www.iiece.org GJESR RESEARCH PAPER VOL. 1 [ISSUE 4] MAY, 2014
ISSN:- 2349–283X
SCALABLE AND SECURE SHARING OF PERSONAL HEALTH RECORD MAINTENANCE USING ADVANCED ENCRYPTION STANDARD (AES) *Kabilan N Department of Computer Science & Engineering, Coimbatore Institute of Engineering and Technology (CIET), Coimbatore, TamilNadu, India. Email- kabilanstreet@gmail.com
ABSTRACT: Personal health record (PHR) is an emerging patient-centric model of health information exchange. There have been wide privacy concerns as personal health information could be exposed to unauthorized access. In this project, an Advanced Encryption Standard (AES) scheme capable of handling multiple authorities is employed to protect PHR from unauthorized access. The AES scheme is based on the attributes stored in the PHR. In this scheme, the set of recipients defined by the encrypting party can decrypt a corresponding cipher text. This scheme overcomes the demerits in the existing encryption scheme. In a multi-authority AES scheme, multiple attribute-authorities monitor different sets of attributes and issue corresponding decryption keys to users. Encryptors assure that a receiver obtain keys for appropriate attributes from each authority before decrypting a message. Thus, the project provides security to the data stored in PHR, using AES with increased performance and reliability. Keywords: Personal health records, Access control, Advanced Encryption Standard, Attribute-based Encryption, and Secure Sharing. 1. INTRODUCTION In recent years, personal health record (PHR) has emerged as a patient-centric model of health information exchange. A PHR service allows a patient to create, manage, and control her personal health data in one place through the web, which has made the storage, retrieval, and sharing of the medical information more efficient. Especially, each patient is promised the full control of her medical records and can share her health data with a wide range of users, including health care providers, family members or friends. Due to the high cost of building and maintaining specialized data centres, many PHR services are outsourced to or provided by thirdparty service providers such as Microsoft Health Vault. While it is exciting to have convenient PHR services for everyone, there are many security and privacy risks which could impede its wide adoption. The main concern is about whether the patients could actually control the sharing of their sensitive personal health information (PHI), especially when they are stored on a third-party server which people may not fully trust. On the one hand, although there
exists healthcare regulations such as HIPAA which is recently amended to incorporate business associates, service providers are usually not covered entities. On the other hand, due to the high value of the sensitive personal health information (PHI), the third-party storage servers are often the targets of various malicious behaviours which may lead to exposure of the PHI. As a famous incident, a Department of Veterans Affairs database containing sensitive PHI of 26.5 million military veterans, including their social security numbers and health problems was stolen by an employee who took the data home without authorization. To ensure patient-centric privacy control over their own PHRs, it is essential to have data access control mechanisms that work with servers. A feasible and promising approach would be to encrypt the data before outsourcing. Basically, the PHR owner herself should decide how to encrypt her files and to allow which set of users to obtain access to each file. A PHR file should only be available to the users who are
Š Virtu and Foi
1
GJESR RESEARCH PAPER VOL. 1 [ISSUE 4] MAY, 2014
ISSN:- 2349–283X
given the corresponding decryption key, while remain confidential to the rest of users.
Fig.1: Architecture of Patient Health Record Sharing However, the goal of patient-centric privacy is often in conflict with scalability in a PHR system. The authorized users may either need to access the PHR for personal use or professional purposes. Examples of the former are family member and friends, while the latter can be medical doctors, pharmacists, and researchers, etc. Let refer to the two categories of users as personal and professional users, respectively. The latter has potentially large scale, should each owner directly responsible for managing all the professional users, will easily be overwhelmed by the key management overhead. In addition, since those users’ access requests are generally unpredictable, it is difficult for an owner to determine a list of them. Letting each user obtain keys from every owner whose PHR wants to read would limit the accessibility since patients are not always online. In order to protect the personal health data stored on a trusted server, by adopting Advanced Encryption Standard (AES) as the main encryption primitive. Using AES, encrypting the information is done based on the number of rounds involved. Each round includes functions such as Sub Bytes, Shift Rows, Mix Columns and Add Round Keys. For decrypting the information, a set of reverse round keys are used.
2. AES Technique AES technique is a specification for an encryption of electronic data. It uses substitution and permutation network. This technique uses block size as 128 bits and key size as 128,192 or 256 bits. Key size used for AES cipher determines the number of repetitions of transformation rounds that convert the plain text into cipher text. Numbers of cycles of repetitions are
10 cycles represents 128 bits key.
12 cycles represents 192 bits key.
14 cycles represents 256 bits key.
Advanced Encryption Standard uses an algorithm starts with a random number, in which the key and data encrypted with it are scrambled through four rounds of mathematical processes. The key that is used to encrypt the information must also the same to decrypt it. Four rounds are
© Virtu and Foi
SubBytes
ShiftRows
MixColumns and
Add Round Key
2
GJESR RESEARCH PAPER VOL. 1 [ISSUE 4] MAY, 2014
ISSN:- 2349–283X
Fig.2: Structure of AES Each round has several processing steps, each containing four similar but different stages. A set of reverse round key is used to get plain text from cipher text. The first three functions of an AES round are designed to thwart cryptanalysis via the methods of “confusion” and “diffusion.” The fourth function actually encrypts the data. Claude Shannon described the concepts of confusion and diffusion in his seminal 1949 paper, “Communication Theory of Secrecy Systems:” “Two methods … suggest themselves for frustrating a statistical analysis. These
Scramble each byte (SubBytes).
Scramble each row (ShiftRows).
Scramble each column (MixColumns).
Encrypt (AddRoundKey).
A term associated with AES is “the State,” an ‘intermediate cipher,’11 or the ciphertext before the final round has been applied. AES formats plaintext into 16 byte (128-bit) blocks, and treats each block as a 4x4 State array. It then performs four operations in each round. The arrays contains row and column information used in the operations, especially MixColumns() and Shiftrows().
We may call the methods of diffusion and confusion.”10
SubBytes()
Diffusion means patterns in the plaintext are dispersed in the ciphertext. Confusion means the relationship between the plaintext and the ciphertext is obscured.
SubBytes() adds confusion by processing each byte through an S-Box. An S-Box is a substitution table, where one byte is substituted for another, based on a substitution algorithm.
A simpler way to view the AES function order is:
© Virtu and Foi
3
GJESR RESEARCH PAPER VOL. 1 [ISSUE 4] MAY, 2014
Here is the AES Substitution Table:
ISSN:- 2349–283X
number via finite field mathematics, as shown in the FIPS illustration that follows:
Fig.5: MixColumns
Fig.3: SubBytes
AddRoundKey()
To complete an S-Box operation on an example string of “ABC,” take the hexadecimal Value of each byte. ASCII “A” == hex 0x42, “B” == 0x43 and “C” == 0x44. Look up the first (left) hex digit in the S-Box column and the second in the S-Box row. 0x42 becomes 0x2c; 0x43 becomes 0x1a, and 0x44 becomes 0x1b.
The actual ‘encryption’ is performed in the AddRoundKey() function, when each byte in the State is XORed with the subkey. The subkey is derived from the key according to a key expansion schedule, as shown in the FIPS illustration that follows:
ShiftRows() ShiftRows() provides diffusion by mixing data within rows. Row zero of the State is not shifted, row 1 is shifted 1 byte, row 2 is shifted 2 bytes, and row 3 is shifted 3 bytes, as shown in the FIPS illustration that follows:
Fig.6: AddRoundKey
One Round of AES Here is one round of AES encryption, shown in the FIPS publication two dimensionally:
Fig.4: ShiftRows
MixColumns() MixColumns() also provides diffusion by mixing data within columns. The 4 bytes of each column in the State are treated as a 4-byte number and transformed to another 4- byte
© Virtu and Foi
4
GJESR RESEARCH PAPER VOL. 1 [ISSUE 4] MAY, 2014
ISSN:- 2349–283X
2. Shift Rows 3. Add Round Keys 3. Related Work Various attribute encryption techniques are used for fine grained encryption of data and are discussed below.
Fig.7: One Round AES AES Decryption Decryption occurs through the function AddRoundKey(), plus the inverse AES functions InvShiftRows(), InvSubBytes(), and InvMixColumns(). AddRoundKey() does not require an inverse function, as it simply XORs the state with the subkey (XOR encrypts when applied once, and decrypts when applied again). Algorithm: STEP 1 : Key Expansion - Round keys are derived from the cipher key using Rijndael's key Schedule. A separate 128- bit round key blockfor each round plus one more. STEP 2 : To transformation.
perform
Initial
Round
Add Round Key
STEP 3 : To perform Round transformation. To perform substitution.
Sub
Bytes
To perform Shift Rows permutation. To perform Mix Columns permutation. To Add Round permutation. STEP 4 : Final Round (no Mix Columns) 1. Sub Bytes
Key
KP-ABE: [1] propose a cryptosystem for finegrained sharing of encrypted data that is called as Key-Policy Attribute-Based Encryption. In this cryptosystem, cipher texts are designated with sets of attributes and private keys .Private keys are related with access structures that in turn specifies which type of cipher texts the key can decrypt. Symmetric key cryptography (SKC) based solutions: Symmetric-key algorithms are a class of algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link Vimercati et.al.[2] Proposed a solution for securing outsourced data on semi-trusted servers based on symmetric key derivation methods, which can achieve fine-grained access control. Unfortunately, the complexities of file creation and user grant/revocation operations are linear to the number of authorized users, which is less scalable. Multi-Authority attribute-Based encryption: In a multi-authority ABE system [3], we have many attribute authorities, and many users. There are also a set of system wide public parameters available to everyone (either created by a distributed protocol between the authorities). A user can choose to go to an attribute authority, prove that it is entitled to some of the attributes handled by that authority, and request the corresponding decryption keys. The authority will run the attribute key generation algorithm, and return the result to the user. Any party can also choose to encrypt a message, in which case he uses the public parameters together with an attribute set of his
© Virtu and Foi
5
GJESR RESEARCH PAPER VOL. 1 [ISSUE 4] MAY, 2014
choice to form the ciphertext. Any user who has decryption keys corresponding to an appropriate attribute set can use them for decryption.
ISSN:- 2349–283X
collectively from each subset. User can get part of the key from each TA.
Public key cryptography (PKC) based solutions: PKC based solutions were proposed due to its ability to separate write and read privileges. To realize fine-grained access control, the traditional public key encryption (PKE) based schemes proposed by J. Benaloh, M. Chase, E. Horvitz, and K. Lauter [4] in their work “Patient controlled encryption: ensuring privacy of electronic medical records”, they purpose the solution scenario and shows how public and symmetric based encryption used , disadvantage of their solution is either incur high key management overhead, or require encrypting multiple copies of a file using different users’ keys. CP-ABE: Waters et.al. Proposed [5] Cipher textPolicy Attribute-Based Encryption, which was specifically designed by considering that data can be kept confidential even servers are semi trusted. Also the encryption methods are resistant against collusion attacks.CP-ABE overcomes the drawback that existing AttributeBased Encryption systems has which uses attributes to describe the encrypted data and on that basis amend policies on user’s keys. Instead scheme suggests to use attributes to decide user’s credentials, and a party encrypting data deter- mines a policy for who can decrypt. AES-CBC + Elephant diffuser: [6] The Bitlocker Drive Encryption feature of Windows Vista poses an interesting set of security and performance requirements on the encryption algorithm used for the disk data. We discuss why no existing cipher satisfies the requirements of this application and document our solution which consists of using AES in CBC mode with a dedicated diffuser to improve the security against manipulation attacks. CC MAABE: Chase and Chow [7] proposed a multiple-authority ABE (CC MAABE) Solution. As per (CC MAABE) there can be arbitrary TAs, each of them governing a distinguished subset of the users attributes and secret key is generated
Table1: Comparison of Different ABE & AES Schemes 4. Framework for PHR Model To present Novel patient-centric secure data sharing framework considers a PHR system where there is PHR owners and PHR users. The owners refer to patients who have full control over their own PHR data, i.e., they can create, manage, retrieve and delete it. There is a central server belonging to the PHR service provider that stores all the owners’ PHRs. The users may come from various aspects; for example, a friend, a care giver or a researcher. Users access the PHR documents through the server in order to read or write to someone’s PHR, and a user can simultaneously have access to multiple owners’ data. A typical PHR system uses standard data formats. For example, continuityof-care (CCR) (based on XML data structure), which is widely used in representative PHR systems Indivo, an open-source PHR system adopted by Boston Children’s Hospital. Due to the nature of XML, the PHR files are logically organized by their categories in a hierarchical way. We consider the server to be semi-trusted, i.e., honest but curious. Some users will also try to access the files beyond their privileges. For example, a pharmacy may want to obtain the prescriptions of patients for marketing and boosting its profits. To do so, they may collude
© Virtu and Foi
6
GJESR RESEARCH PAPER VOL. 1 [ISSUE 4] MAY, 2014
with other users, or even with the server. In addition, we assume each party in our system is preloaded with a public/private key pair and entity authentication can be done by traditional challenge-response protocols. To achieve “patient-centric” PHR sharing, a core requirement is that each patient can control who are authorized to access to her own PHR documents. Especially, user controlled read/write access is the core security objective for any electronic health record system. 5. Implementation Details (1) RSA Algorithm: For actual encryption/decryption of data we will be using RSA algorithm. It belongs to Advance encryption Standard i.e. AES. Till date no known attacks are identified against RSA algorithm. The various algorithms which belong to DES standard like Deffie Hellman, MD5 are prone to attacks and also require huge computation. The details of RSA are as follows
It uses public & a private key
Uses large integers (e.g. 1024 bits)
The One-Way Function
The exponentiation function y = f(x) = xe mod n can be computed with reasonable effort. Its inverse x = f -1(y) is extremely difficult to compute. 4. The RSA public key algorithm is based on the well-known hard problem of factoring large numbers into its prime factors (2)Dividing system into domains: Aim is to provide secure patient-centric PHR access and efficient key management at the same time. The key idea [8] is to divide the system into multiple security domains (namely, public domains (PUDs) and personal domains (PSDs) according to the different users’ data access requirements. The PUDs consist of users who make access based on their professional roles, such as doctors, nurses and medical researchers. In practice, a PUD can be mapped to an independent sector in the society, such as the health care, government or insurance sector. For each PSD, its users are personally associated
ISSN:- 2349–283X
with a data owner (such as family members or close friends), and they make accesses to PHRs based on access rights assigned by the owner. Both types of security domains, utilize AES to realize cryptographically enforced, patientcentric PHR access. The multi-domain approach best suited for different user types and their access requirements in a PHR system. The use of AES makes the encrypted PHRs self-protective, i.e., they can be accessed by only authorized users even when storing on a semi-trusted server, and when the owner is not online. [8] (3) Encryption of PHR and Access rules: The files which are encrypted using AES are uploaded on server by the owner. Each owner PHR files are encrypted on the basis of certain fine grained and role based access policy. Encrypted files can be decrypted only by authorized users, excluding the server. (4)Policy Updates. Sharing policy for an existing PHR is done by PHR owner by updating the attributes (or access policy) in the cipher text. The supported operations like add/delete/modify can be performed by server on behalf of the user (5) Break-glass. A break glass concept is used in case of emergency. Break glass allows bypassing the regular access policies and accessing the PHR record through emergency department (ED) .For this scheme PHR access rights are delegated to emergency department beforehand. To prevent from abuse of breakglass option, the emergency staffs needs to contact the ED to verify identity and emergency situation, as well as obtain temporary read keys. After the emergency is over, the patient can revoke the emergent access via the ED. 6. Proposed System Model The general flow will be, user through web application will login into the system. The user credententials will be checked against login database system. System will verify that to which domain user belongs to. On that basis attribute authentication system will grant read/write access. If user wants to write some data to PHR cloud than application server will encrypt that data and then it will be stored in PHR cloud. Key distribution will be again
© Virtu and Foi
7
GJESR RESEARCH PAPER VOL. 1 [ISSUE 4] MAY, 2014
managed by application logic server. In case of Break glass PHR access rights are delegated to emergency department beforehand so that misuse of it can be avoided. In this model, Advanced Encryption Standard (AES) technique is used for securing PHR. AES algorithm is a symmetric key algorithm which uses same key for encryption and decryption process. This algorithm helps to encrypt the information
ISSN:- 2349–283X
based on number of rounds involved in it. Each round includes four functions such as Sub Bytes, Shift Rows, MixColumns and Add Round Keys. A set of reverse round keys are used for decrypting the information. Number of rounds helps for the strongest secure of information. This technique is mainly used for securing medical records.
Fig. 8: Proposed System Model for AES –PHR system
7. System Implementation Implementation is the stage in the project where the theoretical design in the turned into a working system and is giving confidence on the new system for the user that it will work effectively. It involves careful planning, investigation of the current system and its constraints on implementation, design of methods to achieve the changeover, an evaluation, of change over methods. Apart from planning major task of preparing the implementations are education and training of users .The more complex the system begin effort, required just for implementation. An implementation coordination committee based on policies of individual organization has been appointed. The implementation process begins with preparing a plan for the implementation of the system. After the system is implemented
successfully, training of the user is one of the most important subtasks of the developer. For this purpose user manuals are prepared and handled over to the user to operate the developed system. Thus the users are trained to operate the developed system. Both the hardware and software securities are made to run the developed systems successfully in future. The implementation stage involves following Tasks.
© Virtu and Foi
Careful planning.
Investigation of system and constraints.
Design of methods to achieve the changeover.
Training of the staff in the changeover phase.
8
GJESR RESEARCH PAPER VOL. 1 [ISSUE 4] MAY, 2014
Evaluation of the changeover method The maintenance phase of the software cycle is the time in which a software product useful work. After a system is successfully implemented, it should be maintained in a proper manner. System maintenance is an important aspect in the software development life cycle. The need for the system maintenance is for it to make adaptable to change in the system environment. There may be social, Technical and other environmental changes, which affect a system, which is being implemented. Software product enhancements may involve providing new functional capabilities, improving user displays and mode of interaction, upgrading the performance characteristics of the system. So only throw proper system maintenance procedures, the system can be adapted to cope up with these changes. The maintenance activity occurs because it is unreasonable to assume that software testing will uncover all errors in large software system. During the use of any large program, errors, will occur and be reported to the Developer. The process that includes the diagnosis and correction of one or more errors is called Corrective maintenance Parameterization of Key Length, Block Size, and Round Number This standard explicitly defines the allowed values for the key length (Nk), block size (Nb), and number of rounds (Nr) – see Fig. 8.1 However, future reaffirmations of this standard could include changes or additions to the allowed values for those parameters. Therefore, implementers may choose to design their AES implementations with future flexibility in mind.
ISSN:- 2349–283X
Implementation Suggestions Various Platforms
Regarding
Implementation variations are possible that may, in many cases, offer performance or other advantages. Given the same input key and data (plaintext or ciphertext), any implementation that produces the same output (ciphertext or plaintext) as the algorithm specified in this standard is an acceptable implementation of the AES. 8. CONCLUSION Based on the fact that it is a government standard AES is going to be used in the future as the symmetric algorithm of choice, unless a major flaw is found in the algorithm. It is important to remember that while all initial analysis looks like the algorithm is secure there is no way to prove an algorithm is secure, you can only prove it is not secure by breaking it. Therefore only time will tell but if all works out as planned, you will be seeing AES used in all products instead of DES/Triple DES. The Advanced Encryption Technique was implemented successfully using ‘java’ language. Various data messages were encrypted using different keys and varying key sizes. The original data was properly retrieved via decryption of the cipher text. The modifications brought about in the code was tested and proved to be accurately encrypting and decrypting the data messages with even higher security and immunity against the unauthorized users. 9. REFERENCES 1. S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving secure, scalable,and finegrained data access control in cloud computing,” in IEEEINFOCOM’10, 2010. 2. S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, “Overencryption: management of access control evolution on outsourced data,” in VLDB ’07, 2007, pp. 123–134.
Table.2: Key Rounds
3. M. Chase and S. S. Chow, “Improving privacy and security in multi-authority
© Virtu and Foi
9
GJESR RESEARCH PAPER VOL. 1 [ISSUE 4] MAY, 2014
ISSN:- 2349–283X
attribute-based encryption,” in CCS ’09, 2009, pp. 121–130. 4. J. Benaloh, M. Chase, E. Horvitz, and K. Lauter, “Patient controlled encryption: ensuring privacy of electronic medical records,” in CCSW’09, 2009, pp. 103– 114. 5. L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, and W. Jonker,“Ciphertext-policy attribute-based threshold decryption with delegation and revocation of user attributes,” 2009. 6. Niels Ferguson, AES-CBC + Elephant diffuser. A Disk Encryption Algorithm for Windows Vista, niels@microsoft.com, Aug 2006. 7. M. Chase and S. S. Chow, “Improving privacy and security in multi-authority attribute-based encryption,” in CCS ’09, 2009, pp.121–130. 8. “Google, microsoft say hipaa stimulus rule doesn’t apply to them,” http://www.ihealthbeat.org/Articles/2 009/4/8/. 9. Ming Li, Shucheng Yu, Yao Zheng, Kui Ren, and Wenjing Lou, “Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute- based Encryption”, IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTE SYSTEMS-jan2013.
© Virtu and Foi
10