Medical Health Record Protection Using Ciphertext-Policy Attribute-Based Encryption and Elliptic Curve Digital Signature Algorithm
Abstract
Information on medical record is very sensitive data due to the number of confidential information about a patient's condition. Therefore, a secure and reliable storage mechanism is needed so that the data remains original without any changes during it was stored in the data center. The user must go through an authentication process to ensure that not an attacker and verify to ensure the authenticity and accuracy of the data received. In this research, we proposed a solution to secure medical data using the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and Elliptic Curve Digital Signature Algorithm (ECDSA) methods. Our system can secure data centers from illegal access because the uploaded data has patient control over access rights based on attributes that have been embedded during the data encryption process. Encrypted data was added to the digital signature to pass the authentication process before being sent to the data center. The results of our experiments serve efficient system security and secure with low overhead. We compare the proposed system performance with the same CP-ABE method but don’t add user revocation to this system and for our computing times are shorter than the previous time for 0.06 seconds and 0.1 seconds to verify the signature. The total time in the system that we propose requires 0.6 seconds.
Downloads
References
B Eswara Reddy, Gandikota Ramu, A Secure Framework for Ensuring EHR's Integrity Using Fine-Grained Auditing and CP-ABE, In Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), IEEE 2nd International Conference on (pp. 85-89). IEEE. 2016
Yinghui Zhang, Dong Zheng, and Robert H. Deng, Security and Privacy in Smart Health : Efficient Policy-Hiding Attribute-Based Access Control, IEEE Internet of Things Journal. vol. 3, no. 1, pp. 1–15, 2018.
Entao Luo, Md Zakirul Alam Bhuiyan, Guojun Wang, Md Arafatur Rahman, Jie Wu, and Mohammed Atiquzzaman, PrivacyProtector : Privacy-Protected Patient Data Collection in IoT-Based Healthcare Systems, IEEE Communications Magazine, 56(2), February, pp. 163–168, 2018.
Kwangsoo Seol, Young-Gab Kim, Euijong Lee, Young-Duk Seo, and Doo-Kwon Baik, Privacy-Preserving Attribute-Based Access Control Model for XML-Based Electronic Health Record System, IEEE Access vol. 6, pp. 9114-9128. 2018.
Ho Hui Chung, Peter Shaojui Wang, Te-Wei Ho, Hsu-Chun Hsiao, and Feipei Lai, A Secure Authorization System in PHR based on CP-ABE, E-Health and Bioengineering Conference (EHB), pp. 1-4. IEEE. 2015.
Ahmed Lounis, Abdelkrim. Hadjidj el al. “Secure and Scalable Cloud-based Architecture for e-Health Wireless Sensor Networks. International Conference on Computer Communications and Networks (ICCCN), pp. 1-7,IEEE, 2012 21st.
Novi Aryani Fitri, Udin Harun Al Rasyi, and Amang Sudarsono, Secure Attribute-Based Encryption With Access Control to Data Medical Records. 2018 International Electronics Symposium on Knowledge Creation and Intelligent Computing (IES-KCIC), pp. 105-111. 2018.
Muhammad Arif Mughal, Xiong Luo, Ata Ullah Subhan Ullah, and Zahid Mahmood, A Lightweight Digital Signature Based Security Scheme for Human-Centered Internet of Things, IEEE Access, pp. 31630 - 31643. 2018.
B. Sindhu and Dr. R. M. Noorullah, Secure Elliptic Curve Digital Signature Algorithm for Internet of Things, Global Journal of Computer Science and Technology, vol. 1, no. 3, 2016.
Munsyi, Amang Sudarsono, and Udin Harun Al Rasyi. Secure Data Sensor In Environmental Monitoring Sistem Using Attribute-Based Encryption With Revocation. International Journal on Advanced Science, Engineering and Information Technology, vol. 7(2), pp. 609-624. 2017
Jie Zhang, Nian Xue , and Xin Huang. A Secure System For Pervasive Social Network-based Healthcare. IEEE Access, 4,pp. 9239-9250. 2016
Wei Li, Bonnie M. Liu, Dongxi Liu, Ren Ping Liu, Peishun Wang, Shoushan Luo, and Wei Ni, Unified Fine-grained Access Control for Personal Health Records in Cloud Computing. IEEE journal of biomedical and health informatics, pp. 1 - 1 2018
Young Sil Lee, Esko Alasaarela, and HoonJae Lee, “Secure key management scheme based on ECC algorithm for patient's medical information in healthcare sistem, The International Conference on Information Networking 2014 (ICOIN2014), February, pp. 453-457. 2014.
Al Imem Ali, “Comparison and Evaluation of Digital Signature Schemes Employes in NDN Network, Internattional Journal of Embedded systems and Application (IJESA), Vol.5, No.2 2015
J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-Policy AttributeBased Encryption, IEEE Symposium on Security and Privacy, pp. 321-334, 2007
Bhanu Panjwani, Scalable and parameterized hardware implementation of Elliptic Curve Digital Signature Algorithm over Prime Fields, Advances in Computing, Communications and Informatics (ICACCI), 2017 International Conference, pp. 211-218. IEEE, 2017.
Don Johnson, Alfred Menezes, and Scott Vanstone, The Elliptic Curve Digital Signature Algorithm ( ECDSA ), International journal of information security, 1(1), pp. 36-63. 2001.
Muhammad Haikal Azaim, Dodi Wisaksono Sudiharto, and Erwid Musthofa Jadied, Design and Implementation of Encrypted SMS on Android Smartphone Combining ECDSA - ECDH and AES, Multimedia and Broadcasting (APMediaCast), 2016 Asia Pacific Conference, pp. 18-23. IEEE, 2016.
Ravi Kishore Kodali, Implementation of ECDSA in WSN, International Conference on Control Communication and Computing (ICCC). pp. 310-314. IEEE. 2013
Abdessalem Abidi, Belgacem Bouallegue, and Fatma Kahri, Implementation of elliptic curve digital signature algorithm (ECDSA), Global Summit Computer & Information Technology (GSCIT), pp. 1-6. IEEE , 2014.
Cameron F. Kerry, Digital Signature Standard (DSS), Federal Information Processing Standards Publication (FIPSP), Ed. 3, 2013.
Prof. Sangeeta Nagpure, and Sonal Kurkure. Vulnerability Assessment and Penetration Testing of Web Application. International Conference on Computing, Communication, Control and Automation (ICCUBEA). Pp.1-6. IEEE. 2017
Petar Cisar, Sanja Maravic Cisar, and Igor Furstner, Security Assessment with Kali Linux, Bánki Közlemények, 1(1), pp. 49-52, 2018
Copyright (c) 2019 EMITTER International Journal of Engineering Technology
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
The copyright to this article is transferred to Politeknik Elektronika Negeri Surabaya(PENS) if and when the article is accepted for publication. The undersigned hereby transfers any and all rights in and to the paper including without limitation all copyrights to PENS. The undersigned hereby represents and warrants that the paper is original and that he/she is the author of the paper, except for material that is clearly identified as to its original source, with permission notices from the copyright owners where required. The undersigned represents that he/she has the power and authority to make and execute this assignment. The copyright transfer form can be downloaded here .
The corresponding author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors. This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s) where applicable. After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted.
Retained Rights/Terms and Conditions
- Authors retain all proprietary rights in any process, procedure, or article of manufacture described in the Work.
- Authors may reproduce or authorize others to reproduce the work or derivative works for the author’s personal use or company use, provided that the source and the copyright notice of Politeknik Elektronika Negeri Surabaya (PENS) publisher are indicated.
- Authors are allowed to use and reuse their articles under the same CC-BY-NC-SA license as third parties.
- Third-parties are allowed to share and adapt the publication work for all non-commercial purposes and if they remix, transform, or build upon the material, they must distribute under the same license as the original.
Plagiarism Check
To avoid plagiarism activities, the manuscript will be checked twice by the Editorial Board of the EMITTER International Journal of Engineering Technology (EMITTER Journal) using iThenticate Plagiarism Checker and the CrossCheck plagiarism screening service. The similarity score of a manuscript has should be less than 25%. The manuscript that plagiarizes another author’s work or author's own will be rejected by EMITTER Journal.
Authors are expected to comply with EMITTER Journal's plagiarism rules by downloading and signing the plagiarism declaration form here and resubmitting the form, along with the copyright transfer form via online submission.