Sharing PHR Data in Cloud Using Sigmoid Key and Median Support Signature-Based Cryptosystem

In recent years it is a major and developing challenge to provide the security of the data that have been stored in personal health records (PHR). Some encryption and key generation techniques in classical works have been created for this purpose. However, it has disadvantages such as ineffective and decreased security rules in access control regulations. To improve the security performance of PHR data for Sigmoid-based signature cryptosystem is proposed to transfer the data stored in a third-party cloud server securely. In the proposed work, the PHR data is taken as an input and the key encrypting key algorithm is implemented for the attribute key generation. After the attribute, the key generation sigmoid is calculated for the PHR data to keep the key secured. To keep the personal data of the patient in a secured manner the median support-based signature is generated and without displaying the generated signature the cipher text is displayed. To gain access to information stored in the cloud, the users have to verify the both generated private key and signature. On the successful verification of both the private key and signature, later, if the data requested by the user is a valid user then the user will be getting permission to access the cloud. The experimental findings show that our proposed technique outperforms other current methods in key computation time, communication complexity, encryption time, decryption time, and cloud operating mechanism.


Introduction
PHR has evolved as a patient-centric paradigm of health data sharing in recent years. A PHR service enables a patient to generate, complete, and maintain her health information in one location through the internet, making the storage, retrieval, and exchange of medical data much more cost-effective. Every patient, in particular, is safe in owning complete control of their medical data and may share their health information with a good type of user, such as health care traders, members of the family, or friends [1][2][3][4]. Because of the 1 3 importance of structure and maintaining particular knowledge centers, some PHR services are outsourced to or offered by third-party service providers, such as Microsoft Health-Vault1. Recently, cloud computing systems for storing PHRs have been planned. Many IT firms are reaping the benefits of cloud servers by outsourcing their database [5][6][7].
The cloud is a commonly utilized analytical area that is mostly used to store and access data through the internet. It enables network connectivity with greater flexibility and portability at a cheap cost. Providing security for cloud storage is a very significant and necessary task. Cloud storage provides virtualized storage for a specific quality of service based on demand (QoS). Cloud storage may be used in a variety of ways. For example, native knowledge may be protected to cloud storage; a virtual disc could be the cloud associate degree dispersed to many computers, and so the cloud could be utilized as an archive to maintain knowledge [8]. Nowadays, a lot of and a lot of health records (EHRs) systems square measure increasingly victimizing cloud storage services (e.g., Google Health) for storing and retrieving the records to boost interoperability, which may avoid exposing individuals to additional examination and supererogatory costs. Information exchange in EHR systems is critical for improving the service quality. However, information sharing has created certain security and privacy concerns by storing sensitive health information in thirdparty cloud service providers, as a result of which health care information is likely to be accessed by a wide range of users, potentially exposing patients' privacy [9][10][11].
There are several sorts of coding algorithms that have been created for encrypting information before it is sent to the cloud [12,13]. The primary goal of coding approaches is to provide strong security, access control, and information secrecy to cloud data [14]. PHR makes use of cloud computing technologies to allow the transmission of health data in a safe environment [15]. The key generation algorithmic rule was abused by the public key. Every certificate with time T has a time seal described by the information owner. To generate the ciphertext, the ECC algorithmic rule [16] method is used. To improve the secrecy of users with little expertise, multi-certificate routing is used [17].
Various techniques are projected to safeguard the information contents' privacy via access management. Identity-based encryption (IBE) associate with causing an email. It makes the cryptographic aspects of the communication nearly clear to the user, and it may be used effectively even by laymen United Nations agency unskilled person regarding keys or protocols. When a message is sent, the sender specifies the recipient's identity, and only a receiver with the same identity decodes it [18]. Fuzzy Identity-Based secret writing, also known as ABE, is planned for a few years later. Identity is seen as a set of descriptive qualities in such a secret writing scheme, and decipherment is achievable if a decrypt's identity overlaps with the one per the ciphertext [19]. Following that, in more generic tree-based ABE schemes such as Key-Policy Attribute-Based Encryption (CP-ABE) [20] and Cipher text-Policy Attribute-Based Encryption (CP-ABE) [20], a user's private key is associated with an indefinite number of attributes represented as strings. On the other side, once a party encrypts a message in our framework, they provide an access structure over characteristics. A user can only be ready to rewrite a ciphertext if the user's characteristics match the access arrangement of the ciphertext. The remainder of the paper contribution is as follows: • Develop a KEK is implemented for the attribute key generation. • Keep the generated key in a secured manner the sigmoid value is calculated for the identified attribute.
• Encryption technique is mainly used to keep the patient health records in a secured manner. • Keep the information in a more secured manner the signature feature associated with the cryptosystem is added along with the calculated sigmoid value.
The remainder of the article is organized as follows: Sect. 2 displays the related work. Section 3 introduces the suggested methodological design, as well as the implementation stages for the proposed algorithm. Section 4 goes over the experimental setup, findings, and comparative analysis. Section 5 brings the whole project to a close.

Related Work
Rui Guo et al. [21] had proposed a convention for some unique access structures into a solitary one, which the various leveled PHR is scrambled dependent on. There are numerous specialists to create and convey the client's private key altogether. As per this model, it empowers to stay away from the issue of key escrow and adjust to the conveyed normally for cloud administration frameworks. Be that as it may, it has no confided in single or focal one in these specialists. Deepa1 and Pandiaraja [22] proposed that data be recovered from the cloud via an attribute-based file encoding technique. In comparison to current protocols, the ERFC mechanism requires the least amount of computing and communication quality for four operating mechanisms: patient key computation, doctor index building computation, cloud operating mechanism, and finally patient report secret writing. All four working techniques have been designed to provide successful file recovery to end-users.
Mythili1 et al. [23] had recommended that ABSC use ABE and attribute-based marks to achieve protection-focused categorization in addition to authenticity. Surprisingly, a considerable percentage of the current ABE and ABSC designs impose significant processing overheads to the key length, ciphertext size, or expressive access structures used. Another ABSC scheme is being devised to reduce computational overheads, particularly in the cloud, by offering the more sensitive hypergraph access structure, Attribute Hypergraph.
Hong Zhong et al. [24] had proposed an effective and attribute-based admittance control plot upheld by rethinking, for edge empowered keen medical services. Contrasted and the conventional characteristic encryption conspire, re-appropriate fractional encryption and unscrambling tasks to the edge hubs, decrease the figuring heap of asset compelled gadgets, and ensure the protection and security of clinical information. Simultaneously, the plan underpins trait refreshing, which improves the effectiveness of the plan.
Azath Mubarakali et al. [25] had proposed a huge number of customers and information proprietors in the PHR structure who had potentially weighty computational and organization load on the components in the system; which confine the PHR data openness and convenience. To find a better solution to the aforementioned difficulties, Attribute-based Health Record Protection (AHRP) computation is familiar with providing data access control categorization, validity, and mystery. It is an access control arrangement that scrambles the data and is a useful method for validating a message without disclosing the patient's personal information.
Man Ho Aua et al. [26] have suggested an affirmative solution to the problem by proposing a generic architecture for secure PHR sharing. The suggested solution allows patients to safely store and share their PHR in the cloud server, and treating clinicians can refer the patients' medical data to experts for research commitments as necessary, all while keeping the patients' information private. The suggested method is also concerned with crossdomain activities.
Liu et al. [27] an authentication method was ensured that the system was login in and system service resources were obtained only by genuine users through verification. In this study, a safe, confident user authentication method for a personal health records system in the cloud environment provides appropriate people with cloud-based access to PHRs. A password in combination with a smart card employed the suggested method of authentication, which enables the owner and authorized users to log in and access the appropriate personal documents to the system.
Liu, Yaru et al. [28] The DSSE Scheme for IIoTH is presented for privacy conservation. It is the first DSSE strategy for the security PHR database. The secure index is based on a Hash Chain and updates trapdoor file resistance. We also search fine-grained PHR files of an attribute value type database using encrypted PHR files. If the user does search operations, the attribute value only matches the whole file. Consequently, the costs of communication are lowered and the privacy of the patient minimized. The proposed scheme has to accomplish access control attributes, which allows users to ascribe different access authorities. The comparison analysis of existing papers is given in Table 1.

Proposed Sigmoid and Median Support Based Signature-Based Cryptosystem
This proposed method presents a Sigmoid and median support-based signature-based cryptosystem for sharing the PHR data secured in the cloud environment the proposed method has two phases; the initial phase is key generation. In attribute selection then based on the attribute key is generated. After the attribute, key generation Sigmoid is calculated for the key secured. The ciphertext is displayed instead of displaying the sigmoid value.
In the second phase to keep the personal data of the patient in a secured manner the median support value-based signature is generated and without displaying the generated signature the ciphertext is displayed. In the Decryption process to users access the information in the cloud, they could have to verify the both generated private key and signature. Once the private key verification is successful, then the generated signature is validated to keep the data and send it to the user. The entire work procedure is shown in Fig. 1.

Attribute-Based Key Encryption Key Algorithm
To keep the information, secure in the cloud environment the security key has to be generated for the attribute AB is identified using the KEK algorithm. In previous, Pairwise Temporal Key (PTK) is the set of assigned session keys. So in this work consider the KEK algorithm the proposed encryption process two types of keys, public and private keys are used [27]. The keys are mainly of two types they are public and private keys. In such a way the public key is used for signature generation and sigmoid calculation but in this case of the private key is used for decryption. KEK algorithm is efficient on behalf of both the encryption and decryption process. The KEK algorithm-identified characteristic may be used to create keys for both the encryption and decryption processes. The Attribute-based KEK algorithm steps are defined as follows. Step1 Choose a random number M and computer public key using bk = 2 M+1 .
Step3 Generate two large random and distinct prime numbers p , q Step4 Computer the N i = p * q and (i) = (p − 1) * (q − 1).
Step5 Computer private key using Pk i = N i * 2 mod (i).
Step6 Repeat the process Step2 to Step5 until the value k . The Attribute KEK algorithm which generates the key is shown in algorithm1.
Randomly choose a number M Compute the public key value to k Select attribute i AB Make two big random and separate prime numbers p , q be also large prime numbers.
bk is the public key of the cryptosystem.

End for End
Algorithm1: Attribute-based KEK algorithm

Key Based Sigmoid Calculation
To keep the generated key in a secured manner the sigmoid value is calculated for the identified attribute. The Sigmoid calculation formula is given below.
From the PHR database ∇H , using the above attribute-based KEK algorithm the most important is selected for the selected attribute the sigmoid value is obtained. The Sigmoid value is kept in the form of the secret key. The generated sigmoid value is not visible to everyone. Only the valid user has permission to access the sigmoid secret value.

Encryption Based on Key Based Sigmoid
Encryption technique is mainly used to keep the patient health records in a secured manner. Initially, the PHR ∇H database was converted into ASCII values. Then XOR by a random number 1 or 2 and encryption using step3. The algorithm steps for the proposed encryption based on the key are given in algorithm 2.

End for End For End
Where, EM is the encrypted message, Msg is the input message, PK is the Encrypted private key, n is the number of records, j is the number of attributes Algorithm2: Encryption based on Key Based Sigmoid

Generate the Signature-Based Cryptosystem
To keep the information in a more secured manner the signature feature associated with the cryptosystem is added along with the calculated sigmoid value. A signature is used to verify the information between both the sender and receiver sides. In this case, the signature is used for verifying the public key which is kept secret. The algorithm used to generate the signature-based cryptosystem is shown in algorithm3.

Algorithm 3: Encryption using median Support based Signature
Using this signature algorithm, the key size is considerably reduced. The main reason for using this signature-based cryptosystem algorithm is the integrity and nonreputation are considerably increased. Thus the key size is also minimized.

Cipher Text
The data in its encrypted form is referred to as ciphertext. The ciphertext is also known as encrypted information since it is unintelligible by humans or computers without the correct algorithm. The encrypted message ( EM ) using the KEK algorithm in the form of ciphertext and the generated signature ( ) based on support value is stored in the cloud.

Decryption Based Signature Verification
After storing the information in the cloud database, if the hospital or the Insurance Policy Company needs to access the information stored in the database then the signature verification process has to be performed. In the signature verification process, the public key is used to verify the signature to get the information access. The algorithm used for the signature verification process is shown in algorithm 4.

Algorithm 4: Signature verification process
If the defy value is equal, the verification step leads to the signature being considered effective, and the data is shared with the signature verified user. If the challenge value is not equal, the user results in an invalid signature, and the data is not shared with that user. Once the signature verification procedure is finished, the decryption process will begin.

Decryption Using Key
Once all the above process is completed the authenticated finally the decryption stage is carried out. The decryption stage only permits to access the information stored in the cloud database and a matching public key is used to decrypt the message. The decryption algorithm is shown in algorithm 5. The decryption stage is performed with the help of an asymmetric key. Using the asymmetric key, the user gets permission to use the information stored in the cloud database. The algorithm output is valid only if both the key verification and signature verification process accept, otherwise it is invalid. Once the verification process is completely verified the insurance company or the hospital gets the full rights to access the information which is stored in the cloud database. By performing both the encryption and decryption technique only the user gets the right to upload or download the contents from the cloud database. Cloud databases cannot be easily destructed the information stored in the cloud database can withstand for so many years without doing any modification. If the user wants to do any alteration in the information stored in the cloud database, then also the authentication step has to be completed before uploading the contents to the cloud database.

Results and Discussion
The suggested Sigmoid and signature-based cryptosystem method has been implemented in several database sizes ranging from 1000 to 10,000 records [18]. The database has been designed in such a way that it can accommodate a wide variety of difficulty and discrimination levels. In this section, the experimental results of the proposed framework are achieved using an Intel Core I3 processor with chipsets 2.0 GHz and 6 GB RAM 500 GB transfer and 300 GB storage by developing a security framework to prevent unauthorized data access using JAVA cloudsim. This section discusses the outcomes of both the existing and suggested techniques in terms of key computation time and communication complexity, Encryption time, decryption time, and Cloud working mechanism. Each criterion is checked and its performance is shown in the form of a graph. Compared to the other technique ERFC [22], FFE [22], FIBE [22], AHRPA [25], and CP-ABSC [23] the proposed technique provides better results.

Key Computation Time
The Key Computation time is depicted in Fig. 2. For 10,000 record sizes, the calculation time for ERFC is 5 ms, for FFE 42 ms, for AHRPA 34 ms, and using CP-ABSC 54 ms, for our suggested approach. The computation time is 3 ms. When compared to the existing technique, our proposed technique takes the least amount of time.

Communication Complexity
The time length between the beginning and ending time of a selected task is outlined because of the communication value. The procedure quality is computed mistreatment the derivation, where B c is the communication cost, d e (b) is the finish time of every assumed task,d f (b) is the initial time of any assumed task. The communication complexity is authorized with the existing technique and the graph is exposed in Fig. 3. The computing complexity for ERFC is 34 ms for 10,000 record sizes, FFE is 56 ms, AHRPA is 15 ms, CP-ABSC is 33 ms, and

Decryption Time
The time taken to decrypt the secret message is decryption time. It is important in terms of giving access permission to the cloud. Figure 5 signifies the decryption time of the patient record. For the Decryption section, the Decryption time for ERFC is 59 ms for 10,000 record sizes, FFE earns 84 ms, AHRPA requires 52 ms, CP-ABSC requires 78 ms, and

Cloud Working Mechanism
The Cloud Working Mechanism is depicted in Fig. 6. For 10,000 record sizes, the calculation time for ERFC is 31 ms, FFE is 33 ms, AHRPA is 44 ms, CP-ABSC is 47 ms, and our suggested protocol approach is 15 ms. When compared to the existing technique, our proposed technique mechanism requires the least amount of time.

Security Levels
The security value calculated using the proposed technique is kept in the form of ciphertext, Key sizes for equivalent security levels for different encryption methods are listed in the following Table 2. The comparison Table 2 proves that our proposed technique-based encryption is better than the existing technique in terms of different parameters. Table 3 displays the comparative findings for the area unit. This demonstrates that our approach achieves high levels of on-demand cancellation and private securities. The conjunctive rule restricts PUD to single permission, but in PSD, a user's access arrangement might still be a chance monotonic formula. As a file access policy, the CP-ABSC supports any monotonic Boolean formula. The proposed method, on the other hand, is more effective in terms of communication overhead, as seen by the comparison in Table 3. In CP-ABSC, the data holder must recompute and then send fresh ciphertext components matching canceled characteristics to all remaining users after each cancellation event.

Conclusion
This paper describes how we obtained the signature-based cryptosystem method for keeping the information secured in the cloud database. Various steps are involved for determining the variation in technique on behalf of ERFC, FFE, FIBE, AHRPA, and CP-ABSC. Initially, the KEK algorithm is carried out to generate the key for keeping the information in a  secured manner. Sigmoid is calculated for the newly generated key and the key-encryption process is carried out for the private key. On another side for the data retrieved from the PHR database after the encryption step the signature is calculated and kept secure. The valid users only have access permission to access the information from the cloud database. The verification step is carried out before accessing the cloud. Performance analysis of our proposed work is computed concerning the Key computation time, communication Complexity, Encryption time, decryption time, Cloud working mechanism, and security values. The experimental outcomes verify that our signature-based cryptosystem system has a better outcome comparing with the existing technique.