Securing medical data by role-based user policy with partially homomorphic encryption in AWS cloud

Cloud technology provides services for storing and accessing a large amount of data with ease of access and less cost. Sensitive data such as patients' electronic health information should be encrypted before outsourcing into the cloud. Many traditional encryption methods are used for protecting data in the cloud, but unable to perform computation on encrypted data. Homomorphic encryption operates directly on the ciphertext. In this study, a Secure Partially Homomorphic Encryption (SPHE) algorithm is proposed to secure the outsourced data and perform multiplication and division operations on the ciphertext. The access control policy in the cloud environment is more flexible. An attacker can easily collect sensitive data by abusing the access policy of another user. Therefore, the database privacy is compromised. Creating a role hierarchy and managing the session is difficult in the cloud environment. The above issues motivate us to develop a model which is the integration of the proposed scheme SPHE with role-based user policy. The model is implemented in Eclipse IDE (Integrated Development Environment) and AWS (Amazon Web Service) Toolkit for Eclipse and deployed in Amazon Elastic Beanstalk (EB) environment. This model is particularly used for securing the patient e-health details and performing computation on outsourced data. The patient details are encrypted by the algorithm SPHE and uploaded in AWS S3 (Simple Storage Service) bucket. The users are created by AWS Identity and Access Management (IAM) service and the access level policy is defined based on user roles in EB environment. The proposed model performance is studied by comparing with other partially homomorphic methods Elgamal, Pailler, and Benaloh. This model achieves data integrity and data confidentiality using the role-based user policy with SPHE.


Introduction
Cloud is used for storing a large volume of data with minimum cost.The data owners outsource their data to the cloud server.The outsourcing of data will compromise the integrity and security since the cloud is a semi-trusted platform.[19] So, sensitive details like medical information should be encrypted then uploading into the cloud.Many cryptographic algorithms are used to encrypt sensitive details.Sometimes, computation needs to be done for the outsourced data.The computation can be done after decrypting the ciphertext which is compromised the data security.
A homomorphic encryption method is a possible solution that will perform computation on encrypted data.[21] We proposed the algorithm SPHE which performs multiplication operation and division operation on the ciphertext.[22] The outsourced data has to be shared by different users to perform various operations.The user roles should be assigned by access policy for the data.[23] The access policy allows the users to perform required operations.This motivates us to create a model which combines the SPHE with a role-based user policy.This method is implemented by Eclipse IDE for Java EE with AWS toolkit for Eclipse.The method is deployed in the AWS Elastic Beanstalk service which is an easy way for creating the environment for the application.The data owner encrypts the patient details by the SPHE method and outsources the data to the AWS cloud.
The patient medical detail is stored in AWS S3 bucket.The application can use the data from the S3 bucket.The user roles are created by AWS Identity and Access Management (IAM) service.The access policy is de ned that depends on the user roles which will restrict the access of encrypted data.The access levels list, read, write, and tagged are assigned to the data owner who is considered as administrator user role.For the evaluator, the access levels are list and read-only, who can read the data and perform computation on the data.The role assigned for the evaluator is the power user.The patients are end-users who can able to read the data.The different access policies are administrator policy, evaluator policy, and end-user policy that are created to de ne the access levels of each type of user.In Amazon S3, the client-side encryption is enabled to upload the encrypted data by the data owner.To integrate Elastic Beanstalk with Amazon S3, the reference of Amazon S3 is set to EB environment when creating the application.
The paper is organized as follows.Section 2 describes the related work.Section 3 presents the proposed model.In section 4, the proof of the SPHE algorithm is given.The model implementation with result discussion is presented in section 5. Section 6 shows the comparative study with other encryption methods.Finally, we conclude in section 7.

Related Work
This section describes the related work in this study.Zhang et al. [1] proposed a role-based with timebound access control scheme to ensure the security of health details in the cloud.The authorized user for the system can access data that depends on their role within the time.A time tree scheme is used for creating the time-bound mechanism for access control.The sensitive detail is encrypted before uploading into the cloud servers.Bertino [2] the role-based access control method is used for assigning roles for the user depends on their position in the organization.This mechanism is used for security for the resources.
The user access policy provides authorization based on roles.
Lan Zhou et al. [3] addressed various issues in trust using an RBAC model.This model considers the users and their roles and feedbacks.Liu et al [4] supports user revocation mechanisms and proposed an RBAC method for health records based on two roles, one for medical authority and another for patients.The medical authority can be identi ed by the access policies and roles.In [5], the authors proposed a user authentication method with role-based access control in smart health systems.The method used three types of parties health professionals, health authority, and consumer.
[6] Implements attributed-based framework with secure provenance to ensure effective, ne-grained access for health data.[7] Proposed a model which combines the methods of attribute-based encryption and an access policy that is hidden for cloud environment.The attribute-based encryption for audit-free cloud storage is implemented in [8] to manage the access control policies.[9] Supports attribute to user roles to control the privileges, but it is not supported for evolving environments.Khan and Sakamura [10] proposed a ne-grained access control for the digital healthcare model.The method used eTRON which encrypts data by the public key cryptography and establishes a key sharing model using the Di e-Hellman method.
Xu et al. [11] introduced a robust method that uses multiple attribute authorities in a public cloud.This scheme resolves a single-point computation bottleneck and ensures security from insider attacks by using different attribute authorities.Sandhu et al. [12] proposed a method for role-based access control which allocates functions to users and roles are combined with access right permissions.But this scheme is an expensive process.Pussewalage and Oleshchuk [13] uses a proxy re-encryption which provides client revocation based on the requirement.This scheme combines both roles and attributes and analyzes the request with pseudo-roles.
[14] Proposed a hybrid scheme that uses RSA and homomorphic methods for increasing the data security for the OpenStack environment.The cloud clients can control the key management and cryptographic operations instead of the cloud provider.[15] Proposed the attribute-based, privacy-preserving authentication method for health records.It authenticates the user, based on attributes.Homomorphic encryption ensures data security by preserving the attributes' privacy but the cost of computation is very high.Barni et al. [16] considered a multiparty method to process electrocardiogram data which is in encrypted form.The approach uses a homomorphic encryption method to ensure patient privacy.Carpov et al. [17] implemented a practical medical diagnosis model which is privacy-preserving using a homomorphic scheme.The user will encrypt data and upload it into the cloud environment.The evaluation can be done for the data which is in encrypted form, so the cloud owner is unaware of the uploaded data.
Gentry [18] proposed the fully homomorphic method which can perform addition operation and multiplication operation on the ciphertext.The somewhat homomorphic method allows restricted operations on ciphertext using circuits of speci ed depth.The fully homomorphic encryption methods are impractical because of their di cult computation.

Preliminaries
The proposed method is secure and having probabilistic property.An attacker is not able to guess the plaintext from the encrypted text.The scheme used a probabilistic factor which adds noise for encrypted text.A randomly generated prime number is used when encrypting the plain text.So it is di cult to get the original text without keys.The encryption process used the one-way functions, modulo inverse operation for encryption, and modulo exponentiation operation for decryption.
The algorithm has ve parts, key generation algorithm, encryption algorithm, decryption algorithm, multiplication algorithm, division algorithm.The key generation algorithm generated the public key pk and secret key sk and p is randomly selected prime number in Ζp*, the multiplicative group of a nite eld Ζp* = {if a ε Ζp: gcd (a, p) = 1} where Ζp = {1, 2,... p-1}.g is randomly selected generator element of the subgroup Gq of Ζp*, where q = p/2.To give input p and g, the method outputs a public key (g,k,p) and secret key S, Where S is uniformly selected factor of Ζp* and compute k = S g mod p as follows: S ← Ζp*, k ← S g mod p In the encryption algorithm, two probabilistic factor r, where 1 < r < q/2 is used for encryption to give more security of data.

Proof Of Sphe
The SPHE algorithm is semantically secure for every randomly selected element R = {Rn}, n ε p of polynomial randomly selected variables which gives probabilistic polynomial time algorithm P A, there is a probabilistic time algorithm P A 1 .Given the prior information H(Rn), no such algorithm P A can obtain any information of F(Rn) from the probabilistic polynomial time algorithm P A 1 , cipher text that cannot be computed by P A 1 .

Proof
Consider plain text or message in message space pt : pt ε Gq, Compute k = S g mod p, where S is secrete key, g is generator, p is large prime number in Ζp* Encrypt(g, k, p), message pt Compute m = g.r,where r is a randomly selected element and n = pt / S r mod p The cipher text ct = (m,n)

Homomorphic property of SPHE
The SPHE algorithm has homomorphic property.It has a partially homomorphic property that performs multiplication and division operations on any two encrypted messages as well as integer multiplication and division operations also possible.Consider two messages pt1 and pt2 in the message space, their corresponding ciphertexts are ct1, ct2.The partially homomorphic encryption [20] which has multiplicative property can be proved as follows.

Implementation Of The Proposed Scheme
The platform used for implementing the proposed scheme is Eclipse IDE for Java EE, JDK 8, Tomcat 8, AWS Toolkit for Eclipse.The AWS toolkit is integrated with Eclipse IDE by creating the access key as security credentials in the AWS console.The project is exported as a war le and uploaded in Elastic Beanstalk.Create a new application in EBS, and create a new webserver environment, select tomcat as the platform, upload and deploy the project war le in EB.

Network model
This model creates different user roles by using IAM in AWS.The admin user who is the application owner has all access rights to the application.They generated keys (pk,sk) using a Role-based SPHE scheme.The public key (pk) shared with the evaluator and the private key (sk) is shared with the end-user.
The evaluator can perform computation on ciphertext using (pk).The customer can decrypt the result by sk.
EB is used for deploying and managing the application quickly in the AWS environment.It automatically handles load balancing, scaling, and environmental health monitoring.The application is deployed by Elastic Beanstalk (EB) in AWS.By using EB, create the environment and platform as a tomcat server to deploy the proposed scheme.The application is uploaded as a war le into EB.
The permission and policy boundary is created based on user roles for the service EB.The access levels associated with EB are list, read, tagged, and write.For admin user, all-access levels list, read, tagged, and write was enabled.The evaluator has list and read access permissions whereas the end-users have only read access permission.The permission boundary controls the data access and application by user role.So the users are restricted to access the service by access policy which gives a security model.

managed user
Create users using IAM for accessing [23]Elastic Beanstalk.The user roles are admin user, power user, and end-user.The admin is the data owner who has all access rights permission on data and applications.The power user is the evaluator, can perform operations on data.The end users are patients who want to upload their medical details in the cloud.The application will allow user policies based on their role.Figure 1 shows the network model of the proposed method.

Role based user policy-SPHE model
The following modules are used in the application.
(i) Administrator policy AdministratorAccess -The data owner has full access rights on EB applications.The DO can create, change and delete EB applications.The access levels assigned for DO are list, read, tagged, and write.Allaccess levels are set for DO so that they can have full control over the application.
(ii) policy evaluator can perform computation on data.They can able to perform operations like multiplication or division on two ciphertexts, integer multiplication, or division with the encrypted data.

(iii) Customer Access Policy
AwsElasticBeanstalkReadOnly -The customers can able to view applications and data and they cannot perform any operation on data.
(iv) Amazon S3 -Client-side encryption The patient data is stored in Amazon S3 as objects.The data stored in Amazon S3 is not encrypted by default.There are two options to encrypt data in the S3 bucket, server-side encryption, and client-side encryption.The proposed method is used for encrypting the patient data and uploads it into Amazon S3.
The keys are managed on the client-side so that this method is more secure.Because the Amazon server is not able to access both data and keys.The patient encrypted data in the S3 bucket can be accessed by the application running on the EB instance.For that, when the application is created, S3 URL is speci ed to get access to the S3 object.Figure 2 shows the user access policy of the proposed model.The scheme is implemented for the key size of 1024 bits and various message sizes from 128 bits to 1024 bits with different access policies of various users.The simulation factors considered are the time for encryption, decryption, multiplication, and division operation.Table 2 and Figure 3 show the simulation result which is the average value of 50 trials for various message sizes from 128 bits to 1024 bits.The encryption time taken by the SPHE algorithm ranges from 2.9 ms to 5.4 ms for message sizes 128 bits to 1024 bits.The decryption time ranges from 0.99 ms to 2.15 ms, the multiplication operation on ciphertext is from 1.01 ms to 2.65 ms and the division operation is from 1.51 ms to 3.52 ms for the sizes of the messages 128 bits to 1024 bits.

Comparison Of Homomorphic
In this section, the result of the proposed method is compared with other homomorphic encryption methods Paillier, Elgamal, and Benaloh.The same simulation parameters are used for compared schemes.The simulation is repeated 50 times to get a more accurate result for all schemes.To compare the performance of the proposed algorithm with other schemes which are considered for this study, the same system parameters, a key size of 1024, and a message size of 128 bits are used for all schemes.Table 3 shows the average values of all simulation factors for 50 trials.
The encryption time is measured for the input message size of 128 bits and key size of 1024 bits.It has been observed that Paillier encryption takes maximum time for encryption among all schemes because of more number of modular operations during encryption function.The Benaloh scheme takes minimum time.The role-based SPHE has a better performance than Elgamal and Paillier schemes.Figure 4 shows the comparison results of encryption time for all schemes.The results show that SPHE has almost 3 times better than Elgamal and nearly 6 times better than Paillier because of less number of modulo operations.
The decryption time for the proposed scheme is that Paillier encryption takes more decryption time because of the complicated decryption function.Figure 5 shows the comparison results of decryption time.The proposed method has taken minimum time for decryption because of one modular exponentiation operation to decrypt the ciphertext.7 shows that the comparison on multiplication operation of ciphertext for all schemes.From the result, It is observed that the Paillier scheme takes more time for multiplication on two ciphertexts because of more number of modular operations.The proposed scheme has a better performance among all methods because of the minimum number of modular operations.

Figures Figure 1 Network 2
Figures

Figure 3 Time
Figure 3

Figure 5 Comparison
Figure 5

Table 3
The comparison result of the simulation factors with key size 1024 bits, message size 128 bits Figure6shows the comparison results of key generation time.It is observed that the Paillier scheme takes less time and Benaloh takes more time for key generation.The proposed scheme has a better performance than Elgamal and Benaloh.It has ve times better than Elgamal and almost 6 times better than Benaloh.Figure