+44 1478 350008
Keywords: mHealth(Mobile Health); Privacy; AES algorithm; Encryption; Decryption; Private key
Wide development of electronic devices such as mobiles, I-pads, tabs, etc which is known as smart devices now a day’s; along with the implementation of sensors which are available at low cost have proved to be beneficial for improving the quality the health services. Remote mobile healthcare monitoring has already been successful and is a very good example of mobile Health (mhealth) application specially I the developing countries. Microsoft has launched a product Remote Monitoring System has beed designed the health status of cardiovascular and diabetes diseases in remote areas . In such remote healthcare monitoring system, client deployed portable sensors in wireless body sensor networks which collected psychological data, such as BP (Blood Pressure), BR (Breathing rate), and ECG/EKG (Electrocardiogram), Blood Glucose. The psychological data then collected can be sent to the server which is centrally placed, which could in return run the various web medical applications and the return it to the respective client. The applications have various different functionalities which range from sleep pattern analyzer, physical activity assistance, exercises, to cardiac analysis system which then provide consultation related to medical treatment . As the cloud computing technology is evolving as a new trend in the market, many different solutions can be thought of by using SaaS (Software as a Service) model along with the pay as you go business model in cloud computing, which would allow different companies to go ahead with their in the healthcare market. Automated decision support algorithms have along with cloud assisted healthcare monitoring system are being considered as a future trend .
Cloud assisted mHealth monitoring system offer an opportunity to improve the quality of the service of healthcare reduces the cost, but there are some hurdles in turning this technology into a reality. Without properly looking into the data management in the mHealth system, the client’s privacy could be at a great risk during the process of collection of data, storage, diagnosis, communication and computing the results. A recent survey shows that 75% of Americans consider their privacy very important [4,5].
There are some existing privacy laws such as HIPPA (Health Insurance Portability and Accountability Act) give protection to the personal health record, but the main drawback of the is that is not applicable to the cloud computing technology . There are many companies who have their own personal interest in collecting the client’s personal data [7,8] and further share it with the insurance companies, or research institutes, or even to the government agencies.
The privacy mechanisms which are traditional provide the mechanism by simply removing the client’s personal identity information or by using various anonymization techniques. But then these techniques fail to serve as a good protection mechanism because of the increasing diversity and increasing amount in the Personal Identifiable Information (PII) [9-13]. The proposed mobile monitoring system gives a good opportunity so as to collect a good and larger set of medical information, so as to identify the individual. Many recent research and studies show that an individual can be recognized from his blood pressure [14-16].
One the major problem with the privacy and security is the computational workload which is involved with the cryptographic techniques. With the presence of the cloud computing technology, it will be easy to shift the load of the computational computation on the cloud [17-20]. To achieve this very effectively and without any compromise to the privacy of the client and security of the client’s data is a big challenge, and should be investigated properly.
Our proposed system will mainly focus on the insider attacks, which can be either malicious or non-malicious. For example an insider could be an employee or a healthcare worker who might enter this business for this own selfish needs or some criminal purpose [21,22]. The attacks which are done by the insider are proved to be more dangerous than the attacks done by the outsider [23,24]. Thus the attacks done by the insider are much tougher to handle because the attacks might be done by the professionals or the criminals who might be expert at the attacks and also expert at escaping the intrusion attack.
In this paper we will be designing a system known as “Medicare”. We will firstly identify he problems related to the design of privacy protection and then the solutions will be provided. So that we understand it without any problem we will start with the basic structure so that we can understand all the possible privacy schemes. After understanding the privacy scheme we will give an improved solution to the privacy scheme observer by us. In AES algorithm, the keys will be generated between the client and the doctor. The data will be encrypted using the key generated and the decryption process will also be done be using the same key. The key will not be stored on the cloud. It will be with the respective client and the doctor. Once the communication starts between the doctor and the client the exchange of the data done will also be in the encrypted form. For that purpose also the key will be generated. In short 2 keys will be generated i.e. first key for authentication purpose and the second key for the purpose of the safety of the data exchange done between the client and the doctor.
We would first like to elaborate our paper “Medicare”. Medicare consists of 7 different modules. The modules are as follows (Figure 1):
1. Registration Module
2. Login Module
A. Client Login
B. Doctor Login
3. OTP generation/forget password
4. Notification Module
5. Dieses registration Module
6. Image Upload/Download Module
The Registration Module will be used for the registration of the user (patient) and the doctor. The doctor’s registration will have all the details of the doctor such as his qualification, specialization, etc. and the user’s registration will include his name, mobile number, password, gender, age, etc. The login module will have 2 sections i.e., the client (patient) and the doctor login. The login section will have only 2 fields i.e., the username field and the password field. After that module comes the next module i.e., the OTP generation and the forget password module. In this module the authentication of the client and the doctor will be done. The authentication of the client will be done by the generation of the OTP which will be sent to the client on his mobile number. The authentication of the doctor will be done by the administrator itself. The admin will personally check the details of the doctors, their degree, their qualification, their clinic or their respective hospitals. Forget password module also comes along with this module. If the user forgets his password he can get a recovery mail at his mail id by the admin. Next module is the notification module. If the doctor sends the report or gives the reply to the client and if the client is not available or is busy somewhere, the client will get the notification. Next is the dieses registration module. All the dieses will be already registered in the application along with the preferred doctor who can cure the dieses. The patient/user has to enter the dieses and he will get the list of doctors who can help him curing his dieses. One additional module to our application will be the Image upload/download module. The doctor, after generation of the report can send the report to the client in an image format. For this purpose we will be using FTP (File Transfer protocol) which is by default a secure protocol for transferring files. Cloud Server is used for storing all the data and will also act as offline storage. All the data in the encrypted format will be stored at the cloud [25-30].
AES (Advanced Encryption Standard)
AES stands for Advanced Encryption Standard. This algorithm is a symmetric encryption algorithm. The two cryptographers Joan Daemen and Vincent Rijmen developed this algorithm. This algorithm was designed to be effective on both hardware and software and block length of 128 bits is supported and also key length of 128, 192, and 256 bits is supported.
The AES algorithm consists of 2 parts i.e., Encryption and decryption. Encryption means conversion of the pain text into cipher text. This cipher text is the text which is in unreadable format. And decryption is the reverse process of encryption. This process converts the cipher text into plain text which is again in readable format.
Input: String to be encrypted
Output: Encrypted value
Get the instance of the Cipher class i.e., java.crypto.cipher
Generate the dynamic key
Using Base 64 encoder to encode the bytes of the given String and get the encrypted value. Return encrypted value.
Input: String to be decrypted
Output: Decrypted value
Get the instance of the Cipher class i.e., java.crypto.cipher
Generate the dynamic key
Using Base 64 decoder to decode the bytes of the given String and get the decrypted value. Return decrypted value.
Mathematical Model for AES Algorithm
Homomorphic Encryption HEnc (.)
This gives 2 encrypted messages:HEnc(m1+m2)= HEnc(M1)*HEnc(M2)
*: Corresponds to operation in Cipher Text
M1: Message 1
M2: Message 2
It can encrypt the message under Range [r1, r2]
Receiver can decrypt the message with the privacy key corresponding to the range [r1, r2]
pp : System Parameter
Input: M 2 M
Output: C= (C1, C2, C3)
With r= H3(mj j s)
S: random element from m
Algorithm performed by decryptor:
c2_ H2 (e (Skid: (1)) =s c3 _ H4(s) =m
1. Login Failed.
2. Patient not in the range of Wi-Fi.
FTP Protocol is used to transfer the computer files between client and server on a computer network. The reports made by doctors or the previous history of reports can be send to patient or doctor by using FTP protocol.
In this paper, we designed a “Medicare” application which is a health monitoring system, which we can use to protect the privacy of the clients and also so that we can protect the intellectual property of the providers.