional systems.
Sajay et al. (2019), implemented the innovative meth-
ods for solving cloud protection problems through the
adaptation of hybrid encryption. The authors handled their
procedure mainly in two layers. In the first layer, they used
a homomorphic algorithm to encrypt the input text and
in the other layer, they used the Blowfish algorithm to
encrypt the first layer’s output. The efficiency and security
of the proposed system is somewhat less compared to pre-
vious hybrid methods such as the one proposed in Chin-
nasamy and Deepalakshmi (2018). The literature review
serves as an obvious statement that many researchers have
used the exact keyword search whereas occasional research
has been conducted using the full-text search method. As
a consequence, we deliberate to
1. propose a secure cloud storage by implementing hybrid
cryptography method, IKGSR-BLOWFISH
2. implement steganography-based access control in order
to solve key sharing problems.
3. use full-text substring-based keyword search to effi-
ciently retrieve data, minimize medical errors, and
improve efficiency.
4. demonstrate that the proposed method ensures better
security, secure access control and efficient retrieval of
encrypted data using the experimental results.
In traditional healthcare, the cloud has a lot of research
issues including authentication, secure data storage, secure
data retrieval, secure data sharing, access control, audit-
ing, etc. Among these issues, one of the important issues
is to enhance the secure data storage and secure retrieval
of health care data. Some of the existing hybrid meth-
ods offer confidentiality and secure cloud storage only.
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
Whereas, our proposed methodology is novel in terms of
offering features such as ensuring client side security using
hybrid cryptography mechanisms, solving the key sharing
problems by applying steganography-based access control
on secret key of symmetric algorithm, improving the effi-
ciency of the proposed approach by applying substring-
based fuzzy keyword search on encrypted health data.
3 Technical background
This section of the paper discusses the operation of Blowfish
and improved key generation scheme of RSA, index genera-
tion for encrypted data and steganography based hiding the
key.
3.1 Blowfish algorithm
The Blowfish algorithm (Schneier 1996) is a 16-round,
64-bit block size Feistel network block cipher. The algo-
rithm has two parts: the first handles key expansion and the
second, data encryption.
The key expansion part is a combination of P-array and
S-boxes. In this module, a large number of sub-keys (4168
bytes) are generated.
For data encryption, the 64-bit block data can be divided
into two halves. It consists of 16 rounds, where each round
has key-dependent permutation and data-dependent substitu-
tion. Each operation has XORs and additions to the 32-bit
word
3.2 IKGSR
We have already proposed IKGSR (Improved Key Gen-
eration Scheme of RSA) (Chinnasamy and Deepalakshmi
2018). In this case, four large prime numbers are used to
generate the key pairs. In the traditional RSA scheme, the
values of public and private key E and D depends on the
multiplication of two prime numbers, whereas in IKGSR,
the value of E and D depends on Z, which is a multiplica-
tion of four large prime numbers. Besides that, the value of
E depends on E1 whose value is based on two random val-
ues from Euler totient function e1 and e2. Furthermore, the
security of IKGSR is proved against the Chosen Ciphertext
Attack (CCA) and timing attack.
3.3 Substring Index generation
The index creation algorithm consists of two different phases
namely initialization and index generation. The following
algorithmic steps are performed for creating an index using
substring generation (i.e. Algorithm 1).
3.4 Steganography based key hiding
Data hiding is a method of incorporating confidential data
into the digital content without causing visible erosion.
Steganography is the art of concealing the private key into
the cover image to keep the hidden knowledge from being
exposed to attackers. It is categorized into various types
including text, image, audio, and video. The most popular
technique is the hiding based on image. In this article, we
are applying one such techniques, Least Significant Based
(LSB) steganography, wherein the secret data are embedded
in the cover image at least significant bit.
The theory relies on the fact that LSB in the image are
assumed to be noise bits, since they are responsible for
any variance on the original image. But, in our proposed
technique we used the efficient LSB technique, proposed
by Ahaiwe (2014) in which we can conceal any data types
on any image without converting. The image dimension is
calculated using the formula 1
(H× W3 )×3
(8.0 × )
3−1 (1)
S=
1024
where S represents the maximum size of an information, W
and H are width and height of an image, respectively. The
cycle of data writing begins at the last layer or LSB layer is
shown in below example. At each step we take to the higher
layers, image quality reduces and image resizing happens.
The reason behind choosing the LSB technique is that it is
easy to integrate and requires a simplistic approach to incor-
porate the secret data into the cover image.
13
 P. Chinnasamy, P. Deepalakshmi

For example 4 The hybrid cryptographic access control

Consider 3 pixels of 24-bit image is represented as and fast retrieval method
follows
00101101 00011100 11011100
4.1 System model
10100110 11000100 00001100
The study implemented the proposed architecture with three
11010010 10101101 01100011
entities, namely Data Owner (DO), Cloud User (CU) and
When the number 11001000 (200) is embedded inside the Cloud Server (CS), as shown in Fig. 2.
above images, the output will be,
00101101 00011101 11011100
10100110 11000101 00001100
11010010 10101100 01100011
The secret message is hidden in the first 8 bytes of the cover
image, so we’ll need to change the 3 bold bits as per the
message concealed. Only, half of the bits need to be modi-
fied from the entire cover message size to conceal the secret
data. Each primary color may have an intensity of 256-bit,
adjusting a pixel’s LSB may lead to some minor variations in
intensity of color. Such minor changes may not be detected
by human-eyes and hence the secret data is effectively hid-
den. From this, we observe that a well selected cover image
can conceal the secret data in LSB or second LSB, and still
can not observe any difference.
Microsoft uses the DREAD (Zhang and Liu 2010;
Alhassan et al. 2016) scheme is used for threats calcula-
tion. The rating of the threat is given based on Table 2.
After that, the risk score is calculated using the following
formula 2.
RS = (D + R + E + A + D)∕5. (2)
The risk scores for our proposed methods are shown in
Table 2.

Fig. 2  Architecture of hybrid cryptographic access control

Table 2  The microsoft DREAD rating scheme

Evaluation High (3) Average (2) Low-slung (1)

D Damage Potential If the adversary can get full permis- Leaks sensitive data Leaks irrelevant data
sion and run as an administrator
R Reproducibility This type of attack is repeated at This type of attack is reproduced with Hard to recreate
all times without need a timing a precise race condition
window
E Exploitability In a short time, a learner might create An expert programmer might make This requires both highly qualified and
the attack the attack and then recap the pro- full knowledge to be exploited
cedure
A Affected Users All customers, configuration by eva- A few users, a configuration without Obscure feature, a very less percentage
sion default of users; disturb unknown users
D Discoverability The attack is explained by published The susceptibility is in a rarely used The bug is cryptic, and users are
information. The vulnerability is a small portion of the product and unlikely to determine the potential for
found in the most frequently used small users should only encounter it damage
feature

13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
1. Data owners (DOs)
  Data owners ’ responsibilities include generating and
encrypting patient data and subsequently uploading it
to the cloud provider for health care, which can be an
organization or individual. As well as generating and
encrypting an index, the data owner uses substring index
generation with Apache Lucene Library for preprocess-
ing data.
2. Cloud service providers (CSPs)
  This entity’s task is to provide storage for data own-
ers and offer their recovered activity to cloud users on
encrypted data. CSPs are responsible for sending the
encrypted data back, based on user search queries.
3. Cloud users (CUs)
   This entity is also termed an HSP (Hospital Service
Provider) subscriber. The cloud user performs a search
operation using the wildcard-based fuzzy implementa-
tion to deliver approximate search results, applying an
edit-distance algorithm. It automatically corrects spell-
ing, using the lowest edit distance with respect to the
word/s in question.
4.2 Proposed solution
The proposed architecture consists of five types of
operations.
1. Document preprocessing
     This operation undertakes the necessary actions on
a set of files before initiating the encryption function.
Before we encrypt a document, we need to eliminate
stop words and form a set of keywords from a set of files
and onto an index. Consider uploading a set of five files
to the cloud. Before encryption, the following operation
is performed
(a) Document Index creation
  An index table can be created using a set of
keywords present in the file, Where the keyword
is represented as w i = (1, 2, 3, 4, … , n) and n
is the total number of keywords (n = 10, in this
example) is shown in Table 3
(b) Substring Index
  In this step, the substring based index is created
using index building algorithm 1, the indexing is
shown in Table 4.
2. Hybrid encryption
        This function has two important tasks, that of
encrypting the index and the files.
(a) Encrypting the Index
        The Apache Lucene library creates an
encrypted index table in this function, based on
the keyword set, as shown in Table 5.
(b) File encryption
     The hybrid method has two different algo-
rithms for encryption. It comprises five opera-
tions, namely, key generation, encryption of the
data and the secret key, and the decryption of the
secret key and the data, as shown in Fig. 3.
i. When a File is Uploaded, the following are done
– The owner should specify the path of the file to
be encrypted
– To generate the public and private key, IKGSR
key generation function is triggered.
– Patient data is encrypted with IKGSR’s public
key.
– IKGSR’s private key is encrypted with BLOW-
FISH.
– The encrypted data is uploaded to the cloud via
the internet.
3. Wildcard-based Fuzzy keyword search
     This section describes the keyword search method
in detail.
  The data owner has a set of n files, namely F = f 1 , f 2 ,
f 3 , … , f n as shown in Fig. 2 to be encrypted using the
cryptographic hybrid method of generating encrypted
files, EF = (Ef1 , Ef2 , Ef 3 , … , Efn ). The data owner
applies the substring indexing method to eliminate stop
words and form searchable keywords from the extracted
keywords. Let’s look at the file f 1 with Austria, Banana,
Computing, Computer, Computer, and Distributed
words. Another file called f 2 contains words such as
computing, Bangla, Astrology and Distributed. Table 6
shows the structure of the bucket(c): The user, CU, gen-
erates a searchable query during the search and sends it
to the CSP. The CSP will take this query as input, search
the encrypted index, and send the encrypted keyword
document. The weight of the term is measured using
the frequency of the term j in document i (the term fre-
quency tfi,j ) and in the entire document collection (docu-
ment frequency df j (document number containing term
j)). The weight or rank is calculated using the Eq. 3.
wi, j = tfi,j × idf = tfi,j × log D∕dfj (3)
where D represents the number of documents in the
collection of documents, and Idf is the inverse frequency
of the document. When the keyword match is found, the
encrypted document is returned to the cloud user. The
data owner distributes the secret keys only to authorized
users, using LSB steganography (Mai et al. 2013).
13

Fig. 3  The process of hybrid encryption and decryption method
4. Steganography-based access control in key distribution
        After performing the wildcard-based keyword
search, the cloud user gets the encrypted data from the
cloud server. Before doing the decryption function, the
following process is carried out between data owner and
cloud user to enable the secret key sharing, (i.e. Fig. 4)
(a) A data owner classifies his/her secret key in a
separate folder for individual documents.
(b) The data owner embeds all the keys in a cover
image using different role-based access keys and
maintains the same.
13
P. Chinnasamy, P. Deepalakshmi
(c) After receiving the request from a cloud user for
decryption the data owner sends the role-based
access key to the cloud users.
(d) Using the role-based access key, cloud users can
extract the stegano cover image by applying the
LSB extraction method (Mai et al. 2013).
(e) Now, the cloud user can obtain the secret key of
the BLOWFISH algorithm and start decrypting
the data.
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud

Table 5  Encrypted Index for Encrypted keyword File ID

keyword set
E(w1 ‖1) 1
E(w1 ‖ 5) 5
E(w 2 ‖ 2) 2
E(w3 ‖ 2) 2
E(w 3 ‖ 3) 3
E(w 3 ‖5) 5
E(w 4 ‖ 1) 1
E(w 4 ‖ 5) 5
E(w 5 ‖ 2) 2
E(w 5 ‖ 3) 3
E(w 6 ‖ 4) 4
E(w 7 ‖ 4) 4
E(w8 ‖ 3) 3
E(w 9 ‖ 4) 4
E(w10 ‖ 3) 3

Fig. 4  The process of steganography based access control

Table 3  Index creation for a set File File ID Keywords

of five files Table 6  The structure of bucket Keyword Frequency File ID
F1 1 w1,w 4 (c)
F2 2 w 2 ,w 3,w 5 E(com) 3 f1
F3 3 w 3,w 5,w8,w10 E(com) 1 f2
F4 4 w 6 ,w 7,w 9
F5 5 w1,w 3,w 4 ,w8

Table 4  Substring Index Keyword File ID

creation for a set of keywords
w1 1,5
4.3 Threat rating of proposed method‑using DREAD
w2 2
w3 2,3,5
The following Table 7 states that the rating of threats in
w4 1,5
the proposed method.
w5 2,3
w6 4
w7 4 5 Simulation experiments
w8 3,5
w9 4 We used java.crypto and java.security packages and their
w10 3 predefined java classes to simulate the IKGSR (Chinna-
samy and Deepalakshmi 2018), Blowfish and hybrid algo-
rithms. This package’s main task is to carry out unman-
aged operations. The substring index generation algorithm
5. File decryption in Apache Lucene library is used for an efficient search. It
     The authorized cloud user has the secret key of calculates a score for each document with respect to user
the BLOWFISH algorithm. By using this, as shown in queries and returns the most relevant documents based on
Fig. 3, CU can decrypt the data. the scores. The experiments were carried out in an Intel

13
 P. Chinnasamy, P. Deepalakshmi

Table 7  Threat rating of the Stride Victimization D R E A D Total Ratings

proposed method
Spoofing Brute-force attacks 2 1 1 1 2 7 Low-slung
Tampering Patient data tampering 2 2 2 3 2 11 Average
Access to sensitive data on storage 1 0 2 1 3 7 Low-slung
Repudiation Repeated attempts to access 1 2 0 2 3 8 Average
User denies performing an operation 3 2 0 1 3 9 Average
Information disclosure Attack of phishing 2 2 2 3 3 12 High
Message disclosure 0 2 1 3 1 7 Low-slung
Denial of service Selective forwarding spasm 0 2 2 3 3 10 Average
Reply spasm 0 2 2 3 3 10 Average
Elevation of privilege Illegitimate access 3 2 2 3 1 11 Average
Masquerading spasm 3 2 1 1 3 10 Average

Table 8  Encryption time Data Oladeji and Akomo- Singh and Kaur Tariq (2018) Timothy and HCAC-EHR
comparison based on the lafe (2017) (2015) Santra (2017)
existing hybrid methods
1000 1.345 1.564 1.582 1.533 2.012
2500 1.54 1.87 1.93 1.77 2.234
5000 1.589 1.986 2.302 2.186 2.626
7500 2.045 2.67 2.926 2.723 3.042
10000 2.45 3.045 3.121 2.953 3.508

®Core ™i5-4440 CPU   3.10GHz processor; with a Win-

dows 10, 64-bit operating system running an 8 GB RAM.
The input data varied between 1000 and 2500,… , 10,000
records. The experiments have been repeated 100 times
to guarantee that the results are sufficiently reliable and
effective to verify with existing algorithms. Our setup for
the real-time NYSDOH Inpatient Discharge Dataset (dat
2018), consisting of 34 columns and about 10 lakh data
records, has been implemented and checked.

6 Results and analysis
The performance of the proposed HCAC-EHR (Hybrid
Cryptographic Access Control for Secure Retrieval of
Electronic Health Care Record) hybrid algorithm is com-
pared with the existing hybrid cryptographic method by
varying input data records for both encryption and decryp-
tion processes in terms of runtime.
6.1 Time comparison with existing hybrid methods
of the proposed method
In this chapter, we explain the extensive comparative analy-
sis of current hybrid methods with HCAC-EHR by Oladeji
and Akomolafe (2017), Singh and Kaur (2015), Tariq (2018)
Fig. 5  The encryption time comparison based on the existing hybrid
methods
and Timothy and Santra (2017). The authors (Tariq 2018;
Oladeji and Akomolafe 2017; Singh and Kaur 2015) used the
combination of original AES and RSA algorithms to secure
user data while BLOWFISH and standard RSA algorithms
were used as Timothy and Santra (2017). to secure user
data. However, we use IKGSR and BLOWFISH algorithm
to secure the healthcare data. The key generation, encryp-
tion and decryption times of IKGSR are high compared to
other RSA schemes. Furthermore, IKGSR algorithm secu-
rity is analyzed against the method of brute-force attack and

13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud

Fig. 6  The decryption time comparison based on the existing hybrid Fig. 7  Encryption vs decryption time comparison
methods

factorization. In terms of encryption and decryption time, Table 10  Time to generate an index for a document
the performance of the HCAC-EHR is measured. Figures 5 Data Shekokar et al. Tariq (2018) HCAC-EHR
and 6; clearly show that our proposed method takes more (2015)
time to complete both the encryption and decryption process
1000 0.18 0.22 0.08
than existing hybrid methods. In recent years, high computa-
2500 0.3 0.35 0.088
tion device has been introduced to improve the performance
5000 0.98 1.35 0.126
of any complex operations, therefore computation time is
7500 2.18 3.46 0.332
not a problem for our method. However, the security of pro-
10000 4.08 5.67 1.53
posed methods is much better than other hybrid methods;
the detailed analysis is clearly shown in Sect. 7 (Tables 8, 9).

6.2 Statistical analysis of proposed HCAC: EHR

method

The data was analyzed with different existing algorithms

such as Oladeji and Akomolafe (2017), Singh and Kaur
(2015), Tariq (2018) and Timothy and Santra (2017) with
proposed method HCAC: HER by varying the files size
from 1000, 2500, 5000, 7500, 10000. Let us considered
input data is increased in terms of 20000, 40000, 60000,
80000, and 100000. With three separate algorithms, the
average time comparison of encryption and decryption cal-
culations is performed as shown in Fig. 7. The proposed
algorithm takes about 5.3448 s for 1,00,000 records to be
authenticated, while the existing hybrid algorithms take
4.124. 4.4445, 4.9605 and 4.504 s. Nonetheless, it takes
2.9011, 3.3268, 3.8034 and 3.7145 s to decode existing Fig. 8  Index generation time for a document
methods, while the proposed algorithm takes 4.2011 s.

Table 9  Decryption time Data Oladeji and Akomo- Singh and Kaur Tariq (2018) Timothy and HCAC-EHR
comparison based on the lafe (2017) (2015) Santra (2017)
existing hybrid methods
1000 1.112 1.278 1.328 1.292 1.471
2500 1.25 1.432 1.923 1.897 2.016
5000 1.87 1.678 2.761 2.542 2.862
7500 1.789 2.478 3.194 3.053 3.35
10000 2.01 2.877 3.226 3.153 3.706

13
 P. Chinnasamy, P. Deepalakshmi

Table 11  Index storage space on cloud

Data Shekokar et al. Tariq (2018) HCAC-EHR
(2015)

1000 23.4 17 7.34

2500 37.65 29.7 14.7
5000 52 47 27.6
7500 75.4 68.12 35
10000 102 81 51.76

Fig. 10  Comparison of PSNR values with existing methods

and 0.22 s to generate an index of 1000 records whereas

the proposed method takes 0.08 s. Similarly, for 10000
records, the index time is 4.08 and 5.67 s, respectively.
The proposed method, however, takes 1.53 s, which is very
little time when compared to the two existing methods
(Table 10).

6.4 Index storage space in the cloud

Fig. 9  Index storage space in the cloud Storage space is a crucial aspect to be considered in the
secure retrieval of encrypted data. Figure 9 shows that
the proposed method consumes less memory than other
From this analysis, we can infer that, relative to existing
existing fuzzy-search methods (Guo 2016; Shekokar et al.
algorithms, the performance of the proposed algorithm is
2015) (Table 11).
less. Yet, relative to other hybrid systems, the security is
much improved in proposed method.
6.5 Performance evaluation of LSB steganography
6.3 Index generation time
Before performing comparison between cover image and
stegano images, we need to calculate the mean-square
The time of index generation depends on the number of
error (MSE) and peak-signal-noise ration (PSNR) using
files in the document. The index generation time increases
the Eqs. 4 and 5. The efficiency of the proposed method
correspondingly if the number of documents increases.
can be measured by means of different test cases and dif-
Furthermore, the data owner can only perform this opera-
ferent perspectives.
tion once using the generation of the sub-string index in
the Lucene library. As shown in Fig. 8, existing fuzzy
search methods (Guo 2016; Shekokar et al. 2015) take 0.18

Table 12  PSNR values of Cover Image (Phad Vitthal et al. 2011) (Saleh 2013) Proposed Method
different cover images
PSNR (dB) Embedding PSNR (dB) Embedding PSNR (dB) Embedding
capacity (KB) capacity (KB) capacity
(KB)

Lenna 42.4 251.08 53.68 249.67 56.99 679.99

Baboon 38.25 237.75 56.78 238.87 61.09 679.99
Peppers 41.99 249.79 52.29 257.57 60.83 679.99
House 42.24 259.46 53.68 251.08 61.15 679.99

13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud

Table 13  Time comparison of Cover image (Phad Vitthal et al. 2011) (Saleh 2013) Proposed method
hiding and extracting the key
Hiding time (s) Extracting Hiding time (s) Extracting Hiding time (s) Extract-
time (s) time (s) ing time
(s)

Lenna 0.86 0.88 0.99 1.02 0.80 0.57

Baboon 0.89 0.88 0.99 1.08 0.82 0.55
Peppers 0.89 0.89 1.10 1.13 0.75 0.57
House 0.91 0.91 1.07 1.12 0.87 0.57

Fig. 13  Histrogram of cover images

Fig. 11  Hiding time comparison with existing methods

Fig. 12  Extraction time comparison with existing methods

Fig. 14  Histogram of stegono images
∑
M,N [l1 (m, n) − l2 (m, n)]
MSE = (4) 6.5.1 Comparison of PSNR values with different cover
M×N
images
R2
PSNR = 10 log10 ( ) (5)
MSE
The first test case is to hide 8 KB key files into the same
where M, N, respectively, are cover images rows and col- size of different cover images. We compare our results with
umns, l1 and l2 mean the individual pixel values shown at (Phad Vitthal et al. 2011) and (Saleh 2013) technique using
various spots in the cover image as (m,n). the values of PSNR value as shown in Table 12. For all cover

13

images, the concealing efficiency of our proposed approach
is consistent, since this concealing capacity is determined
based on the image intensity which is stable for this experi-
ment. Figure 10 that addressed beautifully the effectiveness
of our proposed method (Table 12).
6.5.2 Comparison of hiding and extracting time
with existing methods
In the second scenario, key extraction and concealing dura-
tion is computed against same amount of data with distinct
cover images. The result of our method is compared with
existing methods introduced by Phad Vitthal et al. (2011)
and Saleh (2013) as shown in Table 13. Figures 11 and 12
demonstrate that proposed method has less time to hide and
extract key from cover image compare to existing methods
and confirms the improved performance of the proposed
method.
Figures 13 and 14 reveal scatter plots of Lena and Baboon
both during the hiding process, which mostly indicate that
perhaps the scatter plots of the actual and the watermarked
picture are distinguished from each other. The histograms’
coherence after masking show that the proposed model
offers security against attackers.
6.5.3 Features of proposed method
1. The patient’s data is encrypted before outsourced to the
health service provider and the decryption key is not
available in the cloud.
2. The enhanced RSA public key is used for encipher-
ing the patient’s data and this key is encrypted using
BLOWFISH algorithm so that attacker can never be
predict or break the keys.
3. The hybrid algorithm is unbroken until information
about the shared secret key is found. To achieve the
secrecy, we applied steganography-based access control
in secret key distribution.
4. Finally, the decryption of a patient’s data requires double
authentication. The user must get the authorization from
the data owner as well as from the health service pro-
vider in order to avoid the insider attacks and enhance
the user integrity.
7 Security analysis
7.1 Security against adaptive chosen ciphertext
attack
his attack is possible in the hybrid method’s key encapsula-
tion module. An opponent, (Cramer and Shoup 2004) A, is
capable of performing adaptive ciphertext attacks with the
13
P. Chinnasamy, P. Deepalakshmi
help of a cryptographic game that takes 1 W  , as input, where
the security parameter is w ∈ Z ⩾ 0. The motive behind this
attack is to disclose information about the encrypted mes-
sage or decryption key slowly.
Phase1 An adversary queries a key generation module,
such as
(PU, SK)←keygen (1W  ) response with the public key
(PU).
Phase2 The adversary makes calls in the decryption
mode. For each decryption call, the adversary submits the
ciphertext, C1.
Decrypt (1W  , SK, C1)
Phase3The adversary asks for the encryption module and
responds with
(K*, C1*) ←encrypt (1W  , PU)
Phase4 The adversary continues his call in the decryption
mode. The restriction to the submitted ciphertext, C1, is not
identical with C1*.
Phase5 The adversary outputs outa ∈ 0, 1
The authors define the Adaptive Chosen Ciphertext
(Cramer and Shoup 2004) of the adversary with the security
parameter Pr [out= outa ] - 1/2j in the attack game above.
Applying the security definition above works directly with
the quantity parameters, as in
AdvCCA’ (1W  ) = Pr [[outa = 1 | out = 0] - Pr [outa = 1 |
out = 1] ]
This is verified easily, as in
AdvCCA’ (1W  ) = 2 * AdvCCA (1W )
It is observed from the above phases that no opponent can
easily find the ciphertext key since it is encrypted using the
BLOWFISH secret key.
7.2 Security against mathematical attack
In the hybrid cryptosystem, we used two different keys for the
decryption process. This increased the security of data and
keys, even after losing one key. Still, the attack is not possible
because the data is still in its encrypted form.
7.3 Security against known plaintext attack
The intruder is only allowed to see the ciphertext C, but they
don’t have any knowledge about plaintext P.
The intruder can find some other plaintext/ciphertext pair,
which is denoted as (P’, C’). For the 16-bit condition, we are
able to match the a-parts of C with a-part of C’. From these
assumptions, we can conclude that a-part of P should be
matched with a-part of P’. Hence, we can learn about the 16-bit
information of ciphertext C. This attack is possible only if we
reduce the number of rounds and block size of our algorithm.
But our method supports 16 rounds and the very large subset
key to overcome the plaintext attack.
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
Table 14  Index storage space y − x 4n + (y − x)2 y + x
on cloud
1 885
2 888
3 893
4 900
7.4 Security of an IKGSR algorithm
In the following section, we discuss different cases to crypta-
nalyst the proposed method. In general, the security of the
RSA algorithm depends on the difficulty of factoring n. The
factors of n are able to find 𝜙 (n) and then d. As such, we can
use Fermat Factorization (Ferguson et al. 2015; Rabin 1980)
method for finding large factors.
Assume that N = xy, where x ≤ y. we may assume that N
is odd. We can let
u =(x + y)∕2
v = (y − x)∕2
N =x2 − y2 , 0 ≤ y < x ≤ N
In RSA n is the multiplication of two unique prime numbers.
Consider n = x × y, x < y.
Case 1: Suppose (y − x) is too large then x be a small
Case 2: Suppose (y − x) is too small then
(y + x)2 − (y − x)2=4xy
(y + x)2 = 4n + (y − x)2 (i.e. n = xy)
Suppose we get the value of y − x, then the value of 4n +
(y − x)2 should be a perfect square
Example
Let us consider n = 221 (Table 14)
From there, we can determine the value y − x = 4 and y
+ x=30 and also find x and y values respectively. From the
above example, the difference between y and x value should
be very high, otherwise, we can easily factorize n. In Yong
et al. (2012), argued that an 80-digit value of n provides
moderate security. However, our proposed method gener-
ates up to 100 digits of n. Hence, our method provides better
security compared to traditional RSA Methods.
7.5 Protection from keyword guessing attacks
Here, the intruder tries to eavesdrop on secure communica-
tion channels to obtain the ciphertext keys and keywords
sent to the cloud user. However, in our proposed work, such
an attack is impossible, because the intruder initially needs
the access keys to apply the test functions. Further, in the
proposed approach, the secret keys are embedded into an
image using LSB steganography. The steganography-based
access control provides additional security to the proposed
method.
29.7489
29.7993
29.8831 8 Conclusion
30
This article solved the problem of cloud storage security and
health care data sharing, in a secure manner, using access
control based on hybrid cryptography. Therefore, we intro-
duced a novel technique by proposing hybrid algorithms
combining IKGSR and Blowfish to solve storage security
problems. The proposed access control mechanisms, based
on steganography, solve the issue of sharing keys and health-
care data. Moreover, the threat model is designed with dif-
ferent security attacks using the DREAD technique and anal-
ysis. Compared to other hybrid cryptography algorithms, the
result section clearly showed that the proposed HCAC: EHR
method provided good performance. The proposed security
evaluation of the HCAC: EHR system is performed against
adaptive ciphertexts and keywords guessing an attack. In the
(6)
future, we plan to offer a secure storage and sharing system
of healthcare data based on blockchain technology.
(7)
References
2018. https​://healt​h.data.ny.gov/api/views​/tsg2-5hds/files​/5ded1​75fec​
f34dd​2bb38​df464​b1379​58?ilena​me=NYSDO​HHosp​italI​npati​
entDi​schar​gesSP​ARCSD​eIden​tifie​d2016​.zip
AHIMA (2016) what is a personal health record (PHR)? http://myphr​
.com/Start​aPHR/whati​saphr​.aspx
Ajala JA, Singh S, Mukherjee S, Chakraborty S (2019) Application of
steganography technique in cloud computing. In: 2019 interna-
tional conference on computational intelligence and knowledge
economy (ICCIKE), pp 532–537. https​://doi.org/10.1109/ICCIK​
E4780​2.2019.90043​47
Al-Farraji OII (2016) Steganography by use binary operations. Int J
Eng Res General Sci 4:179–87
Ali M, Malik SUR, Khan SU (2017) Dasce: data security for cloud
environment with semi-trusted third party. IEEE Trans Cloud
Comput 5(4):642–655. https​://doi.org/10.1109/TCC.2015.24464​
58
Alshehri S, Mishra S, Raj RK (2016) Using access control to mitigate
insider threats to healthcare systems. In: 2016 IEEE international
conference on healthcare informatics (ICHI), pp 55–60. https​://
doi.org/10.1109/ICHI.2016.11
Singh AK, Singh J, Singh V (2015) Steganography in images using lsb
technique. Int J Latest Trends Eng Technol (IJLTET) 5:426–430
Sirisha BL, Kumar SS, Mohan BC (2015) Steganography based infor-
mation security with high embedding capacity. In: National con-
ference on recent advances in electronics computer engineering
Bansal VP, Singh S (2015) A hybrid data encryption technique using
rsa and blowfish for cloud computing on fpgas. In: 2015 2nd inter-
national conference on recent advances in engineering computa-
tional sciences (RAECS), pp 1–5. https:​ //doi.org/10.1109/RAECS​
.2015.74533​67
Bhase G, Mangrulkar RS (2018) An access control system using visual
cryptography and steganography. In: 2018 fourteenth international
13

conference on information processing (ICINPRO), pp 1–6. https​
://doi.org/10.1109/ICINP​RO435​33.2018.90966​73
Bouchti AE, Bahsani S, Nahhal T (2016) Encryption as a service for
data healthcare cloud security. In: 2016 fifth international confer-
ence on future generation communication technologies (FGCT),
pp 48–54. https​://doi.org/10.1109/FGCT.2016.76050​72
Buchade AR, Ingle R (2014) Key management for cloud data storage:
methods and comparisons. In: 2014 fourth international confer-
ence on advanced computing communication technologies, pp
263–270. https​://doi.org/10.1109/ACCT.2014.78
Liang C, Ye N, Malekian R, Wang R (2016) The hybrid encryption
algorithm of lightweight data in cloud storage. In: 2016 2nd
international symposium on agent, multi-agent systems and
robotics (ISAMSR), pp 160–166. https​://doi.org/10.1109/ISAMS​
R.2016.78100​21
Chinnasamy P, Deepalakshmi P (2018) Improved key generation
scheme of rsa (ikgsr) algorithm based on offline storage for cloud.
In: Rajsingh EB, Veerasamy J, Alavi AH, Peter JD (eds) Advances
in big data and cloud computing. Springer Singapore, Singapore,
pp 341–350
Chinnasamy P, Deepalakshmi P (2018) Design of secure storage for
health-care cloud using hybrid cryptography. In: 2018 second
international conference on inventive communication and com-
putational technologies (ICICCT), pp 1717–1720. https​://doi.
org/10.1109/ICICC​T.2018.84731​07
Chinnasamy P, Deepalakshmi P, Shankar K (2020) Chapter 6—an
analysis of security access control on healthcare records in
the cloud. In: Singh AK, Elhoseny M (eds) Intelligent data
security solutions for e-health applications, intelligent data-
centric systems. Academic Press, New York, pp 113–130.
https​://doi.org/10.1016/B978-0-12-81951​1-6.00006​-6 (ISBN
978-0-12-819511-6)
Chiuchisan I, Balan D, Geman O, Chiuchisan I, Gordin I (2017) A
security approach for health care information systems. In: 2017
E-health and bioengineering conference (EHB), pp 721–724. https​
://doi.org/10.1109/EHB.2017.79955​25
Cramer R, Shoup V (2004) Design and analysis of practical public-
key encryption schemes secure against adaptive chosen ciphertext
attack. SIAM J Comput 33(1):167–226. https​://doi.org/10.1137/
S0097​53970​24037​73
Esposito C, De Santis A, Tortora G, Chang H, Choo KR (2018) Block-
chain: a panacea for healthcare cloud-based data security and pri-
vacy? IEEE Cloud Comput 5(1):31–37. https​://doi.org/10.1109/
MCC.2018.01179​1712
Fan Y, Lin X, Tan G, Zhang Y, Dong W, Lei J (2019) One secure
data integrity verification scheme for cloud storage. Future
Gener Comput Syst 96:376–385. https​://doi.org/10.1016/j.futur​
e.2019.01.054
Ferguson N, Schneier B, Kohno T (2015) Primes. Wiley, New York,
pp 163–180. https ​ : //doi.org/10.1002/97811 ​1 8722 ​ 3 67.ch10
(chapter 10)
Fu Z, Shu J, Sun X, Zhang D (2014) Semantic keyword search based
on trie over encrypted cloud data. In: Proceedings of the 2nd
international workshop on security in cloud computing, SCC
’14, pp 59–62, New York, NY, USA. Association for Computing
Machinery. ISBN 9781450328050. https:​ //doi.org/10.1145/26000​
75.26000​81
Gallagher LA (2012) Cloud computing in healthcare: privacy and
security considerations, WSHIMA. http://www.himss.org/
sites/himssorg/files/HIMSSorg/Content/files/CloudComputing
WSHIMA042012-LG.pdf
Guo C, Zhuang R, Jie Y, Ren Y, Wu T, Choo KK (2016) Fine-grained
database field search using attribute-based encryption for e-health-
care clouds. J Med Syst 40:1–8
Gutub A, Al-Ghamdi M (2019) Hiding shares by multimedia image
steganography for optimized counting-based secret sharing.
13
P. Chinnasamy, P. Deepalakshmi
Multimed Tools Appl 79:7951–7985. https​://doi.org/10.1007/
s1104​2-019-08427​-x
Hosam O, Ahmad MH (2019) Hybrid design for cloud data security
using combination of aes, ecc and lsb steganography. Int J Comput
Sci Eng 19:153–161
Ahaiwe J (2014) Document security within institutions using image
steganography technique. Int J Sci Res (IJSR) 3:528–535
Alhassan JK, Abba E, Olaniyi OM, Waziri VO (2016) Threat modeling
of electronic health systems and mitigating countermeasures. In:
International conference on information and communication tech-
nology and its applications, pp 82–89
Karame GO, Soriente C, Lichota K, Capkun S (2019) Securing cloud
data under key exposure. IEEE Trans Cloud Comput 7(3):838–
849. https​://doi.org/10.1109/TCC.2017.26705​59
Kartit Z, Azougaghe A, Idrissi HK, El Marraki M, Hedabou M,
Belkasmi M, Kartit A (2016) Applying encryption algorithm for
data security in cloud storage. In: Sabir E, Medromi H, Sadik M
(eds) Advances in ubiquitous networking. Springer Singapore,
Singapore, pp 141–154
Kruse CS, Smith B, Vanderlinden H, Nealand A (2017) Security tech-
niques for the electronic health records. J Med Syst. https​://doi.
org/10.1007/s1091​6-017-0778-4
Coppolino L, D’Antonio S, Romano L, Sgaglione L, Staffa M (2017)
Addressing security issues in the e-health domain relying on
siem solutions. In: IEEE 41st annual computer software and
applications conference (COMPSAC), pp 510–515 https​://doi.
org/10.1109/COMPS​AC.2017.45
Lee CF, Weng CY, Sharma A (2016) Steganographic access control
in data hiding using run length encoding and modulo operations.
Secur Commun Netw 9:139–148
Mai V, Khalil I, Ibaida A (2013) Steganography-based access control
to medical data hidden in electrocardiogram. In: 2013 35th annual
international conference of the IEEE engineering in medicine and
biology society (EMBC), pp 1302–1305. https​://doi.org/10.1109/
EMBC.2013.66097​47
Maitri PV, Verma A (2016) Secure file storage in cloud computing
using hybrid cryptography algorithm. In: 2016 international
conference on wireless communications, signal processing and
networking (WiSPNET), pp 1635–1638. https​://doi.org/10.1109/
WiSPN​ET.2016.75664​16
Medicare (2018) Centers for Medicare Medicaid Services. Electronic
Health Record. https://www.cms.gov/Medicare/Ehealth/EHeal-
thRecords/index.html
Oladeji M. O. A, Akomolafe P (2017) A hybrid cryptographic model
for data storage in mobile cloud computing. Int J Comput Netw Inf
Secur (IJCNIS) 9:53–60. https:​ //doi.org/10.5815/ijcnis​ .2017.06.06
Yong PE, Wei ZH, Feng XI, Dai ZH, Yang GA, Chen DQ (2012)
Secure cloud storage based on cryptographic techniques. J China
Univ Posts Telecommun 19:182–189. https​://doi.org/10.1016/
S1005​-8885(11)60424​-X
Phad Vitthal S, Bhosale Rajkumar S, Panhalkar Archana R (2011)
A novel security scheme for secret data using cryptography and
steganography. Int J Comput Netw Inf Secur 2:36–42
Patil P, Narayankar P, Narayan DG, Meena SM (2016) A compre-
hensive evaluation of cryptographic algorithms: Des, 3des, aes,
rsa and blowfish. Proc Comput Sci 322(78):617–624. https​://doi.
org/10.1016/j.procs​.2016.02.108
Rabin M (1980) Probabilistic algorithm for testing primality. J Number
Theory 12:128–138
Raghavendra S, Meghana K, Doddabasappa P, Geeta C, Buyya R,
Venugopal K, Iyengar S, Patnaik L (2016) Index generation and
secure multi-user access control over an encrypted cloud data.
Proc Comput Sci 89:293–300. https​://doi.org/10.1016/j.procs​
.2016.06.062
Raghavendra S, Reddy CS, Geeta CM, Buyya R, Venugopal KR, Iyen-
gar SS, Patnaik LM (2016) Survey on data storage and retrieval
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
techniques over encrypted cloud data. Int J Comput Sci Inf Secur
(IJCSIS) 14:718
Rahmani H, Sundararajan E, Ali ZM, Zin AM (2013) Encryption as a
service (eaas) as a solution for cryptography in cloud. Proc Tech-
nol 11:1202–1210. https​://doi.org/10.1016/j.protc​y.2013.12.314
(4th International Conference on Electrical Engineering and
Informatics, ICEEI 2013)
Reshma V, Gladwin SJ, Thiruvenkatesan C (2019) Pairing-free cp-abe
based cryptography combined with steganography for multimedia
applications. In: 2019 international conference on communica-
tion and signal processing (ICCSP), pp 0501–0505. https​://doi.
org/10.1109/ICCSP​.2019.86980​53
Tavoli R, Bakhshi M, Salehian F (2016) A new method for text hiding
in the image by using LSB. Int J Adv Comput Sci Appl 7:126–32
Ruth JA, Sirmathi H, Meenakshi A (2019) Secure data storage and
intrusion detection in the cloud using mann and dual encryption
through various attacks. IET Inf Secur 13(8):321–329
Sajay KR, Babu SS, Vijayalakshmi Y (2019) Enhancing the security
of cloud data using hybrid encryption algorithm. J Ambient Intell
Humaniz Comput. https​://doi.org/10.1007/s1265​2-019-01403​-1
Saleh S (2013) A secure data communication system using cryp-
tography and steganography. Int J Comput Netw Commun
5(3):125–137
Sarkar MK, Kumar S (2016) Ensuring data storage security in cloud
computing based on hybrid encryption schemes. In: 2016
fourth international conference on parallel, distributed and
grid computing (PDGC), pp 320–325. https​://doi.org/10.1109/
PDGC.2016.79131​69
Schneier B (1996) Applied cryptography, 2 edn. Wiley, Inc, US
Shekokar N, Sampat K, Chandawalla C, Shah J (2015) Implementation
of fuzzy keyword search over encrypted data in cloud comput-
ing. Proc Comput Sci 45:499–505. https:​ //doi.org/10.1016/j.procs​
.2015.03.089(International Conference on Advanced Comput-
ing Technologies and Applications (ICACTA))
Singh N, Kaur PD (2015) A hybrid approach for encrypting data on
cloud to prevent dos attacks. Int J Database Theory Appl 8:145–
154. https​://doi.org/10.14257​/ijdta​.2015.8.3.12
Tariq H, Agarwal P (2018) Secure keyword search using dual encryp-
tion in cloud computing. Int J Inf Technol 12:1063–1072. https​://
doi.org/10.1007/s4187​0-018-0091-6
Timothy DP, Santra AK (2017) A hybrid cryptography algorithm for
cloud computing security. In: 2017 international conference on
microelectronic devices, circuits and systems (ICMDCS), pp 1–5.
https​://doi.org/10.1109/ICMDC​S.2017.82117​28
Vegh L, Miclea L (2015) Access control in cyber-physical systems
using steganography and digital signatures. In: 2015 IEEE inter-
national conference on industrial technology (ICIT), pp 1504–
1509. https​://doi.org/10.1109/ICIT.2015.71253​09
Venkatraman K, Geetha K (2019) Dynamic virtual cluster cloud
security using hybrid steganographic image authentication algo-
rithm. Automatika 60(3):314–321. https​://doi.org/10.1080/00051​
144.2019.16244​09
Wainer J, Campos CJ, Salinas MD, Sigulem D (2008) Security require-
ments for a lifelong electronic health record system: an opinion.
Open Med Inform J 2:160–165. https​://doi.org/10.2174/18744​
31100​80201​0160
Yang Y (2015) Attribute-based data retrieval with semantic keyword
search for e-health cloud. J Cloud Comput 4:1–6
Zhang R, Liu L (2010) Security models and requirements for healthcare
application clouds. In: 2010 IEEE 3rd international conference on
cloud computing, pp 268–275. https​://doi.org/10.1109/CLOUD​
.2010.62
Zhang Y, Xu C, Ni J, Li H, Shen XS (2019) Blockchain-assisted public-
key encryption with keyword search against keyword guessing
attacks for cloud storage. IEEE Trans Cloud Comput. https​://doi.
org/10.1109/TCC.2019.29232​22
Publisher’s Note Springer Nature remains neutral with regard to
jurisdictional claims in published maps and institutional affiliations.
13