Survey on Privacy Preserving Mobile Health Monitoring ... - IRD India

68 downloads 39166 Views 232KB Size Report
... hospitals in your area? 2] How much is your yearly expenditure on healthcare? ... data is stored in cloud server in encrypted format so as to preserve ... Recipients can generate their own ... requires a centralized server in order to create and.
International Journal of Electrical, Electronics and Computer Systems (IJEECS) ________________________________________________________________________________________________

Survey on Privacy Preserving Mobile Health Monitoring System using Cloud Computing 1

Abhijeet S. Kurle, 2Kailas R. Patil

1,2

Department of Computer Engineering, Vishwakarma Institute of Information Technology Pune, Maharashtra, India Email: [email protected], [email protected]

Abstract – Most of the Healthcare organizations are lagging in adoption of new technology. Healthcare systems might be improved by using technology such as mobile devices, wireless sensor networks and cloud computing to enhance the quality of healthcare service at reasonable cost. However using untrustworthy cloud service provider for health services poses serious risk on privacy of client’s medical data and intellectual property of mobile health service provider. This risk may reduce adoption of mobile healthcare system. This paper gives detailed survey of mobile health monitoring system and specially addresses the problem of obtaining confidentiality of client’s data across untrustworthy environment such as cloud service provider. Keywords: Mobile health monitoring, cloud security, Attribute based encryption, SQL aware encryption.

I. INTRODUCTION Healthcare organization has underutilized technology as compared to other organizations. Most of the heath organizations are still relying on paper based medical records and handwritten prescriptions for diagnostic. Information digitized by healthcare organization is typically not portable; therefore there is little possibility of sharing this information among different healthcare entities. Since information sharing is rare there is lack of communication can coordination between patients, physicians and other medical community. However in recent few years wide deployment of electronic devices such as sensors and smart phones has shown potential in enhancement of healthcare services. In developing countries remote health monitoring is successful example of mobile health application. In mobile health monitoring system wireless body sensor networks are attached to client’s body to collect physiological data like Breathing Rate (BR), Blood Pressure (BP), Blood Glucose and Electrocardiogram (ECG) [5]. This data from client device is sent to remote server where this data is analyzed, processed and return recommendation to client about his health and daily activity. The client can also sent queries related to healthcare data. These queries are sent to sever and returns timely advice to the client.

of software as a service (SaaS) and Database as a service (DaaS) model. With the use of such technology enables the health service provider to growth in adoption of personal health records (PHR), electronic medical records (EMR) and electronic health records (EHR). Cloud computing offers several benefits in healthcare sector: healthcare organization provides quick access to computing and large storage facility at low cost. However cloud computing also facilitates sharing of healthcare data across various departments and geographies. Although use of modern technologies enhances healthcare service, it poses risk of protecting health information from unauthorized users. Several healthcare organizations store and maintain patient’s data electronically. With use of cloud computing these organizations outsource patient’s health related data to cloud service provider. The cloud service providers are untrustworthy parties therefore the client’s medical data stored on cloud may be misused by such parties. They share this data to insurance companies to make profit. Since cloud service provider is untrustworthy party patient’s data must be stored in encrypted format on cloud so that they do not learn anything from stored data. There are several laws regarding privacy of health informatics such as Health Information Privacy and Accountability Act (HIPAA) [1]. According to these laws patient’s data to be stored on untrustworthy environment such as cloud must be protected against internal and external attacks. The remaining paper is organized as in section 2 we explained the current healthcare scenario in India; we also presented the statistics of the mobile health monitoring survey. This section gives the privacy issues in healthcare services. In section 3 we presented the existing work on mobile health monitoring and techniques for achieving confidentiality of health data. In section 4, we elaborated simple mobile health monitoring system and its working.

Cloud computing technologies allow the healthcare service providers to improve their services with the use ________________________________________________________________________________________________ ISSN (Online): 2347-2820, Volume -3, Issue-4 2015 31

International Journal of Electrical, Electronics and Computer Systems (IJEECS) ________________________________________________________________________________________________

II. CURRENT HEALTHCARE SCENARIO A. Healthcare Status in India : India ranks low (115th) amongst world nations judged by Human Development Indicators (HDI). Doctors are the most important part of the healthcare system. However, the rural area of India has 64% shortage of doctors. According to the World Health Statistics (WHS) 2013 statistics, six doctors per 10,000 people, the number of qualified doctors in the country is not sufficient for the growing requirements of Indian healthcare. Moreover, in rural area “doctors to population” ratio is lower by six times as compared to urban areas. We presnted the some statistics taken from Word Health Organization (WHO).

We did the survey around more than 600 people from rural area of India. We did this survey in rural part of Kolhapur district from Maharashtra state regarding the need of mobile health monitoring system. The survey is in the form of questionnaire in which near about ten questions are asked to them about their health and use of smart phone and Internet. Factors we considered in survey: 1] How many hospitals in your area?

2] How much is your yearly expenditure on healthcare?

Fig. 1: Availability of healthcare facilities in rural and urban area of India collected from WHO. [17] Key healthcare challenges in India: 1. Burden of diseases in the new millennium – India faces the twin epidemic of continuing/emerging infectious diseases as well as chronic degenerative diseases. The former is related to poor implementation of the public health programs, and the latter to demographic transition with increase in life expectancy.

3] Do you have Smartphone?

2. The challenge of caring for a billion- India is the second most populous country in the world. The death rate has declined but birth rates continue to be high in most of the states. Health care structure in the country is over-burdened by increasing population. 3. Private practitioners and hospitals major providers of health care in India. Practitioners of alternate systems of medicine also play a major role in increasing cost of medical care and threat to healthy doctor patient relationship. B. Survey on need of mobile healthcare monitoring: The challenges mentioned above can be overcome by implementing the remote health monitoring system. These types of systems are successfully developed by some Caribbean countries. In order to implement such system in India there are more challenges. First we have to aware the people about their health. Now a day’s numbers of smart phones are increasing in rural as well as urban areas of India. This can help us to provide healthcare services through their smart phones.

The people ranging from age seventeen to 55 are included in this survey. The people in this area are facing unavailability of medical facilities. From the survey, it is clear that most of the people in urban area are using smart phones and they willing to use healthcare services from their smart phone. C. Privacy issues in healthcare monitoring:

Data encryption is the most effective technique for preventing sensitive data from unauthorized users or curious database administrators. In traditional asymmetric key cryptography or identity-based cryptography techniques, data is encrypted and it is decrypted only by intended legitimate user. But, such ________________________________________________________________________________________________ ISSN (Online): 2347-2820, Volume -3, Issue-4 2015 32

International Journal of Electrical, Electronics and Computer Systems (IJEECS) ________________________________________________________________________________________________ encryption techniques not feasible where data is shared to multiple users due to multiple encryption. Efficient encryption technique needed for more advanced data sharing where data is to be shared among multiple parties. Consider a medical informatics scenario where patient’s data is stored in cloud server in encrypted format so as to preserve confidentiality of data from untrustworthy cloud service provider. In medical informatics it is necessary to store patient’s data in encrypted format in order to preserve privacy of data according to laws such as Health Insurance Portability and Accountability Act (HIPAA). Now this data is be shared among multiple parties such as Doctors, nurse staff, research institutes. Now, fundamental cryptographic challenge is to enforce access policies among these parties, Such that all the doctors have access to all medical records, all nurse staff has access to clinical records, however research institute have access to only those records which marked with label research. In order to enforce such access control policies we can use traditional encryption scheme like symmetric encryption but it has limitation of secure key sharing over untrustworthy networks. If we use traditional public key cryptosystem or ID based encryption then patients needs to encrypt his medical records based on each doctor’s identity. If there are n doctors then he requires n identities to encrypt those medical records. This scheme is infeasible because of multiple encryption of same medical record according to doctor's or nurse's identity. Several encryption schemes can be used to preserve privacy of patient’s data. Whenever we store data in relational database we need some variations in these techniques, because it must be able to run SQL queries over encrypted database. There are two approaches to encrypt data stored in relational database. 1. Encrypt entire database file 2. Encrypt each record stored in table. In first case patient’s data is stored in database files in tabular format. Instead of encrypting each record in table the entire database file is encrypted and stored it on cloud. When patient queries data from database, entire database file is transferred from cloud to application server. This file is now decrypted at application server and patients query fired on normal database. The limitation with this solution is that even if access of single record large file is transferred from network. In later case, each record is encrypted and stored in relational database. Whenever patient queries data from database the query is translated in encrypted format and this encrypted query is fired on encrypted database. These techniques also have challenges in execution of range queries on encrypted database.

III. RELATED WORK There is lot of work has been done in last few years on secure mobile health monitoring system. The related work is broadly organized into following categories. A. Work Related to Healthcare Services: The Microsoft launched project “MediNet” [3] is designed for the peoples suffering from diabetes and cardiovascular disease in remote areas in Caribbean countries. This project is able to give personalized healthcare for the patients having diabetes. They use wearable sensors like Glucose and blood pressure sensors for measurement of glucose level and blood pressure this sensor data is sent to mobile phone through bluetooth or USB cable. Later data is transmitted to web server via GPRS. At the web server current sensor readings are combined with previous readings and submitted to reasoning engine. By using these readings reasoning engine generates personalized access to patient. In [1] Cloud Assisted Mobile (CAM) health monitoring system the patient’s data is stored on cloud and this system is able to make diagnosis of patients query by analyzing patient’s history and his medical details. They used ID based encryption for providing confidentiality to patient’s data. The branching algorithm is used for diagnosis of patient based on their medical details. The input to the branching algorithm is patient’s health data such as blood pressure, daily medication details and physical activity. According to this input decision tree is formed and decision is made to the clients query. Justin Brickell et. al in [4] presented protocol for secure evaluation of diagnostic program. In this paper the branching algorithm which can be represented as binary decision tree is used to make health recommendation to user. User may input their health related data to the branching algorithm then by examining some threshold values branching algorithm will make health recommendations to users. In binary decision tree formed by branching algorithm intermediate node contains predefined threshold values, while leaf node contains classification label to user. By applying protocol user evaluates servers branching algorithm on users local data without revealing any data to server except classification label. B. Work Related to Access Control Policies: In [6] D. Boneh and M. Franklin provide first solution to the open problem of Id based encryption proposed by Shamir in 1984. Identity-based encryption (IBE) is one of the forms of public key cryptography. It is initiated by the sender which uses a unique identifier of the recipient (such as his e-mail address) is used to calculate a public key. Private Key Generator (PKG) uses a cryptographic algorithm to calculate the corresponding private key from the public key. Recipients can generate their own private keys directly from the server as they needed, also they don’t require distribution of their public keys.

________________________________________________________________________________________________ ISSN (Online): 2347-2820, Volume -3, Issue-4 2015 33

International Journal of Electrical, Electronics and Computer Systems (IJEECS) ________________________________________________________________________________________________ Now, sender encrypts message by recipients public identity and sent to the receiver, receiver uses private key received from PKG to decrypt the message. However this scheme suffers from problem that it requires a centralized server in order to create and distribute keys. IBE's centralized system shows that some keys must be created and held in escrow and are therefore at greater risk of disclosure. In ABE technique, attribute has a very important role. Attributes are exploited to generate a public key required for encryption of data and used as an access policy to control user’s access to data. Based on the access policies, further research can be broadly categorized as either key-policy or ciphertext-policy. The first KP-ABE technique allows monotone access structures and was proposed by Goyal et al. [8] in 2005 where access policies are associated with keys, while first CP-ABE technique was proposed by Bethencourt et al. [11] in 2007 where access policies are associated with ciphertexts. In ABE techniques mentioned above, the user must go to a trusted party and assure his identity. After proving identity user obtains a secret key which is used for decryption messages. However in multiauthority ABE technique user’s secret key is no longer authorized by a single authority but it is authorized separately by different independent and cooperative authorities. To improve ABE scheme, some researchers focuses on user/attribute revocation and accountability. What is more, with its own advantages, the attribute-based cryptosystem has the ability and possibility to be applied to other areas. Particularly, lots of studies which focus on the applications of ABE in proxy re-encryption [9] have been proposed. C. Work Related to SQL aware Encryption Fei Che, et.al. in[16], Privacy: Order-preserving hashbased function is adopted to encode both data and queries. Proposed a new data structure called local bit matrices is defined that allows a customer to verify the integrity of a query result with a high probability. This scheme is used for executing range queries on encrypted database. The plan text values are transformed into fixe value buckets and order is preserved in encrypted database. The limitation of this technique is that no Optimal bucket partitioning for multi-dimensional data. Raluca popa et.al. in [9], 2011 designed CryptDB which gives adjustable query based encryption for providing confidentiality of data stored on cloud database. They use proxy which act as intermediate between application and database. The data sent from is in plain text which is encrypted at proxy and encrypted data is stored in database. Whenever application requires data form database proxy translates plain query into encrypted query to run over encrypted database. The results fetched by SQL query is in encrypted format. This results are converted into plaintext and givento applocation server. The main drawback of this paper is

that not all type of SQL queries works over this database.

IV. SECURE MOBILE HEALTHCARE MONITORING A. System: In mobile health monitoring system consists of four parties client, healthcare service provider company, Semi Trust Authority (STA).

Fig1: System architecture for mobile health monitoring system The client first registers to the system by entering his or her personal details. These personal details from his electronic device such as smart phone, tablet, laptop or personal computer is transformed into attribute vectors. This attribute vector is given as input to the branching algorithm. The branching algorithm then runs over predefined data stored in cloud. The branching algorithm then generates timely advice to client based on their current and previous reading. The semi trust authority is responsible for distributing keys to client and healthcare service provider. Semi trust authority is also responsible for client account activation. Healthcare service provider company can view details of clients. It can view queries asked by clients and give response to clients. All this medical data is stored on cloud in encrypted format. B. Branching Algorithm: Health monitoring system works on branching algorithm. Similar algorithm is used by Medinet project to make diagnosis of patient having cardiovascular disease or diabetes. Branching algorithm works like binary decision tree where decisions are taken according to user’s monitoring details. The measure monitoring details of patient are represented by attribute vector V (v1, v2, v3 … vn). According to these monitoring details decision tree is formed. Leaf node of this tree represents diagnosis based on user’s attribute vectors. Each non leaf node in the tree is decision node while leaf node is label node. The patient will input his or her medical details such as blood pressure value, whether they missed daily medication, whether they have abnormal diet and energy consumption activities. These values are inputted to the branching algorithm, the algorithm then will able to give recommendation to patients so that they will improve their health.

________________________________________________________________________________________________ ISSN (Online): 2347-2820, Volume -3, Issue-4 2015 34

International Journal of Electrical, Electronics and Computer Systems (IJEECS) ________________________________________________________________________________________________ Example: Suppose particular patient query to branching program with input details such as blood pressure = 160, missed medication one time, energy consumption in calories = 1000 Kcal and information about diet such as salt intake = 1100 milligrams with threshold values such as t1= 150, t2=0, t3=800Kcal, t4=1500. The decision returned from branching algorithm is “D4, D5, D6” which is notify next kin, modify daily diet, and take regular medicine.

Privacy by design”, Identity in the Information Society, Springer, 2010.lerk Maxwell, A Treatise on Electricity and Magnetism, 3rd ed., vol. 2. Oxford: Clarendon, 1892, pp. 68–73. [3].

P. Mohan, D. Marin, S. Sultan, and A. Deen, “Medinet: Personalizing the self-care process for patients with diabetes, and cardiovascular disease using mobile telephony, IEEE Engineering in Medicine” in Proc. 30th Ann. Int. Conf. Biology Society, 2008.

In order to achieve confidentiality of medical data and providing fine grained access to between doctors and other entities involved in CAM, ABE is used. Following are the major steps for encryption procedure

[4].

J. Brickell, D. Porter, V. Shmatikov, and E. Witchel, “Privacy preserving remote diagnostics, in Proc. 14th ACM Conf.Computer and Communications Security, 2007.

1. Setup: This algorithm is run by TA, which publishes the system parameters for the ABE scheme

[5].

M. Barni, P. Failla, R. Lazzeretti, A.Sadeghi, and T. Schneider, “Privacy-preserving ECG classification with branching programs and neural networks” , IEEE Trans. Inf. Forensics Security, 2011.

[6].

D. Boneh and M. Franklin, “Identity based Encryption from the weil pairings”, in Cryptology. CRYPTO’01, 2001.

[7].

A. Sahai and B. Waters, “Fuzzy identity-based encryption”, in Advances in Cryptology EUROCRYPT 2005, vol. 3494 of Lecture Notes in Computer Science, pp. 457–473, Springer, 2005.

[8].

V. Goyal, O. Pandey, A. Sahai, and B. Waters “Attribute-based encryption for fine grained access control of encrypted data," in Proceedings of the 13th ACM conference on Computer and communications security, 2006.

[9].

R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan, “CryptDB: Protecting confidentiality with encrypted query processing,” in Proc. 23rd ACM Symp. Operating Systems Principles, Oct.2011, pp. 85–100.

C. Attribute Based Encryption:

2. TokenGen: To generate the private key from attribute vectors, a client computes the attribute representation set of each element and this is forwarded to TA. Then TA runs the on each attribute in the attribute set and provides all the respective private keys to the client. 3. Store: This algorithm stores client’s data in encrypted format in cloud. The public keys are generated from system parameters and data is encrypted by using public keys with attributes specifying constraints who should decrypt data? 4. Query: A client runs the Query algorithm to query certain information stored on cloud. Client decrypts the ciphertext generated in from store algorithm. Decryption results are based on policies embedded in key. In this scheme the confidentiality of patients data is preserved as well as the intellectual property of healthcare service provider is also preserved. The problem of enforcing access control policies over multiple parties involved in mobile health monitoring is also solved by using attribute based encryption.

V. CONCLUSION In this paper, we presented survey on need of privacy preserving mobile health monitoring system. Mobile health monitoring systems can be used to bridge the gap in availability of medical services in rural and urban region. The presented encryption techniques are used to provide confidentiality of medical data stored over untrustworthy cloud storage. This encryption schemes are used to provide access control policies over encrypted data.

REFERENCES [1].

[2].

H. Lin, J. Shao, C. Zhang, and Y. Fang, “CAM: Cloud¬Assisted Privacy Preserving Mobile Health Monitoring”,Security 2013., Trans. Inf. Forensics.

[10]. R. Ostrovsky and B. Waters. “Attribute based encryption with non-monotonic access structures”, In Proceedings of the 14th ACM conference on Computer and communications security, ACM, 2007. [11]. J. Bethencourt, A. Sahai, and B. Waters “Cipher text-policy attribute based encryption”, in Proceedings of IEEE Symposium on Security and Privacy, 2007. [12]. G. Wang, Q. Liu, J. Wu, and M. Guo, “Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers,” Computers and Security, 2011. [13]. D. Song, D. Wagner, and A. Perrig, “Practical techniques for searches on encrypted data,” in Proc. IEEE Symp. Security Privacy, May 2000, pp. 44–55

A. Cavoukian, A. Fisher, S. Killen, and D.Hoffman, “Remote home health care technologies: How to ensure privacy? Build it in: ________________________________________________________________________________________________ ISSN (Online): 2347-2820, Volume -3, Issue-4 2015 35

International Journal of Electrical, Electronics and Computer Systems (IJEECS) ________________________________________________________________________________________________ [14]. H. Hacigumus , B. Iyer, C. Li, and S. Mehrotra, “Executing SQL over encrypted data in the database-service-provider model,” in Proc. ACM SIGMOD Int’l Conf. Manage. Data, Jun. 2002, pp. 216–227.

[16]. Miyoung Jang, Min Yoon, and Jae-Woo Chang, “A Privacy-aware Query Authentication Index for Database Outsourcing”, IEEE transaction on BigComp, Pages 72-76, 2014 [17]. www.who.int/countries/ind/en

[15]. C. Gentry, “Fully homomorphic encryption using ideal lattices,” in Proc. 41st ACM Symp. Theory Comput., May. 2009, pp. 169–178. 

________________________________________________________________________________________________ ISSN (Online): 2347-2820, Volume -3, Issue-4 2015 36