Ternary Tree Based TGDH Protocol for Dynamic
Secure Group Data Sharing In Healthcare Cloud
Vaishali R. Thakare
School of Information Technology and Engineering
VIT University, Vellore-632014(TN), India
Email:
[email protected]
Email:
[email protected]
Abstract Healthcare requires continuous and systematic
innovation in order to provide high quality services. Cloud
computing is a new model of computing that promises to provide
more flexibility, less expense and more efficient IT services to
end-users. Large amount of sensitive data is shared by the
healthcare cloud users. Here, privacy and security of group
sharing data have become two major issues. The aim of this
paper is to propose a ternary tree based TGDH protocol for
dynamic group data sharing in healthcare cloud that could be
used by a healthcare organization to share their data in
dynamically secure groups containing other health organizations.
Secure and reliable group communication in healthcare
organizations is an increasingly active research area by growing
popularity in group oriented and collaborative applications.
Ternary tree approach covers more other healthcare members
(organizations) in a subgroup and height of ternary tree will get
increase when number of members in a group increase where
height of tree is number of iterations required to compute group
shared key.
Keywords Healthcare Cloud, TGDH protocol, Group Data
Sharing, Security, and Ternary Tree.
I. INTRODUCTION
According to the US National Institute of Standards and
Technology (NIST definition, cloud computing is a model
for enabling convenient, on-demand network access to a
shared pool of configurable computing resources that can be
rapidly provisioned and released with minimal management
effort or service provider interaction [1]. Its applications
have been reported in business, industry, research, education,
transportation and even national security [25].Cloud
computing is significant in streamlining healthcare services
whether it is for maintaining health records, monitoring of
patients, collaboration with peers, and analysis of patient data.
To leverage cloud clients from hardware requirements while
reducing overall client side requirements and complexity, one
the components used is the cloud platform service known as
Platform-as-a-Service (PaaS). Other components offering
K. John Singh
School of Information Technology and Engineering
VIT University, Vellore-632014(TN), India
cloud clients with quality of service and resources are
Infrastructure-as-a-Service (IaaS) and Software-as-a-Service
(SaaS). The structure of the cloud computing moves the
application software and databases to the large data centers,
where the management of the medical data and services are
not trustworthy. Cloud nodes are inherently more vulnerable
to cyber-attacks than traditional solutions, given their size and
underlying service-related complexity that brings an
unprecedented exposure to third parties of services and
interfaces. Nowadays healthcare organizations are sharing
their data with each other electronically over cloud for their
reliability, but cloud is a semi-trusted third party and hence,
security and privacy of data have become two major issues
comes in. With the help of cryptographic encryption
technologies one can store his/her data in the cloud. The users
who want to download the files can download and decrypt
them with provided keys [9]. Here, the issue arises, how to
distribute and update session keys? For example, assume that
Alice wants to send a file securely to recipient Bob, then first
Alice chooses a random session key and uses symmetric
encryption algorithm [10] (such as AES, DES) to encrypt a
file:{FILE}. Then, Alice uses asymmetric encryption
algorithm (such as RSA) to encrypt Session Key: E PuB .
Now, the Key: E PuB is called as digital envelope and this
can be distributed among the group members. However, if a
file is shared to N number of users then N numbers of
digital envelopes are to be generated, this creates
communication overhead i.e., O(N) for a single file.
Similarly, the computational complexity is O (N). In addition,
to share M number of files to N specific recipients then, O
(MN) number of digital envelopes to be formed. To reduce
this overhead and to communicate securely over insecure
channels it is essential that secret keys are distributed securely.
Even if the encryption algorithm used is computationally
infeasible to break, the entire system is vulnerable if the keys
are not securely distributed. Research has focused on security
and on efficiency. Many practical systems have been proposed
[6, 7]. The most familiar system is the TGDH key distribution III. SYSTEM MODEL
system. The system model (Fig. 1) consists of four entities: the cloud,
a hospital group MD, group admins, and large number of
II. RELATED WORK
group members. The data owner initially encrypts his/her data
Kaiping Xue and Peilin Hong [8] proposed a novel secure
locally to ensure privacy, outsources the data, and stores it in a
group sharing framework for public cloud, the framework can
group public cloud for easy user access. The data owner then
take the effective advantage of cloud help by taking care that
issues a decryption key for each authorized user according to
no sensitive data should be exposed to cloud provider and
his/her access rights.
attacker. It combines proxy signature, enhanced TGDH-based
Cloud is operated by CSPs and provides priced abundant
binary tree, proxy re-encryption as a protocol, with the help of
storage services. However, the cloud is not fully trusted by
this protocol the aim of authors proposed framework has been
user since the CSPs are very likely to be outside of the cloud
achieved. In this scheme authors used TGDH with binary tree
users trusted domain.
to negotiate and update the group key pairs with the help of
Hospital Group MD (HMD) is a group creator, only one group
cloud servers, but in binary tree based approach the group of
MD for a group exist, i.e., the topmost level of group
two members is formed, so per iteration the members covered
hierarchy is HMD. HMD can authorize specific group member
by a subgroup are less. Moreover height of binary tree will get
to manage the group and other group members and this
increase when number of members in a group increase where
privilege can be revoked by HMD when needed.
height of tree is number if iterations required to compute
group shared key. Similarly, cost will also increase when
number of members in a group will increase proportionally.
Hence, in proposed scheme ternary tree based approach is
used with GDH.2 and numbers of members covered by
subgroups are more, height is also decreased and it will take
less time to compute the shared group key and cost is also
decreased.
Priyanka Jaiswal et. al.[10] proposed an alternative approach
to group key agreement, i.e., a novel queue based group key
agreement protocol which uses the concepts of elliptic curve
cryptography to reduce unnecessary delays, considers member
diversity with filtering out low performance members in group
key generation processes. After analysing many prior group
key agreement protocols like TGDH, STR, BD, QBDH etc.,
they provide better security but they takes more computational
overheads. So, authors have used elliptic curve cryptographic
technique that removes exponentiation to reduce
computational overheads and provides better results than the Fig. 1 System Model od proposed system
other group key agreement protocols.
In addition, HMD generates initial security parameters and
Bharath K. Samanthula et. al. [9] proposed an efficient and
provides for all group members.
secure data sharing (SDS) framework using homomorphic
Hospital Group Admin (HGAd) takes a charge of user
encryption and proxy re-encryption schemes that prevent the
registration and user revocation. There can be 0,1 or more
leakage of unauthorized data when a revoked user rejoins the
group admins (HGAds)in a group, they acts like a member of
system. Also, authors present new solution based on the data
group but also having authority of group management. HGAds
distribution technique to prevent the leakage in case of
are guarantor to implement updating of group key.
collusion between revoked user and the cloud service
Hospitals Member (HM) have privileges to upload and
provider. To propose the new framework to support secure
download file in authorized group. Each HM can compute
query processing, authors have used existing work for
group key pair.
enhancement. Moreover, detailed security with experimental
Note: Here, HMD belongs to {HGAd} subset of {HM}.
analysis of the proposed framework on Amazon EC2 is
provided. IV. PROPOSED SCHEME
Proposed Protocol:
Following Table 1 shows the notations used in this paper. The .. (Where h is any integer and HMD=1 since HMD is
role of participants in this scheme is classified into following the topmost level)
way: Each member in Tr should have 0 or 3 child nodes
Call HMD child nodes as HGAdi (HGAd1, HGAd2, and
- Group member node: represents each group member
HGAd3 shown in Fig. 2)
as a leaf
SUBGROUP_FORMATION ()
- Sponsor node: corresponds with one key. This is HGAdi forms a set of subgroups
shared by all members of the subgroup rooted at this - HGAd1: {HM1, HM2, HM3},
key node (GM3, GM6 and GM9) - HGAd2: {HM4, HM5, HM6} and
- HGAd3: {HM7, HM8, HM9}
HGAd1, HGAd2, and HGAd3 computes their own secret
keys KH1, KH2, KH3 using TGDH() protocol.
HGAdi shares theirs secret keys with each other to
compute final group key
TGDH()
Assumption 1: HMD=1, HGAdi =3 and HMi= 9 as
shown in Fig. 2
Assumption 2: Rightmost group member of each
subgroup; HM3, HM6, HM9 act as a sponsor for
respective subgroups
Up flow:
1. HGAd1 determines a set {gKH1 mod p}
Broadcast
HGAd2: {HM4, HM5, HM6}
Fig. 2: Hospitals Group formation mechanism 2. HGAd2 determines a set {g KH1 KH2mod p,
gKH2mod p, g KH1 mod p} Broadcast HGAd3: {
Notation Description HM7, HM8, HM9}
n Number of current group members (here n=9) 3. HGAd3 determines a set {g KH1 KH2 KH3mod p, g
L Set of leaving members KH1KH2
mod p, g KH2 KH3mod p, gKH1 KH3mod p}
GMi i-th group member; i belongs to {1,2,..,n} where and computes group key since its having all
3h for all HM i
members secret keys
h height of tree
<l,v> v-th node at the l-th level of tree
4. HM9 acts as a main sponsor and it computes final
HMD Hospitals group managing director where HMD=1 group key i.e.,
HGAdi Hospitals group admins Key: g KH1 KH2 KH3mod p
BKi* set of HMis blinded keys
N Number of new member send requests to join/leave Down flow:
Broadcast
the original group(this value always 3h form) 1. HM9 HGAd1: {HM1, HM2, HM3},
{ g KH1KH2mod p,
n-N Number of remain member after leave request by N . HGAd2: {HM4, HM5, HM6}
members (3h form always) g KH2 KH3mod p, g KH1 KH3mod p}

PuB Public key of Bob 2. HGAd1 computes Key: g KH1(KH2KH3) mod p

PuKRe Public key of Receiver
3. HGAd2 computes Key: g KH2(KH1KH3) mod p
PrKGrp new group private key
PuKGrp group public key
End.

Table 1: Notation used with description Algorithm: Hospitals Group Formation Algorithm

Initialization HMD generates a ternary tree Tr. Each node in Tr contains 0

Group MD (GMD) takes charge of group initialization.
Since it is a ternary tree based approach, the group members,
which are participating in the group, are 3h form. Where h is
any integer number. Group initialization done as follows:
INITIALIZE ()
HMD: Construct a ternary tree Tr with members 3 h form
or 3 nodes. Child nodes of HMD called as Hospitals group
admins HGAdi. Now HGAdi forms a set of subgroups
containing three nodes and uses TGDH protocol to compute
the group key as discussed in previous sections.
Fig. 2 shows the group formation mechanism by using ternary
TGDH technique and group formation algorithm. Since, it is
ternary tree it shows one group leader three group admins i.e.,
nine group members for consideration. The root node is
located at the 0-th level (HMD) and the lowest leaves are at
the h-th level. Every member can be a leaf or a parent of three
members. The members are denoted by <l, v>, where 0<=
v<= 3h-1 since each level l hosts at most 3h nodes. Each
member is associated with the key KH<l, v> and the blinded key
BKH<l, v>. We assume that the member at leaf <l, v> is
associated with HMi, then the member <l, v> has HMis
session random key KH<l, v>. Furthermore, the member HMi at
node <l, v> knows every key along the path from <l, v> to
<0, 0>. In Fig 3 HM3, HM6 and HM9 are considered as
sponsors that owns subgroups (sub tree). Then, HM3 knows
every key {KH<2, 2>, KH<1, 0>, KH<0, 0>. } and every blinded key {
BKH<2,2v>, BKH<1, 0>, BKH<0,0v>}of that subgroup. Similarly for
HM6 and HM9. To compute single group key for all the
members, following two rounds need to follow:
Round 1: Here, HGAd1: {HM1, HM2, HM3}, HGAd2: {HM4,
HM5, HM6} and HGAd3: {HM7, HM8, HM9} are three set of
group members that forms a new subgroups. These new
subgroups compute their own secret keys KH1, KH2, KH3 using
TGDH and shares between HGAd1, HGAd2, and HGAd3.
Round 2: To compute key for subgroups HGAd1, HGAd2 and
HGAd3 there are two stages
1. Up-flow and
2. Down-flow.
The rightmost group member of each subgroup (i.e. HM3,
HM6, HM9) are assumes as a sponsors for HGAd1, HGAd2 and
HGAd3.
Up-flow:
HGAd1=> Determine a set {g KH1 mod p} and broadcast to all
members of HGAd2 i.e. HM4, HM5, and HM6
HGAd2 => Determine a set {g KH1 KH2mod p, gKH2mod p, g KH1
mod p} and broadcast to all members of HGAd3 i.e., HM7,
HM8, and HM9
HGAd3 => Determine a set {g KH1 KH2 KH3mod p, g KH1KH2mod
p, g KH2 KH3mod p, g KH1 KH3mod p}.
Now, g KH1 KH2 KH3 is a group key i.e. K: g KH1 KH2 KH3
Down-flow:
HGM9 => Broadcasts {g KH1KH2mod p, g KH2KH3mod p, g
KH1KH3
mod p} to all other members of groups, from this
HGAd1 and HGAd2 can also determine the group key
New Member Join
In proposed model, any new member can join the
group by sending the new join request to the group. New
group member need to follow the procedure below to join
group:
Consider the group has n members: {M1, HM2, ....HMn}. The
new member HMn+1 initiates the protocol by new joining
request including its blinded key (gk mod p) should reach to
every member of that group and first determines the insertion
point in the group (tree). Otherwise, if the ternary tree is fully
balanced, then the new member joins at the new level of tree.
The sponsor is the rightmost leaf in the subgroup (sub tree)
rooted at the insertion point. If the intermediate node in the
rightmost has 0 nodes (members), the sponsor inserts the new
member under this intermediate node. The tree becomes fully
balanced. Otherwise each member creates a new intermediate
node and a new member node, and promotes the new
intermediate node to be the parent of both the insertion node
and the new member node. After updating the tree, the
sponsor proceeds to update his share and computes the new
group key, while computing new group key includes all
members. Finally, sponsor will broadcast the updated group to
to all other members in the group including new member.
Sponsor is one of the group members from that group which
having authorities to add or delete the group member from
group such as, HGAdi, HMD, or HMi. Let us consider HGAdi
is a sponsor for new group member to join. Then, HGAdi tries
to find the leaf node. Every node in the group is under the
administration of one of the group member in the group,
which is having additional authorities than normal group
member. Then found node is set as the associated one of the of
the new joining group member. If not found then HGAdi
creates a new node to the tree and associate it with one of the
HGAds and attaches the new member to that newly created
node with smallest depth in tree structure.
Now, new group member have to follow the following process
for its security:
x Select a random security key.
x Selects his/her path from its associated node (to cloud
server) and get the blinded keys of all sibling nodes
in path.(Sponsor will have all keys of that root)
x Calculates new security and blinded keys of each
node in path.
x Send all the blinded keys from the associated node to
root node in the path to the HGAdi in an
authentication tunnel.
Now, HGAdi uploads all these blinded keys in the cloud server
path, cloud server updates the tree structure and blinded keys
of each node in path.
Whenever new member is joining the group then every time
the ternary key tree and group key pair should be updated to
prevent the forward secrecy of data. However, all digital
enveloped do not need to be updated.
Existing Member Leaving
The proposed is made flexible for the group members,
group members can join the group by sending the join request
and can leave the group whenever they want. To prevent the
backward secrecy, the group key pair and all digital envelopes
related to data sharing should be updated. In addition, the new
digital envelopes should be encrypted by new group public
key.
Consider HGAdi is a mandator and sponsor for group member
leaving event. HGAdi have to follow the below process:
x If the siblings of the leaving group members
associated node are also mandated by a HGA, these
nodes (the leaving group members associated node
and its siblings) and their parent node should be
merged to one leaf node. HGAdi mandates this new
leaf node. Otherwise, if the sibling node is associated
with a group member, HGAdi straightly mandates the
leaving group members associated leaf node.
x Randomly choose a new secret key K for the new
mandated node i, j, k, and then update secret keys
and blinded keys in the path from i, j, k to the root
node 0, 0, 0. The updated root security key and
blinded key are the new group private key (PrKGrp)
and group public key (PuKGrp).
Then, HGAdi computes the proxy re-encryption key and then
uploads the updated information into the cloud.
Admin Leaving
Each HGAdi mandates more than one leaf node, and
he/she knows the blinded keys of its leaf nodes. When a
HGAdi leaves, another HGAdi or HMD should mandate these
leaf nodes and change the security keys instead of him/her. As
the new mandating HGAdi or HMD chooses a random secret
key for each of the leaving HGAdis mandated leaf nodes, and
computes the secret keys and blinded keys of all node in the
path from each of these new mandated leaf node to the root
node. All the paths from each of these leaf nodes to the root
node form a sub tree of the ternary tree. The mandating
HGAdi or HMD first lists all internal nodes in the sub tree but
whose siblings are not in sub tree, and gets the blinded keys of
their siblings in Tr from cloud Servers.
Key synchronizing
To provide the enough security, key synchronizing
[14] is necessary, key synchronizing needed when following
scenarios comes:
x When any new member joins the group (forward
secrecy)
x When any group member or group admin leaves the
group
x When an offline member becomes online again
x When any member rejoins the group (backward
secrecy)
KSS1: When new member joins the group, key synchronization
is necessary, because common group key is derives with the
contribution of all group members in the group. In addition, to
provide the forward secrecy.
KSS2: When an existing group member leaves the group, to
provide backward secrecy key synchronizing has to be done.
KSS3: When offline member comes online again, key
synchronizing will be done to get the current group key of
group.
KSS4: When any group member rejoins the group, to provide
the backward secrecy, key synchronizing will be implemented.
V. SECURITY ANALYSIS
Backward secrecy: When any group member leaves the
group, HGAd or the HMD mandates its position in the ternary
tree. Every group member can compute the security keys of
every node in the path from leaf to root node. Because of this
reason, the security key of every node in the path updated
when any member leaves the group from that path. After
leaving the group, that member cannot able to compute the
group key whereas; all other members in the group can
compute the new group key [13].
Cloud provider cannot penetrate to group: Cloud provider
knows blinded keys of every node in a ternary tree, but it do
not knows the security keys of any internal nodes, so it cannot
get the final group private key to penetrate itself into group.
As we consider cloud providers are semi-trusted third party,
we cannot let permit cloud provider in the group for security
and privacy concerns.
Data Confidentiality: to prevent the data confidentiality a
traditional way used while sending data from sender to
receiver is, sender chooses a random session key and uses
symmetric encryption algorithm (such as AES, DES) to
encrypt a file:{FILE}. Then, sender uses asymmetric
encryption algorithm (such as RSA) to encrypt Session Key: E
PuKRe. Now, the Key: E PuKRe is called as digital envelope
and this can be distributed among the group members. In our
proposed scheme, we design a group key pair (PrKgrp, PuKgrp).
This schemes guarantee the authenticated group members
know the current group private key. The whole security relies
on the PrKgrps security. Every members of the group are
accessible to the PuKgrp, hence only group members can
compute the updated group private key. Moreover, only group
members can decrypt and download the files from the group
data sharing.
 Certificateless Authentication: In this proposed work, proxy Broadcast 2*n-2 3 Min(2*N, n-
N)
signature scheme is used to grant the data validity, which
Rounds hp 1 1
uploaded by the data owner to the cloud, and to grant the Proposed Messages 3/2*(n-1) 2 3/2*(n-N-1)
group admin (HGAd) privileges to the group members (HMi). Protocol Broadcast 5*n-9/6 1 (5*(n-N)-
With the use of this HMD can grant the privileges of group 9)/6
admins (HGAdi), for this privileges HGAdi needs to provide Table 3: comparison of proposed with existing TGDH
its public key PuKHGAdi and message warrantor i.e., MwHGAdi.
REFERENCES
Every members of the group has rights to verify the HGAdi
authorization and it can be done with the help of HMDs
[1] Mell P, Grance T (2010) The NIST definition of cloud computing.
public key. Cloud servers can maintain the public stored Commun ACM 53(6):50
privilege revocation list (PRL) which includes PuKHGAdi or [2] Koufi V, Malamateniou F, Vassilacopoulos G (2010) Ubiquitous access
MwHGAdi. And every verifier can check this PRL to verify the to cloud emergency medical services. In: 10th IEEE International
Conference on Information Technology and Applications in
authentication details. The status of the group members is in Biomedicine (ITAB), IEEE Press, New York, pp 14
the following format shown in Table 2. [3] Behrend TS, Wiebe EN, London JE, Johnson EC (2011) Cloud
computing adoption and usage in community colleges. Behav Inf
Technol 30(2):231240
Member Email Id Group Status Block Revoke
[4] Li Z, Cheng C, Wang K (2011) Cloud computing for agent-based urban
Name Name transportation systems. IEEE Intell Syst 26(1):7379
Alice alice16@gmai Cloud Joined Block Revoke [5] NSA embraces cloud computing,
l.com 1
http://www.darkgovernment.com/news/nsa-embracescloud-computing/
Steve steve16@gma Cloud Left Block Revoke
[6] Liu, B., Chen, Y., Hadiks, A., Blasch, E., Aved, A., Shen, D. and Chen,
il.com 2 G., 2014. Information fusion in a cloud computing era: a systems-level
Table 2: Group member status view perspective. Aerospace and Electronic Systems Magazine, IEEE, 29(10),
pp.16-24.
VI. CONCLUSION AND FUTURE WORK [7] Liu, H., Ning, H., Xiong, Q. and Yang, L.T., 2015. Shared authority
based privacy-preserving authentication protocol in cloud computing.
Data sharing in cloud environment by forming groups is Parallel and Distributed Systems, IEEE Transactions on, 26(1), pp.241-
considered as a common approach. But secure data sharing in 251.
[8] Xue, K. and Hong, P., 2014. A dynamic secure group sharing framework
groups is still a challenging issue for the researchers. There are in public cloud computing. Cloud Computing, IEEE Transactions on,
many frameworks available to share data in groups in the 2(4), pp.459-470.
previous researches listed in Related work section of this [9] Samanthula, B.K., Elmehdwi, Y., Howser, G. and Madria, S., 2015. A
secure data sharing and query processing framework via federation of
paper, one of them is dynamic secure group sharing cloud computing. Information Systems, 48, pp.196-212.
framework for public cloud proposed by Kaiping Xue and [10] Jaiswal, P., Kumar, A. and Tripathi, S., 2015. Design of Queue-Based
Peilin Hong, the framework combines proxy signature, Group Key Agreement Protocol Using Elliptic Curve Cryptography.
In Information Systems Design and Intelligent Applications (pp. 167-
TGDH-based binary tree, proxy re-encryption as a protocol. 176). Springer India.Wang, C.J. and Luo, J.F., 2012, November. A key-
But TGDH- based binary tree approach has some drawbacks policy attribute-based encryption scheme with constant size ciphertext.
In Computational Intelligence and Security (CIS), 2012 Eighth
which are explained in Related work. After analyzing the International Conference on (pp. 447-451). IEEE.
existing frameworks drawbacks, in this paper a dynamic [11] Seo, S.H., Nabeel, M., Ding, X. and Bertino, E., 2014. An efficient
certificateless encryption for secure data sharing in public clouds.
secure group sharing framework in public cloud computing Knowledge and Data Engineering, IEEE Transactions on, 26(9),
environment is proposed with TGDH-based ternary tree pp.2107-2119.
approach which effective than the existing frameworks. [12] Roman, A. and Szykula, M., 2015. Forward and backward
synchronizing algorithms. Expert Systems with Applications, 42(24),
Moreover, the proposed protocol is beneficial in healthcare pp.9512-9527.
cloud applications for secure data sharing. [13] Kudlacik, R., Roman, A. and Wagner, H., 2012. Effective synchronizing
As a further step, strong auditing and security techniques can algorithms. Expert Systems with Applications, 39(14), pp.11746-11757.
be added to enhance the internal security of this framework.
Table 3 shows the performance analysis of proposed protocol
in comparison with existing protocol.

Protocol Initialization Join Leave

Rounds h 2 Min(k+1, h)
TGDH Messages 2*n-2 3 Min(2*N, n-
N)
Fig. 2: Hospital Group formation mechanism