ENSURING PRIVACY OF E-MEDICAL HEALTH RECORDS USING TRIPLE- DES ALGORITHM

Transcription

1 ENSURING PRIVACY OF E-MEDICAL HEALTH RECORDS USING TRIPLE- DES ALGORITHM Ms. S. P. Vidhya Priya 1, Dharani.N.R 2, Gokilavani.M 3, Jeevitha.R 4 1,2,3,4 Department of Information Technology, Kathir College Of Engineering, Coimbatore. Abstract :Cloud computing is an Internet based network made up of large number of servers-mostly based on open standards, modular and inexpensive. Cloud assisted health data considerably facilitates secure and efficient patient treatment. The purpose of this health networking project is to fix appointments for the patient either through online communication or offline communication directly to the respective specialized doctor. Security is an important aspect of Quality of Services, in cloud computing. The server could convert the encrypted index of the patient into a re-encrypted form, in Proxy re-encryption (PRE) method. On account of using PRE method in the active system, plaintext attacks occur. To overcome all the shortcut attacks, the planned model (ESTHD) uses Enhanced Triple-DES algorithm that has proven reliability, longer key length and improve the security in billions of time. This system outperforms the previous schemes in terms of privacy, security, computational and communication overhead. Keywords- Proxy Re-encryption, Plaintext attacks, Triple-DES, Privacy, Security, communication. I. INTRODUCTION Cloud Computing is an essential evolution where in Information Technology (IT) is used and applied. In Cloud Computing paradigm, there are no limits to accessing information or sources to the consumer. User only needs the internet to access the resources from all over the world. It provides user-friendly access without worrying about inside operations. Nowadays, the Healthcare industry is also using online services through the websites and telemedicine consultations like other industries. Nevertheless, the patient physical visits are also necessary. People related to healthcare like patients and doctors or agencies like drugstores and insurance organizations are transferring data day-to-day. For example, the insurance corporations are increasing business only when using online services. Various techniques have been protecting the data contents privacy via access control. Identity-based encryption (IBE), in which the sender of a message can specify an identity such that only a receiver with matching identity can decrypt it. Few years later, Fuzzy Identity-Based Encryption, which is also known as Attribute- Based Encryption (ABE). In such encryption scheme, an identity is viewed as a set of descriptive attributes, and decryption is possible if a decrypt s identity has some overlaps with the one specified in the cipher text. Soon after, more general treebased ABE schemes, Key-Policy Attribute-Based Encryption (KP-ABE) and Cipher text-policy Attribute- Based Encryption (CP-ABE) are presented to express more general condition than simple overlap. They are counterparts to each other in the sense that the decision of encryption policy (who can or cannot decrypt the message) is made by different parties. A) Security issues in HMS Cloud Computing assures both Healthcare providers and patients to store EHRs and manage Healthcare services in Clouds. Nevertheless, this choice may influence various security issues: Maintaining EHRs accessing, sharing, processing and storing in Cloud. Key generation problem that is key escrow issue. User revocation and forward/backward secrecy. Cloud Computing provides several benefits along with some special threats to medical data security and privacy in real-time. Various methods were introduced to solve above mentioned issues. DOI : /IJRTER ZFRNX 201

2 Identity-Based Encryption (IBE) scheme, here, the owner sends data with identities. However, a user converts it into plain text only if he knows the identities. Continued with Fuzz-IBE, it is also known as ABE. Here, identities are the set of attributes described by the owner at that time encryption and decryption are possible only if the user satisfies attributes. Later, very common tree based ABE systems and CP-ABE were proposed to expose simple overlap conditions. B) Security Requirements of EHRs in cloud Currently, the Healthcare system focused on obtaining the EHRs without any time and location limitations. The cloud computing is the solution to address this issue. Notwithstanding the reality of the Cloud advantages, it additionally involves specific issues to the EHRs secrecy and safety. The privacy preserving approach is better than managing confidentiality of EHRs. The requirements of CHMS are as follows: Integrity this requirement fulfils the originality of the data that is captured by the system. The EHRs should not contain any faults like software or hardware errors or human mistakes. The data must be correct. Confidentiality this requirement offers the patient to restrict accessing of EHRs from unauthorized users. Therefore, the patients need not to worry about illegal access. Authenticity this requirement fulfils the verification of identities of the user before permitting data access. In CHMS, doctors, patients and others should be verified before accessing the information. This verification scheme is performed by using their attributes. Accountability this feature offers to monitor the activities of entities. Therefore, the patients can easily monitor their health data access activities at many places like insurance companies, hospitals etc. II. MODULES Doctor Details Patient Details Admin Details Encrypting and decrypting the article Send mail alert Doctor Details Once the Doctor login into the application can able to view the patient details. The main objective of the doctor is to send appointment to the patient through an application or intimate through mail. Maintaining treatment details for the patient. Publish article for the new disease. Those articles should be encrypted using Triple DES Algorithm and stored in database server. Doctor visiting first time, should fill the details in doctor registration page. Providing suggestion to choose the hospital to claim the insurance. Patient Details Once the patient login into the application. Able to view the doctor details. Request appointment to the doctor and view appointment details which was sent by doctor and view hospital details. Getting suggestion from the doctor to visit hospital for a particular disease to claim the insurance. Reading treatment details for the particular disease directly from the article itself. Patient visiting first time to the hospital, should fill the details in patient registration page. Admin Details Able to view the patient and doctor details. Monitoring the keys which was entered by user in the search box. If the search key is new the admin will intimate those information to the particular specialist. Based on the patient registered information, the admin will contact the subscribed users for to intimate the donor details. Able to view all appointment details which was sent by All Rights Reserved 202

3 Encrypting and decrypting the article Doctor uploading an article to the server. For more security purpose we encrypting an article using Triple DES algorithm. Those encrypted document will be stored in database server. User will decrypt the document using same Triple DES algorithm, to view about the treatment details from the article. Send mail alert Using SMTP (Simple Mail Transfer Protocol) doctor sending an appointment details to the patient in case of emergency situations. Suggesting insurance claims details for the particular disease and intimating to the patient through mail. Finally generating the crystal report for the patient with unique id. III. LITERATURE SURVEY Hsiao-Ying et al [7] proposed a scheme for forwarding the data to another user securely by ensuring data robustness, confidentiality by ensuring that the data owner has full control over the data to be forwarded to another user. This scheme uses decentralized erasure code so that the message is not under the security risk since it is encrypted and split into multiple blocks and stored in distributed storage server. This scheme tries to address the problem like maintenance of secret keys by the user, reduces communication traffic, and resolves the disadvantage of storage server of supporting other functionalities. The system model consists of highly distributed multiple key servers and storage server. In this scheme the operations encoding, encryption and data forwarding are integrated tightly. This scheme uses proxy re-encryption, which is understood as follows: When a user A transfers his data user B using his public key, creates re-encryption key and sends it to the proxy server. Here the proxy server is unaware of the original text message. The researcher has integrated encryption, re-encryption and the encoding techniques together, for improving storage robustness. This scheme reduces the communication cost and communication overhead. The re-encryption key is computed by the combination of User A secret key and User B public key. Failure system recovery is done by using additional storage server. The additional server obtains the encrypted units by querying remaining unaffected servers. This scheme uses multiplicative holomorphic encryption method which supports data encoding over encrypted message. Guiseppe et al [8] proposed an interactive protocol called Proofs of storage (PoS) which enables the client to ensure trustworthy storage of his file with the server. By using any identification protocol as a base, the researchers have constructed a framework for computing which can be used for numerous times of verifications. Here the file size and the size of client s state and the communication complexity are independent. This system ensures whether the complete file sent by the client is stored as it is in the server, so that the client tags each segment of the file and stores it to the server. For verifying the storage, the client sends challenge to the server; the server returns the challenge vector and the file segment along with the tag. Bo Chen et al [9] proposed Remote Data Checking (RDC) scheme for improving robustness, in the case of insecure cloud storage provider. This scheme uses Cauchy matrices to determine the Reed- Solomon codes since they are compatible to dynamic operations. Wang et al [10] proposed a third-party auditor (TPA) to check the integrity of data, in order to reduce the overhead for the client to check the data integrity. In this method the TPA is designed in such a way that he performs multiple auditing tasks simultaneously. By improvising the existing proof of storage techniques this scheme also supports dynamic data operations. Block tag authentication is achieved by constructing Merkie Hash tree. Shiuan- Tzuo et al [11] proposed a scheme for checking the integrity of messages stored in cloud storage. The owner of the message holds the full control to decide the authorized persons to check the integrity of data; hence this method prevents re-delegation from delegated verifiers. The user uploads delegation key, integrity verification tags and the data to the storage server. The All Rights Reserved 203

4 storage server uses the delegation key to transform the data tag which is in the form such that the delegated verifier can check using its private key. This scheme uses random oracle model. IV. METHODOLOGIES (A) Existing method Proxy re-encryption is a cryptographic primitive which translates cipher texts from one encryption key to another encryption key. It can be used to forward encrypt messages without having to expose the clear texts to the potential users. The re-encryption protocol should be key independent to avoid compromising the private keys of the sender and the recipient. The primary advantage of this PRE scheme is that they are unidirectional (i.e., Alice can delegate to Bob without Bob having to delegate to her) and do not require delegators to reveal their entire secret key to anyone. A proxy reencryption algorithm transforms a cipher text under a public key PKA to cipher text PKB by using the re-encryption key RK A B. The server does not know the corresponding clear text, where PKA and PKB can only be decrypted by different key KA and KB respectively. Proxy re-encryption has many applications in addition to the previous proposals for forwarding, secure network file storage, and performing cryptographic operations on storage limited devices. (B) Re-dt ECK system architecture There are three types of entities: an information owner, users and a data centre. The data owner wants to store his private EHR files on a third-party database. He extracts keywords from the EHR files and encrypts those plaintext keywords into the secure searchable indices. The EHR files are encrypted to cipher text. Then, that information is outsourced to the data centre. A data centre consists of an EHR storage provider and a search server. The storage provider is responsible for storing data and search server performs search/add/delete operations according to users requests. A user generates a trapdoor to search the EHR files using his private key and sends it to the search servers. After receiving the request, the search servers interact with the EHR storage provider to find the matched files and returns those retrieved information to the user in an encrypted form. Fig.1.Re-dtPECK System architecture In an existing system (Re-dtPECK), proxy re-encryption (PRE) method is used. In proxy reencryption method, the messages are first encrypted by the owner and then stored in a storage server. When a user wants to share their messages, user sends a re-encryption key to the storage server. The storage server re-encrypts the encrypted messages for the authorized user. Thus, their system has data confidentiality and supports the data forwarding function. An encryption scheme is multiplicative homo-morphic, if it supports a group operation on encrypted plaintexts without decryption. The multiplicative homo-morphic encryption scheme supports the encoding operation over encrypted messages. But this scheme provides chosen plaintext attack that presumes that attacker can obtain the cipher texts for arbitrary All Rights Reserved 204

5 A third-party server inside hackers can be able to leak the information and security records to other people. So this scheme is not fully trust. In order to overcome this problem, proposed system uses Enhanced Triple-DES algorithm that prevents all the shortcut attacks because of longer key length and improve the security in billions of time. Enhanced Triple-DES algorithm is faster than other encryption schemes. C) Proposed system Architecture In this system, there are three types of entities: users (patients), doctors, and admin. The user wants to store the private health record files on a third-party database. They extract keywords from health record files and encrypt those plaintext keywords into the secure searchable indices. The health record files are encrypted to cipher text. Then, that information is stored to the cloud server. Fig.2. ESTHD System Architecture The doctor publish article for the new disease those articles should be encrypted using Enhanced Triple DES algorithm and stored in database server. User can be able to decrypt the articles from the database server and request appointment to the doctor and view appointment details which was sent by doctor. Then doctor fix the appointment to the patient. Admin monitor the activities of both users and doctors, also monitoring the keys which are entered by user in the search box. D) Workflow of the ESTHD System In ESTHD system, Enhanced Triple DES algorithm is used. In this, first article content is encrypted using effective key length of 192 bit. Hash code is generated for key using MD5 algorithm. Encrypted articles are uploaded to the Database Server. If user wants the article, they decrypt the article using Enhanced Triple DES algorithm. In decryption, also hash code is generated for the key using MD5. V. ALGORITHM Triple-DES Algorithm Standard: The 3-Data Encryption Standard (3DES) is a variation of DES that is composed of 3parts. It is slower than the regular DES but it can improve security in billions of times. Triple DES uses three 64-bit keys, so in total it uses an overall key length of 168 bits, the first part of the process is a regular DES encryption, and then the second part is a DES decryption and at last it uses a DES encryption again. It uses 3 different keys. Since it is based on the DES algorithm, it is very easy to modify existing software to use Triple All Rights Reserved 205

6 It also has the advantage of proven reliability and a longer key length that eliminates many of the shortcut attacks. Fig.3. Implementation of Triple-DES (3DES) Triple DES Encoding Triple DES algorithm uses three iterations of common DES cipher. It receives a secret 168- bit key, which is divided into three 56-bit keys. Encryption using the first secret key Decryption using the second secret key Encryption using the third secret key Encryption: c = E3 (D2 (E1 (m))) Triple DES Decoding Using decryption in the second step during encryption provides backward common DES algorithm. Decryption using the first secret key Encryption using the second secret key Decryption using the third secret key Decryption: m = D1 (E2 (D3(c))) compatibility with VI. CONCLUSION The internet usage and network system is growing rapidly. So there are some additional requirements to secure the data transmitted over different networks using different services. To afford the security to the network and data different encryption methods are used. According to the literature survey can be found that Enhanced TRIPLE-DES algorithm is most efficient in terms of speed, time, security and throughput effect. The limitation of the new improver algorithm is memory used in new method is higher than the old method. This is because of the algorithms which we have used is providing a very high security. The Security provided by these algorithms can be enhanced further. Future work will explore this concept, combination of other algorithms will be applied either sequentially or parallel and will reduce the time taken to encrypt the document. It is a flexible solution for any cryptographic system and security layers of wireless protocol. It will provide a combination of cryptographic algorithms, to setup a more secure environment for data storage and All Rights Reserved 206

7 REFERENCES [1] Richard K. Lomotey, Mobile Medical Data Synchronization on Cloud-Powered Middleware Platform, Pennsylvania State University, USA, (2016) [2] A. Shamir, Identity-based cryptosystems and signature schemes, in Advances in Cryptology. Berlin, Germany: Springer-Verlag, (1985) [3] A. Sahai and B. Waters, Fuzzy identity-based encryption, in Advances in Cryptology. Berlin, Germany: Springer- Verlag, (2005) [4] V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, in Proc. 13th CCS,(2006) [5] J. Bethencourt, A. Sahai, and B. Waters, Cipher text-policy attribute based encryption, in Proc. IEEESP,(2007) [6] A. Sahai et al. Fuzzy Identity-Based Encryption, ProceedingsInt. Conf. Theory and Allocations of Cryptographic Techniques (Euro crypt 05)(2005) [7] H.-Y. Lin and W.-G. Tzeng, A secure decentralized erasure code for distributed networked storage, IEEE Trans. Parallel Disturb. Syst., vol. 21, no. 11, pp , Nov [8] B. Chen, R. Curtmola, G. Ateniese, and R. Burns, Remote data checking for network coding-based distributed storage systems, in Proc. 2nd ACM Workshop Cloud Computing Security (CCSW'10), 2010, pp [9] B. Chen and R. Curtmola, Robust dynamic remote data checks for public clouds, in Proc. 19th ACM Conf. Computer and Common. Security (CCS'12), 2012, pp [10] Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, Enabling public auditability and data dynamics for storage security in cloud computing,ieee Trans. Parallel Disturb. Syst., vol. 22, no. 5, pp , May [11] S.-T. Sheen and W.-G. Tzeng, Delegable provable data possession for remote data in the clouds, in Proc. 13th Int. Conf. Information and Common. Security (ICICS'11), 2011, pp. 93 All Rights Reserved 207