psmpa patient self-controllable and multi-level privacy-preserving cooperative authentication in...
DESCRIPTION
pasm and doingTRANSCRIPT
Abstract:
The Distributed m-healthcare cloud computing system considerably
facilitates secure and efficient patient treatment for medical consultation by sharing
personal health information among the healthcare providers. This system should
bring about the challenge of keeping both the data confidentiality and patients’
identity privacy simultaneously. Many existing access control and anonymous
authentication schemes cannot be straightforwardly exploited. To solve the
problem proposed a novel authorized accessible privacy model (AAPM) is
established. Patients can authorize physicians by setting an access tree supporting
flexible threshold predicates. Then, based on it, by devising a new technique of
attribute based designated verifier signature, a patient self-controllable multi-level
privacy preserving cooperative authentication scheme (PSMPA) realizing three
levels of security and privacy requirement in distributed m-healthcare cloud
computing system is proposed. The directly authorized physicians, the indirectly
authorized physicians and the unauthorized persons in medical consultation can
respectively decipher the personal health information and/or verify patients’
identities by satisfying the access tree with their own attribute sets.
AIM
The main aim of this paper is a novel authorized accessible privacy model
(AAPM) is based on devised by a new technique of attribute-based designated
verifier signature, a patient self controllable multi-level privacy-preserving
cooperative authentication scheme (PSMPA) realizing three levels of security and
privacy requirement in distributed m-healthcare cloud computing system is
proposed.
SCOPE
The scope of this paper is the formal security proof and simulation results illustrate
our scheme can resist various kinds of attacks and far outperforms the previous
ones in terms of computational, communication and storage overhead.
Introduction:
In m-healthcare social networks, the personal health information is always
shared among the patients located in respective social communities suffering from
the same disease for mutual support, and across distributed healthcare providers
(HPs) equipped with their own cloud servers for medical consultant. However, it
also brings about a series of challenges, especially how to ensure the security and
privacy of the patients’ personal health information from various attacks in the
wireless communication channel such as eavesdropping and tampering and As to
the security facet, one of the main issues is access control of patients’ personal
health information, namely it is only the authorized physicians or institutions that
can recover the patients’ personal health information during the data sharing in the
distributed m-healthcare cloud computing system.
In practice, most patients are concerned about the confidentiality of their
personal health information since it is likely to make them in trouble for each kind
of unauthorized collection and disclosure. Therefore, in distributed m-healthcare
cloud computing systems, which part of the patients’ personal health information
should be shared and which physicians their personal health information should be
shared with have become two intractable problems demanding urgent solutions.
A fine-grained distributed data access control scheme is proposed using the
technique of attribute based encryption (ABE). Recently, a patient-centric and fine-
grained data access control in multi-owner settings is constructed for securing
personal health records in cloud computing. It mainly focuses on the central cloud
computing system which is not sufficient for efficiently processing the increasing
volume of personal health information in m-healthcare cloud computing system.
Existing System:
In a m-healthcare system data confidentiality is much important but in
existing system framework it is not enough for to only guarantee the data
confidentiality of the patient’s personal health information in the honest-but-
curious cloud server model since the frequent communication between a patient
and a professional physician can lead the adversary to conclude that the patient is
suffering from a specific disease with a high probability. Unfortunately, the
problem of how to protect both the patients’ data confidentiality and identity
privacy in the distributed m-healthcare cloud computing scenario under the
malicious model was left untouched.
Disadvantages:
Data confidentiality is low.
Data redundancy is high.
There is a violation in data security.
Proposed System:
Proposed system for a privacy-preserving authentication scheme in
anonymous P2P systems based on Zero-Knowledge Proof. However, the heavy
computational overhead of Zero-Knowledge Proof makes it impractical when
directly applied to the distributed m-healthcare cloud computing systems where the
computational resource for patients is constrained. Suggested patients have to
consent to treatment and be alerted every time when associated physicians access
their records and also our proposed system is a patient-centric and fine-grained
data access control in multi-owner settings is constructed for securing personal
health records in cloud computing.
Our proposed m-healthcare system mainly focuses on the central cloud
computing system which is not sufficient for efficiently processing the increasing
volume of personal health information in m-healthcare cloud computing system. in
distributed m-healthcare cloud computing systems, all the members can be
classified into three categories: the directly authorized physicians with green labels
in the local healthcare provider who are authorized by the patients and can both
access the patient’s personal health information and verify the patient’s identity
and the indirectly authorized physicians with yellow labels in the remote healthcare
providers who are authorized by the directly authorized physicians for medical
consultant or some research purposes. They can only access the personal health
information, but not the patient’s identity. For the unauthorized persons with red
labels, nothing could be obtained.
The security and anonymity level of our proposed construction is
significantly enhanced by associating it to the underlying Gap Bilinear Diffie-
Hellman (GBDH) problem and the number of patients’ attributes to deal with the
privacy leakage in patient sparsely distributed scenarios. More significantly,
without the knowledge of which physician in the healthcare provider is
professional in treating his illness, the best way for the patient is to encrypt his own
PHI under a specified access policy rather than assign each physician a secret key.
As a result, the authorized physicians whose attribute set satisfy the access policy
can recover the PHI and the access control management also becomes more
efficient.
Advantages:
M-healthcare system is fully controlled and secured with encryption
standards.
There is no data loss and data redundancy.
System provides full protection for patient’s data and their attributes.
Literature Survey
1) Cross-Domain Data Sharing in Distributed Electronic Health Record
Systems
Cross-organization or cross-domain cooperation takes place from time to time in
Electronic Health Record (EHR) system for necessary and high-quality patient
treatment. Cautious design of delegation mechanism must be in place as a building
block of cross-domain cooperation, since the cooperation inevitably involves
exchanging and sharing relevant patient data that are considered highly private and
confidential. The delegation mechanism grants permission to and restricts access
rights of a cooperating partner. Patients are unwilling to accept the EHR system
unless their health data are guaranteed proper use and disclosure, which cannot be
easily achieved without cross-domain authentication and fine-grained access
control. In addition, revocation of the delegated rights should be possible at any
time during the cooperation. In this paper, we propose a secure EHR system, based
on cryptographic constructions, to enable secure sharing of sensitive patient data
during cooperation and preserve patient data privacy. Our EHR system further
incorporates advanced mechanisms for fine-grained access control, and on-demand
revocation, as enhancements to the basic access control offered by the delegation
mechanism, and the basic revocation mechanism, respectively. The proposed EHR
system is demonstrated to fulfill objectives specific to the cross-domain delegation
scenario of interest.
Disadvantage
Data confidentiality is low.
2) SAGE: A strong privacy-preserving scheme against global eavesdropping
for Ehealth systems
The eHealth system is envisioned as a promising approach to improving health
care through information technology, where security and privacy are crucial for its
success and largescale deployment. In this paper, we propose a strong privacy-
preserving Scheme against Global Eavesdropping, named SAGE, for eHealth
systems. The proposed SAGE can achieve not only the content oriented privacy
but also the contextual privacy against a strong global adversary. Extensive
analysis demonstrates the effectiveness and practicability of the proposed scheme.
There is a violation in data security.
3) Privacy-preserving query over encrypted graph-structured data in cloud
computing
In the emerging cloud computing paradigm, data owners become increasingly
motivated to outsource their complex data management systems from local sites to
the commercial public cloud for great flexibility and economic savings. For the
consideration of users' privacy, sensitive data have to be encrypted before
outsourcing, which makes effective data utilization a very challenging task. In this
paper, for the first time, we define and solve the problem of privacy-preserving
query over encrypted graph-structured data in cloud computing (PPGQ), and
establish a set of strict privacy requirements for such a secure cloud data utilization
system to become a reality. Our work utilizes the principle of "filtering-and-
verification". We prebuild a feature-based index to provide feature-related
information about each encrypted data graph, and then choose the efficient inner
product as the pruning tool to carry out the filtering procedure. To meet the
challenge of supporting graph query without privacy breaches, we propose a secure
inner product computation technique, and then improve it to achieve various
privacy requirements under the known-background threat model.
Disadvantage
Many existing access control and anonymous authentication schemes cannot be
straightforwardly exploited
4) Securing personal health records in cloud computing: Patient-centric and
fine-grained data access control in multi-owner settings
Online personal health record (PHR) enables patients to manage their own
medical records in a centralized way, which greatly facilitates the storage, access
and sharing of personal health data. With the emergence of cloud computing, it is
attractive for the PHR service providers to shift their PHR applications and storage
into the cloud, in order to enjoy the elastic resources and reduce the operational
cost. However, by storing PHRs in the cloud, the patients lose physical control
to their personal health data, which makes it necessary for each patient to encrypt
her PHR data before uploading to the cloud servers. Under encryption, it is
challenging to achieve fine-grained access control to PHR data in a scalable and
efficient way. For each patient, the PHR data should be encrypted so that it is
scalable with the number of users having access. Also, since there are multiple
owners (patients) in a PHR system and every owner would encrypt her PHR files
using a different set of cryptographic keys, it is important to reduce the key
distribution complexity in such multi-owner settings. Existing cryptographic
enforced access control schemes are mostly designed for the single-owner
scenarios. In this paper, we propose a novel framework for access control to
PHRs within cloud computing environment. To enable fine-grained and scalable
access control for PHRs, we leverage attribute based encryption (ABE) techniques
to encrypt each patients’ PHR data. To reduce the key distribution complexity, we
divide the system into multiple security domains, where each domain manages
only a subset of the users. In this way, each patient has full control over her own
privacy, and the key management complexity is reduced dramatically. Our
proposed scheme is also flexible, in that it supports efficient and on-demand
revocation
Disadvantage
The challenge of keeping both the data confidentiality and patients identity privacy
simultaneously
Modules:
E-healthcare System Framework:
E-healthcare System consists of three components: body area networks
(BANs), wireless transmission networks and the healthcare providers equipped
with their own cloud servers. The patient’s personal health information is securely
transmitted to the healthcare provider for the authorized physicians to access and
perform medical treatment. Illustrate the unique characteristics of distributed m-
healthcare cloud computing systems where all the personal health information can
be shared among patients suffering from the same disease for mutual support or
among the authorized physicians in distributed healthcare providers and medical
research institutions for medical consultation.
Authorized accessible privacy model:
Multi-level privacy-preserving cooperative authentication is established to
allow the patients to authorize corresponding privileges to different kinds of
physicians located in distributed healthcare providers by setting an access tree
supporting flexible threshold predicates. Propose a novel authorized accessible
privacy model for distributed m-healthcare cloud computing systems which
consists of the following two components: an attribute based designated verifier
signature scheme (ADVS) and the corresponding adversary model.
Security Verification:
The security and anonymity level of our proposed construction is
significantly enhanced by associating it to the underlying Gap Bilinear Diffie-
Hellman (GBDH) problem and the number of patients’ attributes to deal with the
privacy leakage in patient sparsely distributed scenarios. More significantly,
without the knowledge of which physician in the healthcare provider is
professional in treating his illness, the best way for the patient is to encrypt his own
PHI under a specified access policy rather than assign each physician a secret key.
As a result, the authorized physicians whose attribute set satisfy the access policy
can recover the PHI and the access control management also becomes more
efficient.
Performance Evaluation:
The efficiency of PSMPA in terms of storage overhead, computational
complexity and communication cost. a patient-centric and fine-grained data access
control using ABE to secure personal health records in cloud computing without
privacy-preserving authentication. To achieve the same security, our construction
performs more efficiently than the traditional designated verifier signature for all
the directly authorized physicians, where the overheads are linear to the number of
directly authorized physicians.
OVERVIEW OF MICROSOFT.NET
.NET represents Microsoft's vision of the future of applications in the Internet
age. .NET provides enhanced interoperability features based upon open Internet
standards. Microsoft .NET represents a great improvement.
Microsoft .NET provides the following:
■ A robust runtime platform, the CLR
■ Multiple language development
■ An extensible programming model, the .NET Framework, which provides a
large class library of reusable code available from multiple languages
■ A networking infrastructure built on top of Internet standards that supports a
high level of communication among applications
■ A new mechanism of application delivery, the Web service, that supports the
concept of an application as a service
■ Powerful development tools
.NET Framework Overview
The .NET Framework consists of the CLR, the .NET Framework Class Library,
the Common Language Specification (CLS), a number of .NET languages, and
Visual Studio .NET.
Common Language Runtime
The runtime environment provided by .NET, the CLR, manages the execution of
code and provides useful services. The services of the CLR are exposed through
programming languages. The syntax for these services varies from language to
language, but the underlying execution engine providing the services is the same.
Not all languages expose all the features of the CLR. The language with the best
mapping 45 to the CLR is the new language C#. VB.NET, however, does an
admirable job of exposing the functionality.
.NET Framework Class Library
The .NET Framework class library is huge, comprising more than 2,500 classes.
All this functionality is available to all the .NET languages. The library consists of
four main parts:
1. Base class library (which includes networking, security, diagnostics, I/O,
and other
Types of operating system services)
2. Data and XML classes
3. Windows UI
4. Web services and Web UI
Common Language Specification
The CLS is an agreement among language designers and class library designers
about those features and usage conventions that can be relied upon. CLS rules
apply to public features that are visible outside the assembly where they are
defined.
Languages in .NET
Microsoft itself is providing four CLS-compliant languages. VB.NET, C#, and C+
+ with managed extensions are extenders. Jscript .NET is a consumer.
Visual Studio .NET 2008
Visual Studio .NET 2008 includes a range of new features and enhancements for
every type of developer, and offers key improvements directed at mobile device
developers and enterprise developers.
Base classes provide standard functionality such as input/output, string
manipulation, security management, network communications; thread
management, text management, and user interface design features.
The ADO.NET classes enable developers to interact with data accessed in the form
of XML through the OLE DB, ODBC, Oracle, and SQL Server interfaces. The
ASP.NET classes
Support the development of Web-based applications and Web services. The
Windows Forms classes support the development of desktop-based smart client
applications.
ASP.NET
ASP.NET is a programming framework built on the common language runtime
that can be used on a server to build powerful Web applications. ASP.NET offers
several important advantages over previous Web development models:
Enhanced Performance
ASP.NET is compiled common language runtime code running on the server.
Unlike its interpreted predecessors, ASP.NET can take advantage of early binding,
just-in-time compilation, native optimization, and caching services right out of the
box. This amounts to dramatically better performance before you ever write a line
of code
World-Class Tool Support
The ASP.NET framework is complemented by a rich toolbox and designer in the
Visual Studio integrated development environment. WYSIWYG editing, drag-and-
drop server controls, and automatic deployment are just a few of the features this
powerful tool provides.
Power and Flexibility
Because ASP.NET is based on the common language runtime, the power and
flexibility of that entire platform is available to Web application developers.
The .NET Framework class library, Messaging, and Data Access solutions are all
seamlessly accessible from the Web. ASP.NET is also language-independent, so
you can choose the language that best applies to your application or partition your
application across many languages.
Simplicity
ASP.NET makes it easy to perform common tasks, from simple form submission
and client authentication to deployment and site configuration. For example, the
ASP.NET page framework allows you to build user interfaces that cleanly separate
application logic from presentation code and to handle events in a simple, Visual
Basic - like forms processing model. Additionally, the common language runtime
simplifies development, with managed code services such as automatic reference
counting and garbage collection
Manageability
ASP.NET employs a text-based, hierarchical configuration system, which
simplifies applying settings to your server environment and Web applications.
Because configuration information is stored as plain text, new settings may be
applied without the aid of local administration tools. This "zero local
administration" philosophy extends to deploying ASP.NET Framework
applications as well. An ASP.NET Framework application is deployed to a server
simply by copying the necessary files to the server.
Scalability and Availability
ASP.NET has been designed with scalability in mind, with features specifically
tailored to improve performance in clustered and multiprocessor environments.
Further, processes are closely monitored and managed by the ASP.NET runtime,
so that if one misbehaves (leaks, deadlocks), a new process can be created in its
place, which helps keep your applications constantly available to handle requests
Customizability and Extensibility
ASP.NET delivers a well-factored architecture that allows developers to "plug in"
their code at the appropriate level. In fact, it is possible to extend or replace any
subcomponent of the ASP.NET runtime with your own custom-written component.
Security
With built in Windows authentication and per-application configuration, you can
be assured that your applications are secure.
Language Support
The Microsoft .NET Platform currently offers built-in support for three languages:
C#, Visual Basic, and Scripts.
Language Compatibility
The differences between the VBScript used in ASP and the Visual Basic .NET
language used in ASP.NET are by far the most extensive of all the potential migration
issues. Not only has ASP.NET departed from the VBScript language to "true" Visual
Basic, but the Visual Basic language itself has undergone significant changes in
this release.
TOOL SELECTED: VB. NET
Visual Basic.Net is designed to be a fast and easy way to create .NET applications,
including Web services and ASP.NET Web applications. Applications written in
Visual Basic are built on the services of the common language runtime and take
full advantage of the .NET Framework.
Visual Basic .NET (VB.NET) is an object-oriented computer language that can be viewed as
an evolution of Microsoft's Visual Basic (VB) implemented on the Microsoft .NET
framework. Its introduction has been controversial, as significant changes were made
that broke backward compatibility with VB and caused a rift within the developer
community.
It is fully integrated with the .NET Framework and the common language
runtime,1 which together provide language interoperability, garbage collection,
enhanced security, and improved versioning support.
MICROSOFT SQL SERVER 2005
SQL Server 2005 exceeds dependability requirements and provides innovative
capabilities that increase employee effectiveness, integrate heterogeneous IT
ecosystems, and maximize capital and operating budgets. SQL Server 2005
provides the enterprise data management platform your organization needs to adapt
quickly in a fast-changing environment. With the lowest implementation and
maintenance costs in the industry, SQL Server 2005 delivers rapid return on your
data management investment. SQL Server 2005 supports the rapid development of
enterprise-class business applications that can give your company a critical
competitive advantage.
Easy-to-Use Business Intelligence
These tools through rich data analysis and data mining capabilities that integrate
with familiar applications such as Microsoft Office, SQL Server 2005 enable you
to provide all of your employees with critical, timely business information tailored
to their specific information needs. Every copy of SQL Server 2005 ships with a
suite of BI services.
Self-Tuning and Management Capabilities
Revolutionary self-tuning and dynamic self-configuring features optimize database
performance, while management tools automate standard activities. Graphical tools
and wizards simplify setup, database design, and performance monitoring,
allowing database administrators to focus on meeting strategic business needs.
Data Management Applications and Services
Unlike its competitors, SQL Server 2005 provides a powerful and comprehensive
data management platform. Every software license includes extensive management
and development tools, a powerful extraction, transformation, and loading (ETL)
tool, business intelligence and analysis services, and new capabilities such as
Notification Services. The result is the best overall business value available.
SQL Server 2005 Enterprise Edition
Enterprise Edition includes the complete set of SQL Server data management and
analysis features and is uniquely characterized by several features that make it the
most scalable and available edition of SQL Server 2005. It scales to the
performance levels required to support the largest Web sites, Enterprise Online
Transaction Processing (OLTP) systems and Data Warehousing systems. Its
support for failover clustering also makes it ideal for any mission critical line-of-
business application.
Top-10 Features of SqlServer-2005
1. T-SQL (Transaction SQL) enhancements
T-SQL is the native set-based RDBMS programming language offering high-
performance data access. It now incorporates many new features including error
handling via the TRY and CATCH paradigm, Common Table Expressions (CTE),
which return a record set in a statement, and the ability to shift columns to rows
and vice versa with the PIVOT and UNPIVOT commands.
2. CLR (Common Language Runtime)
The next major enhancement in SQL Server 2005 is the integration of a .NET
compliant language such as C#, ASP.NET or VB.NET to build objects (stored
procedures, triggers, functions, etc.). This enables you to execute .NET code in the
DBMS to take advantage of the .NET functionality. It is expected to replace
extended stored procedures in the SQL Server 2000 environment as well as expand
the traditional relational engine capabilities.
3. Service Broker
The Service Broker handles messaging between a sender and receiver in a loosely
coupled manner. A message is sent, processed and responded to, completing the
transaction. This greatly expands the capabilities of data-driven applications to
meet workflow or custom business needs.
4. Data encryption
SQL Server 2000 had no documented or publicly supported functions to encrypt
data in a table natively. Organizations had to rely on third-party products to
address this need. SQL Server 2005 has native capabilities to support encryption of
data stored in user-defined databases.
5. SMTP mail
Sending mail directly from SQL Server 2000 is possible, but challenging. With
SQL Server 2005, Microsoft incorporates SMTP mail to improve the native mail
capabilities. Say "see-ya" to Outlook on SQL Server!
6. HTTP endpoints
You can easily create HTTP endpoints via a simple T-SQL statement exposing an
object that can be accessed over the Internet. This allows a simple object to be
called across the Internet for the needed data.
7. Multiple Active Result Sets (MARS)
MARS allow a persistent database connection from a single client to have more
than one active request per connection. This should be a major performance
improvement, allowing developers to give users new capabilities when working
with SQL Server. For example, it allows multiple searches, or a search and data
entry. The bottom line is that one client connection can have multiple active
processes simultaneously.
8. Dedicated administrator connection
If all else fails, stop the SQL Server service or push the power button. That
mentality is finished with the dedicated administrator connection. This
functionality will allow a DBA to make a single diagnostic connection to SQL
Server even if the server is having an issue.
9. SQL Server Integration Services (SSIS)
SSIS has replaced DTS (Data Transformation Services) as the primary ETL
(Extraction, Transformation and Loading) tool and ships with SQL Server free of
charge. This tool, completely rewritten since SQL Server 2000, now has a great
deal of flexibility to address complex data movement.
10. Database mirroring
It's not expected to be released with SQL Server 2005 at the RTM in November,
but I think this feature has great potential. Database mirroring is an extension of
the native high-availability capabilities. So, stay tuned for more details….
INFORMATION SUPER HIGHWAY:
A set of computer networks, made up of a large number of smaller networks, using
different networking protocols. The world's largest computing network consisting
of over two million computers supporting over 20 millions users in almost 200
different countries. The Internet is growing a phenomenal rate between 10 and 15
percent. So any size estimates are quickly out of date.
Internet was originally established to meet the research needs of the U.S Defence
Industry. But it has grown into a huge global network serving universities,
academic researches, commercial interest and Government agencies, both in the
U.S and Overseas. The Internet uses TCP/IP protocols and many of the Internet
hosts run the Unix Operating System.
HTML
HTML (Hyper Text Markup Language) is the language that is used to prepare
documents for online publications. HTML documents are also called Web
documents, and each HTML document is known as Web page.
A page is what is seen in the browser at any time. Each Web site, whether on the
Internet or Intranet, is composed of multiple pages. And it is possible to switch
among them by following hyperlinks. The collection of HTML pages makes up the
World Wide Web.
A web pages is basically a text file that contains the text to be displayed and
references of elements such as images, sounds and of course hyperlinks to other
documents. HTML pages can be created using simple text editor such as Notepad
or a WYSIWYG application such as Microsoft FrontPage.
In either case the result is a plain text file that computers can easily exchange. The
browser displays this text file on the client computer.
"Hypertext" is the jumping frog portion. A hyperlink can jump to any place within
your own page(s) or literally to anyplace in the world with a 'net address (URL, or
Uniform Resource Locator.) It's a small part of the html language.
5.6 INTERNET INFORMATION SERVER (IIS):
A web server is a program connected to the world wide web(www) that furnishes
resources from the web browser.
Microsoft IIS is a web server integrated with Windows.NET server that makes it
easy to publish information and bring business application to the web.
Because of its tight integration with Windows NT server, IIS guarantees the
network administrator and application developer the same security, Networking
and administrator functionality as windows NT server. Above and beyond its use
of familiar Windows NT server
Tools and functionality, IIS also has built-in capabilities to help administer secure
websites, and to develop server-intensive web application.
FEATURES OF IIS:
IIS provides integrated security and access to a wide range of content, work
seamlessly with COM components, and has a graphical interface-the Microsoft
Management Console (MMC) –that you can use to create and manage your ASP
application.
IIS Provides Integrated Security:
On the internet, most sites allow anybody to connect to the site. The exceptions are
commercialists where you pay a onetime, monthly fee to access the site. Sites that
are restrict the access called secured site. Secured site use either integrated security
or login, password security. IIS support both of these methods.
IIS provides Access to Content:
All web servers can deliver HTML files, but they differ widely in how they treat
other types of content. Most servers let you add and modify Multi-purpose Internet
Mail Extensions (MMIE) types, but integrate directly into the windows registry.
That means IIS natively understands how to treat most common windows file
format, such as text (TXT) files, application initialization (INI) files, executable
(EXE) files and many others
IIS provides an Interface FOR COM
You can control many parts of IIS using COM>IIS exposes many of the server’s
configuration settings via the IIS Admin objects. These objects are accessible from
ASP and other languages. That means you can adjust server configuration and
create virtual directories and webs programmatically. IIS 4 and higher store
settings and web information in a spoil database called the Metaphase. You can use
the IIS Admin objects to create new sites and virtual directories be alter the
properties of existing sites and virtual directories.
IIS ARCHITECTURES OVERVIEW:
IIS is a core product, which means that it is designed to work closely with many
other products, including all products in the Windows NT Server 4.0 Option pack.
The following figure shows the relationship between IIS and other products
installed as part of the Windows NT Server 4.0 Option pack.
SECURITY FOR IIS APPLICATION
IIS provides three authentication schemes to control access to ITS resources:
Anonymous, Basic and Windows NT challenge/Response. Each of these schemes
had different effect on the security context of an application launched by ITS. This
includes ISAPI extension agents, COT applications, IDC scripts and future
scripting capabilities.
ACCESS PRIVIEGES
IIS provides several new access levels. The following values can set the type of
access allowed to specific directories:
Read
Write
Script
Execute
Log Access
Directory Browsing.
IIS WEBSITE ADMINISTRATION
Administering websites can be time consuming and costly, especially for people
who manage large internet Service Provider (ISP) Installations. To save time and
money Sip’s support only large company web siesta the expense of personal
websites. But is there a cost-effective way to support both? The answer is yes; if
you can automate administrative tasks and let users administer their own sites from
remote computers. This solution reduces the amount of time and money it takes to
manually administer a large installation, without reducing the number of web sites
supported.
Microsoft Internet Information server (IIS) version 4.0 offers technologies to do
this:
1. Windows scripting Host (WSH)
2. IIS Admin objects built on top of Active Directory service Interface(ADS))
With these technologies working together behind the scenes, the person can
administers sites from the command line of central computer and can group
frequently used commands in batch files.Then all user need to do is run batch files
to add new accounts, change permissions, add a virtual server to a site and many
other tasks.
SOFTWARE REQUIREMENT SPECIFICATION
A software requirements specification (SRS) is a complete description of the
behavior of the software to be developed. It includes a set of use cases that
describe all of the interactions that the users will have with the software. In
addition to use cases, the SRS contains functional requirements, which define the
internal workings of the software: that is, the calculations, technical details, data
manipulation and processing, and other specific functionality that shows how the
use cases are to be satisfied. It also contains nonfunctional requirements, which
impose constraints on the design or implementation (such as performance
requirements, quality standards or design constraints).
The SRS phase consists of two basic activities:
1) Problem/Requirement Analysis:
The process is order and more nebulous of the two, deals with understanding the
problem, the goal and constraints.
2) Requirement Specification:
Here, the focus is on specifying what has been found giving analysis such as
representation, specification languages and tools, and checking the specifications
are addressed during this activity.
The Requirement phase terminates with the production of the validate SRS
document. Producing the SRS document is the basic goal of this phase.
Role of SRS:
The purpose of the Software Requirement Specification is to reduce the
communication gap between the clients and the developers. Software Requirement
Specification is the medium though which the client and user needs are accurately
specified. It forms the basis of software development. A good SRS should satisfy
all the parties involved in the system.
PSMPA
Date flow diagram
Level 0
patient registrationPatient details
Data base
Generate ID
Generate Secrete key
Patient
Verify user Authentication
Output
Level 1
Level 2
Data storage
USER
Upload patient data
Enter ID and Secrete key
Encrypt data & store into server
Data base
Verify physician
Hospital
Retrieve data
Enter ID and Secrete key
CSP
Verify physician
Provide treatment
Level 3
UserServer
Patient registration
Generate ID
Secret Key generation
Upload patient records
Encryption & store data into server
Retrieve file
Verify physician
Decrypt & download record
Use case Diagram
Hospital Patient
Update patient report ()
View patient records
Register new patientUser details
Address
Contact details
View personal details ()
View record ()Provide treatment ()
View report
PSMA
Maintain patent details
Maintain patient record
Generate key ()Verify physician ()Update hospital database ()
Class Diagram
Patient Hospital
Login
New patient register
Update reportProvide treatment
yes No
Key & ID generation
View details
View treatment details
PSMPA
Verify physician
Activity diagram
SYSTEM TESTING
The purpose of testing is to discover errors. Testing is the process of trying
to discover every conceivable fault or weakness in a work product. It provides a
way to check the functionality of components, sub assemblies, assemblies and/or a
finished product It is the process of exercising software with the intent of ensuring
that the
Software system meets its requirements and user expectations and does not fail in
an unacceptable manner. There are various types of test. Each test type addresses a
specific testing requirement.
TYPES OF TESTS
Unit testing
Unit testing involves the design of test cases that validate that the internal
program logic is functioning properly, and that program inputs produce valid
outputs. All decision branches and internal code flow should be validated. It is the
testing of individual software units of the application .it is done after the
completion of an individual unit before integration. This is a structural testing, that
relies on knowledge of its construction and is invasive. Unit tests perform basic
tests at component level and test a specific business process, application, and/or
system configuration. Unit tests ensure that each unique path of a business process
performs accurately to the documented specifications and contains clearly defined
inputs and expected results.
Integration testing
Integration tests are designed to test integrated software components to
determine if they actually run as one program. Testing is event driven and is more
concerned with the basic outcome of screens or fields. Integration tests
demonstrate that although the components were individually satisfaction, as shown
by successfully unit testing, the combination of components is correct and
consistent. Integration testing is specifically aimed at exposing the problems that
arise from the combination of components.
Functional test
Functional tests provide systematic demonstrations that functions tested are
available as specified by the business and technical requirements, system
documentation, and user manuals.
Functional testing is centered on the following items:
Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application outputs must be exercised.
Systems/Procedures: interfacing systems or procedures must be invoked.
Organization and preparation of functional tests is focused on requirements, key
functions, or special test cases. In addition, systematic coverage pertaining to
identify Business process flows; data fields, predefined processes, and successive
processes must be considered for testing. Before functional testing is complete,
additional tests are identified and the effective value of current tests is determined.
System Test
System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An
example of system testing is the configuration oriented system integration test.
System testing is based on process descriptions and flows, emphasizing pre-driven
process links and integration points.
White Box Testing
White Box Testing is a testing in which in which the software tester has
knowledge of the inner workings, structure and language of the software, or at least
its purpose. It is purpose. It is used to test areas that cannot be reached from a black
box level.
Black Box Testing
Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as
most other kinds of tests, must be written from a definitive source document, such
as specification or requirements document, such as specification or requirements
document. It is a testing in which the software under test is treated, as a black
box .you cannot “see” into it. The test provides inputs and responds to outputs
without considering how the software works.
Unit Testing:
Unit testing is usually conducted as part of a combined code and unit test
phase of the software lifecycle, although it is not uncommon for coding and unit
testing to be conducted as two distinct phases.
Test strategy and approach
Field testing will be performed manually and functional tests will be written
in detail.
Test objectives
All field entries must work properly.
Pages must be activated from the identified link.
The entry screen, messages and responses must not be delayed.
Features to be tested
Verify that the entries are of the correct format
No duplicate entries should be allowed
All links should take the user to the correct page.
Integration Testing
Software integration testing is the incremental integration testing of two or
more integrated software components on a single platform to produce failures
caused by interface defects.
The task of the integration test is to check that components or software
applications, e.g. components in a software system or – one step up – software
applications at the company level – interact without error.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
Acceptance Testing
User Acceptance Testing is a critical phase of any project and requires
significant participation by the end user. It also ensures that the system meets the
functional requirements.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
Conclusion:
A novel authorized accessible privacy model and a patient self-controllable
multi-level privacy preserving cooperative authentication scheme realizing three
different levels of security and privacy requirement in the distributed m-healthcare
cloud computing system are proposed, followed by the formal security proof and
efficiency evaluations which illustrate our PSMPA can resist various kinds of
malicious attacks and far outperforms previous schemes in terms of storage,
computational and communication overhead.
Future Enhancement
Our future work will focus on investigating the relation between patient
mobility and privacy under the distributed Environment.
References:
I. J. Misic and V. B. Misic, “Implementation of security policy for clinical
information systems over wireless sensor network,” Ad Hoc Netw., vol. 5,
no. 1, pp. 134–144, Jan. 2007.
II. J. Misic and V. Misic, “Enforcing patient privacy in healthcare WSNs
through key distribution algorithms,” Security Commun. Netw. J., vol. 1, no.
5, pp. 417–429, 2008
III. M. Li, S. Yu, K. Ren, and W. Lou, “Securing personal health records in
cloud computing: Patient-centric and fine-grained data access control in
multi-owner settings,” in Proc. 6th Int. ICST Conf. Security Privacy Comm.
Netw., 2010, pp. 89–106.
IV. J. Sun and Y. Fang, “Cross-domain data sharing in distributed electronic
health record system,” IEEE Trans. Parallel Distrib. Syst., vol. 21, no. 6, pp.
754–764, Jun. 2010.
V. R. Lu, X. Lin, X. Liang, and X. Shen, “A secure handshake scheme with
symptoms-matching for mhealthcare social network,” J. Mobile Netw.
Applications, vol. 16, no. 6, pp. 683–694, Dec. 2011.