Security System in Cloud Computing for Medical Data

Usage
Maya Louk
1
, Hyotaek Lim
2
, Hoon Jae Lee
3

1
Department of Ubiquitous IT, Graduate School of Dongseo University, Sasang-Gu, Busan
617-716, Korea mayalouk@gmail.com
2
Division of Computer and Engineering Dongseo University Sasang-Gu, Busan 617-716, Korea
htlim@gdsu.dongseo.ac.kr
3
Division of Computer and Engineering Dongseo University Sasang-Gu, Busan 617-716, Korea
hjlee@dongseo.ac.kr
Abstract. This Paper briefly sketches out the usage of security system in
Mobile Cloud Computing which is including the monitoring, recording,
tracking and giving notification to the user. For encryption-decryption will use
Elliptic Curve Cryptography (ECC). The functionality of re-encryption "tag"
and "mark" for data access system for every legal user. It suggests the cloud
computing based on encryption and decryption services with functional re-
encryption which the encrypted medical data could be accessed and decryption
from anywhere by whomever that has the ability to access according to the
access policy. This paper proposed the discussion of the idea of medical usage
of the cloud computing and the security accessing data by people who has been
authorized according to the access policy.
Keywords: Cryptography, Functional Re-Encryption, Medical Data, Mobile
Cloud Computing, Tag and Mark,
1 Introduction
Medical data of a patient is a sensitive data which also has to be shared with another
person who has the authorization to analyze and process the data. This idea covers not
only patients who are located in the big city with flashy hospital and bunch of
specialists but also for every needy persons who have only access to equipment
limited small hospital and lack the specialist who can analyze the medical data and
give proper feedback. With this design system, the administration of the hospital or
nurse will help the patient to record all data that they need and put all the patients
data into the cloud computing, and the specialist doctor wherever the doctor is,
who has the authorized access into the cloud computing could read the data, process,
and access the data and send back his suggestion to the cloud so that the hospital
administration will do the instruction that the specialist has suggested.
2 Security for Medical Data
Advanced Science and Technology Letters
Vol.38 (Embedded Ubiquitous 2013), pp.27-31
http://dx.doi.org/10.14257/astl.2013.38.06
ISSN: 2287-1233 ASTL
Copyright 2013 SERSC


Fig.1. The security system for medical usage.

According to figure 1, when intruders try to illegally see and steal the data, the
intruders must jailbreak the security system beforehand. Thus the system will record
the attempt and track it down and send the notification to the user using this method,
the user will know the who, when, how and where the intruders attempt to attack the
system

The security system consists of:

a. Security system: authentication: when a user wants to log in into the system, the
system will send one time password into the user mobile phone via short message
system (SMS). The data saved in the cloud storage will be encrypted under "tag"
name. If the data is meant for the doctor, it will be saved under "doctor's tag." The
security algorithm for encryption and decryption purpose can be any security schemes.
For the purpose of this paper, we will be using ECC for the encryption-decryption.
We observed the following advantages: The Elliptic Curve Cryptography (ECC) is the
public key primitive that is increasingly important as to RSA. Another advantage of
ECC is that it's having a shorter key length than RSA. For example, ECC-
160 is similar to RSA-1024, and ECC-224 is similar to RSA-2028. So we can say that
ECC has a shorter key length than RSA [12].

b. Recording, monitoring, and tracking: all these systems merge into one in cloud
computing. The record of all activities is ongoing progress so every move that is made,
who made it, where, who and when it happened can be tracked down. All these
progress will be reported to the authoritative user through mobile phone application.
3 Re-encryption for Medical data
Re-encyrption data is used to tag and mark data that wanted to be saved in cloud
storage. Tag names will be given to all data according to all particular users. Any
person that is not tagged will be unable to access the data since no
authorization is given. Functional re-encryption is an expressive generalization of re-
Advanced Science and Technology Letters
Vol.38 (Embedded Ubiquitous 2013)
28 Copyright 2013 SERSC
encryption. Transform ciphertext of messages or data with tag T with PKA
into ciphertext of data with PK determined by the F (T). Functional re encryption
functionality is parameterized by a policy function F : D = [n] (i.e, F has domain D
and has n possible outputs) chosen from some class of functions, an input public key
pk, and n output public keys. [1]

Case 1: (there are only 2 users, the patient (W) and the specialist Doctor (P))
Patient W has PKA = g
a
and SK
A
= a besides that Specialist Doctor P has PK
B
=
g
b
and SK
B
= b; Data send to the cloud (uploading) X = Enc (g
a
, M), which M is the
plain data; Data download from the cloud (downloading) Y = Enc (g
b
, M), which M
is the plain data and the plain data will be decrypted under PK
B
and SK
B
. Re-
encryption from key g
a
to key g
b
can be done with the re-encryption key g
b/a


Case 2: multiuser to access one patient (W) data with different purpose and different
file. Some file may not be meant to be read and accessed by another user.
Patient W has PK
A
= g
ai
and SK
A
= a
i
,
i
which i is the tag name for certain
user may access the data, let assume that formula F (0) = F (0) and F (1) = F (1),
so on. Then, Specialist Doctor P has PK
0
= g
b0
and SK
0
= b
0
, Nurse O has PK
1
=
g
b1
and SK
1
= b
1
, Pharmacist T has PK
2
= g
b2
and SK
2
=b
2
, Researcher Doctor U has
PK
3
= g
b3
and SK
3
= b
3
, and so on. Send data to the cloud (uploading) X = Enc (g
ai
,
M), which M is the plain data encrypt message M with tag i with key g
a
. Data
download from the cloud (downloading) Y = Enc (g
b0(i),
M), which M is the plain data,
the data decrypted under the PK
i
= and SK
i
.

The input encryption scheme is as follows:
I-Gen (1

,1
d
): Pick random vectors a
1
, ,a
d
from Zq
d
that are linearly
independent. We also generate crs, a common reference string (abbreviated CRS) for
the NIZK proof system. Output pk = (crs, g, g
a1
, , g
ad
), and sk = (a
1
,.,a
d
). We
remark that the public key pk can be viewed as being made up of d public keys pk
i
=
(g,g
ai
) of a simpler scheme.
I-Enc(pk, I, , [d], m): To encrypt a message m M, with identity i
[d], choose random exponents r and r from Zq, and compute:
o C = g
rai
; D = g
r
m
o C = g
r

ai
; D = g
r

o , a proof that these values are correctly formed, i.e. that they correspond
to one of the vectors g
ai
contained in the public key.
Output the ciphertext (E, E, ) where E = (C, D) and E = (C, D). Looking ahead,
we remark that E looks like an encryption of message m under pki, while E looks
like an encryption of 1
G
under pk
i
. E is primarily used by the re-encryption
program for input re-randomization, and is not required if the encryption
scheme is used stand-alone without the functional re-encryption program.
I-Dec (sk, (E, E)): If any of the components of the ciphertext E is 1
G
or if the
proof does not verify, output . Ignore E, subsequently, and parse E as (C,D).
Check that for some i [d] and m M, D (C1/
ai
)
-1
= (m, .. ,m). If yes, output (i,
m). [1]
The output encryption scheme is as follows:
Advanced Science and Technology Letters
Vol.38 (Embedded Ubiquitous 2013)
Copyright 2013 SERSC 29
O-Gen (1

): Pick Zq. Let pk = h and sk =

O-Enc(pk, m): To encrypt a message m M G,
o Choose random n umber r Zq.
o Compute = (h

)
r
and = h
r
.
o Output the ciphertext as [,] : = [e(g, ), e(g, ) . e(m, h)]
O-Dec(sk = , (,)): The decryption algorithm does the following:
o Compute = .
1/

o For each m M, test if e(m,h) = . If so, output m and halt. (Note that if
e(m,h) are precomputed for all m M, then this step can be implemented with a
table lookup.) [1]
4 Conclusion & Future Work
Further questions that have to be asked concerning this work are: Can access policy:
be obtained for lower class of access policies? Arbitrary access policies: is that
possible to access and to make the arbitrary access policies?, Ciphertext size: can
we obtain smaller cipher texts?. All questions must be reviewed to improve this
system in securing data. Future work is how to implement it and can we outsource
arbitrary multi-party computations securely to the cloud? Thinking about adding
possibilities of arbitrary functions. - Arbitrary Code Execution is an ability to execute
any task of computations to targeted computer, in this case is Cloud Computing.
Furthermore, how is that every process could be done in the cloud computing without
cloud provider employee learn about it. Future work of this paper is an
implementation of the cloud computing which is using Amazon EC2 and the mobile
application is using android device. We are working on the implementation for
the security syste m (Encryption and Decryption ) using ECC and re encryption
method for accessing multiuser in the mobile application which is using Amazon EC2
as the cloud computing system.
Acknowledgments. This research was supported by Basic Science
Research Program through the National Research Foundation of Korea(NRF)
funded by the Ministry of Education, Science and Technology. (grant
number: 2013-071188). And it also supported by the BB21 project of Busan
Metropolitan City.
References
1. Chandran, Nishanth, Melissa Chase, and Vinod Vaikuntanathan. "Functional re- encryption
and collusion-resistant obfuscation." Theory of Cryptography. Springer Berlin Heidelberg,
2012. 404-421.
Advanced Science and Technology Letters
Vol.38 (Embedded Ubiquitous 2013)
30 Copyright 2013 SERSC
2. Benaloh, Josh, et al. "Patient controlled encryption: ensuring privacy of electronic medical
records." Proceedings of the 2009 ACM workshop on Cloud computing security. ACM,
2009.
3. Kulkarni, Gurudatt, et al. "A security aspects in cloud computing." Software Engineering
and Service Science) ICSESS, ( 2012 IEE E 3rd International Conference on. IEE,E
2012.
Advanced Science and Technology Letters
Vol.38 (Embedded Ubiquitous 2013)
Copyright 2013 SERSC 31