Secure PHR Access Control Scheme in Cloud Computing



Similar documents
Green Master based on MapReduce Cluster

The impact of service-oriented architecture on the scheduling algorithm in cloud computing

APPENDIX III THE ENVELOPE PROPERTY

Automated Event Registration System in Corporation

A Parallel Transmission Remote Backup System

Maintenance Scheduling of Distribution System with Optimal Economy and Reliability

IDENTIFICATION OF THE DYNAMICS OF THE GOOGLE S RANKING ALGORITHM. A. Khaki Sedigh, Mehdi Roudaki

Projection model for Computer Network Security Evaluation with interval-valued intuitionistic fuzzy information. Qingxiang Li

Credibility Premium Calculation in Motor Third-Party Liability Insurance

Banking (Early Repayment of Housing Loans) Order,

The Digital Signature Scheme MQQ-SIG

Optimization Model in Human Resource Management for Job Allocation in ICT Project

Load Balancing Algorithm based Virtual Machine Dynamic Migration Scheme for Datacenter Application with Optical Networks

AN ALGORITHM ABOUT PARTNER SELECTION PROBLEM ON CLOUD SERVICE PROVIDER BASED ON GENETIC

A DISTRIBUTED REPUTATION BROKER FRAMEWORK FOR WEB SERVICE APPLICATIONS

IP Network Topology Link Prediction Based on Improved Local Information Similarity Algorithm

Fractal-Structured Karatsuba`s Algorithm for Binary Field Multiplication: FK

Security Analysis of RAPP: An RFID Authentication Protocol based on Permutation

Applications of Support Vector Machine Based on Boolean Kernel to Spam Filtering

On formula to compute primes and the n th prime

An Approach to Evaluating the Computer Network Security with Hesitant Fuzzy Information

Average Price Ratios

Report 52 Fixed Maturity EUR Industrial Bond Funds

Using Phase Swapping to Solve Load Phase Balancing by ADSCHNN in LV Distribution Network

How To Make A Supply Chain System Work

A New Bayesian Network Method for Computing Bottom Event's Structural Importance Degree using Jointree

Numerical Methods with MS Excel

Optimal multi-degree reduction of Bézier curves with constraints of endpoints continuity

6.7 Network analysis Introduction. References - Network analysis. Topological analysis

Application of Grey Relational Analysis in Computer Communication

Study on prediction of network security situation based on fuzzy neutral network

Resource Management Model of Data Storage Systems Oriented on Cloud Computing

A Study of Unrelated Parallel-Machine Scheduling with Deteriorating Maintenance Activities to Minimize the Total Completion Time

Managing Interdependent Information Security Risks: Cyberinsurance, Managed Security Services, and Risk Pooling Arrangements

TESTING AND SECURITY IN DISTRIBUTED ECONOMETRIC APPLICATIONS REENGINEERING VIA SOFTWARE EVOLUTION

Efficient Traceback of DoS Attacks using Small Worlds in MANET

Integrating Production Scheduling and Maintenance: Practical Implications

Web Service Composition Optimization Based on Improved Artificial Bee Colony Algorithm

Dynamic Two-phase Truncated Rayleigh Model for Release Date Prediction of Software

10.5 Future Value and Present Value of a General Annuity Due

Statistical Pattern Recognition (CE-725) Department of Computer Engineering Sharif University of Technology

Abraham Zaks. Technion I.I.T. Haifa ISRAEL. and. University of Haifa, Haifa ISRAEL. Abstract

T = 1/freq, T = 2/freq, T = i/freq, T = n (number of cash flows = freq n) are :

Fast, Secure Encryption for Indexing in a Column-Oriented DBMS

SHAPIRO-WILK TEST FOR NORMALITY WITH KNOWN MEAN

Impact of Interference on the GPRS Multislot Link Level Performance

Proactive Detection of DDoS Attacks Utilizing k-nn Classifier in an Anti-DDos Framework

ADAPTATION OF SHAPIRO-WILK TEST TO THE CASE OF KNOWN MEAN

ANOVA Notes Page 1. Analysis of Variance for a One-Way Classification of Data

A PRACTICAL SOFTWARE TOOL FOR GENERATOR MAINTENANCE SCHEDULING AND DISPATCHING

Dynamic Provisioning Modeling for Virtualized Multi-tier Applications in Cloud Data Center

How To Balance Load On A Weght-Based Metadata Server Cluster

Optimal replacement and overhaul decisions with imperfect maintenance and warranty contracts

1. The Time Value of Money

Classic Problems at a Glance using the TVM Solver

Proceedings of the 2010 Winter Simulation Conference B. Johansson, S. Jain, J. Montoya-Torres, J. Hugan, and E. Yücesan, eds.

Fault Tree Analysis of Software Reliability Allocation

A particle swarm optimization to vehicle routing problem with fuzzy demands

AnySee: Peer-to-Peer Live Streaming

Optimal Packetization Interval for VoIP Applications Over IEEE Networks

Chapter 3. AMORTIZATION OF LOAN. SINKING FUNDS R =

Cyber Journals: Multidisciplinary Journals in Science and Technology, Journal of Selected Areas in Telecommunications (JSAT), January Edition, 2011

Discrete-Event Simulation of Network Systems Using Distributed Object Computing

Performance Attribution. Methodology Overview

Mobile Agents in Telecommunications Networks A Simulative Approach to Load Balancing

The Popularity Parameter in Unstructured P2P File Sharing Networks

Fuzzy Multi-criteria Method for Revaluation of ERP System Choices Using Real Options

STATISTICAL PROPERTIES OF LEAST SQUARES ESTIMATORS. x, where. = y - ˆ " 1

Software Reliability Index Reasonable Allocation Based on UML

of the relationship between time and the value of money.

Chapter = 3000 ( ( 1 ) Present Value of an Annuity. Section 4 Present Value of an Annuity; Amortization

Capacitated Production Planning and Inventory Control when Demand is Unpredictable for Most Items: The No B/C Strategy

Load and Resistance Factor Design (LRFD)

Constrained Cubic Spline Interpolation for Chemical Engineering Applications

Low-Cost Side Channel Remote Traffic Analysis Attack in Packet Networks

ERP System Flexibility Measurement Based on Fuzzy Analytic Network Process

CHAPTER 2. Time Value of Money 6-1

On Error Detection with Block Codes

THE McELIECE CRYPTOSYSTEM WITH ARRAY CODES. MATRİS KODLAR İLE McELIECE ŞİFRELEME SİSTEMİ

Transcription:

Iteratoal Joural of Iformato ad Electrocs Egeerg, Vol 3, No 3, May 23 ecure PHR Access Cotrol cheme Cloud Computg Cha-Hu Lu, Tzer-Log Che, Ha-Yu L, Fog-Q L, Chh-Mg Lu, E-Pg Wu, Yu-Fag Chug, ad Tzer-hyog Che Abstract Wth the developmet of medcal techology ad formatotechology, the persoal health records (PHR) s gradually developed as a up-to-date medcal formato exchage system Aproper patet-cetered PHR systems able tooffer correct ad complete persoal health ad medcal summary through the Iteret uder the demads of prvacy ad securty, ad tegrate persoal medcalformato from dfferet sources Wth the appearace of Cloud computg, a secure protecto scheme s requred to ecrypt the medcal records of each patet for storg persoal health records to Cloud server Therefore, we proposed ths study a ew PHR access cotrol scheme based o Lagrage terpolato polyomal uder Cloud computg evromets Ths proposed scheme provdes legtmate authortes to access to PHR, ad dyamcally supports mult-users Cloud computg evromets wth persoal prvacy Idex Terms Persoal health records, cloud computg, access cotrol, key maagemet,lagrage terpolato I INTRODUCTION Cotug o past developmets o Electroc Medcal Record ystems, ths project s carred out wth the purpose of assstg medcal professoals dspesg medcal care by prortzg patets health mateace or maagemet ML et al [] proposed a patet-cetered, Persoal Health Record (PHR) exchage archtecture for patets to mata ad maage these health records, cludg medcal records of professoal dagoses, volutary health care programs, ad other applcatos ad servces related to self-health maagemetphr archtectures are based o fudametal assumptos that: ) The complete record s held a cetral repostory 2) Patets reta authorty over complete access to ther ow records Therefore, we propose the PHR to acheve the followg: ) Itegrato of patet s lfelog health formato 2) Provso of stable ad secure data storage space 3) Patet s rght to complete access of hs/herphr 4) Provso for precso access settgs to varous parts of the PHR for dfferet users Mauscrpt receved October 6, 22; revsed November 2, 22 Cha-Hu Lu s wth the Departmet of Dgtal Lterature ad Arts, t Joh s Uversty, Tape, Tawa (e-mal: chlu@thuedutw) Tzer-Log Che s wth the Departmet of Iformato Maagemet, Tawa Uversty, Tape, Tawa (e-mal: duras5@yahoocomtw) Ha-Yu L, Chh-Mg Lu ad Yu-Fag Chug are wth the Departmet of Electrcal Egeerg, Tugha Uversty, Tachug, Tawa (e-mal: kokokoko93l@gmalcom, orsche_28@hotmalcom, yfchug@thuedutw) Fog-Q L, E-Pg Wu, Tzer-hyog Che are wth the Departmet of Iformato Maagemet, Tugha Uversty, Tachug, Tawa (e-mal: toebeta@gmalcom, s97496@thuedutw, arde@thuedutw) 5) Provso for a complete, cotuous, secure, ad prvate health maagemet mechasm I 996, the Health Isurace Portablty ad Accoutablty Act (HIPAA) [2] [4] outled legal prvacy ad securty protecto for PHR Healthcare Orgazatos (HCOs) ad e-health servces covered by HIPAA face the problem of mplemetg effectve ad cost-effcet securty ad prvacy polces, whle havg to costatly demostrate complace wth HIPAA regulatos For these reasos, smlar securty ad prvacy polces are also applcable to PHR; PHR must adhere to HIPAA regulatos for protectg patet s formato Amg to mprove spotaeous healthcare servces ad crease overall servce qualty ad maagemet effcecy for medcal sttutos, some healthcare systems are curretly cooperatg wth the telecommucato dustry to troduce cloud techology to healthcare applcato ad servces that clude cloud electroc medcal record, cloud ursg formato system, Hosptal Iformatcs ute Cloud (HI Cloud), ad prvate cloud server plas by medcal sttutos Itegrato of PHR wth cloud servce provdes the followg beefts: ) Reduced cost: ce cloud provders provde the basc frastructure, platform, software, ad storage space, hosptals o loger eed to create ther ow medcal data ceter, cuttg back o hardware setup costs, as well as software ad hardware upgrade costs 2) Medcal resource sharg ad exchage: Cloud techology allows quck ad spotaeous medcal resource sharg ad exchage from dfferet sources upo users coecto to cloud servers va the Iteret 3) Dyamc scalablty of resources: Cloud servces are very flexble scalg ad adjustg to demads, ad ca support storage expaso demads for medcal formato systems whe requred 4) O-demad self-servce: I cloud computg, computato resource s a shared pool that ca provde quck dyamc deploymet to hosptals demads upo purchase 5) Ehaced flexblty: Medcal documets stored cloud servers ca be accessed by authorzed users aytme 6) Elmato of devce lmtato: Irrespectve of what computer or moble servces, users ca ejoy servces as log as they ca coect to the Iteret 7) Hgh scalablty ad servce tegrato: Through cloud computato, servces from dfferet provders ca all be tegrated to create a sgle data ceter Cloud evromet permts patet-cetrc structures to let patets maage ther ow Persoal Health Records, whch whe stored cloud evromet s stll at rsk from that whch the evromet s exposed to Also, securty measures take by the PHR servce must also be trustworthy Thus, a DOI: 7763/IJIEE23V3328 329

Iteratoal Joural of Iformato ad Electrocs Egeerg, Vol 3, No 3, May 23 secure ad effcet access cotrol mechasm s eeded to safeguard the prvacy of users medcal formato As PHR emphasze avalablty, authetcty, ad cofdetalty of persoal prvacy over EMR s documetal propertes of o-repudato ad tegrty, settgs for allocatg users extet of rght to use ad access to part(s) of stored medcal record caot be compromsed; also, uauthorzed users should ot have the correspodg keys I addto, patets should have complete rghts over access cotrol whch whe ecessary, ca be set to add or remove access rghts [], [5] I patet-cetrc medcal record systems, patets ca ecrypt keys accordg to the authorzed users But ths falls short of fulfllg the demads of mult-users Although patets are the custodas of PHR, to esure the tegrty of ther PHR, patets should ot be allowed to modfy medcal reports At the same tme, doctors should have approprate maagemet rghts to edorse PHR to bolster the cotet s credblty I ths paper, we propose a dyamc access structure that ca mpart precse cotrol access to cloud server s medcal record uder mult-user settg To esure every patet retas maxmum cotrol over ther medcal records, we adopted cryptography based o Lagrage multplers for ecryptg the records II RELATED WORK A Electroc Medcal Record Electroc medcal records (EMR) s a type of medcal record that electrocally access, trasmt, accept, save, retreve, coect, ad process multmeda formato of past, preset, ad future records of patets physologcal ad psychologcal codtos EMRs are creasgly demad, ecesstatg legal ad practcal coordato eeds to help sttutos promote ts employmet Varous NGOs the Uted tates are curretly outlg electroc medcal record stadards such as ATM, HL7, ad HIM EMR stadards Europe are beg oversee by TC/25 of CEN The Iteratoalzed TC25 has also take to accout stadards setup by other orgazatos to setup stadards of ts ow O 24 November, 25, Tawa s Departmet of Health promulgated a approach to the producto ad maagemet of EMRs by medcal sttutes specfyg regulatos ad provsos o EMRs to order to mplemet ad popularze EMRs amog medcal sttutes at varous levels Amedmets ad mprovemets were also made to prevous EMR regulatos such as the Electroc gature Act, the Physca Act, Medcal Law, etc, establshg a legal bass for electroc medcal records The persoal health record (PHR) s proposed as a ovatve soluto to the problems of fragmeted commucato ad lack of teroperablty amog dverse EMR systems It provdes for a sgle source (the patet s PHR) for authetcato ad remote access of the health formato data from all EMR systems B Persoal Health Record I 25, the Natoal Commttee o Vtal ad Health tatstcs (NCVH) [6] outled propertes of the PHR ad the PHR system as follows: ) cope ad Nature of Cotet: All PHR systems must have cosumer health formato, persoal health jourals, ad formato about beefts ad/or provders 2) ource of Iformato: PHR data may come from the patet, caregver, healthcare provder, payer, etc 3) Features ad Fuctos: PHR systems should offer a wde varety of features, cludg the ablty to vew persoal health data, exchage secure messages wth provders, schedule appotmets, reew prescrptos, etc 4) Custoda of the Record: The physcal record may be operated by a umber of partes, cludg the cosumer or patet, a depedet thrd party, or a surace compay 5) Data storage: Data may be stored a varety of locatos, cludg a Iteret-accessble database, provder s EHR, cosumer/patet s home computer, or portable devces such as smart card or thumb drve 6) Techcal approaches: Curret PHR ad PHR systems are geerally ot teroperable, ad they vary how they hadle securty, authetcato, ad other techcal ssues 7) Party Cotrollg Access to the Data: Whle cosumers or patets always have access to ther ow data, they do ot always determe who else may access t From the above lsted propertes, t ca be ferred that the PHR data s compled ad tegrated from dverse sources to provde a patet-cetrc health formato exchage model that ca be further dstrbuted to dfferet authorzed users part(s) or whole As the PHR has broade ts scope, t s gradually beg developed as a software, platform, or cloud applcato servce tegratg persoal health servces wth the formato ad commucatos techology dustry C Medcal ervces ad Cloud Computg The fudametal servce models of Cloud computg are: ) oftware as a ervce (aas): Ths servce model provdes software through the Iteret wth maufacturers stallg applcatos o a cloud server Clets do ot acqure the software peruse, but rets web-based software that are updated ad mataed by the vedor 2) Platform as a ervce (Paa): Cloud provders offer a computg platform to ts clets where they ca deploy applcatos of ts ow, program laguages of ts ow, all wthout havg to mata or cotrol the cloud equpmet 3) Ifrastructure as a ervce (Iaa): Vedors tegrate basc frastructure such as IT systems ad database ad the rets them to clets Cloud computg cotas several features Computato resources gathered through resource poolg allows vedors to feature mult-teat mode Rapd elastcty grat ulmted possble cofgurato dyamc dstrbuto of resources accordg to user demad Measured servce ca also motor resource use to acheve automatc cotrol ad optmzato of the cloud system Users ca also coect aywhere to cloud computg servces, reducg user s depedece o termal maagemet equpmet ad related formato techology expertse There have bee serous prvacy cocers about outsourcg patets PHR data to cloud servers, ot oly because cloud provders are geerally ot covered ettes uder HIPAA, but also due to a creasg umber of cloud data breach cdets breakg out recet years 33

Iteratoal Joural of Iformato ad Electrocs Egeerg, Vol 3, No 3, May 23 Accordg to recet studes [7], we lst some of the major cocers facg PHR developmet cloud evromet: ) Abuse ad efarous use of cloud computg 2) Isecure terface ad applcato programmg terface 3) Malcous sders 4) hared techology ssues 5) Data loss or leakage 6) Accout or servce hjack 7) Ukow rsk profle To deal wth the rsk of potetal exposure of prvacy, they should allow patets, the custodas of PHR full cotrol of choce ad optos to medcal record sharg Udoubtedly, the use of ecrypto mechasms ca provde approprate solutos to protectg medcal formato; but addto to the tradtoal dsposto of havg servce provders ecryptg the data for the custodas, the PHR dspese users wth access cotrol mechasm [8]As uder cloud evromet patets PHR are stored wth outsourced provders, patets ot oly lose real cotrol of these sestve data, but faces elevated securty rsks It has bee dffcult to acheve assurace o dvdual prvacy whe these patet-cetrc PHR access models are trasferred to cloud servers to provde user access Thus, our prmary goal s to esure the securty of PHR, ad provde for a deal PHR wth desred features of cotuous real-tme update ad teractvty, as well as teroperablty D Cryptography ad Ecrypto ystems Followg s a bref troducto to cryptography ad ecrypto systems [7], [9] [] [] [2] ) Basc cryptography: Geerally speakg, to oversee system securty, a password system must at least have the followg four fuctos:cofdetalty, authetcato, tegrty, ad o-repudato I accordace wth mathematcal varaces keys, cryptography systems are dvded to two major systems: prvate key cryptosystem, ad publc key cryptosystem 2) Prvate key cryptosystem:by usg the same secret key for ecrypto ad decrypto, prvate key cryptosystems facltate effcet, quck, ad low computato load However, t has the followg dsadvatages: Key dstrbuto problem: Durg the egotato process of what prvate key s to be used betwee the message seder ad the recever, the ultmate decded prvate key has to be trasmtted betwee the two partes, thus subjectg to securty cocer of possble theft durg the key dstrbuto process Key maagemet ssues: As both seder ad recever must possess the secret key, whe the umber of users creases, the umber of seders ad recevers possessg the secret key wll also crease Dffculty achevg o-repudato: As both sdes of the commucato ed possess the same ecrypto ad decrypto key, the ecryptor ca dsavow prevously ecrypted set messages, makg t mpossble for the thrd party to dstgush who s the real ecryptor 3) Publc key cryptosystem: Publc key cryptosystems also kow as asymmetrc cryptosystem, or two-key cryptosystem Publc key cryptography has the followg advatages: Protects formato prvacy: Ayoe ca use the publc key of the recpet to ecrypt platext messages to cphertext mplfes allocato ad maagemet of keys: As the seder ad recpet oly eed to store ther ow key pars, ad do ot have to store other prvate keys eve wth the crease the umber of users, ths smplfes key dstrbuto ad maagemet problems Possess o-repudato: If the message s frst sged wth a prvate key, from the resultg sgature, ayoe ca use the correspodg publc key for verfcato III THE PROPOED CHEME Ths paper proposes a secure ad effectvely dyamc access scheme whch allows users maage, access, or share PHR Cloud computg evromets I the evromet, mult-users ca access to PHR for appedg, revso, deleto, ad qury The proposed scheme cossts of three phases, amely Italzato, Key geerato ad Dervato The detals are descrbed the followg sub-sectos A Italzato Ths study apples partally ordered access A cetral authorty (CA) bulds the set-up for the partally ordered A partally ordered set s a par (, ), where appears a reflexve, at-symmetrc, trastve bary relato wth the set CA establshes a structure for these users, where there are users whch form two sets = {, 2,, } ad H = {H, H 2,, H }, as below: 2 H H 2 H H secret & dstct CA wll buld a structure that there are m fles whch form a set fle = {fle, fle 2,,fle m }, ad CA geerates a correspodg decrypto key to each fle u, for u =, 2,, m The ecrypted fles are protected by the key from beg radomly accessed The decrypto key s show as DK u, for u =, 2,, m fle fle 2 fle u fle m 2 u m fle ID, publc DK DK 2 DK u DK m decrypto keys, secret ad dstct A securty class presets authorzato to access to fle u, wrtte as ={u: u s the fle ID of wth access authorty} For example ={, 2, 3, 4}, 2 ={, 2, 3}, {, 2, 3} {, 2, 3, 4}, ad the 2 The followg adjacecy matrx ca expla the access relatoshpassumg that there are sx securty classes ad four fles, put the {securty classes}{fles} data the two-dmesoal array 2 3 4 5 6 fle fle 2 fle 3 fle 4 33

Iteratoal Joural of Iformato ad Electrocs Egeerg, Vol 3, No 3, May 23 The dcate fucto I(x, s defed to preset user wth authorzato to obta DK u for accessg to fle u, f user x has access to fle y I( x, =,otherwse Varable x represets user s superkeyhid ad varable y represets fle ID u I each row, user uses hs secret superkeyh to access to row Row, by costructo, cotas the set of fle ID s whch user s authorzed to vst B Key Geerato Phase tep: CA refers to the user = {, 2,, } establshg dvdual ad o-repeated superkeyh, for =, 2,, to keep H secret tep2: CA maages superkeysh of all users ad sets dces for legal superkeyh,, f x { H,, H } I {,, } ( x) = H H, ow I{,, }( ) H H x meas the dcate fucto of set H = {H, H 2,, H } The legalty of H s verfed by I{ H }( ),, H x tep3: CA establshes fucto A (x) for each user Let ( x Hk ) A ( x) = I{ H,, }( x) H ( H H ) k= k k for =, 2,,, x R tep4: CA selects o-repeated radom tegers {DK, DK 2,,DK m }(supposg there are m cofdetal fles) as the decrypto key for ecryptg/decryptg cofdetal fles CA keeps DK u secret ad publshes the publc parameter u tep5: CA sets J = {u: u m, u s the fle ID of wth access authorty} There are users for =, 2,, ad m fles for u =, 2,, m J s the set of fle ID whch user s authorzed to vst, f y J tep6: CA sets the dex I J ( = to preset, o w user wth authorzed access to DK u ad each user establshes fucto B (, Let B ( ( y t) ( u t) m = DK u u J t= t u I J ( y, u, t R tep7: CA establshes fucto, G( x, = A ( x) B (, x, y R = That s: G(x, = A (x)b (+A 2 (x)b 2 (+ +A (x)b ( for (x, R R ad declares t publcly C Key Dervato Phase tep: User substtutes persoal superkeyh to, f x { H,, H } I{ H,, }( ) = H x Whe the, o w superkeyh appears the legal verfcato lst of CA, H { H,, H }, the I{ H }( ),, H H = Whe H of user s ot a authorzed superkey the lst, I{ H }( ),, H H = tep2: User substtutes persoal superkeyh to ( x H k ) A ( x) = I{ H,, }( x) H ( H H ) k = k k Whe the persoal superkey H of user s legally verfed CA, the user substtutes I{ }( x ) = for calculato, ad H,,H the A (H ) = ad A (H k ) = for k tep3: User substtutes fle u ID u for,f y J I ( =, J,ow J = {u: u m, u s the fle ID of wth access authorty} Whe user presets authorzato to access to DK u, y J the I J ( = tep4: User substtutes fle u ID u for m ( y t) B ( = DK u I J ( u J ( u t) t= t u Whe user s authorzed to access to DKu, the B ( = D ky f y J ad B ( = f y J tep5: User calculates G( x, = A ( x) B ( If x {H, H2,,H} ad y Jx, G(x, = D Ky The user could successfully obta the decrypto key, ad G(x, =, otherwse = IV EXAMPLE Ths secto would expla the access of PHR scheme medcal evromets CA dstrbutes patets, doctors, urses, medcal research uts, health surace uts, ad famly to varous securty class ad dstrbutes the correspodg superkey H to each user Dfferet PHR records, such as blood pressure, electrocardogram, major operatos, drug allergy, ad health surace records, are stored fle ~ fle 5, respectvely for ecrypto ad geeratg the correspodg decrypto keys DK ~ DK 5 The relatos betwee the ecrypted fle ad the access relatoshp are show Table II Fucto I(x, s used for presetg that user s authorzed to obta DK u for access to fle u I(3, 4) = presets that the urse 3 s authorzed to access to fle 4, ad I(5, 4) = shows that 5 caot access to fle 4 V CONCLUION The proposed scheme s able to access to PHRssystem accurately, ad s sutable for mmese dyamc mult-usersthe costructed formula G(x, could mmedately addg ad deletg user authorzato for subjog ad alterg persoal health records durg dyamc updates To face the threats of Cloud, a more secure ad more effcet access cotrol scheme s costructedto protect patets prvacy, esure the securty of users medcal formato, adehace the relablty of PHR ecryptothe achevemets ths study are preseted as follows: 332

Iteratoal Joural of Iformato ad Electrocs Egeerg, Vol 3, No 3, May 23 ) The proposed scheme s able to resst teral ad exteral attacks 2) It s coveet for maaggca by usg oly oe publc formula G(x, 3) The geerato of keys ad the algorthms are smple, adthe publc parameters are oly G(x, ad u 4) The PHR system allows patets to determe the access users, ad remove the outdated authorzato 5) The proposed scheme overcomes the dyamc access cotrol problems TABLE I: THE DEFINED YMBOL AND PARAMETER Notato Defto Fucto H DK u ecurty class, = {u: u s the fle ID of authorzed }, for =, 2,, uperkeyh, for =, 2,, Decrypto key, for u =, 2,, m To classfy the securty class of users To obta the key authorg fle u To decrypt the key of fle u fle u Fle u, for u =, 2,, m The DK u -ecrypted fle I{ H }( ),, H x J The dcate fucto of set {H, H 2, H } J = {u: u m, u s the fle ID of authorzed } To calculate whether H s the legal verfcato lst of CA The set of fles authorzed by the users TABLE II: EXAMPLE fle (DK ) fle fle 2 (DK 2 ) 3 (DK 3 ) fle 4 (DK 4 ) fle 5 (DK 5 ) Blood Major Drug Health Electrocardogram pressure operato allergy surace (H ): Patet 2 (H 2 ): Doctor 3 (H 3 ): urses 4 (H 4 ):Medcal researcher 5 (H 5 ): Health surace ut 6 (H 6 ): Famly ACKNOWLEDGEDGEMENT The work s partally supported by a project from NC, Tawa wth grat o -24-H-29-4 REFERENCE [] M L, Yu, K Re, ad W Lou, "ecurg persoal health records cloud computg: Patet-cetrc ad Fe-graed data access cotrol mult-ower settgs," ecurty ad Prvacy Commucato Networks, pp 89-6, 2 [2] Health Isurace Portablty ad Accoutablty Act of 996, U Publc Law, 4 th Cogress, Publc Law 4 9, 996 [3] C M Yaga, H C La, P Chagb, ad W Jac, "Tawa s perspectve o electroc medcal records securty ad prvacy protecto: Lessos leared from HIPAA,"Computer Methods ad Programs Bomedce, vol 82, pp 277 282, 26 [4] CAE TUDY: Gesger Health ystem-brgg HIPAA Complace to a Electroc Medcal Record ystem Qualys o Demad Vulerablty Maagemet [Ole] Avalable: http://wwwqualyscom/docs/gesgerpdf [5] K Aastasaks, B Bordbar, G Georg, I Ray, ad M Toahchoodee, "Esurg pato-temporal Access Cotrol for Real-World Applcatos," Proc the 4th ACM symposum o Access cotrol models ad techologes, 29 [6] Persoal Health Records ad Persoal Health Record ystems, Natoal Commttee o Vtal ad Health tatstcs, U Departmet of Health ad Huma ervces, pp 5, 26 [7] X La, ad J Massey, "A Proposal for a New Block Ecrypto tadard," Proc Eurocrypt 9, prger-verlag, LNC, vol 473, pp 389-44, 99 [8] J Bealoh, M Chase, E Horvtz, ad K Lauter, "Patet cotrolled ecrypto: esurg prvacy of electroc medcal records," Proc the ACM workshop o Cloud Computg ecurty, pp 3 4, 29 [9] T ElGamal, "A Publc-Key Cryptosystem ad a gature cheme based o Dscrete Logarthms," Advaces Cryptology-Crypto 85, prger-verlag, LNC, vol96, pp -8, 985 [] N Kobltz, "Ellptc Curve Cryptosystems," Mathematcs of Computato, vol 48, pp 23-29, 985 [] V Mller, "Use of Ellptc Curves Cryptography," Advaces Cryptology- Crypto 85, LNC,vol 28, pp 47-426, 985 [2] D E Deg, "Cryptographc Checksums for Multlevel Database ecurty," Proc the 984 IEEE ymposum o ecurty ad Prvacy, pp 52-6, 984 Cha-Hu Lu receved her PhD degree Electrcal Egeerg from Natoal Tawa Uversty, Tape, Tawa he s ow a assstat professor the Departmet of Dgtal Lterature ad Arts at t Joh s Uversty, Tape, Tawa Tzer-Log Che receved hs PhD degree Iformato maagemet from Natoal Tawa Uversty, Tape, Tawa He works as a assstat professor several colleges Tawa Ha-Yu L receved hs bachelor degree Electrcal Egeerg from Tugha Uversty, Tachug, Tawa He s curretly workg toward the master degree Electrcal Egeerg at Tugha Uversty, Tawa Fog-Q L receved hs bachelor degree Computer cece from Tugha Uversty, Tawa Hs s workg toward the master degree Iformato Maagemet at Tugha Uversty, Tachug, Tawa Chh-Mg Lu receved hs bachelor degree Electroc Egeer from Mg Chua Uversty, Taoyua, Tawa He s workg toward the master degree Electrcal Egeerg at Tugha Uversty, Tachug, Tawa E-Pg Wu receved her bachelor degree Iformato Maagemet from Tugha Uversty, Tachug, Tawa Yu-Fag Chug receved her PhD degree Electrcal Egeerg from Natoal Tawa Uversty, Tape, Tawa he s ow a assocate professor the Departmet of Electrcal Egeerg at Tugha Uversty, Tachug, Tawa Tzer-hyog Che receved hs PhD degree Electrcal Egeerg from Natoal Tawa Uversty, Tape, Tawa He s ow a professor the Departmet f Iformato Maagemet at Tugha Uversty, Tachug, Tawa 333

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information