Security of PHR Model on Public Cloud using MultiAuthority and Key Policy Attribute based Encryption

Personal Health Record (PHR) is a web based set of tools that provides the facility to exchange and maintain a complete electronic health record of a patient. Third-party service providers are available to maintain PHRs like HealthVault1, Google Health or Web MD. These applications allow individuals to enter, store and share their own health data, upload health measurements from their devices or from hospital EHR systems. Another alternative is to outsource PHR to the third party cloud service providers or on semi trusted servers. It helps to increase PHR efficiency and to overcome problems associated with maintaining own specialized data centers. However, serious privacy concern arises as data are exposed to unauthorized users. The potential solution to this problem is to encrypt the data before outsourcing, however while encrypting data the issue of key management, data privacy and fine grained access remains a major concern. Taking these issues into consideration the paper proposes a model for securing PHR stored in semitrusted third party servers by adopting attribute-based encryption (ABE). The advantage of ABE is, the complexity of encryption and decryption linearly increases with the increase number of attributes which are desired for large systems, although the challenge to make system collusion resistant need to be handled efficiently. To overcome these challenges the model proposes the use of dual system encryption methodology. The encryption techniques from Multi-authority ABE and Key-Policy ABE are combined. Use of MA-ABE technique proves beneficial for key management and flexible access and potential security threat of colluding users is handled by KP-ABE. To this end, proposed framework has attempted to achieve data security by MAABE and data privacy by KP-ABE scheme thus improving overall security of the system.