improved privacy preservation of personal health records ... · anonymization data and lfsr...

Improved Privacy Preservation of Personal Health

Records via Tokenization

Shruti Patil1

1Ph.D. research scholar, BharatiVidyapeeth

Deemed University College of Engineering,

(Assistant Professor, Symbiosis Institute of

Technology, Symbiosis International (Deemed

University)), Pune, India.

Dr.Shashank Joshi2

2Professor, BharatiVidyapeeth Deemed

University College of Engineering, Pune, India

Abstract- Health care organizations are adopting cloud services

for the better use of the resources and information to share and

access across globally.Cloud computing enables applicationsto

operate on the improved manageability with less

maintenance.Security is major issue here due to nature of

cloudcomputing, which opens challenges to researchers. Privacy

preserving is major issue in such things due to cloud services. In

this paper, we present the framework to enhance the privacy

preservation and security for health information stored on cloud.

This method actually using cryptographic mechanisms, Secure

Hash Algorithm (SHA3-256) to generate tokens for

anonymization data and LFSR (Modified AES) for the better

security. Original data will get transferred to tokenization cloud

server which generates tokens with SHA3-256 algorithm and

again encryptsby using Advanced Encryption Standards (AES)

LFSR algorithm. This method provides two level strong securities

hence best suitable solution for the healthcare information.

Keyword – Cloud computing, healthcare system, privacy and

security, tokenisation server, SHA3-256, LFSR(ModifiedAES).

1. INTRODUCTION

Now day’s all things are becoming a digital.

Similarly healthcare sector is also moving towards to a digital

platform and it becomes more patient-centered and more data-

driven. It offers profit for storing and sharing massive

information of the medical data saves hospitals, physicians

and many organizations in health care benefits while boosting

speed and efficiency. Patient can also access their medical

data.

Cloud computing plays vital role in the healthcare

systems like health clinics, hospitals, which needs fast access

to computing and huge storage facilities that doesn’t seems to

be provided in the traditional settings. Moreover, healthcare

information must be shared across the globe that additional

burdens the care provider and thuscauses delay in treatment

and loss of time and inflicts patient’s treatment. Cloud caters

to all these needs providing the healthcare organizations an

unbelievable opportunity to boost services to their customers,

the patients, to share information more simply than ever

before, with the improved operational potency.

When we store information on public cloud then

there is some privacy like anonymity, means to hide the

personal identity of a particular user associated with the

storage and retrieval process. I.e. this process should not be

anonymous.This is the mechanism which enhances privacy to

procedures, tools and technologies.Data Confidentiality is

another requirement for unauthorized parties should not learn

the content of the stored data. There are some basic techniques

like Anonymization, Tokenization and Encryption available to

solve the privacy and security issues of health information in

cloud.

International Journal of Pure and Applied MathematicsVolume 118 No. 18 2018, 3035-3045ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version)url: http://www.ijpam.euSpecial Issue ijpam.eu

3035

1.1 Basic Privacy Preservation Techniques for Cloud Computing

Figure 1:Basic Privacy Preservation Techniques for Cloud Computing

Above figure [1] shows the different privacy

preserving techniques for information stored on cloud. This

proposed framework uses SHA3-256 and LFSR(Modified

AES) due to itsstrongest and unbreakable nature of these

tokenization and encryption mechanisms.

This paper presents method of enhanced privacy

preservation and security in health information through

anonymization and encryption using cryptographic

mechanism. It works as below,

Authentication – It gives role based access control to

different users of the systems for the sensitive attributes of

the health information data.

Tokenization – SHA3-256 algorithm is used to generate

tokens of the data for the anonymization.

Encryption – Strong modified AES with LFSR algorithms is

used for the encryption of the tokenized data for the better

security.

As these are two strong Cryptographic mechanisms, it gives

two level securities hence more secure method of privacy

preserving access of stored Health information on cloud.

In rest of the paper, Section 2 related work, which considers

some survey results, which gives brief overview on different

researcher’s views towards privacy and current development

in it. Later in section 3 discusses rough layout of project idea

and section 4 concludes our discussion.

2. LITERATURE SURVEY

In world of cloud computing, massive amount of

data is travelling across various communication paths for

different purposes. In addition, healthcare system collects

sensitive data about users regarding their health records. In

addition, such information can get handle by third parties for

further analysis, which might raise problem to respective

users.

International Journal of Pure and Applied Mathematics Special Issue

3036

Paper

Reference

Number

Algorithm

used

Time

efficient

Mutual

Authentication

Distributed

Nature

Access

control

Light

weight

solution

Two

level

security

[8] Attribute

based

Encryption

No Yes Yes Yes No No

[17] SHA-256 Yes No Yes No No No

Proposed

Method

SHA3-256,

AES(LFSR)

No Yes Yes Yes Yes Yes

Table 1: Comparison of existing methods with proposed method on different security parameters.

Similarly there are several algorithms available

for tokenization like MD5 and different versions

of SHA algorithm. In 2006 NIST started to

organize the NIST hash function competition and

declared SHA-3 is more secured winner

algorithm till date.Thus combination of these

SHA-3 and LFSR is provides more secure system

for the privacy preservation and hence cost

effective lightweight solution.

Table 2: Comparative Analysis of SHA Family and MD5[19]


3037

Encryption technique plays a main role in information

security systems. The AES algorithm provides strong

encryption and complex processing. It has resistance to

Brute-force attack. Various authors modify the AES

algorithm as shown in table no [3].

Paper

No.

Algorithm Mutual

Authenticati

on

Key size Block Size Number

of round

Comput

ational

Speed

Avalanc

he Test

Bruit

force

Attack

Light

weight

solution

Use for

[1] AES with

changing

cipher key

Yes 128 bit Accordin

g to input

10 Less Pass Fail No Text

format

[16] AES with

hashed

function

Yes 128,

192,

256 bit

256 bit Based

on key

size

Less Pass Fail No Text

format

[12] AES with

complex

encryption

Yes 128,19

2,256

bit

128 bit Based

on key

size

Less Pass Fail No Text

format

[10] Modified

AES

Yes 128,19

2,256

bit

128 bit Based

on key

size

High Pass Fail Yes Multim

edia

[9] AES

(LFSR)

Yes 128 bit 128 bit 10

round

High Pass Fail Yes Multim

edia

Table 3: Analysis of different modification in AES

3. PROPOSED METHOD

The proposed method, basically designed for the

healthcare system which uses cloud to store health

information. The system targets mainly on data privacy and

security. It is divided into three steps 1) Request for data. 2)

Check rights. 3) Server provides required data according to the

request and access rights. Attributes used for data which is

stored in server are,Health parameter: blood pressure,

cholesterol, blood group, major operation, current progress,

disease history, description, Insurance parameter: policy no,

policy date, insurance amount, policy end date, monthly

premium, description.


3038

Figure 2: Proposed system architecture.

As shown in fig [3], System architecture consist of 3 different

modules of the proposed system 1) Administrator 2) Doctor

3) Insurance Agent. Everyone has different access rights. For

access rights here use model which is role based access

control model. According to their access rights they can

register and log in. Administrator manages patient’s records

and access policies. If the access granted to doctor then

doctor can view and change information. If access is granted

to insurance agent then he can add new insurance document.

All three are dependent on tokenization server.

Tokens have no meaning, eventually if anyone

wants to generate data from it they can’t get anything because

tokens are not reversible like security key so no one get

original data from it. Due to this reason the proposed method

is more secure.

4. WORKING MECHANISM

Above figure shows the working mechanism of the proposed

framework, It is divided into three parts.

4.1 Authentication-Role based access control model is used

in proposed method for authentication. To protect the privacy

of health information stored in the cloud, rolebased access is

developed to make sure that information accessed by the

authorised user only, which facilitates to enhance privacy and

security management particularly in large-scale systems.

Users are assigned roles and permissions by the administrator

who is fully trustworthy; onlydoctors and insurance agents

who has authorised roles, can access the permitted

information associated with the roles and hence can access

the resources. Here every user has some access rights and

they can only access that information only. Doctor can access

only medical information and personal information of patient.

Similarly insurance agent can access only policy information

and personal information of patient.


3039

Figure 3: Working Mechanism of proposed framework

4.2.1 SHA-3 Algorithm (256 bit) –

The SHA-3 hash function performs tokenization in three

phases: initialization, absorbing and squeezing.

Initialization phase - It is simply the initialization of state

matrix (A) with all zeros.

Absorbing phase - In the absorbing phase each r-bit wide

block of the message is XORed with the current matrix state

and 24 rounds of compression functions are performed.

Squeezing phase-In the squeezing phase the state matrix is

simply truncated to the desired length of hash output.

SHA3-256 algorithm takes the input string which is entered

by user. Then does the hash function operation on that input

string which passes from above three phases to generate 64

bit tokenize string. All tokenized data is store on the

tokenization server.

4.3 Encryption- Itis done on the Tokenised data. AES

(LFSR) algorithm is used to encrypt the tokenized data. Only

authorized person can retrieve the encrypted information. The

purpose of encryption is to ensure that only authorized person

can access data (e.g. a text message or a file), using

the decryption key. Main purpose of using LFSR algorithm in

proposed method is to provide strong lightweight security

and time efficient encryption.


3040

4.3.1 LFSR Algorithm (16 bit)

LFSR algorithm has two phase which shows below. Firstly it

takes input as tokenized data which is the output of SHA3-

256 tokenization algorithm. Then perform encryption on the

input tokens and create encrypted data. It provides

lightweight encryption. Every user cant recognized those

encrypted data. Only access right user has key to decrypt the

encrypted data and only those user get the information.

1.Isomorphism/invIsomorphism mapping

Generate a complete (2^8) using LFSR. Deploy LFSR to

perform the multiplicative inversion over (2^8).(2^8) can be

easily presented by the smallest primitive polynomial of the

8𝑡ℎdegree stated in (1)

(𝑥)=𝑥8+𝑥4+𝑥3+𝑥2+1…………………….. (1)

Transform the original AES S-box input (generated by (𝑥)

(1)) into another representation from its isomorphic field

(generated using 𝑞′(𝑥) (1). This transformation is termed as

isomorphism mapping, which is linear mapping function

stated in the following (2).

………………………………………………...(2)

Thevector notation {𝑚7,6,𝑚5,𝑚4,𝑚3,𝑚2,𝑚1,𝑚0} is the

binary representation of 𝐺𝐹(28) element expressed by AES

field polynomial.

Multiplicative Inversion over 𝐺𝐹 (28)

There are three non-zero feedback taps; with each will be

implemented using XOR gate. Both LFSRs are loaded with

the initial seed (or initial state) {00000001}2 and run in

parallel but in opposite directions; forward and reverse (refer

Figure 3). With the initial state notated as 𝑆(𝑡), the forward

LFSR will run continuously in 𝑆(𝑡 + 𝑖) direction, and the

reverse LFSR will run simultaneously in 𝑆(𝑡 + 255 − 𝑖)

direction with 𝑖∈ {1, 2, 3...127}.

Given an input to AES S-box matches the state (𝑡 + 𝑝) in the

LFSR, its multiplicative inversion would then be defined as

(𝑡+255−𝑝). Similarly if the input to AES S-box matches the

state (𝑡 + 255 − 𝑝) in the LFSR, its multiplicative inversion

would then be found to be (𝑡+𝑝). In other words, the

multiplicative inverse of an AES S-box input will be

generated by the LFSR at 𝑖 = 𝑝 cycles time. Single round of

multiplicative inversion can be completed in between 1 to

127 clock cycles.

5. RESULTS

Here comparisons of the performance of the both

implemented mechanisms with the SHA-

3 and LFSR is given, following graph shows the

required time which measure in milliseconds to tokenize the

input string with the help of SHA3 tokenization algorithm.

Graph also shows required time to encrypt the tokenize string

to encrypt string with the help of LFSR (AES). As shown in

graph there is no measure difference between start time and

end time. So that the proposed method required small time

span and it is time efficient.


3041

Graph 1: Time required to tokenize string with SHA3 and to encrypt string with LFSR

The following table shows some input strings and generated

tokens for input string and encrypted data for tokens. The

SHA3-256 tokenize algorithm generates 64 bit tokens for

every input

string and after that these tokens go input to encryption

algorithm AES (LFSR) and it encrypt the token and generate

encrypted data. So that information gets more security.

Table 5: Tokenization generated with SHA3 and encrypted data for the given input string

Input

String

Algorithm

Used

Tokenized and Encrypted data in MySQL (64 bit, SHA-3),

good

and

fine

SHA3-256 465fe18d1b9cfbe58d209285344ab83c1dad258518f85ff56e3191fe50b2c35e

LFSR rO0ABXQAbUDAgMCAwIDAgMCAwIDAgDdVVwXDpOKCrOKAsFXDscK6w6H

DuwYO

CXkIUgQWISkjJsK/OcK5w6jCpD7DtcKnUmcCBgPCtOKAsOKAnsKpw7jCvsOg

eQYKWRBVBQcqKX1+wrzCvG/Cv8Knw7UzwqM=

Flue SHA3-256 7883220643c058b7790a68b82fbb62b1cbee580516f65c0a478da46b64961393

LFSR rO0ABXQAbUDAgMCAwIDAgMCAwIDAgDRbWlDCs8aS77+9B8O0w6vCu8KoV

VQO

ewcPBkcuI3krwr5rw6/Dq8OwNMKkw7XAgGEGBwTCue+/veKAnsKpw7bCvsOu

eQNcDRIHDlJyLC15wr/CuDTCu8O1w7U/w7U=

Blood

Report

not

getting

SHA3-256 ce4bf75e7994dc9e7030385cf3b79f58f129fafe41b1cbb4d988c18921348f7d

LFSR rO0ABXQAa0DAgMCAwIDAgMCAwIDAgGAGVgHDp+KAoOKAnlTDt8Ohw6H

CrAQP

VSkHBgUWKyMucMOqPsOvwr7Dv2DDs8O8BTJRW1fDoMOXw5TCrMOxwrrDq

S8C

DlhCCQ4OcCkjIsK7wr0+wrnDvMKgMcKi


3042

6. CONCLUSION and FUTURE WORK

Security is very important in all types of

information. SHA-3 algorithm performs tokenization to

create token and make difficult to break security. After

tokenization, tokenized data feed to light weight AES (LFSR)

to encrypt the data so that other than authenticated user can’t

receive any health information. In such way the proposed

method provides two level unbreakable securities to provide

anonymity. Such two level securities give much better results

than other traditional security systems. Hence this paper

concludes that the proposed method is very strong method to

provide privacy and security for health information stored on

cloud server.

In future, android application can be created using

this proposed method. Also we can add messaging system for

giving important notification to doctor, patient, insurance

agent. Security of proposed method can be enhanced in future

by increase in key length or by taking support of another key

generation algorithms for avoiding replay attack.

REFERENCES

[1] Asst. Lect. Hasan M. Azzawi,” Enhancing The

Encryption Process Of AdvancedEncryption

Standard (AES) By Using Proposed AlgorithmTo

Generate S-Box”, Journal of Engineering and

Development, Vol. 18, No.2, March 2014, ISSN

1813- 7822, pp 89-106.

[2] A. Zaslavsky, C. Perera and D. Georgakopoulos,

“Sensing as a Service and Big Data,” in

International Conference on Advances in Cloud

Computing (ACC-2012), Bangalore, India, 2012.

[3] B.Madhuravani, D. S. R Murthy, “Cryptographic

Hash Functions: SHA Family”, International

Journal of Innovative Technology and Exploring

Engineering (IJITEE) ISSN: 2278-3075, Volume-2,

Issue-4, March 2013, pp 326-329.

[4] Cong Wang,Sherman S.M. Chow, Qian

Wang,KuiRen,andWenjing Lou,” Privacy-

Preserving Public Auditing for Secure Cloud

Storage”IEEE transaction on computers, VOL. 62,

NO. 2, FEBRUARY 2013, PP 362-376.

[5] Deepti Mittal, DamandeepKaur, AshishAggarwal,

“Secure Data Mining in Cloud using Homomorphic

Encryption”,

[6] Ivan Stojmenovic, Sheng Wen,” The Fog

Computing Paradigm: Scenarios and Security

Issues” The Fog Computing Paradigm: Scenarios

and Security Issues, Proceedings of the 2014

Federated Conference on Computer Science and

Information Systems, 2014 pp. 1–8

[7] Jain Wang,YanZaho, “privacy preserving in cloud

computing”,IEEE2010, pp 472-476.

[8] KushalP.Kulkarni,A.M.Dixit, “ Privacy Preserving

Health Record System in Cloud Computing using

Attribute based Encryption”,International Journal

of Computer Applications (0975 – 8887) Volume

122 – No.18, July 2015, pp 6-12.

[9] M. M. Wong, M. L. D. Wong, “New Lightweight

AES S-box Using LFSR”, IEEE International

Symposium on Intelligent Signal Processing and

Communication Systems (ISPACS) December,2014,

pp 1-4.

[10] Luminiţa and Mircea-Daniel,” Modified Advanced

Encryption Standard”, 11th International

Conference on development and application

systems, Suceava, Romania, May 17-19, 2012.

[11] PravinKawle, AvinashHiwase, GautamBagde,

EkantTekam, Rahul Kalbande,”Modified Advanced

Encryption Standard”,International Journal of Soft

Computing and Engineering (IJSCE) ISSN: 2231-

2307, Volume-4, Issue-1, March 2014.

[12] PriyankaPimpale, RohanRayarikar,

SanketUpadhyay,” Modifications to AES Algorithm

for Complex Encryption”, IJCSNS International

Journal of Computer Science and Network Security,

VOL.11 No.10, October 2011,pp 183-187.


3043

[13] “SHA-1Collision Search Graz". Retrieved 2009-06-

30.

[14] Sourav Das,” Halka: A Lightweight, Software

Friendly Block Cipher Using Ultra-lightweight 8-bit

S-box”

[15] VandanaC. Koradia, “ Modification in Advanced

Encryption Standard”,journal of information,

knowledge and research in computer

engineering,ISSN: 0975 – 6760| NOV 12 TO OCT

13 | VOLUME – 02, ISSUE – 02, pp 356-359.

[16] V. Sumathy& C. Navaneethan,” Enhanced AES

algorithm for strong encryption”, International

Journal of Advances in Engineering & Technology,

Sept 2012. Vol. 4, Issue 2, pp. 547-553

[17] Z.C Nxumalo, P. Tarwireyi, M.O Adigun, “Towards

Privacy with Tokenization as a Service”, IEEE, 978-

1-4799-4998-4/14 ©2014.

[18] ZhidongShen, “The Security of Cloud Computing

System enabled by Trusted

ComputingTechnology”,2nd International

Conference on Signal Processing Systems (ICSPS),

2010, pp 11-16.

[19] SHA-3 ,https://en.wikipedia.org/wiki/


3044

improved privacy preservation of personal health records ... · anonymization data and lfsr...

Documents