International Journal of Technical Research and Applications e-ISSN: 2320-8163, www.ijtra.com Volume 1, Issue 5 (Nov-Dec 2013), PP. 50-52 50 | Page SECURE SHARING OF PERSONAL HEALTH RECORDS USING MULTI AUTHORITY ATTRIBUTE BASED ENCRYPTION IN CLOUD COMPUTING Soumya Parvatikar, Puja Prakash, Richa Prakash, Pragati Dhawale, S.B. Jadhav Department of Computer Engineering Bharati Vidyapeeth’s College of Engineering for Women Pune University, Pune-411003, India. Abstract —Personal health record (PHR) is often seen as a patient-centric model of health information exchange. However there has been privacy concerns when information is outsourced to be stored at a third party. Also when patient is given full control of his own PHR, he proves to be inefficient in maintaining the information. Yet, issues such as risks of privacy exposure, Scalability in key management, flexible access and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. Thus, in this paper, we propose a novel framework and a suite of mechanisms for data access control to PHRs stored in semi- trusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage attribute based encryption (ABE) techniques to encrypt each patient’s PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multi-authority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability and efficiency of our proposed scheme. Keywords—Personal Health Records, Cloud Computing, Data Privacy, Fine-grained access control, Multi-authority Attribute Based Encryption. I. INTRODUCTION In recent years, Personal Health Record (PHR) is emerged as a patient-centric model of health Information exchange. It enables the patient to create and control their medical data which may be placed in a single place such as data center. Due to the high cost of building and maintaining specialized data centers, many PHR services are outsourced to third-party service providers, for example, Microsoft Health Vault, Google Health. While it is exciting to have convenient PHR data privacy risks which could impede its wide adoption. The main concern is about whether the patients could actually control the sharing of their sensitive personal health information (PHI), especially when they are stored on a third-party server which people may not fully trust. On the one hand, although there exists health care Regulations such as HIPAA which is recently amended to incorporate business associates, cloud Providers are usually not covered entities. On the other hand, due to the high value of the sensitive Personal Health Information (PHI), the third-party storage servers are often the targets of various malicious behaviors which may lead to exposure of the PHI. As a famous incident, a Department of Veterans Affairs database containing sensitive PHI of 26.5 million military veterans, including their social security numbers and health problems was stolen by an employee who took the data home without authorization”. To ensure privacy control over their own PHRs, it is essential to have Fine- grained data access control mechanisms that work with semi-trusted servers. Hence we move to a new encryption pattern namely Attribute Based Encryption (ABE). In ABE, it is the attributes of the users or the data that selects the access policies, which enables a patient to selectively share their PHR among a set of users by encrypting the file under a set of attributes, without the need to know a complete list of users. As a result, the number of attributes involved determines the complexities in encryption, key generation and decryption. The Multi Authority Attribute Based Encryption (MAABE) scheme is used to provide multiple authority based access control mechanism. II. RELATED WORK This paper is mostly related to work in cryptographically enforced access control for outsourced data and attribute based