PharmaSecure is an application that provides a secured, homomorphic way of storing crucial, sensitive pharmaceutical data on the cloud. It is an application that we implemented as our final year project for Bachelor's Degree in Computer Engineering.
Our research is published in Web Of Science journal and has received the Best paper award at ICCTAW conference (Computing technologies for Transforming the Automated World) held in April 2020
Homomorphic Encryption is an encryption technique that allows specific computations on data in its encrypted form (cipher texts). The result is always encrypted data (cipher text), which results from operations performed on encrypted data of plain text. Homomorphic Encryption provides the basis of manipulating data without decrypting it first. We make use of Paillier Homomorphic Encryption scheme in our implementation.
Our application focuses on two users, managers and researchers/employees. In any case the keys need to be stored securely on the servers. There are various ways that we explored and then came to a conclusion of making use of the most suitable one. Few methods are:
It is a separate hardware module in which sensitive keys are stored. The major advantage that this method provides is it’s distal from the actual server. The keys are stored on the HSM and never leaves the appliance un-encrypted. Any cryptographic activity that involves the private key is carried out internally within the device. However, considering the overhead of extra hardware we didn’t opt for this option in our project.
This method provides additional layers of security with protection against offline attacks. This method requires the user to supply the secret key used to encrypt files containing cryptographic keys before using it. Here the secret is already shared with the user while registering with the system, he has to use the same secret in the future to fetch cryptographic keys.
Encrypted file with hidden key
Another solution for securely storing keys on the server is to store it in a particular file and then encrypting that file with the user password or equivalent key. The major advantages provided by such a service is getting more control while logging into the system to get results. We make use of this technique thereby securing the storage of keys on the server.
Here is how the file storing key looks:
- The two primary users of our application are Manager and Researcher present in pharmaceutical industries.
- Employees/Researchers perform the work of experimentation while developing medicine, because of which there are frequent changes to the quantities of the components present in the medicines.
- These pieces of information are very confidential and hence should be visible to only authorized people like the manager. The manager holds all the rights like adding/removing employees, watching detailed descriptions of medicines, etc.
- All the keys used for cryptographic operations are stored securely (encrypted form) on the servers adding an extra bit of security to the application.
Here is the demo of our app in form of gifs.
