Professional Documents
Culture Documents
asia
GJESR RESEARCH PAPER VOL. 1 [ISSUE 4] MAY, 2014
ISSN:- 2349283X
N
Department of Computer Science & Engineering,
Coimbatore Institute of Engineering and Technology (CIET),
Coimbatore, TamilNadu, India.
Email- kabilanstreet@gmail.com
ABSTRACT: Personal health record (PHR) is an emerging patient-centric model of health information
exchange. There have been wide privacy concerns as personal health information could be exposed to
unauthorized access. In this project, an Advanced Encryption Standard (AES) scheme capable of handling
multiple authorities is employed to protect PHR from unauthorized access. The AES scheme is based on
the attributes stored in the PHR. In this scheme, the set of recipients defined by the encrypting party can
decrypt a corresponding cipher text. This scheme overcomes the demerits in the existing encryption
scheme. In a multi-authority AES scheme, multiple attribute-authorities monitor different sets of
attributes and issue corresponding decryption keys to users. Encryptors assure that a receiver obtain
keys for appropriate attributes from each authority before decrypting a message. Thus, the project
provides security to the data stored in PHR, using AES with increased performance and reliability.
Keywords: Personal health records, Access control, Advanced Encryption Standard, Attribute-based
Encryption, and Secure Sharing.
1. INTRODUCTION
In recent years, personal health record (PHR)
has emerged as a patient-centric model of health
information exchange. A PHR service allows a
patient to create, manage, and control her
personal health data in one place through the
web, which has made the storage, retrieval, and
sharing of the medical information more
efficient. Especially, each patient is promised the
full control of her medical records and can share
her health data with a wide range of users,
including health care providers, family members
or friends. Due to the high cost of building and
maintaining specialized data centres, many PHR
services are outsourced to or provided by thirdparty service providers such as Microsoft Health
Vault. While it is exciting to have convenient
PHR services for everyone, there are many
security and privacy risks which could impede
its wide adoption. The main concern is about
whether the patients could actually control the
sharing of their sensitive personal health
information (PHI), especially when they are
ISSN:- 2349283X
2. AES Technique
AES technique is a specification for an
encryption of electronic data. It uses
substitution and permutation network. This
technique uses block size as 128 bits and key
size as 128,192 or 256 bits. Key size used for
AES cipher determines the number of
repetitions of transformation rounds that
convert the plain text into cipher text. Numbers
of cycles of repetitions are
SubBytes
ShiftRows
MixColumns and
ISSN:- 2349283X
Encrypt (AddRoundKey).
ISSN:- 2349283X
Fig.5: MixColumns
Fig.3: SubBytes
To complete an S-Box operation on an example
string of ABC, take the hexadecimal Value of
each byte. ASCII A == hex 0x42, B == 0x43
and C == 0x44. Look up the first (left) hex digit
in the S-Box column and the second in the S-Box
row. 0x42 becomes 0x2c; 0x43 becomes 0x1a,
and 0x44 becomes 0x1b.
AddRoundKey()
The actual encryption is
performed in the AddRoundKey() function,
when each byte in the State is XORed with the
subkey. The subkey is derived from the key
according to a key expansion schedule, as shown
in the FIPS illustration that follows:
ShiftRows()
ShiftRows() provides diffusion by
mixing data within rows. Row zero of the State is
not shifted, row 1 is shifted 1 byte, row 2 is
shifted 2 bytes, and row 3 is shifted 3 bytes, as
shown in the FIPS illustration that follows:
Fig.6: AddRoundKey
MixColumns()
ISSN:- 2349283X
2. Shift Rows
3. Add Round Keys
3. Related Work
Various attribute encryption techniques are
used for fine grained encryption of data and are
discussed below.
perform
Initial
Round
Sub
Bytes
Key
KP-ABE: [1] propose a cryptosystem for finegrained sharing of encrypted data that is called
as Key-Policy Attribute-Based Encryption. In
this cryptosystem, cipher texts are designated
with sets of attributes and private keys .Private
keys are related with access structures that in
turn specifies which type of cipher texts the key
can decrypt.
Symmetric key cryptography (SKC) based
solutions: Symmetric-key algorithms are a class
of algorithms for cryptography that use the
same cryptographic keys for both encryption of
plaintext and decryption of ciphertext. The keys
may be identical or there may be a simple
transformation to go between the two keys. The
keys, in practice, represent a shared secret
between two or more parties that can be used to
maintain a private information link Vimercati
et.al.[2] Proposed a solution for securing
outsourced data on semi-trusted servers based
on symmetric key derivation methods, which
can achieve fine-grained access control.
Unfortunately, the complexities of file creation
and user grant/revocation operations are linear
to the number of authorized users, which is less
scalable.
Multi-Authority attribute-Based encryption:
In a multi-authority ABE system [3], we have
many attribute authorities, and many users.
There are also a set of system wide public
parameters available to everyone (either
created by a distributed protocol between the
authorities). A user can choose to go to an
attribute authority, prove that it is entitled to
some of the attributes handled by that authority,
and request the corresponding decryption keys.
The authority will run the attribute key
generation algorithm, and return the result to
the user. Any party can also choose to encrypt a
message, in which case he uses the public
parameters together with an attribute set of his
ISSN:- 2349283X
ISSN:- 2349283X
ISSN:- 2349283X
7. System Implementation
Implementation is the stage in the project where
the theoretical design in the turned into a
working system and is giving confidence on the
new system for the user that it will work
effectively. It involves careful planning,
investigation of the current system and its
constraints on implementation, design of
methods to achieve the changeover, an
evaluation, of change over methods.
Apart from planning major task of preparing the
implementations are education and training of
users .The more complex the system begin
effort, required just for implementation. An
implementation coordination committee based
on policies of individual organization has been
appointed. The implementation process begins
with preparing a plan for the implementation of
the system. After the system is implemented
Careful planning.
ISSN:- 2349283X
Implementation
Suggestions
Various Platforms
Regarding
ISSN:- 2349283X
10