A Trusted and Efficient Cloud Computing Service with Personal Health Record Chien-Hsing Wu
Jing-Jang Hwang†1, Zheng-Yun Zhuang2
Graduate Institute of Business and Management Chang Gung University Kwei-Shan Tao-Yuan, Taiwan
[email protected]
Department of Information Management 1 Graduate Institute of Business and Management 2 Chang Gung University Kwei-Shan Tao-Yuan, Taiwan
[email protected] 1,
[email protected] 2
Abstract—While personal health record service is to be shifted to cloud computing, successful factors can be security and privacy protection and service efficiency. In this study, we propose a framework coherently employing the symmetric key cryptography and identity-based cryptography that offers a secured, private and full access control of relevant data to the owners of the personal health records, without sacrificing the cloud service performance. Moreover, the proposed framework is implemented as a separated cloud computing service in order to have better user trusts.
There are efforts pertaining to the security and privacy enhancements of the cloud PHR service, or to the personalized data access control issue. However, according to Ming Li et. al. [7] and T. S. Chen et. al. [8], most existing researches are tackling the security and privacy challenges associated with one single user. Neither do they focus on the server side issues (this is the core merit of shifting the PHR service to the cloud), nor do they address the service performance issue such as computational efficiency, especially under the concurrent users context with imaginable data access loads.
Keywords—personal health records, separated cloud computing service, identity based cryptography
In this paper, we propose a framework that allows the PHR owner to have full control and authorization power over the PHR dataset in the cloud computing environment, without sacrificing the service performance of the cloud server. According to his/her personal preference, a PHR owner can grant the privileges of the PHR separately to any other user or relevant organization of interest. Regardless of what is to be authorized (e.g., some part of PHR file as the grant target, granting this part to somebody, or to grant any existing request issued by the other party), the whole authorization process is done identically and can be performed “off-line” (i.e., it does not require both the owner and the other party to go online). In addition, such process requires neither the owner nor the other party of interest to interchange any information that are relevant to authorization message decryption over the network, thus providing no clue for any intentional third party.
I.
INTRODUCTION
The successful development of cloud computing has attracted more and more Internet application providers to shift enormous applications to the cloud. Meanwhile, with the awareness of personal healthcare issues and the widespread use of the Internet, the personal health record (PHR) service is now drawing more and more attentions. In practice, there have been, already, some PHR services established in the cloud for the users to upload and store their personal health information. These systems aims at further or future applications of the stored PHR records, which include myPHR hosted by AHIMA [1], HealthVault hosted by Microsoft [2], to name but a few. A PHR, which is owned by any individual, includes sensitive information such as medical records (pedigrees), health exam records, drug sensitivities, and etc. [3] In the cloud computing context, the confidential PHR is uploaded to service providers’ cloud servers, to share with related health-care organizations or individuals of interest. Therefore, the security and privacy issues become the major concern when a user is considering whether his/her PHR is to be put onto the cloud or not [4]. Security concerns are especially important because the cloud is open. In order to avoid improper disclosure of PHRs, the records have to be encrypted before they are uploaded [5], and then the PHR cloud service should provide a function for a PHR owner to fully control and grant the accessibilities of the stored PHR data [6].
Symmetric key cryptography and identity-based cryptography are introduced in our framework coherently, to reduce the complications which can be cause by key issuing and management. They are also well-designed for the PHR owner’s discretionary access control and they can fit the cloud environment with multiple concurrent users and heavy computational loads. We also address the authorization management issue of PHR. To assure security, the PHR will be encrypted before uploading to the cloud server, preventing any possible content retrieval from the cipher-text. The owner can then discretionarily authorize their PHR to those possible grantees. Such a subsequent process including decryption, authentication and authorization phases, although complicated, is transparent to the user (i.e., the PHR owner).
† Corresponding author
978-1-4799-0604-8/13/$31.00 ©2013 IEEE
The degree to which such a cloud system is trusted by the PHR owners (and thus the system users) is also addressed. Based on a business model published in a previous article wherein part of the authors is overlapped with those of this article [9]. We adopted the separated cloud service model [9] to raise the technical acceptance of users. A trusted third party (TTP), who is also another cloud service provider, independent from the PHR cloud service provider but in charge of en-/decryption, is therefore established. II.
RELATED WORK
A. Personal Health Record According to the original definition of PHR by Markle Foundation in 2003 [10], it is “a set of computer-based tools that allow people to access and coordinate their lifelong health information and make appropriate parts of it available to those who need it”. In general, it includes health, medical records, insurances, among other information pertaining to some specific human body. A PHR “service” helps the human body to keep track of these information, to understand one’s personal health status and to have correct recognitions when facing medical or health care treatments. The PHR service in this paper we refer to is the PHR service running in the cloud. B. Access Control by Cryptographic method Methods for access control mainly fall in the categories: discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC) [11]. In the cloud service context, DAC enables dataset owners to set customized privilege about the subset of the dataset to be assessed for different parties, while MAC assigns the privileges according to security level manifests for every user and every dataset. And with RABC, the system presets some different access roles and assigns these roles to the users according to their security levels. Many researches have focused on enhancing the access control of PHR cloud service via methodologies of information security [6,7,8,12,13,14,15]. Cryptography is applied to the proposed frameworks and relevant researches have contributed a lot. However, these frameworks might be short when they are put into practice. In Vimercati et al.’s system which is based on symmetric key cryptography (SKC) to achieve find-grained access control over outsource data [12], the system might fail to compute efficiently when there is under multiple users because of the user-side operational complexities [7]. Nonetheless, with Dong et al.’s [15] encryption proxy based on asymmetric key cryptography (AKC) to enforce access control via a TTP’s proxy server without a completed certification architecture (CA), the time issue is still questionable because of the mass amount of computation requirement brought by public key cryptography (PKC), especially there are multiple concurrent users [8]. To enhance the efficiency of authorization and dataset access, Ming Li et al. [7] and Goyal et. al. [13] proposed their
frameworks by establishing an owner-centric and find-grained access control PHR cloud service by taking attribute-based cryptography (ABC), which is an extension of identity-based cryptography (IBC). Using these frameworks, although both the complicated key issuing process and the efficiency on concurrent computation are improved, the efficiency issue remains a topic because the performance can be still poor, in compare with SKC which frequently faces multiple-concurrent users and mass amount of data en-/decryption. C. Identity-Based Cryptography (IBC) IBC, which was proposed by Shamir in 1984, is a cryptography method similar to the en-/decryption of PKC [16]. The original idea is merely for identity-based signatures. The application example of identity-based encryption was first seen till 1992, by Maurer [17]. Then in both articles published in 2001 written by Boneh and Franklin [18], and Cocks’s [19], the IBC problems were solved with quadratic-residues-based en-/decryption algorithms. The main feature differentiating IBC with PKC is that a complete CA is not required. It requires only a private key generator (PKG) service in a TTP server or organization for key generation. When the client side begins to use the service, after the user is authenticated, necessary keys for encryption and decryption are computed on the fly on the server side according to the known user identity data. These are then transmitted to the client. As such, it is not necessary for the cloud system to hold the keys. Fig. 1 shows the process of IBC authentication, key issuing and message en-/decryption. And as can be seen, IBC is more suitable for the multi-user and heavy-computation environment because of its more efficient key management.
Fig. 1. Flow Chart for Identity-Based En-/Decryption
In this study, we adopt the framework by Boneh and Franklin to en-/decrypt the symmetric keys which are used for PHR dataset en-/decryption. III.
THE PROPOSED PHR CLOUD SERVICE FRAMEWORK
A. Core Concept In this study, we refer to the business model proposed in one of our previous researches [9]: the application service and the information security service are offered from the cloud separately and mutual exclusively by different service providers. With this model, PHR can be encrypted and stored in the cloud service providers’ storage system. For the sake of short search time and low computational load, we assume that any PHR dataset are well-stratified and are to be stored according to the stratification. At the meantime, the symmetric
key for encrypting this PHR dataset will be encrypted by another public key, which is acquired and generated by TTP’s PKG-based IBC. This “encrypted key for en-/decrypting the PHR dataset” is to be stored together with the encrypted PHR dataset on the cloud server. When the dataset owner wants to retrieve the PHR dataset from the PHR cloud, he/she first logs onto the cloud service, selects the dataset he/she wants and passes an authentication flow initiated by the TTP server. Then the client side obtains a private key from TTP PKG. This key is used to recover the “encrypted key for en-/decrypting the PHR dataset” (retrieved from the server directly) and to have the “key for en/decrypting the PHR dataset”. The “key for en-/decrypting the PHR dataset” is then transmitted back to the cloud server. On the server side, this recovered key obtained from the client is then verified. If this key is correct, which means its hash value is same as the prestored hash value calculated from the original symmetric key, the PHR cloud service decrypts the selected datasets by such a key. Fig. 2 shows the PHR dataset retrieval flow. Beware again that this is a separated cloud service business model.
this key is then transmitted to the PHR cloud service system, for it to perform key verification and to decrypt the PHR dataset body further. When there is another party who are requesting the PHR dataset from the owner, or the owner is to grant the accessibility of the PHR dataset to some other party, the owner logs in to the PHR cloud service system and specifies the subset of the PHR dataset to be granted. Then as usual, the whole system goes through phases like authentication, PKG private key computation, recovery of the symmetric key for encryption, verification for this key and PHR dataset decryption. However, subsequent procedure launched by the PHR cloud server system is important to grant the PHR dataset, as follows. 1) It randomly generates a new symmetric encryption key. 2) The decrypted PHR dataset is re-encrypted using this new key. 3) The system selects out the identity information of the party to authorize and asks the PKG for computing the public key for the party. 4) It encrypts the symmetric key obtained in (1) by the public key obtained in (3). 5) It stores the result of (4) back to the storage system. 6) It notifies the party to authorize that access privilege of the owner’s PHR dataset has been granted.
User
The above authorization procedure is illustrated in Fig. 3.
Fig. 2. Data Retrieve Process from Separated PHR Cloud Service Model
B. Authorization Management In order to process the encryptions and decryptions of PHR datasets massively, an SKC method that is suitable for large amounts of data is adopted here. To prevent PHR datasets from improper disclosure, the symmetric key used to decrypt the ciphered PHR dataset is not stored in the cloud system (i.e., the server side). Only the symmetric keys' hash value is stored instead. The function of such hash value is just to verify the recovered symmetric key passed back from the client later. This prohibits anonymous acquisitions of the symmetric keys and lowers the exposure risk of the PHR dataset. When decrypting the PHR dataset, recovering the original key which was used to encrypt the same dataset is a must. For this reason, the symmetric key is encrypted by the owner’s public key part which was computed partly from his/her personal identity information by TTP’s PKG. This encrypted key is then saved in the cloud storage system. When an owner is to retrieve the PHR plain dataset, after passing the authentication flow, the PKG of TTP computes the private key part, also from the owner’s personal identity information, which is necessary for decrypting the stored “encrypted symmetric key”. After decryption, the TTP obtains the recovered symmetric key, and
Fig. 3. PHR Data Sets Authorization Process
After step (6), the party to authorize gets noticed and becomes an authorized user. This user is ready to login the PHR cloud system using his/her identity information. After authentication passed, TTP computes the private key of this user from the identity information and then recovers the symmetric key for en-/decrypting the PHR dataset. This key, once obtained, is sent to the PHR cloud service system for verification. If this recovered key is correct, it can be well used to decrypt the granted but encrypted PHR dataset. Fig. 4 demonstrates the flow of PHR dataset retrieval by an authorized author.
efficiency of this flow is the focus. The simplicity of the design of such a process guarantees its efficiency. During the process the PHR cloud service retrieves the identity information of the party, sends a request to the TTP PKG, gets a public key and uses the obtained key to re-encrypt the symmetric key that is used for PHR dataset decryption. This process requires neither any extra private key exchange channel to be established or any relevant protocol to be designed, nor a conjunctive, simultaneous participation of both the PHR dataset owner and the one who is to be authorized. V.
CONCLUSION
A new cloud PHR dataset maintenance/retrieval service framework is proposed in this study, based on the separated cloud service business model. When it is viewed as new business model architecture, there are features we can analyze from various aspects. The first aspect, its service portfolio is a combination of three kinds of cloud services, namely the main PHR service, the TTP security service and the storage service. The second aspect, the process and activities designed in the proposed model is brand new, although the cryptographic methodologies used by the processes are well-known ones. Of most importance is that such a new design is computationally efficient and relatively secure.
Fig. 4. Authorized User Retrieve PHR Data Sets Process
IV.
ANALYSIS AND DISCUSS
In the proposed service model, SKC is used for PHR dataset encryption. In general, SKC is more efficient than AKC and much more suitable for dealing with a mass amount of data. For purposes of protection to the symmetric keys and controls of PHR dataset accessing and authorization, a standalone service provider is considered and designed to serve the key en-/decryption requests by IBC. This mechanism can enhance security because such an service provider is a 3rd party independent from the main cloud service systems and the mere function of it is to en-/decrypt the symmetric keys, and because the IBC it is using is based on elliptic curves. Besides, the security policy designed for protecting the PHR datasets also makes sense. To verify the symmetric key decrypted by and passed from the user side, the PHR cloud performs a hash-comparison between the hashed user side key and the correct hash value of it which was pre-stored inside the cloud. Since the cloud system stores nothing but the hash values, without keeping any information pertaining to the key itself, according to the one-way and low-collision properties of hash functions, it can be difficult to perform reverse engineering for the original key. This is due to the absence of a reverse function and the difficulty to guess the key from the hashed value. Furthermore, the proposed dataset authorization process is simple but effective, too. This process is transparent to both the dataset owner and the party who are to be authorized, so the
The third aspect, the customer management is also effective. For dataset owners, it offers a transparent, clear and fullcontrolled interface for PHR dataset retrieval. It also enables a transparent, simple and efficient dataset authorization process. This is analogous to a virtual “store and forward (SAF)” process in telecommunications within which the owner-granted PHR dataset is stored on a network node and then forwarded to the destination party. One difference is that the necessary security algorithms and dataset decryptions/encryptions are performed and done before storing. The other difference is that the authorized (destination) party gets a notification message only, rather than the message body itself, and retrieves required information thereafter, in a cloud computing context. The final aspect is the value proposition of the proposed new framework. As can be seen from the above aspects, it is expected that the confidence and trust of both the PHR cloud service providers and users can be established and promoted. This could speed up the utilization process of PHR cloud service itself. Moreover, it is also expected that the core design of this framework can be generalized to other similar applications which are also shifting their traditional services to the cloud. These two points are, exactly and in fact, the central value propositions of this study. ACKNOWLEDGMENT We are grateful for the support of the National Science Council of Taiwan Government (Project Number NSC 1012410-H-182-001-MY2). REFERENCES [1]
AHIMA e-HIM Personal Health Record Work Group, ”myPHR”, http://www.myphr.com/, Accessed 20 Aug 2011.
[2] [3] [4] [5]
[6]
[7]
[8]
[9]
[10] [11] [12]
[13]
[14]
[15] [16]
[17] [18]
[19]
Microsoft Corporation, “HealthVault”, http://www.microsoft.com/enus/healthvault/, Accessed 22 Aug 2011. AHIMAe-HIM Personal Health Record Work Group, “Defining the personal health record”, J AHIMA 76(6):24–25, 2005. J. S. Kahn, V. Aulakh, and A. Bosworth. “What it takes: characteristics of the ideal personal health record”, Health Aff, 28:369–376, Mar. 2009. A. Parakh and S. Kak, “Online data storage using implicit security”, Information Sciences, vol. 179, issue 19, pp. 3323-3333 ,September 2009. J. Benaloh, M. Chase, E. Horvitz, K. Lauter, “Patient controlled encryption: ensuring privacy of electronic medical records”, In: CCSW 2009: Proceedings of the 2009 ACM workshop on Cloud computing security, pp. 103–114, 2009. M. Li, S. Yu, K. Ren, W. Lou, “Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings”, Security and Privacy in Communication Networks, 50: p. 89-106, 2010. T. S. Chen, C. H. Liu, T. L. Chen, C. S. Chen, J. G. Bau, and T. C. Lin, “Secure Dynamic access control scheme of PHR in cloud computing”, Journal of Medical Systems, vol. 36, no. 6, pp. 4005– 4020, 2012. J. J. Hwang, K. K. Chuang, Y. C. Hsu, C. H. Wu, “A Business Model for Cloud Computing Based on a Separate Encryption and Decryption Service”, ICISA - International Conference on Information Science and Applications, 2011. Markle Foundation, “Connecting for Health”, The Personal Health Working Group Final Report, 2003. RS Sandhu, P Samarati, “Access control: principle and practice”, IEEE Commun Mag 32(9):40–48, 1994. S.D.C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati, “Over-encryption: management of access control evolution on outsourced data”, In: VLDB 2007, pp. 123–134, 2007. V. Goyal, O. Pandey, A. Sahai, B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data.:, In: CCS 2006, pp. 89–98, 2006. Y. C. Hsu, J. J. Hwang, “Controlling Decryption of Personal Health Records in Cloud”, Proceedings of the International Conference on IT Convergence and Security 2011 Lecture Notes in Electrical Engineering Volume 120, pp 69-79, 2012. C. Dong, G. Russello, N. Dulay, “Shared and searchable encrypted data for untrusted servers”, In: DBSec 2008, pp. 127–143, 2008. A. Shamir, “Identity-based cryptosystems and signature schemes”, In Advances in Cryptology - Crypto '84, Springer-Verlag LNCS 196, 4753, 1984. Ueli M. Maurer, “Protocols for Secret Key Agreement by Public Discussion Based on Common Information”, CRYPTO 1992: 461-470 Dan Boneh, Matthew K Franklin, “Identity-Based Encryption from the Weil Pairing”, Advances in Cryptology Proceedings of CR YPTO 2001, 2001. Clifford Cocks, “An Identity Based Encryption Scheme Based on Quadratic Residues”, Proceedings of the 8th MA International Conference on Cryptography and Coding, 2001.
