Professional Documents
Culture Documents
Base Paper
Base Paper
https://doi.org/10.1007/s12652-021-02942-2
ORIGINAL RESEARCH
Abstract
Technology that is perfect is free of vulnerability. Technological growth offers users online data storage and access to it from
anywhere. Cloud computing is a model that provides data storage on a contract facility and a slew of different services. Today,
online data relating to health is inevitably stored and managed. These health records comprise data that includes X-ray images,
scanned images, therapy procedures, medical prescriptions, and patient information. Medical professionals use the stored
health data for diagnosis, patients for their understanding, and government and insurance companies for further follow-up.
Since multiple category of users want access to health data, data needs protection and to be stored with extreme security
before being stored online in the form of electronic health records (EHRs) with proper access control mechanisms. To this
end to provide secure cloud storage, we propose a novel scheme by implementing a hybrid cryptography algorithm in which
we use Improved Key Generation Scheme of RSA (IKGSR) algorithm to encrypt health data and Blowfish algorithm for
key encryption. We follow steganography-based access control for key sharing by means of substring indexing and keyword
search mechanism to efficiently retrieve the encrypted data. We measure performance evaluation as well as the security of
the proposed method and compare with existing hybrid method consider New York State Department of Health dataset. The
results clearly confirm that our method provides better security and also retrieves data efficiently.
Keywords Cloud security · Steganography-based access control · Hybrid cryptography · Electronic health record (EHR) ·
Wildcard-fuzzy search · Health Care Cloud
13
Vol.:(0123456789)
P. Chinnasamy, P. Deepalakshmi
The accessibility of electronic health system is down and may lead to the possibility
The unauthorized access to health care system may exist and there will be possibil-
Since patient history, medications get changed, human life will become critical.
Repudiation is the ability of users to deny the performance of specific actions. The
lowing actors, like Researchers, Cloud servers, Attenders, Doctor’s and Admin-
data to ciphertext using encoding methods. After receiving
Elevation of Privilege Privileged access to resources to compromise the system with unauthorized
following the appropriate decoding method with pertinent
decryption key. Symmetric/Private key methods like AES,
3DES, and Blowfish (Patil et al. 2016) use same key for
enciphering and deciphering. The RSA and Elgammal (Patil
et al. 2016) are examples of public key/asymmetric crypto-
system, which have two keys to encode and decode the data,
respectively. Therefore, an encryption scheme is needed that
offers enhanced security based on user aspects or privileges,
(PIN).
Threat types
Repudiation
Tampering
13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
Access Control) properties. The greatest vulnerability in different keys, a public key and a private key. However,
terms of data security is in dealing with data leaks by insid- since the public cryptosystem has a problem in calculating
ers, indicating that internal users access control (Coppolino large exponential operations, it is a time-consuming pro-
et al. 2017) is far more important than that of external users. cess. On the other hand, a hybrid cryptosystem that com-
A key security aspect is access control that limits access to bines both symmetric and asymmetric systems can offer
sensitive information, provided in the form of role, attrib- high security and better speed (Chinnasamy and Deepalak-
ute and identity-based access control (Kruse et al. 2017). In shmi 2018). Since hybrid systems take advantage of the
Chinnasamy et al. (2020), reported that Role-Based Access high speed of symmetric algorithms for a secure exchange
Control (RBAC) policies follow a need-to-know security of keys, we adopt this concept to resolve the research ques-
principle and satisfy least-access privileges. The RBAC, tions we consider.
thus, can be considered an appropriate model for the health- Encryption at client before outsourcing the data to
care cloud. the cloud server helps to achieve stored data confidenti-
To ensure secure storage and access to electronic health ality. Encrypted data reduces the ability of the server to
records, the authors of (Chinnasamy et al. 2020; Chiuchisan search for keywords, since the server cannot simply cre-
et al. 2017) adopted the following security requirements : (i) ate a search for plaintext keywords on encrypted data. A
Secure storage of EHR—Information of a patient is stored person who accesses the data therefore needs the actual
electronically, as in cloud storage, either on a local machine keyword search functionality over encrypted cloud data for
or on a shared server. The challenge here is to ensure safe efficient data recovery. To maintain users data confidenti-
storage of sensitive health data, including where and how ality, no information pertaining to the searched keyword
it should be stored, (ii) it Safeguard from unauthorized or retrieved record must be leaked.
user access—In many cases, medical data have confiden- Again through literature review, we gained the confi-
tial information that requires protection, and access should dence to solve the research questions we raised above in
be avoided coming through unauthorized channels, (iii) following ways :
Physical Threats—Physical threats may exist where ever
accessing resources is based on either an organizational code 1. To provide security on the client side by implementing a
or RFID. This means that access privileges revoke should hybrid cryptography mechanisms before uploading data
happen immediately in cases when an employee leaves an into the cloud. Here, for the hybrid approach, we use the
organization for good or bad reason. combination of Improved Key Generation Scheme of
The author (Chinnasamy et al. 2020) sensed that the RSA (IKGSR) (Chinnasamy and Deepalakshmi 2018)
motive of the adversaries who might be either legitimate or and Blowfish (Schneier 1996) algorithm
unauthorized users is to collapse the entire system. In Zhang 2. To ensure the safe exchange of key and data by introduc-
and Liu (2010), the authors discussed various security ing steganography-based access control.
models and components for making healthcare application
clouds. In addition, they highlighted three important core The rest of the paper is organized in following way. Sec-
components applied to securing the heath data as encryption, tion 2 discusses related works. Section 3 presents diverse
secure key sharing, and signature verification. The author, techniques adopted for the method proposed. Section 4 dis-
(Alshehri et al. 2016) discussed the data breaches of patient cusses in detail the proposed method. Section 5 discusses
data, caused by insider attacks. In order to find the insider the set-up of the simulation to implement the method pro-
attacks, the author constructed a threat model to minimize posed. Section 6 analyzes the results and Sect. 7 discusses
the unauthorized access and improper use of data. the security implications of the proposed method. Finally,
During literature review about protecting electronic we conclude our study along with future work Sect. 8.
health data research, we got interest in answering to the fol-
lowing research questions :
13
P. Chinnasamy, P. Deepalakshmi
2.1 Hybrid cryptography cloud was proposed to reduce the security risk associated
with the encryption of service providers and to strengthen
Kartit and Azougaghe (2016), presented a new hybrid security on the side of the client.
cryptographic scheme to secure cloud storage. The data is Liang et al. (2016) proposed a hybrid encryption tech-
encrypted using various key sizes of AES. The AES keys are nique with the AES-RSA used for encryption and decryption
encrypted by using RSA-1024. Here, no intruder can decrypt in the cloud for lightweight data. The AES was used with an
the original data because two different keys are needed for improved RSA algorithm to ensure data privacy. It does not
decryption. In addition, a dual authentication mechanism is apply to multimedia data for lightweight data only.
used both in cloud storage and on the enterprise server to
decipher the data. 2.2 Keyword search on encrypted data
In addition to a Field Programmable Gate Array (FPGA),
by combining RSA and Blowfish algorithms, (Bansal and Raghavendra et al. (2016), presented a detailed overview of
Singh 2015) offered a hybrid mechanism. In terms of the several data retrieval techniques along with their benefits
FPGA, this method effectively delivers high security at a and limitations over encrypted cloud data. Different keyword
low cost. The problem, however, is the large key size (448 search schemes have been discussed and analyzed in the
bits) and the fact that itis not applicable to multimedia data. survey, based on parameters like security, scalability, query
The author (Oladeji and Akomolafe 2017), created a efficiency and functionality. Since data sharing is a major
new data storage framework using a hybrid mechanism. aspect of any growing technology, it has analyzed various
AES, Blake2b and Schnorr signature algorithms are used methods of data sharing based on user revocation, encryp-
to secure the data. The service provider does not know the tion methods, the privacy of identity and key distribution.
personal encryption method for enhanced security since data Raghavendra et al. (2016) proposed a novel solution for
encryption is performed on the side of the client before it generating an index to secure multi-user access control over
is uploaded to the cloud. This method supports multimedia encrypted cloud data. The RSA is used for the generation of
files such as audios, images, and videos as well. encryption and substring index with the Chinese Remain-
Singh and Kaur (2015) suggested an encryption method der Theorem (CRT). Storage space, as well as computa-
for user data before uploading it to the cloud using two meth- tional overhead, has been reduced with the RSA-CRT. The
ods. Use the RSA algorithm to encode the secret key, and only limitation of this proposed method is that it cannot be
AES is used to encrypt user data. It also follows the same applied to texts and multimedia files.
process for decryption. This hybrid technique prevents cloud Guo (2016), proposed an innovative structure for restrict-
attacks from Denial of Service (DoS). The drawback is that ing access in semi-trusted cloud servers to EHRs stored. By
compared to other techniques, it takes much more time to encrypting the entire tables of patients using CP-ABE, fine-
complete the entire process. grained access control is achieved. This work allows search-
Sarkar and Kumar (2016) proposed a framework using ing for assorted database fields by a range of users with
a hybrid encryption scheme to ensure data security in the different privileges. The only drawback here is the duration
cloud. This method also increases the security of cloud data of time taken to encrypt and decrypt patients’ data tables in
with high overhead and low communication costs. their entirety.
The auhtors (Bouchti et al. 2016), offered a new Cryptog- Yang (2015) proposed data retrieval based on attributes
raphy-as-a-Service (CaaS) hybrid architecture that would using an e-health cloud semantic keyword search. In addi-
allow cloud clients to use their cryptographic operations tion to a search for synonymous keywords, this study uses
and keys. A homomorphic algorithm and RSA were used attribute-based encryption to achieve fine-grained access
to ensure data security for healthcare. The architecture pro- control. With this feature, the study focuses on multiple
posed is implemented at the OpenStack cloud’s lowest level. senders and a multi-user application scenario to provide
The performance is analyzed with existing techniques in flexible searchable encryption (SE) technique.
terms of encryption and decryption times. Shekokar et al. (2015) designed a fuzzy keyword search
Maitri and Verma (2016), proposed to use a hybrid cryp- over encrypted data in cloud computing. Secure cloud stor-
tographic technique to secure cloud file storage. The key age is created, using AES encryption and a fuzzy keyword
integrity is achieved by hiding the key in the cover image search for data retrieval. For exact keyword matching, the
using the Least Significant Bit (LSB) steganography. wildcard-based technique is applied. However, since it does
The author (Yong et al. 2012), analyzed and discussed the not create an index of mapped words, the functionality of
performance of several types of cryptographic techniques the search procedure is slow.
used in current cloud storage. Rahmani et al. (2013) offered Fu et al. (2014) developed a new Trie-based semantic
a new model of service based on the cloud concept of any- keyword search over encrypted cloud data. By the stem-
thing-as-a-Service (XaaS). Encryption-as-a-Service for the ming method, the stem sets are created to decrease the index
13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
dimension. The Trie search index enables this technique system proposed is compared with the current system in
to maximize search efficiency. This technique is based on terms of computing time, overhead communication and key
an exact keyword search. No data can be retrieved with a distribution.
wrongly-entered keyword. Buchade and Ingle (2014), addressed various primary
Tariq (2018) introduced a new scheme to search cloud storage management techniques. Through applying
encrypted data using dual encryption methodologies. The various cloud environments, they defined diverse key man-
fuzzy keyword search technique, in tandem with a wild- agement techniques. They studied on-site and off-site key
card search, is used to retrieve encrypted data and upgrade management strategies at client, server, and key splitting
information security. This method is slower than traditional for various cloud environments such as public, private, and
algorithms. group cloud.
Esposito et al. (2018), surveyed the integrity and storage Ruth et al. (2019), proposed a novel intrusion detection
problem of healthcare data. The researchers have suggested mechanisms based on text along with safe cloud storage. In
the blockchain technology as a strategy to enhance the integ- this, double encryption technique achieves the secure data.
rity and storage security of data. They introduced the off- Steganography method is applied to improve data protection
chain storage of data, where the data is stored outside the to boost the efficiency of dual encryption framework. The
blockchain in the conventional or distributed database. The proposed output is tested against data-occupied encryption,
hashes of data are stored inside the blockchain. decryption, and memory. Proposed secure storage security
Ali et al. (2017) developed data security for cloud envi- is tested against denial of service and man-in-middle attacks.
ronment (DaSCE) protocol, a security system for cloud Gutub and Al-Ghamdi (2019), focused on improving
storage, which offered guaranteed removal of key manage- counting-based secret shares for enhanced security along-
ment, access control, and file-assured deletion. The integrity side fast computing. To store the optimized shares they have
of data is achieved using the symmetric key and Message introduced image based steganography. The experimental
Authentication Code (MAC). This model is based on struc- tests are carried out by changing the size of the key from 64,
tured High level petri nets (HLPN). 128 and 256 bits. Proposed method performance is evaluated
Zhang et al. (2019) suggested a stable and efficient public against protection, robustness, and capability. The steganog-
key encryption with keyword search PEKS scheme called raphy is very useful in sharing the keys between two parties
Secure SEPSE to avoid off-line Keyword Guessing Attack compared with other sharing methods.
(KGA), where multiple key servers are used to enable the Reshma et al. (2019), proposed a hybrid approach incor-
encryption of keywords to free SEPSE from the one-point porating cryptography and steganography to integrate a
failure problem. SEPSE can prevent the KGA, online, by crypt text into an image to improve data protection and data
using the proposed block chain-assisted rate that limits ownership for multimedia applications. Access control of the
mechanism, where the number of server-derived keyword proposed system is accomplished through the implementa-
requests for each user, in each epoch, is limited. The prac- tion of free CP-ABE pairing scheme. This method’s output
tical implementation of the block chain-assisted rate-lim- is measured against run-time of an algorithm.
iting mechanisms is done over ethereum. The results of The various applications of cryptography, steganogra-
SEPSE mechanisms are efficient in terms of communica- phy and hybrid mechanisms were explored by Ajala et al.
tion and computation costs. In the future, they are planned (2019). With its strengths and drawbacks, they supported
to enhance the security, efficiency, and functionality of data the thorough comparison with different schemes. They said
outsourcing. proposed method also often enhanced security, as well as
Karame et al. (2019) studied about data confidentiality safe communications, exchanging the keys in a secure way.
against an adversary, who knows the encryption key and citearun, suggested a novel technique of hiding data to
has access to a large fraction of the ciphertext blocks. The carry out a hidden communication in military use. Here the
above problem can be solved by the Bastion scheme. The secret text / file is concealed in a cover image, and then trans-
security of this method is analyzed whereas the overhead of ferred to the recipient. They’ve introduced LSB technique
this method is less compared to the existing scheme. to ensure safe key sharing in a cover picture. They merged
steganography with cryptography to create an unbreakable
2.3 Issues on key management and key hiding communication device in the future. Hiding technique is
greatly improved, in addition to data compression efficiency.
Fan et al. 2019, proposed a new method for verifying data Al-Farraji (2016), implemented a new binary-operated steg-
integrity known as protected identity based aggregate sig- anography process. They conducted additional LSB-based
natures (SIBAS). SIBAS achieves outsourced data integ- image/pixel value and ASCII value operations of the key
rity together with efficient key management using the character value and then safe communication or hiding of
Shamir (t, n) threshold techniques. The efficiency of the some sensitive information.
13
P. Chinnasamy, P. Deepalakshmi
Vegh and Miclea (2015), have suggested a novel tech- Bhase and Mangrulkar (2018), designed a methodology
nique by combining digital signatures with encryption algo- for access control by applying visual cryptography, and
rithms to enhance device security. Here, they’ve split the pri- steganography techniques. They implemented a prototype
vate key to prevent the unauthorized user from accessing the which actually splits the program into various degrees of
device and defining user roles. This system’s protection is privileges and can award various read/write permissions
improved by applying the steganography on the private keys. for the access to a particular level based on the users role.
Sirisha et al. (2015), developed a high-capacity technique Hosam (2019), suggested a hybrid approach to address
of hiding information based on steganography. The two key management issues. The actual data is encrypted
photos of the same scale are hidden here with reasonable through a secret Key using AES encryption method. The
resolution. Additionally, the threshold secret sharing scheme 256-bit key is again encrypted through the ECC algorithm.
shamir (t, n) is used to securely distribute an image. This Afterwards, using the LSB steganography process, the
method achieves the steganography reversibility property for ECC key is enclosed in the user’s picture. The solution
retrieving the hidden images. In addition, it provides high proposed was developed using OpenCV python scripts.
efficiency compared with current approaches. The effectiveness of the proposed system on the basis of
Reza tavoli and bakhshi (2016), suggested a technique to encryption, image quality values, is comparable to con-
use LSB technique to conceal text images. Through applying ventional systems.
steganography method they solved the question of sharing Sajay et al. (2019), implemented the innovative meth-
confidential information over the internet. This approach was ods for solving cloud protection problems through the
implemented using system C#and.NET. This method’s out- adaptation of hybrid encryption. The authors handled their
put is correlated with the current frequency domain and the procedure mainly in two layers. In the first layer, they used
ratio of pixels. The protection of this system against existing a homomorphic algorithm to encrypt the input text and
methods is improved. in the other layer, they used the Blowfish algorithm to
Mai et al. (2013), described the steganography-based encrypt the first layer’s output. The efficiency and security
access control system to conceal the health records within of the proposed system is somewhat less compared to pre-
their cardiogram. The authors implemented the suggested vious hybrid methods such as the one proposed in Chin-
model consists of two different stages including the embed- nasamy and Deepalakshmi (2018). The literature review
ding and extraction processes using MATLAB. This serves as an obvious statement that many researchers have
approach provides functionality like safeguarding the user’s used the exact keyword search whereas occasional research
privacy, protecting health information confidentiality, reduc- has been conducted using the full-text search method. As
ing space for storage and making it much easier to upload a consequence, we deliberate to
and download the data.
Lee et al. (2016), implemented a revolutionary system 1. propose a secure cloud storage by implementing hybrid
for offering authorization, and restricted access through cryptography method, IKGSR-BLOWFISH
steganography. The buffered data is transferred using their 2. implement steganography-based access control in order
proposed algorithm and then concealed within the cover to solve key sharing problems.
image using significantly improved steganography run- 3. use full-text substring-based keyword search to effi-
length methodology. This system was implemented by ciently retrieve data, minimize medical errors, and
using improved LSB algorithm bit model. The experimen- improve efficiency.
tal results demonstrated that it could provide higher perfor- 4. demonstrate that the proposed method ensures better
mance, better PSNR standards and offering suitable inte- security, secure access control and efficient retrieval of
grated frames than other techniques. encrypted data using the experimental results.
Venkatraman and Geetha (2019), developed a new sys-
tem that provides hybrid encryption code data integrity and In traditional healthcare, the cloud has a lot of research
security comprising blowfish and code genetic algorithms. issues including authentication, secure data storage, secure
Experimental findings demonstrated that the designed SSIA data retrieval, secure data sharing, access control, audit-
technique could offer acceptable protection and execute at ing, etc. Among these issues, one of the important issues
fast speed by using hybrid cryptographic protocols and steg- is to enhance the secure data storage and secure retrieval
anography approaches to securely transmit the cryptographic of health care data. Some of the existing hybrid meth-
keys. ods offer confidentiality and secure cloud storage only.
13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
3 Technical background
3.1 Blowfish algorithm
13
P. Chinnasamy, P. Deepalakshmi
D Damage Potential If the adversary can get full permis- Leaks sensitive data Leaks irrelevant data
sion and run as an administrator
R Reproducibility This type of attack is repeated at This type of attack is reproduced with Hard to recreate
all times without need a timing a precise race condition
window
E Exploitability In a short time, a learner might create An expert programmer might make This requires both highly qualified and
the attack the attack and then recap the pro- full knowledge to be exploited
cedure
A Affected Users All customers, configuration by eva- A few users, a configuration without Obscure feature, a very less percentage
sion default of users; disturb unknown users
D Discoverability The attack is explained by published The susceptibility is in a rarely used The bug is cryptic, and users are
information. The vulnerability is a small portion of the product and unlikely to determine the potential for
found in the most frequently used small users should only encounter it damage
feature
13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
13
P. Chinnasamy, P. Deepalakshmi
4. Steganography-based access control in key distribution (c) After receiving the request from a cloud user for
After performing the wildcard-based keyword decryption the data owner sends the role-based
search, the cloud user gets the encrypted data from the access key to the cloud users.
cloud server. Before doing the decryption function, the (d) Using the role-based access key, cloud users can
following process is carried out between data owner and extract the stegano cover image by applying the
cloud user to enable the secret key sharing, (i.e. Fig. 4) LSB extraction method (Mai et al. 2013).
(e) Now, the cloud user can obtain the secret key of
(a) A data owner classifies his/her secret key in a the BLOWFISH algorithm and start decrypting
separate folder for individual documents. the data.
(b) The data owner embeds all the keys in a cover
image using different role-based access keys and
maintains the same.
13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
13
P. Chinnasamy, P. Deepalakshmi
Table 8 Encryption time Data Oladeji and Akomo- Singh and Kaur Tariq (2018) Timothy and HCAC-EHR
comparison based on the lafe (2017) (2015) Santra (2017)
existing hybrid methods
1000 1.345 1.564 1.582 1.533 2.012
2500 1.54 1.87 1.93 1.77 2.234
5000 1.589 1.986 2.302 2.186 2.626
7500 2.045 2.67 2.926 2.723 3.042
10000 2.45 3.045 3.121 2.953 3.508
6 Results and analysis Fig. 5 The encryption time comparison based on the existing hybrid
methods
The performance of the proposed HCAC-EHR (Hybrid
Cryptographic Access Control for Secure Retrieval of
Electronic Health Care Record) hybrid algorithm is com-
pared with the existing hybrid cryptographic method by
varying input data records for both encryption and decryp- and Timothy and Santra (2017). The authors (Tariq 2018;
tion processes in terms of runtime. Oladeji and Akomolafe 2017; Singh and Kaur 2015) used the
combination of original AES and RSA algorithms to secure
user data while BLOWFISH and standard RSA algorithms
6.1 Time comparison with existing hybrid methods were used as Timothy and Santra (2017). to secure user
of the proposed method data. However, we use IKGSR and BLOWFISH algorithm
to secure the healthcare data. The key generation, encryp-
In this chapter, we explain the extensive comparative analy- tion and decryption times of IKGSR are high compared to
sis of current hybrid methods with HCAC-EHR by Oladeji other RSA schemes. Furthermore, IKGSR algorithm secu-
and Akomolafe (2017), Singh and Kaur (2015), Tariq (2018) rity is analyzed against the method of brute-force attack and
13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
Fig. 6 The decryption time comparison based on the existing hybrid Fig. 7 Encryption vs decryption time comparison
methods
factorization. In terms of encryption and decryption time, Table 10 Time to generate an index for a document
the performance of the HCAC-EHR is measured. Figures 5 Data Shekokar et al. Tariq (2018) HCAC-EHR
and 6; clearly show that our proposed method takes more (2015)
time to complete both the encryption and decryption process
1000 0.18 0.22 0.08
than existing hybrid methods. In recent years, high computa-
2500 0.3 0.35 0.088
tion device has been introduced to improve the performance
5000 0.98 1.35 0.126
of any complex operations, therefore computation time is
7500 2.18 3.46 0.332
not a problem for our method. However, the security of pro-
10000 4.08 5.67 1.53
posed methods is much better than other hybrid methods;
the detailed analysis is clearly shown in Sect. 7 (Tables 8, 9).
Table 9 Decryption time Data Oladeji and Akomo- Singh and Kaur Tariq (2018) Timothy and HCAC-EHR
comparison based on the lafe (2017) (2015) Santra (2017)
existing hybrid methods
1000 1.112 1.278 1.328 1.292 1.471
2500 1.25 1.432 1.923 1.897 2.016
5000 1.87 1.678 2.761 2.542 2.862
7500 1.789 2.478 3.194 3.053 3.35
10000 2.01 2.877 3.226 3.153 3.706
13
P. Chinnasamy, P. Deepalakshmi
Table 12 PSNR values of Cover Image (Phad Vitthal et al. 2011) (Saleh 2013) Proposed Method
different cover images
PSNR (dB) Embedding PSNR (dB) Embedding PSNR (dB) Embedding
capacity (KB) capacity (KB) capacity
(KB)
13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
Table 13 Time comparison of Cover image (Phad Vitthal et al. 2011) (Saleh 2013) Proposed method
hiding and extracting the key
Hiding time (s) Extracting Hiding time (s) Extracting Hiding time (s) Extract-
time (s) time (s) ing time
(s)
13
P. Chinnasamy, P. Deepalakshmi
images, the concealing efficiency of our proposed approach help of a cryptographic game that takes 1 W , as input, where
is consistent, since this concealing capacity is determined the security parameter is w ∈ Z ⩾ 0. The motive behind this
based on the image intensity which is stable for this experi- attack is to disclose information about the encrypted mes-
ment. Figure 10 that addressed beautifully the effectiveness sage or decryption key slowly.
of our proposed method (Table 12). Phase1 An adversary queries a key generation module,
such as
6.5.2 Comparison of hiding and extracting time (PU, SK)←keygen (1W ) response with the public key
with existing methods (PU).
Phase2 The adversary makes calls in the decryption
In the second scenario, key extraction and concealing dura- mode. For each decryption call, the adversary submits the
tion is computed against same amount of data with distinct ciphertext, C1.
cover images. The result of our method is compared with Decrypt (1W , SK, C1)
existing methods introduced by Phad Vitthal et al. (2011) Phase3The adversary asks for the encryption module and
and Saleh (2013) as shown in Table 13. Figures 11 and 12 responds with
demonstrate that proposed method has less time to hide and (K*, C1*) ←encrypt (1W , PU)
extract key from cover image compare to existing methods Phase4 The adversary continues his call in the decryption
and confirms the improved performance of the proposed mode. The restriction to the submitted ciphertext, C1, is not
method. identical with C1*.
Figures 13 and 14 reveal scatter plots of Lena and Baboon Phase5 The adversary outputs outa ∈ 0, 1
both during the hiding process, which mostly indicate that The authors define the Adaptive Chosen Ciphertext
perhaps the scatter plots of the actual and the watermarked (Cramer and Shoup 2004) of the adversary with the security
picture are distinguished from each other. The histograms’ parameter Pr [out= outa ] - 1/2j in the attack game above.
coherence after masking show that the proposed model Applying the security definition above works directly with
offers security against attackers. the quantity parameters, as in
AdvCCA’ (1W ) = Pr [[outa = 1 | out = 0] - Pr [outa = 1 |
6.5.3 Features of proposed method out = 1] ]
This is verified easily, as in
1. The patient’s data is encrypted before outsourced to the AdvCCA’ (1W ) = 2 * AdvCCA (1W )
health service provider and the decryption key is not It is observed from the above phases that no opponent can
available in the cloud. easily find the ciphertext key since it is encrypted using the
2. The enhanced RSA public key is used for encipher- BLOWFISH secret key.
ing the patient’s data and this key is encrypted using
BLOWFISH algorithm so that attacker can never be 7.2 Security against mathematical attack
predict or break the keys.
3. The hybrid algorithm is unbroken until information In the hybrid cryptosystem, we used two different keys for the
about the shared secret key is found. To achieve the decryption process. This increased the security of data and
secrecy, we applied steganography-based access control keys, even after losing one key. Still, the attack is not possible
in secret key distribution. because the data is still in its encrypted form.
4. Finally, the decryption of a patient’s data requires double
authentication. The user must get the authorization from 7.3 Security against known plaintext attack
the data owner as well as from the health service pro-
vider in order to avoid the insider attacks and enhance The intruder is only allowed to see the ciphertext C, but they
the user integrity. don’t have any knowledge about plaintext P.
The intruder can find some other plaintext/ciphertext pair,
which is denoted as (P’, C’). For the 16-bit condition, we are
7 Security analysis able to match the a-parts of C with a-part of C’. From these
assumptions, we can conclude that a-part of P should be
7.1 Security against adaptive chosen ciphertext matched with a-part of P’. Hence, we can learn about the 16-bit
attack information of ciphertext C. This attack is possible only if we
reduce the number of rounds and block size of our algorithm.
his attack is possible in the hybrid method’s key encapsula- But our method supports 16 rounds and the very large subset
tion module. An opponent, (Cramer and Shoup 2004) A, is key to overcome the plaintext attack.
capable of performing adaptive ciphertext attacks with the
13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
Table 14 Index storage space y − x 4n + (y − x)2 y + x access control provides additional security to the proposed
on cloud method.
1 885 29.7489
2 888 29.7993
3 893 29.8831 8 Conclusion
4 900 30
This article solved the problem of cloud storage security and
health care data sharing, in a secure manner, using access
7.4 Security of an IKGSR algorithm control based on hybrid cryptography. Therefore, we intro-
duced a novel technique by proposing hybrid algorithms
In the following section, we discuss different cases to crypta- combining IKGSR and Blowfish to solve storage security
nalyst the proposed method. In general, the security of the problems. The proposed access control mechanisms, based
RSA algorithm depends on the difficulty of factoring n. The on steganography, solve the issue of sharing keys and health-
factors of n are able to find 𝜙 (n) and then d. As such, we can care data. Moreover, the threat model is designed with dif-
use Fermat Factorization (Ferguson et al. 2015; Rabin 1980) ferent security attacks using the DREAD technique and anal-
method for finding large factors. ysis. Compared to other hybrid cryptography algorithms, the
Assume that N = xy, where x ≤ y. we may assume that N result section clearly showed that the proposed HCAC: EHR
is odd. We can let method provided good performance. The proposed security
evaluation of the HCAC: EHR system is performed against
u =(x + y)∕2 adaptive ciphertexts and keywords guessing an attack. In the
(6)
v = (y − x)∕2 future, we plan to offer a secure storage and sharing system
of healthcare data based on blockchain technology.
N =x2 − y2 , 0 ≤ y < x ≤ N (7)
13
P. Chinnasamy, P. Deepalakshmi
conference on information processing (ICINPRO), pp 1–6. https Multimed Tools Appl 79:7951–7985. https://doi.org/10.1007/
://doi.org/10.1109/ICINPRO43533.2018.9096673 s11042-019-08427-x
Bouchti AE, Bahsani S, Nahhal T (2016) Encryption as a service for Hosam O, Ahmad MH (2019) Hybrid design for cloud data security
data healthcare cloud security. In: 2016 fifth international confer- using combination of aes, ecc and lsb steganography. Int J Comput
ence on future generation communication technologies (FGCT), Sci Eng 19:153–161
pp 48–54. https://doi.org/10.1109/FGCT.2016.7605072 Ahaiwe J (2014) Document security within institutions using image
Buchade AR, Ingle R (2014) Key management for cloud data storage: steganography technique. Int J Sci Res (IJSR) 3:528–535
methods and comparisons. In: 2014 fourth international confer- Alhassan JK, Abba E, Olaniyi OM, Waziri VO (2016) Threat modeling
ence on advanced computing communication technologies, pp of electronic health systems and mitigating countermeasures. In:
263–270. https://doi.org/10.1109/ACCT.2014.78 International conference on information and communication tech-
Liang C, Ye N, Malekian R, Wang R (2016) The hybrid encryption nology and its applications, pp 82–89
algorithm of lightweight data in cloud storage. In: 2016 2nd Karame GO, Soriente C, Lichota K, Capkun S (2019) Securing cloud
international symposium on agent, multi-agent systems and data under key exposure. IEEE Trans Cloud Comput 7(3):838–
robotics (ISAMSR), pp 160–166. https://doi.org/10.1109/ISAMS 849. https://doi.org/10.1109/TCC.2017.2670559
R.2016.7810021 Kartit Z, Azougaghe A, Idrissi HK, El Marraki M, Hedabou M,
Chinnasamy P, Deepalakshmi P (2018) Improved key generation Belkasmi M, Kartit A (2016) Applying encryption algorithm for
scheme of rsa (ikgsr) algorithm based on offline storage for cloud. data security in cloud storage. In: Sabir E, Medromi H, Sadik M
In: Rajsingh EB, Veerasamy J, Alavi AH, Peter JD (eds) Advances (eds) Advances in ubiquitous networking. Springer Singapore,
in big data and cloud computing. Springer Singapore, Singapore, Singapore, pp 141–154
pp 341–350 Kruse CS, Smith B, Vanderlinden H, Nealand A (2017) Security tech-
Chinnasamy P, Deepalakshmi P (2018) Design of secure storage for niques for the electronic health records. J Med Syst. https://doi.
health-care cloud using hybrid cryptography. In: 2018 second org/10.1007/s10916-017-0778-4
international conference on inventive communication and com- Coppolino L, D’Antonio S, Romano L, Sgaglione L, Staffa M (2017)
putational technologies (ICICCT), pp 1717–1720. https://doi. Addressing security issues in the e-health domain relying on
org/10.1109/ICICCT.2018.8473107 siem solutions. In: IEEE 41st annual computer software and
Chinnasamy P, Deepalakshmi P, Shankar K (2020) Chapter 6—an applications conference (COMPSAC), pp 510–515 https://doi.
analysis of security access control on healthcare records in org/10.1109/COMPSAC.2017.45
the cloud. In: Singh AK, Elhoseny M (eds) Intelligent data Lee CF, Weng CY, Sharma A (2016) Steganographic access control
security solutions for e-health applications, intelligent data- in data hiding using run length encoding and modulo operations.
centric systems. Academic Press, New York, pp 113–130. Secur Commun Netw 9:139–148
https://doi.org/10.1016/B978-0-12-819511-6.00006-6 (ISBN Mai V, Khalil I, Ibaida A (2013) Steganography-based access control
978-0-12-819511-6) to medical data hidden in electrocardiogram. In: 2013 35th annual
Chiuchisan I, Balan D, Geman O, Chiuchisan I, Gordin I (2017) A international conference of the IEEE engineering in medicine and
security approach for health care information systems. In: 2017 biology society (EMBC), pp 1302–1305. https://doi.org/10.1109/
E-health and bioengineering conference (EHB), pp 721–724. https EMBC.2013.6609747
://doi.org/10.1109/EHB.2017.7995525 Maitri PV, Verma A (2016) Secure file storage in cloud computing
Cramer R, Shoup V (2004) Design and analysis of practical public- using hybrid cryptography algorithm. In: 2016 international
key encryption schemes secure against adaptive chosen ciphertext conference on wireless communications, signal processing and
attack. SIAM J Comput 33(1):167–226. https://doi.org/10.1137/ networking (WiSPNET), pp 1635–1638. https://doi.org/10.1109/
S0097539702403773 WiSPNET.2016.7566416
Esposito C, De Santis A, Tortora G, Chang H, Choo KR (2018) Block- Medicare (2018) Centers for Medicare Medicaid Services. Electronic
chain: a panacea for healthcare cloud-based data security and pri- Health Record. https://www.cms.gov/Medicare/Ehealth/EHeal-
vacy? IEEE Cloud Comput 5(1):31–37. https://doi.org/10.1109/ thRecords/index.html
MCC.2018.011791712 Oladeji M. O. A, Akomolafe P (2017) A hybrid cryptographic model
Fan Y, Lin X, Tan G, Zhang Y, Dong W, Lei J (2019) One secure for data storage in mobile cloud computing. Int J Comput Netw Inf
data integrity verification scheme for cloud storage. Future Secur (IJCNIS) 9:53–60. https: //doi.org/10.5815/ijcnis .2017.06.06
Gener Comput Syst 96:376–385. https://doi.org/10.1016/j.futur Yong PE, Wei ZH, Feng XI, Dai ZH, Yang GA, Chen DQ (2012)
e.2019.01.054 Secure cloud storage based on cryptographic techniques. J China
Ferguson N, Schneier B, Kohno T (2015) Primes. Wiley, New York, Univ Posts Telecommun 19:182–189. https://doi.org/10.1016/
pp 163–180. https : //doi.org/10.1002/97811 1 8722 3 67.ch10 S1005-8885(11)60424-X
(chapter 10) Phad Vitthal S, Bhosale Rajkumar S, Panhalkar Archana R (2011)
Fu Z, Shu J, Sun X, Zhang D (2014) Semantic keyword search based A novel security scheme for secret data using cryptography and
on trie over encrypted cloud data. In: Proceedings of the 2nd steganography. Int J Comput Netw Inf Secur 2:36–42
international workshop on security in cloud computing, SCC Patil P, Narayankar P, Narayan DG, Meena SM (2016) A compre-
’14, pp 59–62, New York, NY, USA. Association for Computing hensive evaluation of cryptographic algorithms: Des, 3des, aes,
Machinery. ISBN 9781450328050. https: //doi.org/10.1145/26000 rsa and blowfish. Proc Comput Sci 322(78):617–624. https://doi.
75.2600081 org/10.1016/j.procs.2016.02.108
Gallagher LA (2012) Cloud computing in healthcare: privacy and Rabin M (1980) Probabilistic algorithm for testing primality. J Number
security considerations, WSHIMA. http://www.himss.org/ Theory 12:128–138
sites/himssorg/files/HIMSSorg/Content/files/CloudComputing Raghavendra S, Meghana K, Doddabasappa P, Geeta C, Buyya R,
WSHIMA042012-LG.pdf Venugopal K, Iyengar S, Patnaik L (2016) Index generation and
Guo C, Zhuang R, Jie Y, Ren Y, Wu T, Choo KK (2016) Fine-grained secure multi-user access control over an encrypted cloud data.
database field search using attribute-based encryption for e-health- Proc Comput Sci 89:293–300. https://doi.org/10.1016/j.procs
care clouds. J Med Syst 40:1–8 .2016.06.062
Gutub A, Al-Ghamdi M (2019) Hiding shares by multimedia image Raghavendra S, Reddy CS, Geeta CM, Buyya R, Venugopal KR, Iyen-
steganography for optimized counting-based secret sharing. gar SS, Patnaik LM (2016) Survey on data storage and retrieval
13
HCAC‑EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud
techniques over encrypted cloud data. Int J Comput Sci Inf Secur Tariq H, Agarwal P (2018) Secure keyword search using dual encryp-
(IJCSIS) 14:718 tion in cloud computing. Int J Inf Technol 12:1063–1072. https://
Rahmani H, Sundararajan E, Ali ZM, Zin AM (2013) Encryption as a doi.org/10.1007/s41870-018-0091-6
service (eaas) as a solution for cryptography in cloud. Proc Tech- Timothy DP, Santra AK (2017) A hybrid cryptography algorithm for
nol 11:1202–1210. https://doi.org/10.1016/j.protcy.2013.12.314 cloud computing security. In: 2017 international conference on
(4th International Conference on Electrical Engineering and microelectronic devices, circuits and systems (ICMDCS), pp 1–5.
Informatics, ICEEI 2013) https://doi.org/10.1109/ICMDCS.2017.8211728
Reshma V, Gladwin SJ, Thiruvenkatesan C (2019) Pairing-free cp-abe Vegh L, Miclea L (2015) Access control in cyber-physical systems
based cryptography combined with steganography for multimedia using steganography and digital signatures. In: 2015 IEEE inter-
applications. In: 2019 international conference on communica- national conference on industrial technology (ICIT), pp 1504–
tion and signal processing (ICCSP), pp 0501–0505. https://doi. 1509. https://doi.org/10.1109/ICIT.2015.7125309
org/10.1109/ICCSP.2019.8698053 Venkatraman K, Geetha K (2019) Dynamic virtual cluster cloud
Tavoli R, Bakhshi M, Salehian F (2016) A new method for text hiding security using hybrid steganographic image authentication algo-
in the image by using LSB. Int J Adv Comput Sci Appl 7:126–32 rithm. Automatika 60(3):314–321. https://doi.org/10.1080/00051
Ruth JA, Sirmathi H, Meenakshi A (2019) Secure data storage and 144.2019.1624409
intrusion detection in the cloud using mann and dual encryption Wainer J, Campos CJ, Salinas MD, Sigulem D (2008) Security require-
through various attacks. IET Inf Secur 13(8):321–329 ments for a lifelong electronic health record system: an opinion.
Sajay KR, Babu SS, Vijayalakshmi Y (2019) Enhancing the security Open Med Inform J 2:160–165. https://doi.org/10.2174/18744
of cloud data using hybrid encryption algorithm. J Ambient Intell 31100802010160
Humaniz Comput. https://doi.org/10.1007/s12652-019-01403-1 Yang Y (2015) Attribute-based data retrieval with semantic keyword
Saleh S (2013) A secure data communication system using cryp- search for e-health cloud. J Cloud Comput 4:1–6
tography and steganography. Int J Comput Netw Commun Zhang R, Liu L (2010) Security models and requirements for healthcare
5(3):125–137 application clouds. In: 2010 IEEE 3rd international conference on
Sarkar MK, Kumar S (2016) Ensuring data storage security in cloud cloud computing, pp 268–275. https://doi.org/10.1109/CLOUD
computing based on hybrid encryption schemes. In: 2016 .2010.62
fourth international conference on parallel, distributed and Zhang Y, Xu C, Ni J, Li H, Shen XS (2019) Blockchain-assisted public-
grid computing (PDGC), pp 320–325. https://doi.org/10.1109/ key encryption with keyword search against keyword guessing
PDGC.2016.7913169 attacks for cloud storage. IEEE Trans Cloud Comput. https://doi.
Schneier B (1996) Applied cryptography, 2 edn. Wiley, Inc, US org/10.1109/TCC.2019.2923222
Shekokar N, Sampat K, Chandawalla C, Shah J (2015) Implementation
of fuzzy keyword search over encrypted data in cloud comput- Publisher’s Note Springer Nature remains neutral with regard to
ing. Proc Comput Sci 45:499–505. https: //doi.org/10.1016/j.procs jurisdictional claims in published maps and institutional affiliations.
.2015.03.089(International Conference on Advanced Comput-
ing Technologies and Applications (ICACTA))
Singh N, Kaur PD (2015) A hybrid approach for encrypting data on
cloud to prevent dos attacks. Int J Database Theory Appl 8:145–
154. https://doi.org/10.14257/ijdta.2015.8.3.12
13