privacy preserving secure data exchange in mobile p2p

Privacy preserving secure Privacy preserving secure data exchange in mobile data exchange in mobile

P2PP2Pcloud healthcare cloud healthcare

environmentenvironment

Sk. Md. Mizanur Rahman · Md. Mehedi Masud

M. Anwar Hossain · Abdulhameed Alelaiwi ·

Mohammad Mehedi Hassan · Atif Alamri

Received: 2 October 2014 / Accepted: 6 February 2015

© Springer Science+Business Media New York 2015

Dhaka University of Engineering and Technology, Gazipur

Presented byMd. Mostafijur RahmanMasters Student ID #: 132431(p)Department of Computer Science and Engineering

Outline of the talkOutline of the talk• P2P cloud

o Technology context: multi-core, virtualization, 64-bit processors, parallel computing models, big-data storages…

• Describes the related work• Elaborates on the privacy and security threats, which can

occur when cloud peers exchange data over an unsecured channel and highlights our contribution.

• Secure data exchange : we describe how the data exchange policy/mapping is established between two cloud peers for our proposed protocol

• Pairing-based cryptography , we discuss issues of cryptographic implementation and prevention of different attacks in the proposed anonymous secure data exchange protocol.

• Anonymous authentication


ABSTRACT ABSTRACT

• Cloud computing technology offers the possibility of inter organizational medical data sharing at a larger scale. The different organizations can maintain their own cloud environment while exchanging healthcare data among them in a peer-to-peer(P2P) fashion according to some defined polices.

• Our proposed solution allows cloud peers to dynamically generate temporary identities that are used to produce a session key for each session of data exchange.

• Protocol is robust against different attacks, such as target-oriented, man-in-the middle, masquerade, and message manipulation attacks.


Operation WorkOperation WorkIn this paper we propose an anonymous on-the-fly secure data exchange protocol for such environment based on pairing-based cryptography. The proposed solution does not require a centralized control for the peers and it can avoid the expensive Public Key Infrastructure (PKI) based approach. The proposed scheme allows cloud peers to dynamically generate temporary identities that are used to produce a session key for each session of data exchange. It is robust against different security attacks, such as target-oriented, man-in-the middle, masquerade, and message manipulation attacks.Hospital, clinics, medical laboratories, pharmacists, and other stakeholders) are willing to share and exchange data about patients’ treatments, medications, and test results over an insecure network such as the Internet.


OperationOperation

Fig. 1 An example model of a collaborative healthcare scenario using P2P-Cloud-DB architecture


Operation healthcare scenario of Operation healthcare scenario of a P2Pa P2P


In this scenario, family doctors (FDDB), hospitals (HDB), medical laboratories (LABDB), pharmacies (PHDB), and other stakeholders (e.g. medical research cells (RDB)) are willing to exchange or coordinate information about patients’ treatments, medications, test results, and diseases.

In the system, an organization (a cloud peer) may need to be exchange data with other related organizations (cloud peers) according to some established policies between them. For example, family doctors may want to keep track of patients’ medications for some specific diseases. Therefore, FDDB should have a link with the PHDB. Any patient in PHDB diagnosed with a disease that is of interest to family doctors may have data that needs to be exchanged with FDDB. Moreover, family doctors may be interested in collecting test results of their patients from LABDB and the medications that their patients take while staying at hospitals and hence a link between FDDB and HDB is required. The links between cloud peers in the figure are formally a set of mappings or mapping constraints.

Anonymous DynamicAnonymous DynamicPseudo-ID generation techniquePseudo-ID generation technique

in P2P-Cloud-DBin P2P-Cloud-DB


Figure Above : In this paper, we propose an anonymous secured data exchange protocol between cloud peers where cloud peers generate dynamic IDs and the corresponding session keys on-the-fly for data exchange based on the requested query. In our protocol, when two cloud peers want to exchange data, each of them generates its dynamic ID and the corresponding secret session key using the shared attributes between them by computing a pairing function over an elliptic curve. Then the cloud peers authenticate each other in a challenge and response fashion.

Key agreement & anonymous secure data exchange in Key agreement & anonymous secure data exchange in

P2PP2P


OperationOperation


Step-by-step procedure of the Proposed Protocol

STEP 1: A query Qt is generated at the target Pj .STEP 2: Target Pj determines group G1, hash functionsH1 and H2 and performs the following steps:2.a: Generates a dynamic temporary IDTIDP , a dynamic authentication codeMACCA∧∨NCAj→i and a random number Rj .2.b: Pj sends < G1,H1,H2,Rj, TIDP MACCA∧∨NCAj→i > to the source Pi .STEP 3: Source Pi generates MACCA∧∨NCAi,θ; 1 ≤ θ ≤ n and compares with MACCA∧∨NCAj→i .If any one of MACCA∧∨NCAi,θ matches withMACCA∧∨NCAj→i then

OperationOperation


3.c: Generates a secret session key KSi, and an authentication code Aut0.3.d: Sends < G2, ˜ e,H3, TIDPi , RPii−SESSION , Aut0 > to the target Pj .STEP 4: Target Pj generates secret session key KSj , and verification code V er0. 4.a: Generates a random number RPjj−SESSION . 4.b: Compares V er0 with Aut0 if V er0 = Aut0 then generates Aut1. 4.c: Sends < RPjj−SESSION,Aut1 > to the source Pi .STEP 5: Source Pi generates verification code V er1.5.a: Compares V er1 with Aut1 if V er1 = Aut1 then generates message authenticationcode MACMESSAGE.5.b: Encrypts query result QRt, with session key KSi denoted as CIPHERQRt.5.c: Sends < TIDPi ,CIPHERQRt , MACMESSAGE, TIDPj > to the target Pj .STEP 6: Target decrypts CIPHERQRt with session key KSj ; generates verification messageauthentication code VERMESSAGE; compares VERMESSAGE with MACMESSAGE. ifVERMESSAGE = MACMESSAGE then data is accepted.

Anonymous secure data exchange Anonymous secure data exchange in P2P-Cloud-DB Durationin P2P-Cloud-DB Duration


RISKS ASOCIATED WITH RISKS ASOCIATED WITH CLOUDCLOUD

• Privacy threat : Procedures are being developed to improve security and performance in the cloud.

• Masquerade attack : Malicious peer may pretend to be a valid target of a source by stealing the identity of the real target.

• Man-in-the-middle attack : Shim proposed an improved identity-based authenticated key agreement protocol by including certified public keys. The author claims that the protocol provides attractive security properties, such as, known-key security, forward secrecy, key compromise impersonation resilience, and unknown key-share resilience.

• Message manipulation attack : For this attack, an attacker needs to take part in the message communication. To this end, it is necessary to be a valid node in the network. In our protocol, an attacker cannot forge the data exchange session and data packet as was already discussed.


RESEARCH ISSUES RESEARCH ISSUES •Define the characteristics of an application under test and the types of testing done on the application. providing all this in a cost-effective manner?

•Evaluate whether certain testing infrastructure in the cloud really helps to meet a specific performance attribute.

•Validate the quality of cloud tested applications at all levels. .

•Management of test data


Summary Summary •In this paper, we have presented a novel privacy preserving : •Secure data exchange protocol for a P2P cloud environment in a health care domain. Using this protocol a peer in a P2P-Cloud-DB generates a dynamic temporary ID .•Fly and corresponding session key by exchanging some system and session parameters with other peers. The protocol is based on pairing-based cryptographic model where the generated system and session parameters are derived from the confidential and non-confidential attributes that are present in the data schema of the P2P-Cloud-DB.•An important feature of the proposed protocol is that peers always generate a new dynamic temporary ID and a corresponding session key based on the query initiated by a target peer and authenticate themselves anonymously without disclosing their IDs. Thus, every session is completely independent with respect to the ID and session key generation.• Hence the proposed protocol successfully prevents different attacks such as man-in-the-middle attack, masquerade attack, message manipulation attack, and the more sophisticated target oriented attack. This approach has the potential to bring confidence into P2P cloud database system in case of anonymous secure data exchange in the health care domain.


References & useful linksReferences & useful links

• 1. Fuxman A, Kolaitis PG, Miller RJ, Tan WC (2005) Peer data exchange. In ACM Trans Database Syst 31(4):1454–1498

• 2. Beeri C, Vardi MY (1984) A proof procedure for data dependencies. In JACM 31(4):718–741

• 3. Halevy AY, Ives ZG, Suciu D, Tatarinov I (2003) Schema mediation in peer data management system. In: Proceedings of the international conference on data engineering, pp 505–516


Section Questions and AnswersSection Questions and Answers

ThanksThanks


privacy preserving secure data exchange in mobile p2p

Documents