SeSPHR: A Methodology for Secure Sharing of Personal Health Records in the Cloud
The widespread acceptance of cloud based services in healthcare sector has resulted in cost effective and convenient exchange of Personal Health Records (PHRs) among several participating entities of the e-Health systems. Nevertheless, storing confidential health information to cloud servers is susceptible to revelation or theft and calls for the development of methodologies that ensure the privacy of the PHRs. Therefore, we propose a methodology called SeSPHR for secure sharing of the PHRs in the cloud. The SeSPHR scheme ensures patient-centric control on the PHRs and preserves the confidentiality of the PHRs. The patients store the encrypted PHRs on the un-trusted cloud servers and selectively grant access to different types of users on different portions of the PHRs. A semi-trusted proxy called Setup and Re-encryption Server (SRS) is introduced to set up the public/private key pairs and to produce the re-encryption keys. Moreover, the methodology is secure against insider threats and also enforces a forward and backward access control. Furthermore, we formally analyze and verify the working of SeSPHR methodology through High Level Petri Nets (HLPN). Performance evaluation with regard to time consumption indicates that the SeSPHR methodology has potential to be employed for securely sharing the PHRs in the cloud.
In this , The Health Insurance Portability and Accountability Act (HIPAA) mandates that the integrity And confidentiality of electronic health information stored by the healthcare providers must be protected by the conditions of use and disclosure and with the permission of patients.Moreover, while the PHRs are stored on the third-party cloud storage, they should be encrypted in such a way that neither the cloud server providers nor the unauthorized entities should be able to access the PHRs. Instead, only the entities or individuals with the ‘right –to -know’ privilege should be able to access the PHRs. Moreover, the mechanism for granting the access to PHRs should be administered by the patients themselves to avoid any unauthorized modifications or misuse of data when it is sent to the other stakeholders of the health cloud environment.
• Storing the private health information to cloud servers managed by third- parties is susceptible to unauthorized access.
• Privacy of the PHRs stored in public clouds that are managed by commercial service providers is extremely at risk.
• The PHRs either in cloud storage or in transit from the patient to the cloud or from cloud to any other user may be susceptible to unauthorized access because of the malicious behavior of external entities
We present a methodology called SeSPHR that permits patients to administer the sharing of their own PHRs in the cloud. The SeSPHR methodology employs the El Gamal encryption and proxy re-encryption to ensure the PHR confidentiality. The methodology allows the PHR owners to selectively grant access to users over the portions of PHRs based on the access level specified in the ACL for different groups of users.A semitrusted proxy called SRS is deployed to ensure the access control and to generate the re-encryption keys for different groups of users thereby eliminating the key management overhead at the PHR owner’s end. The forward and backward access control is also implemented in the proposed methodology. Formal analysis and verification of the proposed methodology is performed to validate its working according to the specifications.
Thus this work proposed a methodology to securely store and transmission of the PHRs to the authorized entities in the cloud. The methodology preserves the confidentiality of the PHRs and enforces a patient-centric access control to different portions of the PHRs based on the access pro-vided by the patients. We implemented a fine-grained access control method in such a way that even the valid system users cannot access those portions of the PHR for which they are not authorized. The PHR owners store the encrypted data on the cloud and only the authorized us-ers possessing valid re-encryption keys issued by a semi-trusted proxy are able to decrypt the PHRs. The role of the semi-trusted proxy is to generate and store the pub-lic/private key pairs for the users in the system. In addi-tion to preserving the confidentiality and ensuring pa-tient-centric access control over the PHRs, the methodol-ogy also administers the forward and backward access control for departing and the newly joining users, respec-tively. Moreover, we formally analyzed and verified the working of SeSPHR methodology through the HLPN, SMT-Lib, and the Z3 solver. The performance evaluation was done on the on the basis of time consumed to gener-ate keys, encryption and decryption operations, and turnaround time. The experimental results exhibit the viability of the SeSPHR methodology to securely share the PHRs in the cloud environment.