Year

2016

Degree Name

Doctor of Philosophy in Computer Science

Department

School of Computation and Information Technology

Abstract

Medical records have been moving from paper-based systems to electronic form in recent decades. This evolution to electronic health records (EHRs) brings new benefits and possibilities for healthcare providers, physicians and patients. Involved users can easily and flexibly deal with EHRs: they can broadcast and share the data amongst themselves rather than share on an individual to individual basis. The data can be moved from limited local storage systems at hospitals to externally hosted systems which enable multiple parties to access and maintain these records. However, with the change arise new practical, legal, ethical and financial challenges. EHRs contain sensitive personal medical information, and thereby demand that integrity and confidentiality are assured. Nevertheless, EHRbased systems improve individual outcomes and cut implementation costs. Stored data has to be accessible only to authorised users and always available especially in the case of emergencies.

EHR-based access and storage is a wide topic with numerous issues, including security and privacy concerns as well as efficiency and practical matters. At a first sight, one would look to design a solution that solves all of these problems. However, it is difficult to find a satisfactory solution with strong user autonomy and guarantees confidentiality along with flexibility and computational efficiency. Therefore, we propose dividing the general EHR-based context into subcases and studying each individually, defining them through concrete scenarios and to present specific solutions. We believe these solutions will be more effective in both security and utility compared to approaches which look at the EHR environment as a whole and aim to deliver a single solution.

Access control and storage services are the two main categories we studied. On one hand, we focus on the data accessibility. Since privacy of both user identities and data must be guaranteed and there is a threat of compromise by malicious actors, we have to ensure that only authorised users can access and manipulate EHR contents. On the other hand, we concentrate on storage of the data. We want to enable authorised users to be able to upload EHRs to cloud servers, selectively request access to stored data, and finally update and selectively share EHRs with other authorised people. Because it is difficult to iv design a single fully secure and effective EHR-based system which handles all of these actions, we divide the problem into different situations. We adopt an assumption that cloud servers are not fully trustworthy and design accordingly. This increases flexibility for healthcare providers when selecting a cloud service provider.

In this thesis, we outline various realistic scenarios, focus on their functional, security and practical requirements, and we then propose cryptographic primitives to address the requirements and issues.

We first present two primitives which involve broadcast encryption with membership and certificate-based broadcast encryption to enable secure and efficient broadcast and sharing of EHRs among the involved users. The first primitive allows hospital staff members authorised by a medical institute to access EHRs encrypted by the hospital. The second primitive enables staff members authorised by the hospital and holding valid certificates delivered by health legislators to access EHRs.

We then propose a primitive involving certificate-based encryption with keyword search to enable secure and efficient access and retrieval of EHRs stored on cloud servers. This primitive allows hospital staff members to search for EHRs stored on a cloud server using a trapdoor that embeds a keyword describing the contents of the records and a valid certificate.

We also design two primitives involving on-line/off-line ciphertext-policy attributebased proxy re-encryption and ciphertext-policy DNA-based encryption to securely address patient privacy in an efficient manner by reducing the computation and communications resources needed. The first primitive enables the hospital to pre-encrypt an EHR regarding credentials and lets the patient finalise the encryption using other credentials. A staff member recovers the EHR if and only if s/he satisfies at least the patient’s credentials. The second primitive considers DNA sequences for their uniqueness and closeness. A first patient encrypts his/her EHR using his/her DNA sequence and a second patient can retrieve the EHR if and only if his/her DNA sequence is close enough to that of the first patient.

Finally, we propose the primitive which involves dynamic provable data possession with public verifiability and data privacy to enable secure and efficient management of EHRs in cloud computing. This primitive allows hospital staff members to upload and update non-encrypted EHRs to a cloud server. A third party auditor is required to check that the cloud server correctly stores the EHRs by regular auditing.

Share

COinS