Framework Research on Privacy Protection of PHR Owners in Medical Cloud System Based on Aggregation Key Encryption Algorithm

Transcription

1 Framework Research on Privacy Protection of PHR Owners in Medical Cloud System Based on Aggregation Key Encryption Algorithm Huiqi Zhao 1,2,3, Yinglong Wang 2,3*, Minglei Shu 2,3 1 Department of Information Engineering, Shandong University of Science and Technology, Taian , China 2 Shandong Computer Science Center (National Supercomputer Center in Jinan), Jinan , China 3 Shandong Provincial Key Laboratory of Computer Networks, Jinan 25001, China Abstract In recent years, rapid development and popularization of cloud computing technology and big data technology enable users to store data in the cloud, which undoubtedly makes it more convenient for data sharing among users. At the same time, China has begun to use modern information technology to keep electronic medical record of patients, which is also called personal health record ( PHR ). Medical cloud is similar to public cloud service. In medical cloud system, PHR can be created and modified online through third-party services, and PHR files are stored in the cloud. However, this also means that cloud-based PHR files may be subject to unauthorized disclosure. Therefore, to effectively protect the privacy of PHR owners, ensure effective implementation of medical cloud system, and achieve efficient and safe sharing of PHR, the paper proposes an approach based on aggregation key encryption algorithm to protect the privacy of PHR owners, and conducts an in-depth research on the framework of this approach. Keywords: Aggregation Key, Medical Cloud, PHR, PRD, PUD, Privacy Protection. 1. RESEARCH BACKGROUND 1.1 Literature review With rapid development of modern information technology, cloud computing technology has been widely used in various fields. In recent years, many researchers have conducted a great deal of research on cloud computing technology and agreed that it has great development potential. With cloud computing technology, people can store data in the cloud and share data through social circle, which greatly facilitates data sharing and utilization among users. Medical cloud is a new concept put forward by Chinese and foreign researchers in recent years. Similar to public cloud service, medical cloud is a health information exchange model for storing data such as PHR. With the help of medical cloud, PHR owners can create, manage and control their personal health data on the Internet, thus improving the storage, retrieval and sharing of medical information (Yin et al., 2017). Medical cloud has brought great convenience to people as well as many security risks. For example, privacy information of PHR owners may be disclosed and stolen, which has become a great obstacle to development and wide application of medical cloud. Nowadays, it has become an important research topic to enable PHR owners to enjoy the convenience of medical cloud and meanwhile protect their privacy. It is necessary to construct a safe and efficient data sharing mechanism especially when PHR owners hope to quickly find out the cause of their disease through wide sharing of their PHR (Dai and Cheng, 2017). Current data sharing mechanism is realized mainly through the setting of access rights. However, it is more and more difficult for such traditional access control method to be geared to the increasingly complex environment of Internet. Therefore, it is of great practical significance to find out a mechanism that contributes to protecting the privacy of PHR owners. 1.2 Research purpose Aimed to address the security risks now confronting PHR owners in the increasingly complex Internet 771

2 environment, the paper puts forward a strategy for protecting the privacy of PHR owners in medical cloud system based on aggregation key encryption algorithm ( AKEA ), with a view to enhance the security of PHR in medical cloud system and guarantee security and efficiency of medical cloud. In this way, medical cloud can bring much convenience to PHR owners while effectively protecting their privacy (Shi et al., 2017). To this end, the paper has done the following work: It conducts in-depth research on AKEA, introduces the types of attribute-based encryption and CP-ABE outsourced decryption, and after making improvements, incorporates AKEA into PHR sharing scheme of medical cloud. Then, the paper proposes a strategy for protecting the privacy of PHR owners in medical cloud system, and conducts an in-depth research on its framework. 2. AKEA This paragraph carries out an in-depth research on AKEA, a public-key encryption algorithm that is essentially different from the attribute-based encryption algorithm. AKEA realizes encryption based on the size of the key, which enables it to effectively avoid key length or ciphertext increase due to increase in the number of attributes in the encryption process, and the problem of key update incurred due to revocation of attributes (Yin, 2017). When there is a connection between user groups and the user scale is small, data can be shared safely, efficiently and flexibly via AKEA. AKEA can aggregate different private keys that match different types of ciphertext files, thus generating a constant aggregation key. Users can, relying on the aggregation key, conveniently decrypt and access different types of ciphertext files. During the access process, AKEA mainly involves 3 elements, namely, cloud server, encryption party and decryption party. The encryption party is responsible for classifying and numbering the private files to be shared, initializing the program via the client to generate public parameters, generating master and public keys for these private files, and encrypting and sending these private files to the cloud based on file index number and public key (Cheng and Pan, 2017). The encryption party uses file index number and master key to extract the aggregation key via Extract algorithm, and sends the key to the decryption party, which then downloads the files to be accessed and uses Decrypt algorithm in the key to decrypt the private files so as to obtain plaintext. In this way, storage space and transmission bandwidth can be greatly reduced, while access efficiency is greatly improved. 3. INTRODUCTION TO TYPES OF ATTRIBUTE-BASED ENCRYPTION AND CP-ABE OUTSOURCED DECRYPTION 3.1 Types of attribute-based encryption Figure 1. Ciphertext and Key in CP-ABE Scheme There are two basic ABE schemes, which are KP-ABE and CP-ABE scheme. Besides, it is possible to flexibly choose the encryption scheme based on the practical situation, so as to exercise flexible control. The access policy for attribute-based encryption scheme can either adopt a matrix structure or a tree structure. The biggest difference between the CP-ABE scheme and the KP-ABE scheme is the difference in the position of the attribute set and the access policy. For CP-ABE scheme, the attribute set is related to the user s private key, the access structure is related to the ciphertext, the sender of message is the setter of the access structure, and the access structure is embedded. However, in KP-ABE scheme, the ciphertext is related to the user s private key, 772

3 and the tree access structure is embedded in the key (Shi et al., 2017). If the attributes contained in the KP-ABE sche.me s ciphertext match the tree access structure, the user can access the file. In CP-ABE scheme, the attribute is used to express the access policy and is embedded in the ciphertext. Only when the attribute set of the user and the access structure set by data owner match each other, the user can decrypt and access the private data of the data owner; otherwise, the user is denied access to the file (Guan and He, 2017). After a comparative analysis, it can be found that CP-ABE scheme is more suitable for access control strategy in cloud storage environment. Figure 1 shows the ciphertext and key in CP-ABE scheme. 3.2 Introduction to CP-ABE outsourced decryption Based on the above analysis results, it can be seen that CP-ABE scheme is more suitable for access control strategy in the medical cloud. The working principle of outsourced decryption in CP-ABE scheme is as follows: The encryption party encrypts the data file through the matrix access structure and transmits it to the cloud. The key management center verifies the user s legitimacy, gives a set of attributes, generates the corresponding conversion key and sends it to the cloud server. Besides, the key management center sends the generated private key to the decryption party. When the user needs to access the file, and makes an access request to the cloud server, then the cloud server will evaluate the user s attribute set. If it confirms that the user s attribute set matches the access structure, the cloud server will convert the ABE ciphertext into El-Gamal ciphertext, and then re-evaluate the user s attribute set. If the user s attribute set is consistent with the access structure, the cloud server will send partially decrypted ciphertext to the user, which can then use the private key to decrypt the remaining ciphertext. If the ciphertext is fully decrypted, then the user has access to the file; otherwise, the user is denied access to the file (Yang et al., 2017). 4. FRAMEWORK RESEARCH ON PRIVACY PROTECTION OF PHR OWNERS IN MEDICAL CLOUD SYSTEM BASED ON AKEA 4.1 System framework To make the access control strategy more flexible, this paper proposes a more efficient medical cloud system, namely, SE-PHR. First, public domain and private domain are defined in the medical cloud system based on the division idea, namely, PRD and PUD. PRD includes users trusted by the PHR owner, the number of which is small and which are easy to manage (Fan et al., 2016). Second, the original AKEA is improved as follows: a trusted third party is introduced to manage and generate the keys. PHR owner sets the access right of PHR files. When a user applies for access to encrypted files, the third party will extract the file key of certain authority from the master key according to the user s authority, and the key is the aggregation key. In this way, users contained in PRD can have access to different encrypted files. Third, users in PUD have a large number and are unidentified, so CP-ABE scheme mentioned above can be used, and data sharing can be realized through integration of attribute revocation mechanism and multi-agency authorization center, which can simplify key management. By partially outsourcing the decryption of the CP-ABE scheme to a third party, the computational complexity of the decryption party can be greatly reduced. In addition, it is possible to achieve attribute revocation, renewal and authorization in the public domain. Varying the encryption scheme with user domain can help achieve efficient and safe sharing of PHR in the medical cloud system (Li and Liu, 2016). 4.2 Assumptions and system requirements A cloud service provider is a semi-trusted organization because it may implement user commands as per applicable regulations, and may take actions not good for users for the sake of great profits, such as disclosing the user s private information. The paper assumes that the third party introduced is a trusted entity, and constrains the communication between entities through standard security protocols (Qian and Huang, 2016). The functional requirement of the system is to achieve safe and efficient sharing of data in medical cloud system, while the security requirements of the system include realization of multi-agency authorization, attribute classification, and dynamic update policy; data privacy; large-scale access and efficient revocation mechanism. After the assumptions of information and system requirements are determined, the system model needs to be constructed. 4.3 System model construction The construction of system model mainly includes data sharing scheme description in PRD and PUD. In PRD, 773

4 the user s identity is known to PHR owner, and the number of users is small. Although ABE scheme enables users to access data, its application scenario is not suitable for PRD as the key and ciphertext length are affected by the number of attributes, and there are problems like key update. Therefore, AKEA needs to be improved before application (Wang, 2016). In the process of improvement, a trusted third party shall be introduced to generate keys and public parameters. The public key is public, and is marked and classified by PHR owner based on file content. Besides, PHR owner encrypts the PHR file based on the public key and the file index number, and sets the user s access right. In addition, the third party generates the aggregation key, so that the user can access files within his/her authorized right through the aggregation key (Shang and Sun, 2016). Please refer to Figure 1 for data file classification diagram. Figure 2. Data File Classification Schematic The specific implementation process is as follows: It is assumed that the file classification number is i, i {1,2, m}, and PHR owner s request for system parameters submitted to the authorization center is Q. The authorization center will, based on request of PHR owner, randomly select the bilinear group H of r order, and generate the variable h H. Then, the first random number α Z r is selected, each ciphertext data is represented by an index number i, and system parameter Q is worked out through initialization, namely, Q {h, h 1,, h i, h m }. Then, the second random number β Z r is selected, and a master key and a public key are then generated, which are respectively expressed as msk and pk, with (msk=β, pk = v = h β ). The PHR owner selects the third random number t Z r based on system parameters, file index number and the public key, and encrypts the file n. Then, the output ciphertext can be expressed as: CT = {H t, (vh t i ), n e (h 1, h m ) t } = {c 1, c 2, c 3 }, where, CT stands for output ciphertext that consists of 3 parts, namely, {c 1, c 2, c 3 }. In the formula, c 1 = h t, c 2 = (vh i ) t, and c 3 = e (h 1, h m ) t. After encryption, these encrypted PHR files are uploaded to the cloud server. When a user accesses a classified PHR file, he or she submits an access request to the cloud server. It is assumed that the index number of the requested PHR file is i, the index number of his/her accessible file is j, and the set S consists of all j. The authorization center will, based on the set S of the user s accessible file index number, generate the aggregation key K s and send it to the user. The aggregation key K s is expressed as K s = j S h β m + 1 j. After the user receives the generated aggregation key, the authorization center may check whether the file with the index number i is included in the set S: If no, the user cannot decrypt it; if yes, then the user can decrypt the ciphertext in the file i with the aggregation key (Liu et al., 2016). After the data sharing scheme of PRD is made clear, the next step is to design the data sharing scheme of PUD, a public domain where the users are unidentified and have a large number, and are thus difficult to manage. Therefore, CP-ABE scheme is more suitable for it. However, as there is only one authorization center in the medical cloud system, which is responsible for key distribution and management, and for attribute revocation. This will lead to system bottlenecks and it must be ensured that the authorization center is completely reliable. This is to say that one authorization center is unable to meet security requirements of PHR owner (Gan and 774

5 Wang, 2016). Therefore, the multi-agency authorization mode shall be adopted so that the user private key in each public domain can be distributed by different authorization centers, and outsourced decryption scheme shall be employed to reduce the computation workload of the authorization centers. 5. CONCLUSION In a word, in the medical cloud system, construction of a health information exchange model based on PHR can greatly enhance the efficiency of medical information storage, retrieval and sharing, thus bringing much convenience to people. However, privacy and security risks with such system have greatly hindered development and application of medical cloud. Concerning privacy risks of PHE owners, the paper proposes a strategy for protecting the privacy of PHR owners in medical cloud system, which helps protect privacy of PHR owners by setting access right that varies with the user domain. As a result, the strategy enables PHR owners to enjoy the benefits brought by medical cloud and meanwhile creates a safe and reliable application environment for medical cloud. ACKNOWLEDGMENTS Natural Science Foundation of Shandong Province, Research on power control and performance of wireless body area network for medical monitoring. ZR2017MF029. REFERENCES Cheng W., Pan R.K. (2017). Talking about the application of mixed cloud in medical industry, Computer and Telecommunications, (07), Dai F., Cheng Y. (2017). Design of cloud platform for telemedicine in Hebei, Electronic Technology and Software Engineering, (18), 53. Fan Y.F., Wang Y.J., Chen J.M., Xia Z.W. (2016). The development of the regional medical data sharing based on the Chinese, Journal of Medical Library and Information Science, 25(12), Gan Q.Q., Wang X.M. (2016). An efficient encryption scheme for key aggregation under the cloud environment, Computer Engineering, 42(02), 33-37, 44. Guan J.J., He P.T. (2017). Based on the construction of a cloud based regional medical data sharing platform, Communication World, (06), Li W.H., Liu S. (2016). The infrastructure of the medical cloud platform, Information and Computer (Theoretical Edition), (22), Liu J., Zuo X.R., Wang X., Yang G.L. (2016). Research on the construction of medical cloud platform based on Hadoop, Chinese Digital Medicine, 11(06), Qian X.R., Huang P.P. (2016). The design and implementation of the regional medical wisdom cloud platform, The Software Industry and Engineering, (06), 33-35, 56. Shang Y.N., Sun B. (2016). Research on the current situation of intelligent medical application under the background of large data, Technology and Industry, 16(10), Shi B.P., Duan X., Kong G.Q., Wu Y. (2017). Design and implementation of the deployment of medical cloud platform, Computer Applications and Software, 34(06), 43-45, 90. Shi B.P., Duan X., Kong G.Q., Wu Y. (2017). Research on resource scheduling strategy of medical cloud platform, Computer Engineering, 43(08), 44-48, 55. Wang Y. (2016). The construction of regional medical information based on cloud computing, The World's Latest Medical Information Digest, 16(87), 219. Yang M., Shu M.L., Liu R.X., Chen C.F., Wei N. (2017). The design and implementation of medical cloud system in the rural areas, Shandong Science, 30(01), Yin Q.G. (2017). The wisdom of the medical application of Internet plus, Under the Background of Communication of Science and Technology, 9(14), Yin W.D., Huang Z., Guo L., Ding Q.S. (2017). Research and practice of regional self-help medical cloud service platform, Chinese Digital Medicine, 12(10),