Multi-data Multi-user End to End Encryption for Electronic Health Records Data Security in Cloud

Abstract

A new method of secure Electronic Health Record (EHR) data sharing is implemented using matrix cryptography. The EHRs are encrypted and stored in the cloud for efficient distribution to multiple end users who decrypt the corresponding encrypted data. The end users are selected based on their attributes with reference to the relevance and sensitivity of the EHRs under consideration. Thus, the proposed method is basically a matrix version of multi-channel Attribute Based Encryption (ABE) that provides fine grained access to the data and simple user revocation/invocation. The proposed technique has low computational overhead as it avoids expensive bilinear pairings approach.

Appendix A

1.1 Index-Wise Orthogonal Double Set of Integer Matrices (IWODSIM)

In EEE-MCA, the key consider the prime set of integer matrices in finite field Z_p as,

$${\varvec{A}}=\boldsymbol{ }[{\varvec{A}}\{1\}, {\varvec{A}}\{2\},\dots , {\varvec{A}}\{i\},\dots , {\varvec{A}}\{R\}]$$

(A1)

where, A{i}\(\in {Z}_{p}^{MxN}\) for i = 1 to R. All the elements of A{i}belongs to Z_p and the size of A{i} is MxN. Where,

$$N=M*R+M=M*(R+1)$$

(A2)

The condition N = M*(R + 1) is essential in generation IWODSIM’s.

The dual of A is the set B as,

$$B=[B\{1\}, B\{2\},\dots , B\{j\},\dots ,B\{R\}]$$

(A3)

where, B{j}\(\in {Z}_{p}^{NxM}\) for i = 1 to R. (All the elements of B{j} belongs to Z_p and the size of B{j} is NxM).

1.2 Index-Wise Orthogonal Property

Matrices A{i}’s and B{j}’s are generated such that,

$$\left({\varvec{A}}\left\{i\right\}*{\varvec{B}}\left\{j\right\}\right) mod p=\left\{\begin{array}{c}{{\varvec{I}}}_{MxM}\mathrm{if }i=j\\ {0}_{MxM}\mathrm{if }i\ne j\end{array}\right.$$

(A4)

When A{i}’s and B{j} are related as in (A4), we say that they are index-wise orthogonal.

1.3 Generation of A{i}’s and B{j}’s

As a first step, generate a random integer matrix HH of size NxN in Z_p as follows.

In normal algebra, the House Holder Orthogonal Matrix [A1} is obtained as,

$${\varvec{H}}{\varvec{H}}=I-\frac{2*V*{V}^{T}}{{V}^{T}*V}$$

(A5)

where, V is a column vector. In the finite field Z_p, division by \(\left({V}^{T}*V\right)\) is replaced by multiplication by its modular inverse with respect to p, to get HH in Z_p as,

$${\varvec{H}}{\varvec{H}}=I-2*{\varvec{V}}*{{\varvec{V}}}^{T}*ModInv\left({V}^{T}*V,p\right)$$

(A6)

Here, V is a non-zero random integer column vector in Z_p of size N*1. All operations in (A6) are carried out in Z_p. In (A6), the size of the identity matrix I used is N*N and that of V is taken as N*1 so that the size of the resulting HH is (N*1) * (1*N) = N*N. Since HH is orthogonal,

$${\varvec{H}}{\varvec{H}}*{\varvec{H}}{\varvec{H}}{\varvec{T}}=IN*N$$

(A7)

HH, the orthogonal matrix generated has N rows which is same as M*(R + 1) rows as specified by A2). Now, matrix HH is partitioned row-wise into (R + 1) sub matrices, D{1}, D{2},…, D{R}, D{R + 1} each of size M*N as shown in Fig. 6a. Similarly matrix HH^T is partitioned column-wise into (R + 1) sub matrices, B{1}, B{2},…, B{R} as shown in Fig. 6b.

Based on the partition and from the modular orthogonal property of HH, for i, j = 1 to R + 1,

$$\left({\varvec{D}}\left\{i\right\}*{\varvec{B}}\left\{j\right\}\right) mod p=\left\{\begin{array}{c}{{\varvec{I}}}_{MxM}\mathrm{if }j=i\\ {0}_{MxM}\mathrm{if }j\ne i\end{array}\right.$$

(A8)

and

$$D\{i\}=B\{i\}\mathrm{T}$$

(A9)

From equation (A9), it can be seen that D{i}’s can be determined by knowing B{i}’s. In cryptography, this dependency has to be avoided, so that D{i} could not be deduced by knowing B{i}. To achieve this, D{i}’s for i = 1 to R, are additively randomized to get A{i}’s as,

$$A\{i\}=D\{i\}+W\{i\}*D\{R+1\}$$

(A10)

Here, W{i} is a random matrix of size M *M in Z_p, chosen by the KGC.

Now, consider the product A{i}*B{j} for i, j = 1 to R. When j = i, from (A10),

$$A\{i\}*B\{j\}=[D\{i\}+W\{i\}*D\{R+1\}]*B\{j\}=D\{i\}*B\{j\}+W\{i\}*D\{R+1\}*B\{j\}$$

(A11)

From (A8), D{i}*B{j} = I_M*M and D{R + 1}*B{i} = 0 as the range of i and j are in the range 1 to R. Therefore, Equation (A11) reduces to,

$$A\{i\}*B\{j\}=IM*M\mathrm{ if }j=i$$

(A12)

On the other hand, When j ≠ i, in the light of equation (A8),

$$A\left\{ i \right\}*B\left\{ j \right\} = I_{{M*M}} \quad {\text{if}}\,j \ne i$$

(A13)

Thus, it is proved that the procedure described in this appendix generates an IWODSIM represented by,

$$\left({\varvec{A}}\left\{i\right\}*{\varvec{B}}\left\{j\right\}\right) mod p=\left\{\begin{array}{c}{{\varvec{I}}}_{MxM}\mathrm{if }i=j\\ {0}_{MxM}\mathrm{if }i\ne j\end{array}\right.$$

(A14)

for i, j = 1 to R.

1.4 Multiple versions for A{i}

In (A10), choosing different random matrices for W{i}, different versions of A{i}’s can be generated which satisfy (A14) for i = 1 to R. The use of different versions of A{i}for different sessions prevents Chosen Plaintext Attack (CPA).