Enhanced Security of PHR System in Cloud Using Prioritized Level Based Encryption

• Published in: Recent Trends in Computer Networks and Distributed Systems Security pp. 57 - 69
• Main Authors: Sangeetha, D., Vijayakumar, Vaidehi, Thirunavukkarasu, Valliammai, Ramesh, Aiswarya
• Format: Book Chapter
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg
• Series: Communications in Computer and Information Science
• Subjects: Cloud Computing; Data Security; Personal Health Records; Prioritized Level Based Encryption; Sensitivity Analyzer
• ISBN: 9783642545245; 3642545246
• ISSN: 1865-0929; 1865-0937
• DOI: 10.1007/978-3-642-54525-2_5

Cloud Computing has emerged as one of the vital part of the IT industry and it requires users to entrust their valuable data to cloud providers and so, there has been increasing security and privacy concerns on outsourced data. However there are more privacy concerns when the data involved is related to health. The current trend is that all the sectors are now moving to paperless management setup reducing the manual work and increasing the efficiency in both technical and management perspective. Similarly, the traditional health records are now being exported to cloud platform for continuous availability and easier management. This opens up the important problem of security when handling the personal data. To mitigate such security risks, proper cryptographic measures must be taken. Proper delegation and revocation mechanisms must be applied in case of sharing the records. There is a need for categorizing the data based on the sensitivity level of the health records, since encrypting all the records using the same mechanism will not be fair and also paves the way for intruders to decrypt all the records if the algorithm is found. To achieve fine-grained and scalable data control for Personal Health records (PHR), we leverage Prioritized Level Based Encryption (PLBE) techniques to encrypt each patient’s PHR file, the PHR also includes both text and image data like x-rays and scanned images. Therefore separate encryption techniques have to be enforced for text and image data. We also focus on multiple data owner scenario and divide the users in the PHR system into multiple security domains that reduces key management complexity for both owners and users.