BGNBA-OCO based privacy preserving attribute based access control with data duplication for secure storage in cloud

Cloud computing technology offers flexible and expedient services that carry a variety of profits for both societies as well as individuals. De-duplication techniques were developed to minimize redundant data in the cloud storage. But, one of the main challenges of cloud storage is data deduplication with secure data storage.To overcome the issue, we propose Boneh Goh Nissim Bilinear Attribute-based Optimal Cache Oblivious (BGNBA-OCO) access control and secure de-duplication for data storage in cloud computing in this paper. The proposed method achieves fne-grained access control with low computation consumption. We design Boneh Goh Nissim Privacy Preserving Revocable Attribute-based Encryption that reinforces attribute revocation and averts the discharge of sensitive information. Furthermore, we utilize Optimal Cache Oblivious algorithm to prevent disclosure of access patterns to hide the access patterns in cloud storage via rand pattern matching. We support updating both encrypted data and access control policies to minimize communication and computation overhead of data duplication and encryption processes concurrently. We perform secure data sharing to achieve higher data confidentiality and integrity. Finally, we conducted the extensive experiments in cloud and the results illustrated that our proposed BGNBA-OCO method is more efficient than related works.


Introduction
Cloud computing deeply facilitates different types of services for data providers who want to store their sensitive data.A secure data deduplication approach is employed in cloud storage to reduce the storage space while eradicating the data copies.Several secure data sharing and deduplication have been developed.However, existing deduplication methods failed to offer sufficient security for sensitive data.Hence, a proposed secure deduplication technique is needed that combines encryption and access control to guarantee the confidentiality and privacy of data.With the rapid growth of cloud computing and sharing the of large-volume data, secure sensitive information sharing with data deduplication is a significant process in cloud-assisted systems.Several secure data sharing and deduplication have been developed.
A secure data-sharing scheme was developed in [1] with data deduplication to protect sensitive information confidentiality and improve deduplication efficiency.However, the data integrity rate was not improved.An efficient and secure attribute-based access control scheme was designed in [2] for multiple data distribution to considerably minimize the computation cost.But the communication overhead in the data storage remained a challenging task.A ciphertext-policy attribute-based encryption method was developed in [3] based on attribute revocation procedure by proxy re-encryption.However, it failed to implement the proposed scheme with better feasibility.An attributebased storage system was developed in [4] to improve the duplicate detection.But it failed to improve the confidentially of the shared data with specifying an access policy.
A novel Modified Elliptic Curve Cryptography (MECC) method was introduced in [5] for secure deduplication on cloud storage.However, the MECC method was not efficient for increasing security with minimum computation time and storage in the cloud environment.A secure and scalable data deduplication approach was designed [6] for dynamic user managing securely and to avoid unauthorized cloud users from sensitive data.Though the approach reduces the unnecessary communication overhead, the computation overhead was not reduced.A multi-user updatable encryption approach was designed [7] for storing the remote ciphertext in the cloud.But the performance of data confidentiality remained unaddressed.
A verifiable deduplication approach named VeriDedup was developed in [8] to ensure the accuracy of duplication and provide flexible integrity over encrypted data.But the overhead analysis in the duplication was not analyzed.A novel encrypted deduplication storage method was introduced in [9], by analyzing the deduplication to metadata.But the integrity level was not enhanced.An effective secure deduplication approach was developed in [10] to provide authorized data access and maximally eliminate duplicates without affecting the security and privacy of cloud users.The main contribution of the BGNBA-OCO Method is summarized in the following.
To enhance the security of data sharing and data deduplication efficiency, a novel BGNBA-OCO method is introduced.
First, the Boneh Goh Nissim Privacy Preserving Revocable Attribute-based Encryption is performed to store the multiple patient files on cloud storage.To minimize the communication overhead in the deduplication, Optimal Cache Oblivious algorithm is designed with the help of rand matching coefficient.This helps to minimize the repeated data storage on cloud server.
Next, the attribute based access control policy is applied for authorization to download data from server.This inturn improve data confidentiality rate.
Additive Linear Secret Sharing matrix is applied to avoid the data modification and alteration for enhancing the data integrity level.Finally, the extensive experiments are conducted to evaluate the performance of our BGNBA-OCO method and other existing works.

Related works
In this section, previous Data deduplication technique was developed with cloud storage providers.Several secure data deduplication methods were introduced for different scenarios to ensure security of users' sensitive data.But, the high amount of data in storage was not considered.A lightweight rekeying-aware encrypted deduplication approach (REED) was designed in [11] for a re-encryption deduplication storage system.The one-way hash function was applied in the REED method to resist the stub-reserved attack and enhance the data privacy of data owners' sensitive data.Moreover, REED effectively reduced the computation overhead of the system but the communication overhead and time were not effectively reduced.
In order to minimum computation time overhead, a deduplication strategy based on the Merkle hash tree was developed in [12] for secure data sharing against bruteforce attacks.The designed system efficiently supports the file-and block-level dedup to improve the rate of data deduplication for access control.But the designed strategy failed to apply large-scale cloud computing for reducing the resource wastage rate.
Enhanced Symmetric Key Encryption Algorithm (ESKEA) was developed in [13] for secure data storage with data deduplication to enhance data confidentiality.The designed Convergent Encryption (CE) algorithm to verify the service provider duplicates copies of data.In addition, ESKEA algorithm utilized a Spider Monkey Optimization Algorithm (SMOA) for optimally selecting the secret key.Lastly, the recovered key was employed to retrieve original data.However, the integrity of data storage was not improved.
A new privacy-preserving, revocable ciphertext policy attribute-based encryption (PR-CP-ABE) approach was developed in [14] to preserve sensitive outsourced data.The designed integrated secure deduplication method was used to enhance the storage efficiency of cloud service provider while preserving the data privacy.However, the approach consumed more time for attribute-based encryption.
A secure aggregation-based tag deduplication method (ATDS) was designed in [15] for side channel attack recognition through the public verification.The Lagrangian interpolation-based aggregation method was developed to attain tag deduplication.By applying this technique, content-associated public key was used to achieve auditing.However the higher performance data integrity level was not achieved.
An efficient and privacy-preserving big data deduplication method was developed in [16] to achieve both privacy-preserving and data availability also resists the brute-force attacks.The designed method utilized a three-tier cross-domain structural design for secure and privacy-preserving deduplication with big data in cloud storage.However, the proposed method failed to protect the duplicate information in healthcare industry.
The healthcare industry faces demand regarding the security and efficiency of data organization for patient health records.Hence, a secure and efficient medical data sharing method was developed in [17] with the purpose of deduplication over the cloud encrypted storage.The designed method achieved a viable less cloud storage space overhead, and enhances the system performance with high fault-tolerance capability.However, communication overhead in the deduplication over the cloud-encrypted storage was not minimized.A secure encrypted data deduplication model was developed in [18] to find out the different encrypted data created from similar plaintext.The ciphertext policy attribute-based encryption was performed to preserve the tags for data uploader through the cloud server in an offline manner.
But it has a high computational overhead.
A modified ramp secret sharing (MRSS) approach was designed in [19] to minimize the storage overhead with privacy-preserving data processing applications.The designed MRSS scheme was utilized for any privacy preserving data processing that performs linear operations on the data.However, the confidentiality of privacy-preserving data processing was not improved.An Elliptical Curve Cryptographic and to generate key the Chinese Remainder Theorem (ECC-CRT) based deduplication model was developed in [20] to remove the frequent data on cloud storage.The cosine similarity checking was employed to perform the Deduplication it avoids malicious upload and downloads in storage space.However, the efficient algorithm was not implemented for focusing on the time consumption while generating the keys.
A blockchain-assisted data sharing method was proposed in [21] to perform the detection of deduplicated data and end the group of ciphertext after deduplication.However, the designed method was failed to improve the computational overhead ciphertext deduplication.In [22], Data de-duplication and recovery method was proposed into public key searchable encryption by involves the public key searchable encryption and proxy re-encryption.But, the proposed method was efficiently minimized the users storage fixed cost and enhance the work efficiency.
A data redundancy method designed in [23] to save cloud storage resources by minimizing the duplicate data in cloud server storage.However, more secure deduplication in a cloud storage system with better throughput and reduced deduplicate elimination ratio to save cloud storage.A cloud data auditing scheme was carried in [24] to supporting file and authenticator deduplication.The proposed scheme is initially sensible one to accurately achieve low-entropy security.But, also reduce the cloud's storage overhead considerably.
Point-of-interest (POI) category recommendation model was developed in [25] to preserve users' check-in records.Locality-sensitive hashing (LSH) was designed for categorizing similar users into identical groups.POI category was utilized to improve mine the user's interests.A new privacy-preserving POI recommendation model was employed in [26] to ensure user privacy protection.However, the communication overhead was not minimized.

Summary
In the related works discussed above, most of the schemes rely on data duplication.Some of the schemes achieved secure data duplication, but their using of public key encryption caused significant overhead to the process.In this paper, we propose BGNBA-OCO achieves secure deduplicaion of data for data storage in CC.Boneh Goh Nissim Bilinear Attribute-based cryptography and Optimal Cache Oblivious algorithm utilized for minimizing storage overhead, computation overhead.

Boneh Goh Nissim Bilinear Attribute-Based Optimal Cache Oblivious (BGNBA-OCO) Methods
Data sharing plays a vital role in cloud-supported electronic medical systems.Electronic medical records consist of disease-related information about patients.In order to conceal the patient's sensitive data, security is a key factor prior to uploading the electronic medical record to the server.During the sensitive data uploading, there are large amounts of duplicate data in electronic medical records, which incurs unnecessary storage in the cloud server.
In order to overcome the above problems, an efficient secure data sharing with an access control scheme with data deduplication and sensitive information hiding is required in cloud-assisted electronic medical systems.Based on this motivation, a novel method called Boneh Goh Nissim Bilinear Attribute-based Optimal Cache Oblivious (BGNBA-OCO) is developed for access control and secure de-duplication efficiency for data storage by protecting the sensitive information.
Figure 1 depicts the architecture diagram of the proposed BGNBA-OCO method for secure data sharing and de-duplication in cloud computing environment.

System model
The system model BGNBA-OCO method involves four entities such as patients, hospital, cloud server, and Medical practitioner.The hospital generates vast amounts of electronic patient records day by day that need to be transferred to the cloud server for sharing with medical practitioners.To ensure security, the hospital needs to encrypt the patient file and upload the data to the cloud server for further processing.If medical practitioners want to obtain patient information, he/she first needs to get authorization from the hospital.Therefore, it uses the access control policy for authorization.• Cloud server: The cloud server possesses enormous storage space and powerful computing capability.
After receiving the ciphertext of the patient information, the cloud server performs a deduplication operation to improve the efficiency of storage space.Meanwhile, the cloud server recognizes the authorized user identity and performs deduplication.Besides, the hospital distributes patient information to medical practitioners via the cloud server under the condition of the access control policy.• Medical practitioner: he/she wants to access the patient information from the server, they first need to obtain authorization from the hospital and then download information from the cloud server using the Additive Linear Secret Sharing matrix.Then the authorized practitioner decrypts and gets the original patient information under the conditions.This in turn improves the data confidentiality as well as integrity.

Security model
A Security Model exhibits the security of data transmission is designed between the server over the network to prevent the attackers and enhance the confidentiality or authenticity of the information that is being transmitted through the network.Let us consider the number of patient file PI 1 , PI 2 , . . .PI m , Hospital or data owner ' HS , cloud server ( CS ), Medical practitioner.The secure data transmission is performed between server and medical practitioner.Figure 2 illustrates the network security model of BGNBA-OCO method.Design an Boneh Goh Nissim Privacy Preserving Revocable Attribute-based algorithm for performing the security-related transformation between sender and Receiver.Before data storage in cloud server, Optimal Cache Oblivious algorithm is designed for data deduplication to minimize the storage space.Attribute secret key based user authorization is performed to validate the user authenticity.Finally, the authorized receiver performs decryption and gets the original patient file.

Boneh Goh Nissim Privacy Preserving Revocable Attribute-based Encryption
First process of the proposed BGNBA-OCO method is an attribute-based encryption before uploading the patient information into cloud server.The proposed technique uses the Boneh Goh Nissim cryptosystem to perform data encryption.The hospitals receive the patient's information PI = {PI 1 , PI 2 , . . ., PI m }.
Figure 3 illustrates the flow process of the Boneh Goh Nissim Revocable Attribute-based Encryption to guarantee the confidential access control over encrypted data in cloud environment.The hospital or data owner first collects the patient information PI = {PI 1 , PI 2 , . . ., PI m } .The Boneh Goh Nissim based Revocable Attribute-based Encryption is applied a public key cryptography for performing the attribute based encryption to ensure data confidentiality.In the attribute based encryption approach, the attribute secret key of a user depends on the certain attributes.In such a system, the decryption is obtained only if the set of attributes of the user attribute key matched.
Let us consider the set of system attributes A = {A 1 , A 2 , . . ., A k } .By applying a Boneh Goh Nissim cryptosystem, the private and public key is generated through the bilinear map concept.
The system selects an additive cycle group Q a and a mul- tiplicative cycle group Q m of prime order p , p is a genera- tor of Q a .Therefore, the bilinear map is structure as, A bilinear map ' M ' is a function that combining ele- ments of cycle groups' Q a * Q a ' to yield an element of a third cycle groups'Q m , and is linear.
The public key is generated as given below, Where, P pb denotes a public key,K indicates a multi- plication of two large prime numbers, ' P ' , Q m denotes a cycle groups' of order ' M ' , z indicates a generator of the cycle groups ' Q m ' . (1)

Fig. 2 Network security models
Where, x 1 and x 2 are the two large prime numbers, ' a ' indicates a generator of the cyclic groups ' Q m ' .
Followed by, the private key is generated as given below, Where, P pr indicates a private key, x 1 denotes a large prime number.Then the attribute secret key is generated depends on the set of user attributes A = {At 1 , At 2 , . . ., At k } .Here the user attributes are name, mail ID, etc.
Where, Sk denotes an attribute secret key related with an attribute list ' A ' .This key is used at the time of data The data owner performs data encryption with receiver public key.Encryption is the significant process of altering the original patient health information into an indecipherable form.The original data is called as plaintext and the encrypted data represented as cipher text.

Definition 1 (encryption)
Let us the patient's file PI = {PI 1 , PI 2 , . . ., PI m } to be stored in a cloud server ( CS ).The encryption is the pro- cess of altering the original information into cipher text is given below,

Optimal Cache Oblivious algorithm based data deduplication
Once the data gets encrypted, the hospital or data owner needs to store their file on the cloud server.The server verifies the data deduplication ratio to minimize the computation and communication overhead.The proposed BGNBA-OCO method uses the Optimal Cache Oblivious algorithm for increasing the deduplication efficiency of sensitive patient file storage on the cloud server.
The cloud server permits to store the sensitive patient file if it has a high duplicate ratio.The optimal Cache Oblivious algorithm executes well on a multilevel memory hierarchy without identifying any parameters of the hierarchy, only identifying the existence of a data structure.The cache in the cloud server holds a large volume of data.Then the cloud server performs the caching to analyze the patient records in the memory hierarchy.During the analysis, it verifies whether the memory hierarchy with similar content is present in the existence of a data structure through the rand matching coefficient.

Definition 2 data dedepulication:
Rand matching coefficient is a statistical technique used to checks whether patient records exist in the cache hierarchy.
Where RMC indicates a Rand matching coefficient that returns '1' for accurate matching and '0' for not matched.If the file is already presents, it indicates a 1' and the cloud server abort the file storage.Otherwise, it permits to upload the file in cache of cloud server for further processing.
This helps to avoid the data deduplication and also minimizes the excessive storage space.The algorithmic (7 Matching files Available files stored in cache process of attribute-based Encryption and deduplication is described as given below.

Algorithm 1: Boneh Goh Nissim Revocable Attribute-based Encryption and deduplication
The above algorithm [1] illustrates the procedure of secure medical data deduplication and data storage in the cloud environment.For each patient, the cloud server generates the private, public, and attributes secret keys.With the generated keys, the hospital performs data encryption to convert the original data into cipher text.Before data uploading, the server verifies the data duplication.The server verifies the incoming cipher text into its cache hierarchy.If the content exists, the cloud server aborts the data storage to avoid data deduplication.Otherwise, it allows storing the data in the cache for further processing to minimize the storage overhead.

Authorization and decryption
The final process of the proposed BGNBA-OCO is to perform the authorization and decryption.In the cloud, whenever the medical practitioner needs to access the patient file from the cloud server, they first sent the authorization request to the hospital or data owner.After getting the request from the medical practitioner, the hospital verifies the medical practitioner's authenticity with the help of the access control policy based on a set of attributes.Based on the attribute verification, the hospital permits to download the patient file from the cloud server.
The RMC methods gives either or output.Rand mat- defiing coefficient that returns '1' for accurate matching and '0' for not matched.If the file is already presents, it indicates a 1' and the cloud server abort the file storage.Otherwise, it permits to upload the file in cache of cloud server for further processing.
Figure 4 depicts the flow process of the authorization and decryption to obtain the original patient file from the cloud server.First, the medical practitioner send authorization request to hospital.
Where, MP denotes medical practitioner, Authorization Req denotes an authorization request to hospital ' HS ' .After getting the request, hospital performs authenticity verification through an attribute secret key created at the time of the key generation.In other words, an access policy is defined with the attribute secret key.The medical practitioner enters the attribute secret key for proving their authenticity.
After receiving the attribute secret key ' Sk′ ' , ' HS ' veri- fies whether the key is matched Sk = Sk′ or not Sk = Sk .If both the attribute secret keys are matched (i.e.Sk = Sk′ ), the hospital permits to access the patient file.

Definition 4 decryption
The medical practitioner accesses the data after the decryption with their private key.The decryption is the process of converting the cipher text into its original patient file.The authorized medical practitioner decrypts the data with their private secret key as give below, Where, ' PI ' designates a patient medical file, ' CT ' indi- cates a cipher text, ' x 1 ' represents a private key, ' z ' indicates a generator of the cyclic groups ' Q m ' .Finally, the medical practitioner performs decryption to obtain the original patient medical file.

Proof of corrections
The equation [11] is used for verifying the security proof, By applying the base of the logarithm rule, (10) In order to prove that the above equation [7], the right hand side (RHS) functions is considered

Additive linear secret sharing matrix based access structure
Additive linear secret sharing scheme is a particular kind of secret sharing system where the secret value satisfies a linear relationship.It helps to perform a finegrained access by the authorized user and also improve the efficiency of decryption with minimum time.
An Additive linear secret sharing matrix involves the process of dividing a secret value i.e. ciphertext into multiple blocks in the specified organization.It helps to avert a single block from having entire information of the original secret value.To obtain the secret information, all blocks must group their secret value collectively to expose the original secret value.
Figure 5 depicts the flow process of additive linear secret sharing based access structure to avoid illegal user access or modify the secret data.Where, S denotes a secret value.In order to reconstruct the secret value, all the sub values are summed.
In this way, access structure of the authorized user is defined to enhance the data integrity in cloud.
The algorithmic process of authorization and data decryption are given below, Algorithm 2: Authorization and data decryption The algorithm of the authorization and data decryption is performed to improve data confidentiality and integrity.Whenever the medical practitioner needs to access the data from the server, they first verify the authorization by means of attribute secret key matching.When the secret key gets matched correctly, the cloud server permits to access the stored secret patient file.Otherwise, the cloud server denied access.Then the authorized entity performs decryption with their private key to get the original patient file.Then the proposed BGNBA-OCO technique also uses the additive linear secret sharing scheme for access structure policy in order to guarantee the integrity of data access.

Implementation setup
Experiment evaluation of BGNBA-OCO, existing secure data sharing scheme [1], efficient and secure attribute based access control scheme [2] are implemented using java and cloudsim simulator for secured data sharing and deduplication in cloud environment.In order to conduct the implementation, Heart failure clinical records dataset collected from UCI repository https:// archi ve.ics.uci.edu/ ml/ datas ets/ Heart+ failu re+ clini cal+ recor ds.The dataset includes a 299 Heart patients records with 13 features.The features information is listed in Table 1.

Performance analysis and comparisons
In this section, comparative analysis of BGNBA-OCO, existing secure data sharing scheme [1], efficient and secure attribute based access control scheme [2] are presented for cloud environments with different valuation metrics such as,

Communication overhead
It is measured a server side during the data storage.The overhead is an amount of memory space require for storing the patient files into the cache of the cloud server.
Where, comm OH is a communication overhead, PI i patient file, MS(PI) is a memory space for storing the one patient file.It is measured as Mega bytes (MB).Below Table 2 shows the comparison data results of communication overhead.(15)

Computation overhead
It is measured as an amount of time taken for secret sharing the patient files into the authorized client.
Where, comp OH indicates a computation overhead, PI i patient file, t(PI) denotes a time for storing one patient file.It is measured in terms of milliseconds (ms).Table 3 illustrates the data results value of computation overhead of this scheme.

Data confidentiality rate
It is the measure of number of data that are accessed by authorized access and denied access for unauthorized user in loud environment.The confidentiality rate is calculated using the following equation [17], Where, DCR represent the data confidentiality rate, PI i denotes the number of patient file, PICA patient file cor- rectly accessed.Data confidentiality rate is measured in percentage (%).

Data integrity rate
It measured as the number of data that are not altered or changed by any unauthorized users.The performance of integrity rate is mathematically calculated as given below, Where, DIR indicates a data integrity rate, PI i denotes the number of patient file, PINA denotes a number of patient file not altered.Data integrity rate is measured in percentage (%).Table 5 illustrates the data results value of data integrity rate values of this scheme.
Figure 6, shows the comparison results of communication overhead.The more patient files the cloud server stores, the minimum communication overhead is. Figure 6 shows clearly that the communication overhead of cloud servers is influenced by deduplication efficiency as well as the number of files.In Fig. 6, the communication overhead of the BGNBA-OCO method is best with four methods.Let us consider the number of patient files improves, the communication overhead among these four methods becomes better.By the four methods, the deduplication efficiency of the BGNBA-OCO method is maximized, so the communication overhead of our method is reduced.This BGNBA-OCO method enhances the security of the server side.The cloud server uses an (     optimal cache-oblivious algorithm to find whether the patient file exists in the cache of cloud storage by means of rand pattern matching.This process avoids data deduplication and minimizes storage space.The experiment is conducted with 25 patient files in the first iteration.The performance of communication overhead using the BGNBA-OCO method was found to be 11.25ms , whereas the communication overhead was found to be 13MB , 15MB, and 17MB using [1] [2] [3] correspondingly.Similarly, different performance results of communication overhead were observed.The experimental results of the BGNBA-OCO method are compared to conventional methods.The overall comparison results inferred that the communication overhead involved in data storage using the BGNBA-OCO method is minimized by 9%, 17%, and 24% when compared to existing [1] [2] [3] respectively.
In Fig. 7, describe the performance analysis of computation overhead using four schemes, BGNBA-OCO, existing [1, 2 and 3].From the Fig. 7 it is conditional to computation overhead improved with number of patient files for all four methods.Also, the computation overhead by applying BGNBA-OCO is found to be comparatively smaller than the other two existing methods.This is due to the reason BGNBA-OCO technique effectively performs a key generation process for data encryption, decryption, and authentication using Boneh Goh Nissim Bilinear Attribute-based cryptography.This process minimizes the time consumption of secure data sharing between cloud servers and medical practitioners.The experiment is conducted with 25 number of patient files in the first iteration.The performance of computation overhead using computation overhead was found to be 100ms , whereas the computation overhead was found to be 120 MB , 132.5MB and 147.5MB using [1] [2] [3] respectively.From this result, it is inferred that the computation overhead of computation overhead was found to be comparatively smaller.Therefore the average results indicate that the performance analysis of computation overhead using BGNBA-OCO technique is decreased by 10%, 17%, and 26% when compared to [1] [2] and [3] respectively.
From above Fig.8, the performance results of data confidentiality rate Vs.number of patient files.The data Fig. 7 Performance of computation overhead versus number of patient files confidentiality rate using the proposed BGNBA-OCO method is compared better than other existing methods.As shown in Table 4, let's assume the 25 patient files taken from the dataset to compute the data confidentiality rate.In the total number of patient files, the amount of patient files accessed by authorized users is 24.Therefore, the data confidentiality rate was found to be 96% using the BGNBA-OCO technique.Likewise, the data confidentiality rates of existing [1] [2] and [3] are 88% , 84% and 76% respectively.Similarly, dissimilar performance results are attained for each method.The overall performance of the BGNBA-OCO technique is compared to existing methods.The experimental results specified that the data confidentiality rate of the BGNBA-OCO technique is improved by 7%, 12%, and 20% compared to [1] [2], and [3] respectively.This is because of applying a Boneh Goh Nissim Bilinear Attribute-based encryption method to decrypt the given cipher text patient file.If the authorized user access data and the unauthorized user does not acquire any file from the cloud server.This enhances the confidentiality of patient file sharing from the hospitals to medical practitioners through the cloud server.
Figure 9, describes the performance analysis of the data integrity rate with respect to the number of patient files taken from 25 to 250 from the dataset.The performance of the data integrity rate is estimated by applying four various methods BGNBA-OCO, existing [1] [2] and [3].With these four schemes, the BGNBA-OCO technique achieved improved data integrity rate results when compared to conventional methods.For example, 25 patient files are considered in the first iteration to determine the data integrity rate in secret sharing with hospitals and medical practitioners.The BGNBA-OCO is applied and observes the data integrity rate to be 92% and the observed integrity rate of existing [1] [2] [3] are 84%, 80%, and 72% respectively.Lastly, the overall experimental results specified that BGNBA-OCO better the performance results of data integrity rate by 7% when compared to [1], 12% when compared to [2], and 19% when compared to [3] respectively.

•
Patients or cloud users: The architecture includes a number of users or patients ' P = {p 1 , p 2 , . . ., p n } who dynamically generates the sensitive patient file PI = {PI 1 , PI 2 , . . ., PI m }. • Hospital: The hospital is an entirely confidential place.

= x 1 ( 6 )
Sk = A decryption.When the decryption is performed, an access policy is defined with the attribute secret key.A ciphertext is decrypted by a user only if the user's attribute list matched.This helps to ensure the confidentiality of patient information.

Fig. 4 8 Definition 3
Fig. 4 Flow process of authentication and decryption

Fig. 5
Fig. 5 Additive linear secret sharing based access structure

Fig. 8
Fig. 8 Performance of data confidentiality rate versus number of patient files

Table 2
Comparison of communication overhead

Table 3
Comparison of computation overhead

Table 4
Comparison of data confidentiality rate

Table 5
Comparison of data integrity rate Fig. 6 Performance of communication overhead versus number of patient files Pavithra et al.Journal of Cloud Computing (2024) 13:8