ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

A High Degree of Patient Privacy in PHR Patient-Centric Model of Health Information Exchange Using Cloud Security Technique

Journal: International Journal of Science and Research (IJSR) (Vol.3, No. 12)

Publication Date:

Authors : ; ;

Page : 2128-2130

Keywords : Personal health records; cloud computing; data privacy; fine-grained access control; attribute-based encryption;

Source : Downloadexternal Find it from : Google Scholarexternal

Abstract

Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthorized parties. To assure the patients control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Improper use of the data by the storage server or unauthorized access by outside users could be potential threats to their data. People would like to make their sensitive or private data only accessible to the authorized people with credentials they specified. Attribute-based encryption (ABE) is a promising cryptographic approach that achieves a fine-grained data access control. It provides a way of defining access policies based on different attributes of the requester, environment, or the data object. Especially, cipher text- policy attribute-based encryption (CP-ABE) enables an encryption to define the attribute set over a universe of attributes that a decryption needs to possess in order to decrypt the cipher text, and enforce it on the contents. Thus, each user with a different set of attributes is allowed to decrypt different pieces of data per the security policy. This effectively eliminates the need to rely on the data storage server for preventing unauthorized data access, which is the traditional access control approach of such as the reference monitor. A high degree of patient privacy is guaranteed simultaneously by exploiting multi authority ABE. This scheme enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability and efficiency of proposed scheme.

Last modified: 2021-06-30 21:15:01