A review of the state of the art in privacy and security in the eHealth cloud

The proliferation and usefulness of cloud computing in eHealth demands high levels of security and privacy for health records. However, eHealth clouds pose serious security and privacy concerns for sensitive health data. Therefore, practical and effective methods for security and privacy management are essential to preserve the privacy and security of the data. To review the current research directions in security and privacy in eHealth clouds, this study has analysed and summarized the state of the art technologies and approaches reported in security and privacy in the eHealth cloud. An extensive review covering 132 studies from several peer-reviewed databases such as IEEE Xplore was conducted. The relevant studies were reviewed and summarized in terms of their benefits and risks. This study also compares several research works in the domain of data security requirements. This paper will provide eHealth stakeholders and researchers with extensive knowledge and information on current research trends in the areas of privacy and security

Securing clouds using cryptography and traffic classification

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Over the last decade, cloud computing has gained popularity and wide acceptance, especially within the health sector where it offers several advantages such as low costs, flexible processes, and access from anywhere. Although cloud computing is widely used in the health sector, numerous issues remain unresolved. Several studies have attempted to review the state of the art in eHealth cloud privacy and security however, some of these studies are outdated or do not cover certain vital features of cloud security and privacy such as access control, revocation and data recovery plans. This study targets some of these problems and proposes protocols, algorithms and approaches to enhance the security and privacy of cloud computing with particular reference to eHealth clouds. Chapter 2 presents an overview and evaluation of the state of the art in eHealth security and privacy. Chapter 3 introduces different research methods and describes the research design methodology and processes used to carry out the research objectives. Of particular importance are authenticated key exchange and block cipher modes. In Chapter 4, a three-party password-based authenticated key exchange (TPAKE) protocol is presented and its security analysed. The proposed TPAKE protocol shares no plaintext data; all data shared between the parties are either hashed or encrypted. Using the random oracle model (ROM), the security of the proposed TPAKE protocol is formally proven based on the computational Diffie-Hellman (CDH) assumption. Furthermore, the analysis included in this chapter shows that the proposed protocol can ensure perfect forward secrecy and resist many kinds of common attacks such as man-in-the-middle attacks, online and offline dictionary attacks, replay attacks and known key attacks. Chapter 5 proposes a parallel block cipher (PBC) mode in which blocks of cipher are processed in parallel. The results of speed performance tests for this PBC mode in various settings are presented and compared with the standard CBC mode. Compared to the CBC mode, the PBC mode is shown to give execution time savings of 60%. Furthermore, in addition to encryption based on AES 128, the hash value of the data file can be utilised to provide an integrity check. As a result, the PBC mode has a better speed performance while retaining the confidentiality and security provided by the CBC mode. Chapter 6 applies TPAKE and PBC to eHealth clouds. Related work on security, privacy preservation and disaster recovery are reviewed. Next, two approaches focusing on security preservation and privacy preservation, and a disaster recovery plan are proposed. The security preservation approach is a robust means of ensuring the security and integrity of electronic health records and is based on the PBC mode, while the privacy preservation approach is an efficient authentication method which protects the privacy of personal health records and is based on the TPAKE protocol. A discussion about how these integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects follows. Distributed denial of service (DDoS) attacks are the second most common cybercrime attacks after information theft. The timely detection and prevention of such attacks in cloud projects are therefore vital, especially for eHealth clouds. Chapter 7 presents a new classification system for detecting and preventing DDoS TCP flood attacks (CS_DDoS) for public clouds, particularly in an eHealth cloud environment. The proposed CS_DDoS system offers a solution for securing stored records by classifying incoming packets and making a decision based on these classification results. During the detection phase, CS_DDOS identifies and determines whether a packet is normal or from an attacker. During the prevention phase, packets classified as malicious are denied access to the cloud service, and the source IP is blacklisted. The performance of the CS_DDoS system is compared using four different classifiers: a least-squares support vector machine (LS-SVM), naïve Bayes, K-nearest-neighbour, and multilayer perceptron. The results show that CS_DDoS yields the best performance when the LS-SVM classifier is used. This combination can detect DDoS TCP flood attacks with an accuracy of approximately 97% and a Kappa coefficient of 0.89 when under attack from a single source, and 94% accuracy and a Kappa coefficient of 0.9 when under attack from multiple attackers. These results are then discussed in terms of the accuracy and time complexity, and are validated using a k-fold cross-validation model. Finally, a method to mitigate DoS attacks in the cloud and reduce excessive energy consumption through managing and limiting certain flows of packets is proposed. Instead of a system shutdown, the proposed method ensures the availability of service. The proposed method manages the incoming packets more effectively by dropping packets from the most frequent requesting sources. This method can process 98.4% of the accepted packets during an attack. Practicality and effectiveness are essential requirements of methods for preserving the privacy and security of data in clouds. The proposed methods successfully secure cloud projects and ensure the availability of services in an efficient way

Success factors affecting the healthcare professionals to utilize cloud computing services

Integrating the new technologies to improve the healthcare services can be seen as one of the research trends nowadays, as earlier studies have recommended the potential of emerging technologies in enhancing healthcare service practices by means of providing more opportunities to carry out activities essential for prevention, diagnosis, monitoring, and treatment of the disease. Involving the cloud computing services in healthcare domain can offer a way for handling and maintaining health data by making use of software applications hosted on the Internet. To ensure successful cloud computing utilization, a pre-examination on the context of usage should be applied in order to collect the real needs to guarantee getting all the possible benefits of this technology. In Iraq, the health records of public hospitals consist of various types of data which continue to increase in velocity, volume, and variety progressively. This has led to several major issues to the health sectors from two perspectives, data complexity and low IT integrity. For that reason, managing and maintaining all these health data are essential to healthcare organizations. In this paper, we collected the success factors that may influence the healthcare professionals to utilize cloud computing services for the health sector in Iraq. This is done by conducting an interview with 30 physicians and technicians from four hospitals in Iraq, then a literature survey was carried out to verify that all the gathered factors are within the circumstance of healthcare. It has been found that eight factors may affect the perspective of healthcare professionals to utilize cloud computing services. Finally, a conceptual model was developed based on the findings

MATURITY MODEL FOR HEALTHCARE CLOUD SECURITY

Management of security across eHealth cloud services is a major organizational challenge that healthcare organizations seek to resolve in order to aid their trusts in cloud and increase the adoption of cloud services in healthcare. The organizational challenges regarding implementations of technical security solutions are the major limiting factors for the adoption of the eHealth cloud. As such, the aim of this research will focus on developing a security maturity model, which will help healthcare organizations to provide a description of the application of their cloud security services, and an assessment and improvement of their cloud security services over time, as well as to guide and educate relevant stakeholders concerning the optimization of their security practices. The identified gaps in the review are in the aspect of adoption – the maturity models are either too complicated to implement, or they require the healthcare organization’s processes to be refined to suit the maturity model’s implementation. The Maturity Model for Healthcare Cloud Security (M2HCS) was developed using the Design Science Research Methodology (DSRM). It was validated using a formulated case study, web-based survey and interviews with practitioners, DSRM framework, and feedback from scientific community. The novel contribution of this research is the proposal of the model. M2HCS is a high level, holistic model that can be used to support and promote healthcare organization’s usable security practices against cyber and cloud security attacks

Cloud security - An approach with modern cryptographic solutions

The term “cloud computing” has been in the spotlights of IT specialists due to its potential of transforming computer industry. Unfortunately, there are still some challenges to be resolved and the security aspects in the cloud based computing environment remain at the core of interest. The goal of our work is to identify the main security issues of cloud computing and to present approaches to secure clouds. Our research also focuses on data and storage security layers. As a result, we found out that the protection of cloud data lies in cloud cryptography. Thus, this thesis reviews the new cryptographic techniques used to protect and process encrypted data in a remote cloud storage. In this thesis we are proposing a cryptographic scheme which uses fingerprint scanning for user authentication and AES technique of 128/192/256 bit cipher key for encryption and decryption of user's data. AES provides higher data security compared to other encryption techniques like DES and Blowfish. Our scheme is used in DropBoxCrypt application. DropBoxCrypt is a data encryption-decryption application developed for Android mobile devices which can be used for browsing, exporting and opening encrypted data stored in cloud storage