Secure G-Cloud-Based Framework for Healthcare Services

1. INTRODUCTION

1.1 PROJECT OVERVIEW

A common phenomenon in healthcare in most Arab countries is the lack of optimal utilization
of human and material resources available to provide integrated healthcare to prevent diseases and
treat diseases after they occur. Statistics indicate that Arab countries suffer from high rates of health
problems, such as diabetes, liver disease, and parasitic diseases, such as histosomiasis and malaria.
These health problems could be prevented before they occur or their complications prevented by early
detection. This is due to a combination of factors: planning, operational, and technical. If we were able
to overcome them, this would lead to significant progress in the level of health care. In addition, there
is a weakness and lack of available hospital information systems, which is some of the most advanced
software that directly serves all technical and administrative healthcare activities, ensuring that the
medical institution has full control over all its activities and resources. The successes of these
advanced systems do not depend on the exact selection of equipment and software for storage. Rather,
their success depends on their suitability for different users from health care providers, such as doctors,
nurses, technicians and even administrators- where the vision and priorities of each of these categories
differ, and their information needs vary, as do the benefits of each of the these systems.

The traditional health system has been replaced by an electronics health information system
because the traditional system has been found to be ineffective due to a number of issues, including
low storage capacity, high operating and maintenance costs, and system integration. The computerized
health system was then replaced by cloud computing because it relies on a more efficient
infrastructure, as well as the many benefits of cloud computing in IT, such as cost, scalability,
flexibility and other features. The use of cloud computing in electronic health records reduces costs in
the provision of health services, maintenance costs, networks, licensing fees and infrastructure in
general and this will there for encourage developers to adopt the cloud in health care. The rapid shift of
the cloud and it use in health care system has raised concerns about crucial issues of privacy and
information security. The adoption of the cloud in IT increases the focus and concern of health care
providers on clinical and patient-related services and reduces attention on infrastructure management.

The sharing of personal and health information across the internet and various servers outside
the safe environment of the health care institutions has led to a number of problems related to privacy,
security, access and compliance issues.
1
 Secure G-Cloud-Based Framework for Healthcare Services

1.2 PROBLEM STATEMENT

By using cloud computing, in this project we can develop the healthcare sector and to benefit
from the services. A cloud based theoretical framework has been developed for the improvement of
electronic health services. In this framework electronic services is used by the ministry of the interior
to ensure the personal identity of the persons, and the government is responsible for delivering services
through a highly efficient, reliable and safe environment.

1.3 AIM

Aim of the project is to provide “healthcare services using secure G-cloud-Based framework”.

1.4 OBJECTIVE OF PROJECT

 The main objective of the project is to provide secure resources to the healthcare services by
storing in the cloud.

 By using the secret key the health service provider can access the file whenever needed.

2
 Secure G-Cloud-Based Framework for Healthcare Services

2. SYSTEM ANALYSIS

2.1 EXISTING SYSTEM

• Li et al. enhanced a Multi-authority Attribute base encryption (MA-ABE) scheme to handle
efficient and on-demand user revocation, and prove its security. The proposed MA-ABE scheme
utilized ABE to encrypt and access not only the patient data but also various users from public
domain with different professional roles, qualifications and affiliations.
• Alshehri et al. proposed a cloud-based EHR system, which consists of the cloud-based data storage
and computing resources, healthcare providers, and attribute authority (AA). In this scheme, one
single AA is responsible for key management, including generation, distribution, and revocation in
the EHR system.
DISADVANTAGES OF EXISTING SYSTEM
• In the literature, there are no existing powerful frameworks that clearly address all viable schemes
and interrelationships between cloud computing and healthcare technology.

• The problem with the ABE-based encryption scheme is that data encryption needs to use the public
key for each licensed user and needs to use attributes to control the user's access to the system. So,
ABE cryptographic credentials are issued by trusted attribute authority, which is in possession of a
global master key for key generation.
2.2 PROPOSED SYSTEM
• In the proposed system, it provides a flexible, secure, cost-effective, and privacy preserved G-
cloud-based framework for government healthcare services. The proposed system is developed by
applying, using, and modifying the most recent encryption and decryption mechanisms suited for
cloud-based EHR systems.
• The proposed scheme does not use the standard encryption system, which is not suited to the cloud
environment. Achieving scalability of computing resources that can be expanded and controlled
according to the required health services. The EHR is able to support massive data exchanges.

• The proposed system is developed by providing an effective solution for decision makers in the
government health sector to adopt cloud-based healthcare systems, especially in developing
countries.
• Different domains of attributes are managed by different attribute authorities, which operate
independently from each other and controlled by the central trusted authority.

3
 Secure G-Cloud-Based Framework for Healthcare Services

ADVANTAGES OF PROPOSED SYSTEM

• Providing a better authentication multifactor applicant authentication in cooperation with two
trusted authorities.
• Security analysis has been conducted according to major security requirements in cloud
environments.
• This framework aims to provide health services and facilities from the government to citizens
(G2C).
• Our proposed framework is based on CP-ABE which is more secure and more efficient in
comparison with other existing frameworks. It uses multiple authority attribute domains that impose
different access privileges for different types of applicants in order to achieve fine-grained access
control.

• The proposed scheme is suited for G-based cloud EHR systems and gets advantages from the
facilities and the infrastructure provided by the government.

2.3REQUIREMENT ANALYSIS
2.3.1 SOFTWARE REQUIREMENTS:
Language : Java
IDE : Eclipse Indigo
Operating system : Windows
Server : Apache tomcat 7.0
Database : MYSQL
2.3.2 HARDWARE REQUIREMENTS:
Ram : 4GB RAM
Hard Disk : 1TB
Processor : i5

2.4 FEASIBILITY STUDY

The feasibility of the project is analyzed in this phase and business proposal is put forth with a very
general plan for the project and some cost estimates. During system analysis the feasibility study of the
proposed system is to be carried out. This is to ensure that the proposed system is not a burden to the
4
 Secure G-Cloud-Based Framework for Healthcare Services

company. For feasibility analysis, some understanding of the major requirements for the system is
essential.

Three key considerations involved in the feasibility analysis are

• ECONOMICAL FEASIBILITY

• TECHNICAL FEASIBILITY

• SOCIAL FEASIBILITY

ECONOMICAL FEASIBILITY
This study is carried out to check the economic impact that the system will have on the
organization. The amount of fund that the company can pour into the research and development of the
system is limited. The expenditures must be justified. Thus the developed system as well within the budget
and this was achieved because most of the technologies used are freely available. Only the customized
products had to be purchased.

TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the technical requirements of the
system. Any system developed must not have a high demand on the available technical resources. This will
lead to high demands on the available technical resources. This will lead to high demands being placed on
the client. The developed system must have a modest requirement, as only minimal or null changes are
required for implementing this system.

SOCIAL FEASIBILITY
The aspect of study is to check the level of acceptance of the system by the user. This includes the
process of training the user to use the system efficiently. The user must not feel threatened by the system,
instead must accept it as a necessity. The level of acceptance by the users solely depends on the methods
that are employed to educate the user about the system and to make him familiar with it. His level of
confidence must be raised so that he is also able to make some constructive criticism, which is welcomed,
5
 Secure G-Cloud-Based Framework for Healthcare Services

as he is the final user of the system.

6
 Secure G-Cloud-Based Framework for Healthcare Services

3. SYSTEM DESIGN

3.1 ARCHITECTURE
Architecture describes the overall functionality of the product with all the modules specified in it. It gives a
clear picture of the internal process of the products. The architecture along with modules can be displayed
as the following.

Fig 3.1: Architecture of Secure G-cloud-based framework for healthcare services

3.2 MODULE DESCRIPTION

A module is a special functionality which is intended to do special task in the overall product. The modules
of Secure G-cloud-based framework for healthcare services can be defined as

• Patient
• HCP
• E- Cloud System
• Trusted Authority

7
 Secure G-Cloud-Based Framework for Healthcare Services

MODULES DESCSRIPTION
PATIENT
In this module, there are n numbers of Patient are present. Patients should register before doing
some operations. And register Patients details are stored in Patients module. After registration successful
he has to login by using authorized HCP name and password.
Patient, based on the characteristics of HCPs to develop different access control strategy, encrypt
uploaded files using the corresponding encryption method and then send to the cloud server.
In this module, we do the following functions:
1. Register
2. Login
3. Upload File
4. View File
5. Logout
Patients should specify the access policy for each data attribute in the EHR, so that the data HCP
can only access and decrypt his authorized data attribute.
HCP:
The HCP is the cipher texts receiver who can access the outsourced data. The HCP is able to
decrypt the initial and re-encrypted cipher texts if he is the intended receiver defined by the Patients or data
disseminators. In this module, there are n numbers of data HCPs are present. Data HCP should register
before doing some operations. And register HCP details are given permission from the trusted authority
only. After registration successful the trusted authority has to give permission for the data HCP. Only after
that the HCP has to login by using authorized HCP name and password. In this module, the HCP can
specify their roles like Surgeon, Insurance etc.

E-Cloud System
In this module, we develop the following functionalities:
1. Login
2. View All File Information

8
 Secure G-Cloud-Based Framework for Healthcare Services

4. Update HCP and Patients

5. View All Patient

Trusted Authority:
The central authority (CA) is a fully trusted authority running on trusted cloud platform with flexibility and
scalability that manages and distributes public/secret keys in the system, including generates system
parameters to initialize system and generates private keys and attribute keys with HCPs’ identity and
attributes.
3.3 DATA FLOW DIAGRAMS:
a. The DFD is also called as bubble chart. It is a simple graphical formalism that can be used to
represent a system in terms of input data to the system, various processing carried out on this data, and
the output data is generated by this system.
b. The data flow diagram (DFD) is one of the most important modeling tools. It is used to model the
system components. These components are the system process, the data used by the process, an external
entity that interacts with the system and the information flows in the system.
c. DFD shows how the information moves through the system and how it is modified by a series of
transformations. It is a graphical technique that depicts information flow and the transformations that are
applied as data moves from input to output.
d. DFD is also known as bubble chart. A DFD may be used to represent a system at any level of
abstraction. DFD may be partitioned into levels that represent increasing information flow and functional
detail.

Patient

Y N
Ch Unauthoriz
e o
eck ed Patient
s

Patient Home

File Upload with

attribute
File Details

9
End
 Secure G-Cloud-Based Framework for Healthcare Services

Fig: 3.2 Flow chart for patient details

HCP

Yes No
Check Unauthorized
HSP

HSP Home

Search File with Attribute

Verify secret key

Download file

End process

Fig: 3.3 Flow chart for HCP

10
 Secure G-Cloud-Based Framework for Healthcare Services

E-H CLOUD

Ye N
Chec Unauthorized
s o
k Cloud

Cloud Home

View File Details

View Owner Details

View User Details

End process
Fig: 3.4 Flow chart for E-H cloud

AUTHORITY
AUTHORITY

Ye No
s Chec Unauthorized
k TA

Activate User Account

View File Request

Accept Request

End process

Fig: 3.5 Flow chart Authority

11
 Secure G-Cloud-Based Framework for Healthcare Services

3.4 UML DIAGRAMS

UML stands for Unified Modeling Language. UML is a standardized general-purpose modeling
language in the field of object-oriented software engineering. The standard is managed, and was
created by, the Object Management Group.
The goal is for UML to become a common language for creating models of object oriented
computer software. In its current form UML is comprised of two major components: a Meta-model and
a notation. In the future, some form of method or process may also be added to; or associated with,
UML. The Unified Modeling Language is a standard language for specifying, Visualization,
Constructing and documenting the artifacts of software system, as well as for business modeling and
other non-software systems. The UML represents a collection of best engineering practices that have
proven successful in the modeling of large and complex systems. The UML is a very important part of
developing objects oriented software and the software development process. The UML uses mostly
graphical notations to express the design of software projects.
Goals:
The Primary goals in the design of the UML are as follows:

 Provide users a ready-to-use, expressive visual modeling Language so that they can develop
and exchange meaningful models.

 Provide extendibility and specialization mechanisms to extend the core concepts.

 Be independent of particular programming languages and development process.

 Provide a formal basis for understanding the modeling language.

 Encourage the growth of OO tools market.

 Support higher level development concepts such as collaborations, frameworks, patterns and
components.
Integrate best practices.

Use case diagrams:

A use case diagram in the Unified Modeling Language (UML) is a type of behavioral diagram

12
 Secure G-Cloud-Based Framework for Healthcare Services

defined by and created from a Use-case analysis. Its purpose is to present a graphical overview of the
functionality provided by a system in terms of actors, their goals (represented as use cases), and any
dependencies between those use cases. The main purpose of a use case diagram is to show what system
functions are performed for which actor. Roles of the actors in the system can be depicted.

Registration

Login

File Upload with attributes

View File Details

Search File
HSP
Patient
Send Request

View request

Verify access Data

View Patient & HCP Details

E-H CLOUD
AUTHORITY

Fig: 3.6 Use case diagram

13
 Secure G-Cloud-Based Framework for Healthcare Services

Class diagram:

In software engineering, a class diagram in the Unified Modeling Language (UML) is a

type of static structure diagram that describes the structure of a system by showing the system's
classes, their attributes, operations (or methods), and the relationships among the classes. It
explains which class contains information.

Patient HCP

Login Login

File Upload with attribute () Search File with attribute ()

View File Details () Send Request()
Verify Secret key ()
Download Report ()

E-H CLOUD AUTHORITY

Login Login

View File Details () Activate User ()

View Patient Details () View File Request ()
View HCP Details () Accept Request ()

Fig: 3.7 Class diagram

14
 Secure G-Cloud-Based Framework for Healthcare Services

Sequence diagram:

A sequence diagram in Unified Modeling Language (UML) is a kind of interaction

diagram that shows how processes operate with one another and in what order. It is a construct of
a Message Sequence Chart. Sequence diagrams are sometimes called event diagrams, event
scenarios, and timing diagrams.

DB
Patient HCP E-H Cloud Authority
Upload
Filewith
Attribute

View File
Details Search File with
attributes

File Details Activate account

Patient Details File Request

Verify and access

file
HCP Details

DATA BASE
Fig: 3.8 Sequence diagram

15
 Secure G-Cloud-Based Framework for Healthcare Services

Activity diagram:

Activity diagrams are graphical representations of workflows of stepwise activities and

actions with support for choice, iteration and concurrency. In the Unified Modeling Language,
activity diagrams can be used to describe the business and operational step-by-step workflows of
components in a system. An activity diagram shows the overall flow of control.

Star
t

Patient HCP E-H Cloud Authority

File Upload Search File with View File Details Activate User Account
with attribute Attribute

View Patient View File Request

Details
File Details Verify secret key

View HCP Details Accept Request

Download file

Fig: 3.9 Activity diagram

16
 Secure G-Cloud-Based Framework for Healthcare Services

5. IMPLEMENTATION TOOLS

5.1 Method of Implementation

Implementation literally means to put into effect or to carry out. The system implementation
phase of the software deals with the translation of the design specifications into the source code. The
ultimate goal of the implementation is to write the source code and the internal documentation so that it
can be verified easily. The code and documentation should be written in a manner that eases
debugging, testing and modification. System flowcharts, sample run on packages, sample output etc. Is
part of the implementation?
An effort was made to satisfy the following goals in order specified.
• Minimization of Response Time.
• Clarity and Simplicity of the Code.
• Minimization of Hard-Coding.
Various types of bugs were discovered while debugging the modules. These ranged from
logical errors to failure on account of various processing cases.

5.2 TECHNOLOGY:
Frontend Technology : Eclipse Indigo
Frontend Language : HTML, CSS, Javascript, Bootstrap
Middle Language : JSP
Backend : MYSQL

5.3 INTRODUCATION TO JAVA

Java technology is both a programming language and a platform.

The Java Programming Language

The Java programming language is a high-level language that can be
characterized by all of the following buzzwords:

 Simple

17
 Secure G-Cloud-Based Framework for Healthcare Services

 Architecture neutral
 Object oriented
 Portable
 Distributed
 High performance
 Interpreted
 Multithreaded
 Robust
 Dynamic
 Secure

With most programming languages, you either compile or interpret a program so that you can
run it on your computer. The Java programming language is unusual in that a program is both compiled
and interpreted. With the compiler, first you translate a program into an intermediate language called
Java byte codes —the platform-independent codes interpreted by the interpreter on the Java platform.
The interpreter parses and runs each Java byte code instruction on the computer. Compilation happens
just once; interpretation occurs each time the program is executed. The following figure illustrates how
this works.
The Java Platform
A platform is the hardware or software environment in which a program runs. We’ve already
mentioned some of the most popular platforms like Windows 2000, Linux, Solaris, and MacOS. Most
platforms can be described as a combination of the operating system and hardware. The Java platform
differs from most other platforms in that it’s a software-only platform that runs on top of other
hardware-based platforms.
The Java platform has two components:
 The Java Virtual Machine (Java VM)
 The Java Application Programming Interface (Java API)
You’ve already been introduced to the Java VM. It’s the base for the Java platform and is ported onto
various hardware-based platforms.
The Java API is a large collection of ready-made software components that provide many useful
capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped into libraries of

18
 Secure G-Cloud-Based Framework for Healthcare Services

related classes and interfaces; these libraries are known as packages. The next section, What Can Java
Technology Do? Highlights what functionality some of the packages in the Java API provide.
The following figure depicts a program that’s running on the Java platform. As the figure shows, the
Java API and the virtual machine insulate the program from the hardware.
The most common types of programs written in the Java programming language are applets and
applications. If you’ve surfed the Web, you’re probably already familiar with applets. An applet is a
program that adheres to certain conventions that allow it to run within a Java-enabled browser.
However, the Java programming language is not just for writing cute, entertaining applets for the Web.
The general-purpose, high-level Java programming language is also a powerful software platform.
Using the generous API, you can write many types of programs.
An application is a standalone program that runs directly on the Java platform. A special kind of
application known as a server serves and supports clients on a network. Examples of servers are Web
servers, proxy servers, mail servers, and print servers. Another specialized program is a servlet. A
servlet can almost be thought of as an applet that runs on the server side. Java Servlets are a popular
choice for building interactive web applications, replacing the use of CGI scripts. Servlets are similar
to applets in that they are runtime extensions of applications. Instead of working in browsers, though,
servlets run within Java Web servers, configuring or tailoring the server.
How does the API support all these kinds of programs? It does so with packages of software
components that provides a wide range of functionality. Every full implementation of the Java platform
gives you the following features:
 The essentials: Objects, strings, threads, numbers, input and output, data structures, system
properties, date and time, and so on.
 Applets: The set of conventions used by applets.
 Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram Protocol)
sockets, and IP (Internet Protocol) addresses.
 Internationalization: Help for writing programs that can be localized for users worldwide.
Programs can automatically adapt to specific locales and be displayed in the appropriate
language.
 Security: Both low level and high level, including electronic signatures, public and private key
management, access control, and certificates.

19
 Secure G-Cloud-Based Framework for Healthcare Services

 Software components: Known as JavaBeansTM, can plug into existing component

architectures.
 Object serialization: Allows lightweight persistence and communication via Remote Method
Invocation (RMI).
 Java Database Connectivity (JDBCTM): Provides uniform access to a wide range of relational
databases.
The Java platform also has APIs for 2D and 3D graphics, accessibility, servers, collaboration,
telephony, speech, animation, and more.
JDBC Goals
Few software packages are designed without goals in mind. JDBC is one that, because of its
many goals, drove the development of the API. These goals, in conjunction with early reviewer
feedback, have finalized the JDBC class library into a solid framework for building database
applications in Java.
The goals that were set for JDBC are important. They will give you some insight as to why certain
classes and functionalities behave the way they do. The eight design goals for JDBC are as follows:

1. SQL Level API

The designers felt that their main goal was to define a SQL interface for Java. Although not the
lowest database interface level possible, it is at a low enough level for higher-level tools and APIs to be
created. Conversely, it is at a high enough level for application programmers to use it confidently.
Attaining this goal allows for future tool vendors to “generate” JDBC code and to hide many of
JDBC’s complexities from the end user.
2. SQL Conformance
SQL syntax varies as you move from database vendor to database vendor. In an effort to support a
wide variety of vendors, JDBC will allow any query statement to be passed through it to the underlying
database driver. This allows the connectivity module to handle non-standard functionality in a manner
that is suitable for its users.
3. JDBC must be implemental on top of common database interfaces
The JDBC SQL API must “sit” on top of other common SQL level APIs. This goal allows JDBC to
use existing ODBC level drivers by the use of a software interface. This interface would translate
JDBC calls to ODBC and vice versa.

20
 Secure G-Cloud-Based Framework for Healthcare Services

4. Provide a Java interface that is consistent with the rest of the Java system
Because of Java’s acceptance in the user community thus far, the designers feel that they should not
stray from the current design of the core Java system.
5. Keep it simple
This goal probably appears in all software design goal listings. JDBC is no exception. Sun felt that
the design of JDBC should be very simple, allowing for only one method of completing a task per
mechanism. Allowing duplicate functionality only serves to confuse the users of the API.
6. Use strong, static typing wherever possible
Strong typing allows for more error checking to be done at compile time; also, less error appear at
runtime.
7. Keep the common cases simple
Because more often than not, the usual SQL calls used by the programmer are simple SELECT’s,
INSERT’s, DELETE’s and UPDATE’s, these queries should be simple to perform with JDBC.
However, more complex SQL statements should also be possible.

21
 Secure G-Cloud-Based Framework for Healthcare Services

6. PSUEDO CODE

Sample code:
Active.jsp
<%@page import="Database.SqlConnection" %>
<%@page import="java.sql.*" %>
<%

String id = request.getParameter("id");

System.out.println("User ID : " + id);

Connection con = SqlConnection.getConnection();
Statement st = con.createStatement();
try {
int in = st.executeUpdate("update ureg set status='Accepted' where id='" +
id + "'");
if (in != 0) {

response.sendRedirect("user_de.jsp?msg=Account_Activated");
} else {
response.sendRedirect("user_de.jsp?msgg=failed");
}
} catch (Exception ex) {
ex.printStackTrace();

}
%>

Mailsender.java

package Database;

import java.util.Properties;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;

public class MailSender {

22
 Secure G-Cloud-Based Framework for Healthcare Services

public static boolean secretMail(String msg, String name, String email) {

Properties props = new Properties();
props.put("mail.smtp.host", "smtp.gmail.com");
props.put("mail.smtp.socketFactory.port", "465");
props.put("mail.smtp.socketFactory.class",
"javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.port", "465");
// Assuming you are sending email from localhost
Session session = Session.getDefaultInstance(props,
new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new
PasswordAuthentication("[email protected]","nikhila@20");
}
});

System.out.println("Message " + msg);

try {
Message message = new MimeMessage(session);
message.setFrom(new InternetAddress(name));
message.setRecipients(Message.RecipientType.TO,
InternetAddress.parse(email));
message.setSubject("Secret key");
message.setText(msg);

Transport.send(message);

System.out.println("Done");
return true;

} catch (MessagingException e) {
System.out.println(e);
e.printStackTrace();
return false;
// throw new RuntimeException(e);
}
}

23
 Secure G-Cloud-Based Framework for Healthcare Services

6. SCREENSHOTS

Screenshot 6.1: Home page

24
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.2: Patient Registration

25
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.3: Patient Home page

26
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.4: File upload like phr upload

27
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.5:Uploading file name and it’s access attribute

28
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.6:Patient details document

29
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.7:patient information stored in Cloud Computing

30
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.8:Health Care Provider login page

31
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.9:Authority Login

32
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.10:HCP details

33
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.11:Search file for insurance

34
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.12:File details

35
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.13: HCP request to access file

36
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.14:Providing the secret key for accessing HCP file

37
 Secure G-Cloud-Based Framework for Healthcare Services

Screenshot 6.15: Cloud file details for all user for which purpose accessed

38
 Secure G-Cloud-Based Framework for Healthcare Services

7. SYSTEM TESTING

The purpose of testing is to discover errors. Testing is the process of trying to discover every
conceivable fault or weakness in a work product. It provides a way to check the functionality of
components, sub assemblies, assemblies and/or a finished product It is the process of exercising
software with the intent of ensuring that the
Software system meets its requirements and user expectations and does not fail in an unacceptable
manner. There are various types of test. Each test type addresses a specific testing requirement.
TYPE OF TESTS:
Unit testing:
Unit testing involves the design of test cases that validate that the internal program logic is
functioning properly, and that program inputs produce valid outputs. All decision branches and internal
code flow should be validated. It is the testing of individual software units of the application .it is done
after the completion of an individual unit before integration. This is a structural testing, that relies on
knowledge of its construction and is invasive. Unit tests perform basic tests at component level and test
a specific business process, application, and/or system configuration. Unit tests ensure that each unique
path of a business process performs accurately to the documented specifications and contains clearly
defined inputs and expected results.

Integration testing:
Integration tests are designed to test integrated software components to determine if they
actually run as one program. Testing is event driven and is more concerned with the basic outcome of
screens or fields. Integration tests demonstrate that although the components were individually
satisfaction, as shown by successfully unit testing, the combination of components is correct and
consistent. Integration testing is specifically aimed at exposing the problems that arise from the
combination of components

Functional test:
Functional tests provide systematic demonstrations that functions tested are available as specified
by the business and technical requirements, system documentation, and user manuals.
Functional testing is centered on the following items:

39
 Secure G-Cloud-Based Framework for Healthcare Services

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application outputs must be exercised.
Systems/Procedures : interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key functions, or

special test cases. In addition, systematic coverage pertaining to identify Business process flows; data
fields, predefined processes, and successive processes must be considered for testing. Before functional
testing is complete, additional tests are identified and the effective value of current tests is determined.

System Test:
System testing ensures that the entire integrated software system meets requirements. It tests a
configuration to ensure known and predictable results. An example of system testing is the
configuration oriented system integration test. System testing is based on process descriptions and
flows, emphasizing pre-driven process links and integration points.

White Box Testing:

White Box Testing is a testing in which in which the software tester has knowledge of the inner
workings, structure and language of the software, or at least its purpose. It is purpose. It is used to test
areas that cannot be reached from a black box level.

Black Box Testing:

Black Box Testing is testing the software without any knowledge of the inner workings, structure
or language of the module being tested. Black box tests, as most other kinds of tests, must be written
from a definitive source document, such as specification or requirements document, such as
specification or requirements document. It is a testing in which the software under test is treated, as a
black box .you cannot “see” into it. The test provides inputs and responds to outputs without
considering how the software works.

40
 Secure G-Cloud-Based Framework for Healthcare Services

Unit Testing:
Unit testing is usually conducted as part of a combined code and unit test phase of the software
lifecycle, although it is not uncommon for coding and unit testing to be conducted as two distinct
phases.

Test strategy and approach:

Field testing will be performed manually and functional tests will be written in detail.

Test objectives:
All field entries must work properly.
Pages must be activated from the identified link.
The entry screen, messages and responses must not be delayed.

Features to be tested:
Verify that the entries are of the correct format
No duplicate entries should be allowed
All links should take the user to the correct page.

Integration Testing:
Software integration testing is the incremental integration testing of two or more integrated
software components on a single platform to produce failures caused by interface defects.
The task of the integration test is to check that components or software applications, e.g.
components in a software system or – one step up – software applications at the company level –
interact without error.
Test Results: All the test cases mentioned above passed successfully. No defects encountered.

Acceptance Testing:
User Acceptance Testing is a critical phase of any project and requires significant participation
by the end user. It also ensures that the system meets the functional requirements.
Test Results: All the test cases mentioned above passed successfully. No defects encountered.

41
 Secure G-Cloud-Based Framework for Healthcare Services

8. CONCLUSION
In this paper, we proposed a secure cloud-based EHR frame work that guarantees the security and
privacy of medical data stored in the cloud, relying on hierarchical multi-authority CP-ABE to
enforce access control policies. The proposed framework provides a high level of integration,
interoperability, and sharing of EHRs among healthcare providers, patients, and practitioners. In
the framework, the attribute domain authority manages a different attribute domain and operates
independently. In addition, no computational over head is completed by the government authority,
and multi factor applicant authentication have been identified and proofed.

The proposed scheme can be adopted by any government that has a cloud computing
infrastructure and provides treatment services to the majority of citizen patients. Future work
includes implementing and evaluating the proposed scheme in a real-world environmet.

42
 Secure G-Cloud-Based Framework for Healthcare Services

REFERENCES

[1] M. Masrom and A. Rahimli, ``A review of cloud computing technology solution for
healthcare system,'' Res. J. Appl. Sci., Eng. Technol., vol. 8, no. 20, pp. 2150_2155,
2014.

[2] A. Hucíková and A. Babic, ``Cloud Computing in Healthcare: A Space of

Opportunities and Challenges,'' Transforming Healthcare Internet Things, vol. 221, p.
122, 2016.

[3] H. Yang and M. Tate, ``A descriptive literature review and classification of cloud
computing research,'' CAIS, vol. 31, Apr. 2012, Art. no. 2.

[4] D. Zissis and D. Lekkas, ``Addressing cloud computing security issues,'' Future
Gener. Comput. Syst., vol. 28, no. 3, pp. 583_592, 2012.

[5] V. K. Nigam and S. Bhatia, ``Impact of cloud computing on health care,'' Int. Res. J.
Eng. Technol., vol. 3, no. 5, pp. 1_7, 2016.

[6] How to Improve Healthcare with Cloud Computing, Hitachi Data Systems, Santa
Clara, CA, USA, 2012.

[7] E. Mehraeen, M. Ghazisaeedi, J. Farzi, and S. Mirshekari, ``Security challenges in

healthcare cloud computing: A systematic review,'' Global J. Health Sci., vol. 9, no. 3,
p. 157, 2016.

[8] D. Sun, G. Chang, L. Sun, and X. Wang, ``Surveying and analyzing security, privacy
and trust issues in cloud computing environments,'' Procedia Eng., vol. 15, pp.
2852_2856, Jan. 2011.

[9] N. Khan and A. Al-Yasiri, ``Identifying cloud security threats to strengthen cloud
computing adoption framework,'' Procedia Comput. Sci., vol. 94, pp. 485_490, Jan.
2016.

43
 Secure G-Cloud-Based Framework for Healthcare Services

[10] K. Hamlen, M. Kantarcioglu, L. Khan, and B. Thuraisingham, ``Security issues for

cloud computing,'' Optimizing Inf.Security Advancing Privacy Assurance: New
Technologies: New technol., vol. 150, 2012).

[11] V. K. Omachonu and G. N. Einspruch, ``Innovation in healthcare delivery systems:

A conceptual framework,'' Innov. J., Public Sector Innov. J., vol. 15, no. 1, pp. 1_20,
2010.

[12] B. E. Reddy, T. V. S. Kumar, and G. Ramu, ``An ef_cient cloud framework for
health care monitoring system,'' in Proc. Int. Symp. Cloud Services Comput., 2012, pp.
113_117.

[13] M. Parekh and B. Saleena, ``Designing a cloud based framework for healthcare
system and applying clustering techniques for region wise diagnosis,'' Procedia Comput.
Sci., vol. 50, pp. 537_542, Jan. 2015.

[14] A. Botta,W. De Donato, V. Persico, and A. Pescapé, ``Integration of cloud

computing and Internet of Things: A survey,'' Future Gener. Comput. Syst., vol. 56, pp.
684_700, Mar. 2016.

[15] C. Stergiou, K. E. Psannis, B.-G. Kim, and B. Gupta, ``Secure integration of IoT
and cloud computing,'' Future Gener. Comput. Syst., vol. 78, pp. 964_975, Jan. 2018.

[16] Z. Yu, C. Wang, C. Thomborson, J. Wang, S. Lian, and A. V. Vasilakos, ``A novel
watermarking method for software protection in the cloud,'' Softw.-Pract. Exper., vol.
42, no. 4, pp. 409_430, 2012.

[17] Saudi e-Government Program, Government Cloud Computing. Accessed: Nov. 2,

2018. [Online]. Available:
https://www.yesser.gov.sa/EN/BuildingBlocks/Pages/GCloud_Computing.aspx

[18] J. Huang, M. Sharaf, and C.-T. Huang, ``A hierarchical framework for secure and
scalable EHR sharing and access control in multi-cloud,'' in Proc. 41st Int. Conf.
Parallel Process. Workshops, 2012, pp. 279_287.

44
 Secure G-Cloud-Based Framework for Healthcare Services

[19] Q. Huang, Y. Yang, and M. Shen, ``Secure and ef_cient data collaboration with
hierarchical attribute-based encryption in cloud computing,'' Future Gener. Comput.
Syst., vol. 72, pp. 239_249, Jul. 2017.

[20] V. Goyal, O. Pandey, A. Sahai, and B.Waters, ``Attribute-based encryption for _ne-
grained access control of encrypted data,'' in Proc. 13th ACMConf. Comput. Commun.
Secur., 2006, pp. 89_98.

[21] J. Bethencourt, A. Sahai, and B.Waters, ``Ciphertext-policy attribute-based

encryption,'' in Proc. IEEE Symp. Secur. Privacy (SP), May 2007, pp. 321_334.

[22] Q. Li, H. Xiong, F. Zhang, and S. Zeng, ``An expressive decentralizing kp-abe
scheme with constant-size ciphertext,'' IJ Netw. Secur., vol. 15, no. 3, pp. 161_170,
2013.

[23] Q. Li, J. Ma, R. Li, X. Liu, J. Xiong, and D. Chen, ``Secure, efficient and revocable
multi-authority access control system in cloud storage,'' Comput. Secur., vol. 59, pp.
45_59, Jun. 2016.

[24] B. R. Sekhar, B. S.Kumar, L. S. Reddy, andV. P. Chandar, ``CP-ABE based

encryption for secured cloud storage access,'' Int. J. Sci. Eng. Res., vol. 3, no. 9, pp. 1_5,
2012.

[25] S. Alshehri, S. Radziszowski, and R. K. Raj, ``Designing a secure cloud-based

EHR system using ciphertext-policy attribute-based encryption,'' in Proc. Data Manage.
Cloud Workshop, Washington, DC, USA. 2012, pp. 1_5.

[26] D. Hankerson and A. Menezes. Elliptic Curve Cryptography. New York, NY,
USA: Springer, 2011.

[27] D. Boneh and M. Franklin, ``Identity-based encryption from the weil pairing,'' in
Proc. Annu. Int. Cryptol. Conf. Berlin, Germany: Springer, 2001, pp. 213_229.

[28] A. Sahai and B.Waters, ``Fuzzy identity-based encryption,'' in Proc. Annu. Int.
Conf. Theory Appl. Cryptograph. Techn., Berlin, Germany: Springer, 2005, pp.

45
 Secure G-Cloud-Based Framework for Healthcare Services

457_473.

[29] M. Li, ``Scalable and secure sharing of personal health records in cloud computing
using attribute-based encryption,'' IEEE Trans. Parallel Distrib. Syst., vol. 24, no. 1, pp.
131_143, Jan. 2013.

[30] G. Wang, Q. Liu, and J. Wu, ``Hierarchical attribute-based encryption for fine-
grained access control in cloud storage services,'' in Proc. 17th ACM Conf. Comput.
Commun. Secur., 2010, pp. 735_737.

46
Secure G-Cloud-Based Framework for Healthcare Services

47
48