Collaborative and secure sharing of healthcare data in multi-clouds

In healthcare, inter-organizational sharing and collaborative use of big data become increasingly important. The cloud-computing paradigm is expected to provide an environment perfectly matching the needs of collaborating healthcare workers. However, there are still many security and privacy challenges impeding the wide adoption of cloud computing in this domain. In this paper, we present a novel architecture and its implementation for inter-organizational data sharing, which provides a high level of security and privacy for patient data in semi-trusted cloud computing environments. This architecture features attribute-based encryption for selective access authorization and cryptographic secret sharing in order to disperse data across multiple clouds, reducing the adversarial capabilities of curious cloud providers. An implementation and evaluation by several experiments demonstrate the practical feasibility and good performance of our approach.

[1]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[2]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[3]  Miguel Correia,et al.  DepSky: Dependable and Secure Storage in a Cloud-of-Clouds , 2013, TOS.

[4]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[5]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[6]  Kalai Anand Ratnam,et al.  Cloud services - Enhancing the Malaysian healthcare sector , 2012, 2012 International Conference on Computer & Information Science (ICCIS).

[7]  Lei Ye,et al.  Medical Information Integration Based Cloud Computing , 2011, 2011 International Conference on Network Computing and Information Security.

[8]  G. Kanagaraj,et al.  Proposal of an open-source Cloud computing system for exchanging medical images of a Hospital Information System , 2011, 3rd International Conference on Trendz in Information Sciences & Computing (TISC2011).

[9]  Hugo Krawczyk Distributed fingerprints and secure information dispersal , 1993, PODC '93.

[10]  Angelo De Caro,et al.  jPBC: Java pairing based cryptography , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[11]  Moses D. Liskov,et al.  MPSS: Mobile Proactive Secret Sharing , 2010, TSEC.

[12]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[13]  Elizabeth Ann Bowen HHS.gov, U.S. Department of Health and Human Services, 200 Independence Avenue, S.W. Washington, DC, 20201. Retrieved April 10, 2012, from http: //www.hhs.gov/ , 2012, Gov. Inf. Q..

[14]  Doan B. Hoang,et al.  Mobile Cloud for Assistive Healthcare (MoCAsH) , 2010, 2010 IEEE Asia-Pacific Services Computing Conference.

[15]  Morris J. Dworkin,et al.  SP 800-38A 2001 edition. Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[16]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[17]  Jorge Werner,et al.  A Cloud Computing Solution for Patient's Data Collection in Health Care Institutions , 2010, 2010 Second International Conference on eHealth, Telemedicine, and Social Medicine.

[18]  Alan H. Karp,et al.  Fusion: Managing Healthcare Records at Cloud Scale , 2012, Computer.

[19]  Ari Juels,et al.  New approaches to security and availability for cloud data , 2013, CACM.

[20]  Sean Turner,et al.  Transport Layer Security , 2014, IEEE Internet Computing.

[21]  Maritta Heisel,et al.  A comparison of security requirements engineering methods , 2010, Requirements Engineering.

[22]  Alexander Ferworn,et al.  Using cloud computing for medical applications , 2012, SpringSim.

[23]  Doan B. Hoang,et al.  Novel Data Protection Model in Healthcare Cloud , 2011, 2011 IEEE International Conference on High Performance Computing and Communications.

[24]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[25]  Rüdiger Zarnekow,et al.  Security and Privacy System Requirements for Adopting Cloud Computing in Healthcare Data Sharing Scenarios , 2013, AMCIS.

[26]  Ahmad-Reza Sadeghi,et al.  Securing the e-health cloud , 2010, IHI.

[27]  Simon S. Y. Shim,et al.  Federated Identity Management , 2005, Computer.

[28]  Xi Jin,et al.  A cloud computing solution for Hospital Information System , 2010, 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems.

[29]  A. Schuchat DEPARTMENT OF HEALTH & HUMAN SERVICES , 2015 .

[30]  Frank Gens,et al.  Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[31]  Jian-Guo Bau,et al.  Secure Dynamic Access Control Scheme of PHR in Cloud Computing , 2012, Journal of Medical Systems.

[32]  R. Sukanesh,et al.  Cloud Based Emergency Health Care Information Service in India , 2012, Journal of Medical Systems.

[33]  Denis Vazhenin,et al.  Cloud-based web-service for health 2.0 , 2012, HCCE '12.

[34]  Yu-Yi Chen,et al.  A Secure EHR System Based on Hybrid Clouds , 2012, Journal of Medical Systems.

[35]  J. Hintze,et al.  Violin plots : A box plot-density trace synergism , 1998 .

[36]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[37]  Li Chen,et al.  The building of cloud computing environment for e-health , 2010, 2010 International Conference on E-Health Networking Digital Ecosystems and Technologies (EDT).

[38]  Milan Petkovic,et al.  Towards Trustworthy Health Platform Cloud , 2012, Secure Data Management.

[39]  Matthew Green,et al.  Self-Protecting Electronic Medical Records Using Attribute-Based Encryption , 2010, IACR Cryptol. ePrint Arch..

[40]  Alan R. Hevner,et al.  Design Research in Information Systems: Theory and Practice , 2010 .

[41]  Ming Li,et al.  Authorized Private Keyword Search over Encrypted Data in Cloud Computing , 2011, 2011 31st International Conference on Distributed Computing Systems.

[42]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[43]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[44]  Oliver Günther,et al.  Secure federation of semantic information services , 2013, Decis. Support Syst..

[45]  Lawrence O Gostin,et al.  Health information privacy. , 1995, Cornell law review.

[46]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[47]  Daniele Catteddu,et al.  Cloud Computing: Benefits, Risks and Recommendations for Information Security , 2009 .

[48]  Timothy Grance,et al.  Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[49]  Roy Fielding,et al.  Architectural Styles and the Design of Network-based Software Architectures"; Doctoral dissertation , 2000 .

[50]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[51]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[52]  M. C. Takenga,et al.  SaaS-platform for mobile health applications , 2012, International Multi-Conference on Systems, Sygnals & Devices.

[53]  Tony Thomas,et al.  Cloud Based Medical Image Exchange-Security Challenges , 2012 .

[54]  G. Vassilacopoulos,et al.  Ubiquitous access to cloud emergency medical services , 2010, Proceedings of the 10th IEEE International Conference on Information Technology and Applications in Biomedicine.

[55]  Flora Malamateniou,et al.  E-EPR: a cloud-based architecture of an electronic emergency patient record , 2011, PETRA '11.

[56]  Feipei Lai,et al.  A secure electronic medical record sharing mechanism in the cloud computing platform , 2011, 2011 IEEE 15th International Symposium on Consumer Electronics (ISCE).

[57]  W. Lou,et al.  Authorized Private Keyword Search over Encrypted Personal Health Records in Cloud Computing , 2010 .

[58]  Samir Chatterjee,et al.  A Design Science Research Methodology for Information Systems Research , 2008 .

[59]  Hugo Krawczyk,et al.  Secret Sharing Made Short , 1994, CRYPTO.

[60]  Jochen Göpfert,et al.  Geschäftsprozessmodellierung mit BPMN 2.0: Business Process Model and Notation , 2013 .

[61]  Milan Petkovic,et al.  Secure management of personal health records by applying attribute-based encryption , 2009, Proceedings of the 6th International Workshop on Wearable, Micro, and Nano Technologies for Personalized Health.

[62]  Benjamin Fabian,et al.  Secret Sharing for Health Data in Multi-provider Clouds , 2013, 2013 IEEE 15th Conference on Business Informatics.

[63]  Reihaneh Safavi-Naini,et al.  Privacy preserving EHR system using attribute-based infrastructure , 2010, CCSW '10.

[64]  Milan Petkovic,et al.  Trustworthy middleware services in the cloud , 2011, CloudDB '11.

[65]  Ramaswamy Chandramouli,et al.  Role-Based Access Control (2nd ed.) , 2007 .

[66]  Matthew Metheny,et al.  Security and Privacy in Public Cloud Computing , 2013, CloudCom 2013.

[67]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[68]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[69]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[70]  Dursun Delen,et al.  Data, information and analytics as services , 2013, Decis. Support Syst..

[71]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .