improved privacy preservation of personal health records ... · anonymization data and lfsr...
TRANSCRIPT
Improved Privacy Preservation of Personal Health
Records via Tokenization
Shruti Patil1
1Ph.D. research scholar, BharatiVidyapeeth
Deemed University College of Engineering,
(Assistant Professor, Symbiosis Institute of
Technology, Symbiosis International (Deemed
University)), Pune, India.
Dr.Shashank Joshi2
2Professor, BharatiVidyapeeth Deemed
University College of Engineering, Pune, India
Abstract- Health care organizations are adopting cloud services
for the better use of the resources and information to share and
access across globally.Cloud computing enables applicationsto
operate on the improved manageability with less
maintenance.Security is major issue here due to nature of
cloudcomputing, which opens challenges to researchers. Privacy
preserving is major issue in such things due to cloud services. In
this paper, we present the framework to enhance the privacy
preservation and security for health information stored on cloud.
This method actually using cryptographic mechanisms, Secure
Hash Algorithm (SHA3-256) to generate tokens for
anonymization data and LFSR (Modified AES) for the better
security. Original data will get transferred to tokenization cloud
server which generates tokens with SHA3-256 algorithm and
again encryptsby using Advanced Encryption Standards (AES)
LFSR algorithm. This method provides two level strong securities
hence best suitable solution for the healthcare information.
Keyword – Cloud computing, healthcare system, privacy and
security, tokenisation server, SHA3-256, LFSR(ModifiedAES).
1. INTRODUCTION
Now day’s all things are becoming a digital.
Similarly healthcare sector is also moving towards to a digital
platform and it becomes more patient-centered and more data-
driven. It offers profit for storing and sharing massive
information of the medical data saves hospitals, physicians
and many organizations in health care benefits while boosting
speed and efficiency. Patient can also access their medical
data.
Cloud computing plays vital role in the healthcare
systems like health clinics, hospitals, which needs fast access
to computing and huge storage facilities that doesn’t seems to
be provided in the traditional settings. Moreover, healthcare
information must be shared across the globe that additional
burdens the care provider and thuscauses delay in treatment
and loss of time and inflicts patient’s treatment. Cloud caters
to all these needs providing the healthcare organizations an
unbelievable opportunity to boost services to their customers,
the patients, to share information more simply than ever
before, with the improved operational potency.
When we store information on public cloud then
there is some privacy like anonymity, means to hide the
personal identity of a particular user associated with the
storage and retrieval process. I.e. this process should not be
anonymous.This is the mechanism which enhances privacy to
procedures, tools and technologies.Data Confidentiality is
another requirement for unauthorized parties should not learn
the content of the stored data. There are some basic techniques
like Anonymization, Tokenization and Encryption available to
solve the privacy and security issues of health information in
cloud.
International Journal of Pure and Applied MathematicsVolume 118 No. 18 2018, 3035-3045ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version)url: http://www.ijpam.euSpecial Issue ijpam.eu
3035
1.1 Basic Privacy Preservation Techniques for Cloud Computing
Figure 1:Basic Privacy Preservation Techniques for Cloud Computing
Above figure [1] shows the different privacy
preserving techniques for information stored on cloud. This
proposed framework uses SHA3-256 and LFSR(Modified
AES) due to itsstrongest and unbreakable nature of these
tokenization and encryption mechanisms.
This paper presents method of enhanced privacy
preservation and security in health information through
anonymization and encryption using cryptographic
mechanism. It works as below,
Authentication – It gives role based access control to
different users of the systems for the sensitive attributes of
the health information data.
Tokenization – SHA3-256 algorithm is used to generate
tokens of the data for the anonymization.
Encryption – Strong modified AES with LFSR algorithms is
used for the encryption of the tokenized data for the better
security.
As these are two strong Cryptographic mechanisms, it gives
two level securities hence more secure method of privacy
preserving access of stored Health information on cloud.
In rest of the paper, Section 2 related work, which considers
some survey results, which gives brief overview on different
researcher’s views towards privacy and current development
in it. Later in section 3 discusses rough layout of project idea
and section 4 concludes our discussion.
2. LITERATURE SURVEY
In world of cloud computing, massive amount of
data is travelling across various communication paths for
different purposes. In addition, healthcare system collects
sensitive data about users regarding their health records. In
addition, such information can get handle by third parties for
further analysis, which might raise problem to respective
users.
International Journal of Pure and Applied Mathematics Special Issue
3036
Paper
Reference
Number
Algorithm
used
Time
efficient
Mutual
Authentication
Distributed
Nature
Access
control
Light
weight
solution
Two
level
security
[8] Attribute
based
Encryption
No Yes Yes Yes No No
[17] SHA-256 Yes No Yes No No No
Proposed
Method
SHA3-256,
AES(LFSR)
No Yes Yes Yes Yes Yes
Table 1: Comparison of existing methods with proposed method on different security parameters.
Similarly there are several algorithms available
for tokenization like MD5 and different versions
of SHA algorithm. In 2006 NIST started to
organize the NIST hash function competition and
declared SHA-3 is more secured winner
algorithm till date.Thus combination of these
SHA-3 and LFSR is provides more secure system
for the privacy preservation and hence cost
effective lightweight solution.
Table 2: Comparative Analysis of SHA Family and MD5[19]
International Journal of Pure and Applied Mathematics Special Issue
3037
Encryption technique plays a main role in information
security systems. The AES algorithm provides strong
encryption and complex processing. It has resistance to
Brute-force attack. Various authors modify the AES
algorithm as shown in table no [3].
Paper
No.
Algorithm Mutual
Authenticati
on
Key size Block Size Number
of round
Comput
ational
Speed
Avalanc
he Test
Bruit
force
Attack
Light
weight
solution
Use for
[1] AES with
changing
cipher key
Yes 128 bit Accordin
g to input
10 Less Pass Fail No Text
format
[16] AES with
hashed
function
Yes 128,
192,
256 bit
256 bit Based
on key
size
Less Pass Fail No Text
format
[12] AES with
complex
encryption
Yes 128,19
2,256
bit
128 bit Based
on key
size
Less Pass Fail No Text
format
[10] Modified
AES
Yes 128,19
2,256
bit
128 bit Based
on key
size
High Pass Fail Yes Multim
edia
[9] AES
(LFSR)
Yes 128 bit 128 bit 10
round
High Pass Fail Yes Multim
edia
Table 3: Analysis of different modification in AES
3. PROPOSED METHOD
The proposed method, basically designed for the
healthcare system which uses cloud to store health
information. The system targets mainly on data privacy and
security. It is divided into three steps 1) Request for data. 2)
Check rights. 3) Server provides required data according to the
request and access rights. Attributes used for data which is
stored in server are,Health parameter: blood pressure,
cholesterol, blood group, major operation, current progress,
disease history, description, Insurance parameter: policy no,
policy date, insurance amount, policy end date, monthly
premium, description.
International Journal of Pure and Applied Mathematics Special Issue
3038
Figure 2: Proposed system architecture.
As shown in fig [3], System architecture consist of 3 different
modules of the proposed system 1) Administrator 2) Doctor
3) Insurance Agent. Everyone has different access rights. For
access rights here use model which is role based access
control model. According to their access rights they can
register and log in. Administrator manages patient’s records
and access policies. If the access granted to doctor then
doctor can view and change information. If access is granted
to insurance agent then he can add new insurance document.
All three are dependent on tokenization server.
Tokens have no meaning, eventually if anyone
wants to generate data from it they can’t get anything because
tokens are not reversible like security key so no one get
original data from it. Due to this reason the proposed method
is more secure.
4. WORKING MECHANISM
Above figure shows the working mechanism of the proposed
framework, It is divided into three parts.
4.1 Authentication-Role based access control model is used
in proposed method for authentication. To protect the privacy
of health information stored in the cloud, rolebased access is
developed to make sure that information accessed by the
authorised user only, which facilitates to enhance privacy and
security management particularly in large-scale systems.
Users are assigned roles and permissions by the administrator
who is fully trustworthy; onlydoctors and insurance agents
who has authorised roles, can access the permitted
information associated with the roles and hence can access
the resources. Here every user has some access rights and
they can only access that information only. Doctor can access
only medical information and personal information of patient.
Similarly insurance agent can access only policy information
and personal information of patient.
International Journal of Pure and Applied Mathematics Special Issue
3039
Figure 3: Working Mechanism of proposed framework
4.2.1 SHA-3 Algorithm (256 bit) –
The SHA-3 hash function performs tokenization in three
phases: initialization, absorbing and squeezing.
Initialization phase - It is simply the initialization of state
matrix (A) with all zeros.
Absorbing phase - In the absorbing phase each r-bit wide
block of the message is XORed with the current matrix state
and 24 rounds of compression functions are performed.
Squeezing phase-In the squeezing phase the state matrix is
simply truncated to the desired length of hash output.
SHA3-256 algorithm takes the input string which is entered
by user. Then does the hash function operation on that input
string which passes from above three phases to generate 64
bit tokenize string. All tokenized data is store on the
tokenization server.
4.3 Encryption- Itis done on the Tokenised data. AES
(LFSR) algorithm is used to encrypt the tokenized data. Only
authorized person can retrieve the encrypted information. The
purpose of encryption is to ensure that only authorized person
can access data (e.g. a text message or a file), using
the decryption key. Main purpose of using LFSR algorithm in
proposed method is to provide strong lightweight security
and time efficient encryption.
International Journal of Pure and Applied Mathematics Special Issue
3040
4.3.1 LFSR Algorithm (16 bit)
LFSR algorithm has two phase which shows below. Firstly it
takes input as tokenized data which is the output of SHA3-
256 tokenization algorithm. Then perform encryption on the
input tokens and create encrypted data. It provides
lightweight encryption. Every user cant recognized those
encrypted data. Only access right user has key to decrypt the
encrypted data and only those user get the information.
1.Isomorphism/invIsomorphism mapping
Generate a complete (2^8) using LFSR. Deploy LFSR to
perform the multiplicative inversion over (2^8).(2^8) can be
easily presented by the smallest primitive polynomial of the
8𝑡ℎdegree stated in (1)
(𝑥)=𝑥8+𝑥4+𝑥3+𝑥2+1…………………….. (1)
Transform the original AES S-box input (generated by (𝑥)
(1)) into another representation from its isomorphic field
(generated using 𝑞′(𝑥) (1). This transformation is termed as
isomorphism mapping, which is linear mapping function
stated in the following (2).
………………………………………………...(2)
Thevector notation {𝑚7,6,𝑚5,𝑚4,𝑚3,𝑚2,𝑚1,𝑚0} is the
binary representation of 𝐺𝐹(28) element expressed by AES
field polynomial.
Multiplicative Inversion over 𝐺𝐹 (28)
There are three non-zero feedback taps; with each will be
implemented using XOR gate. Both LFSRs are loaded with
the initial seed (or initial state) {00000001}2 and run in
parallel but in opposite directions; forward and reverse (refer
Figure 3). With the initial state notated as 𝑆(𝑡), the forward
LFSR will run continuously in 𝑆(𝑡 + 𝑖) direction, and the
reverse LFSR will run simultaneously in 𝑆(𝑡 + 255 − 𝑖)
direction with 𝑖∈ {1, 2, 3...127}.
Given an input to AES S-box matches the state (𝑡 + 𝑝) in the
LFSR, its multiplicative inversion would then be defined as
(𝑡+255−𝑝). Similarly if the input to AES S-box matches the
state (𝑡 + 255 − 𝑝) in the LFSR, its multiplicative inversion
would then be found to be (𝑡+𝑝). In other words, the
multiplicative inverse of an AES S-box input will be
generated by the LFSR at 𝑖 = 𝑝 cycles time. Single round of
multiplicative inversion can be completed in between 1 to
127 clock cycles.
5. RESULTS
Here comparisons of the performance of the both
implemented mechanisms with the SHA-
3 and LFSR is given, following graph shows the
required time which measure in milliseconds to tokenize the
input string with the help of SHA3 tokenization algorithm.
Graph also shows required time to encrypt the tokenize string
to encrypt string with the help of LFSR (AES). As shown in
graph there is no measure difference between start time and
end time. So that the proposed method required small time
span and it is time efficient.
International Journal of Pure and Applied Mathematics Special Issue
3041
Graph 1: Time required to tokenize string with SHA3 and to encrypt string with LFSR
The following table shows some input strings and generated
tokens for input string and encrypted data for tokens. The
SHA3-256 tokenize algorithm generates 64 bit tokens for
every input
string and after that these tokens go input to encryption
algorithm AES (LFSR) and it encrypt the token and generate
encrypted data. So that information gets more security.
Table 5: Tokenization generated with SHA3 and encrypted data for the given input string
Input
String
Algorithm
Used
Tokenized and Encrypted data in MySQL (64 bit, SHA-3),
good
and
fine
SHA3-256 465fe18d1b9cfbe58d209285344ab83c1dad258518f85ff56e3191fe50b2c35e
LFSR rO0ABXQAbUDAgMCAwIDAgMCAwIDAgDdVVwXDpOKCrOKAsFXDscK6w6H
DuwYO
CXkIUgQWISkjJsK/OcK5w6jCpD7DtcKnUmcCBgPCtOKAsOKAnsKpw7jCvsOg
eQYKWRBVBQcqKX1+wrzCvG/Cv8Knw7UzwqM=
Flue SHA3-256 7883220643c058b7790a68b82fbb62b1cbee580516f65c0a478da46b64961393
LFSR rO0ABXQAbUDAgMCAwIDAgMCAwIDAgDRbWlDCs8aS77+9B8O0w6vCu8KoV
VQO
ewcPBkcuI3krwr5rw6/Dq8OwNMKkw7XAgGEGBwTCue+/veKAnsKpw7bCvsOu
eQNcDRIHDlJyLC15wr/CuDTCu8O1w7U/w7U=
Blood
Report
not
getting
SHA3-256 ce4bf75e7994dc9e7030385cf3b79f58f129fafe41b1cbb4d988c18921348f7d
LFSR rO0ABXQAa0DAgMCAwIDAgMCAwIDAgGAGVgHDp+KAoOKAnlTDt8Ohw6H
CrAQP
VSkHBgUWKyMucMOqPsOvwr7Dv2DDs8O8BTJRW1fDoMOXw5TCrMOxwrrDq
S8C
DlhCCQ4OcCkjIsK7wr0+wrnDvMKgMcKi
International Journal of Pure and Applied Mathematics Special Issue
3042
6. CONCLUSION and FUTURE WORK
Security is very important in all types of
information. SHA-3 algorithm performs tokenization to
create token and make difficult to break security. After
tokenization, tokenized data feed to light weight AES (LFSR)
to encrypt the data so that other than authenticated user can’t
receive any health information. In such way the proposed
method provides two level unbreakable securities to provide
anonymity. Such two level securities give much better results
than other traditional security systems. Hence this paper
concludes that the proposed method is very strong method to
provide privacy and security for health information stored on
cloud server.
In future, android application can be created using
this proposed method. Also we can add messaging system for
giving important notification to doctor, patient, insurance
agent. Security of proposed method can be enhanced in future
by increase in key length or by taking support of another key
generation algorithms for avoiding replay attack.
REFERENCES
[1] Asst. Lect. Hasan M. Azzawi,” Enhancing The
Encryption Process Of AdvancedEncryption
Standard (AES) By Using Proposed AlgorithmTo
Generate S-Box”, Journal of Engineering and
Development, Vol. 18, No.2, March 2014, ISSN
1813- 7822, pp 89-106.
[2] A. Zaslavsky, C. Perera and D. Georgakopoulos,
“Sensing as a Service and Big Data,” in
International Conference on Advances in Cloud
Computing (ACC-2012), Bangalore, India, 2012.
[3] B.Madhuravani, D. S. R Murthy, “Cryptographic
Hash Functions: SHA Family”, International
Journal of Innovative Technology and Exploring
Engineering (IJITEE) ISSN: 2278-3075, Volume-2,
Issue-4, March 2013, pp 326-329.
[4] Cong Wang,Sherman S.M. Chow, Qian
Wang,KuiRen,andWenjing Lou,” Privacy-
Preserving Public Auditing for Secure Cloud
Storage”IEEE transaction on computers, VOL. 62,
NO. 2, FEBRUARY 2013, PP 362-376.
[5] Deepti Mittal, DamandeepKaur, AshishAggarwal,
“Secure Data Mining in Cloud using Homomorphic
Encryption”,
[6] Ivan Stojmenovic, Sheng Wen,” The Fog
Computing Paradigm: Scenarios and Security
Issues” The Fog Computing Paradigm: Scenarios
and Security Issues, Proceedings of the 2014
Federated Conference on Computer Science and
Information Systems, 2014 pp. 1–8
[7] Jain Wang,YanZaho, “privacy preserving in cloud
computing”,IEEE2010, pp 472-476.
[8] KushalP.Kulkarni,A.M.Dixit, “ Privacy Preserving
Health Record System in Cloud Computing using
Attribute based Encryption”,International Journal
of Computer Applications (0975 – 8887) Volume
122 – No.18, July 2015, pp 6-12.
[9] M. M. Wong, M. L. D. Wong, “New Lightweight
AES S-box Using LFSR”, IEEE International
Symposium on Intelligent Signal Processing and
Communication Systems (ISPACS) December,2014,
pp 1-4.
[10] Luminiţa and Mircea-Daniel,” Modified Advanced
Encryption Standard”, 11th International
Conference on development and application
systems, Suceava, Romania, May 17-19, 2012.
[11] PravinKawle, AvinashHiwase, GautamBagde,
EkantTekam, Rahul Kalbande,”Modified Advanced
Encryption Standard”,International Journal of Soft
Computing and Engineering (IJSCE) ISSN: 2231-
2307, Volume-4, Issue-1, March 2014.
[12] PriyankaPimpale, RohanRayarikar,
SanketUpadhyay,” Modifications to AES Algorithm
for Complex Encryption”, IJCSNS International
Journal of Computer Science and Network Security,
VOL.11 No.10, October 2011,pp 183-187.
International Journal of Pure and Applied Mathematics Special Issue
3043
[13] “SHA-1Collision Search Graz". Retrieved 2009-06-
30.
[14] Sourav Das,” Halka: A Lightweight, Software
Friendly Block Cipher Using Ultra-lightweight 8-bit
S-box”
[15] VandanaC. Koradia, “ Modification in Advanced
Encryption Standard”,journal of information,
knowledge and research in computer
engineering,ISSN: 0975 – 6760| NOV 12 TO OCT
13 | VOLUME – 02, ISSUE – 02, pp 356-359.
[16] V. Sumathy& C. Navaneethan,” Enhanced AES
algorithm for strong encryption”, International
Journal of Advances in Engineering & Technology,
Sept 2012. Vol. 4, Issue 2, pp. 547-553
[17] Z.C Nxumalo, P. Tarwireyi, M.O Adigun, “Towards
Privacy with Tokenization as a Service”, IEEE, 978-
1-4799-4998-4/14 ©2014.
[18] ZhidongShen, “The Security of Cloud Computing
System enabled by Trusted
ComputingTechnology”,2nd International
Conference on Signal Processing Systems (ICSPS),
2010, pp 11-16.
[19] SHA-3 ,https://en.wikipedia.org/wiki/
International Journal of Pure and Applied Mathematics Special Issue
3044
3045
3046