Securing Private Keys in Electronic Health Records Using Session-Based Hierarchical Key Encryption

ABSTRACT Patients want the assurance that the confidentiality of their records accessed through Electronic Health Records (EHR) are safe. With increasing implementation of EHR for health care, privacy concern remains a barrier that limits patients' favorable judgment of this technology. Sensitive records can be compromised and this represents problems in EHRs, which are considered to be more efficient, less error prone, and of higher availability compared to traditional paper health records. In this article, a session-based hierarchical key encryption system was developed that allows patient to have full control over certain nodes of their health records. Health records were organized in a hierarchical structure with records further broken down into subcategories. Cryptography was used to encrypt the health records in their different subcategories. Patients' generate a root keys using Blum Blum Shub Algorithm for pseudorandom number generator from which the session-based subkeys were derived, and only authorize users can access these records within a designated period marked as session. The system development demonstrates one way patients' privacy and security can improve using session-based hierarchical key encryption system for EHR.

[1]  Zahir Tari,et al.  Hybrid Cryptographic Access Control for Cloud-Based EHR Systems , 2016, IEEE Cloud Computing.

[2]  Matthew N. Dailey,et al.  Robust iris verification for key management , 2010, Pattern Recognit. Lett..

[3]  Chien-Ding Lee,et al.  A Novel Key Management Solution for Reinforcing Compliance With HIPAA Privacy/Security Regulations , 2011, IEEE Transactions on Information Technology in Biomedicine.

[4]  Anna Zych,et al.  Efficient key management for cryptographically enforced access control , 2008, Comput. Stand. Interfaces.

[5]  Luciano Lavagno,et al.  An Authentication and Key Establishment Scheme for the IP-Based Wireless Sensor Networks , 2012, ANT/MobiWIS.

[6]  P AgrawalDharma,et al.  Distributed key management for dynamic groups in MANETs , 2008 .

[7]  Mohan S. Kankanhalli,et al.  Efficient and robust key management for large mobile ad hoc networks , 2005, Comput. Networks.

[8]  Christoph Meinel,et al.  Ensuring patients' privacy in a cryptographic-based-electronic health records using bio-cryptography , 2017, Int. J. Electron. Heal..

[9]  Feipei Lai,et al.  Secure and efficient group key management with shared key derivation , 2009, Comput. Stand. Interfaces.

[10]  Sanjit Chatterjee,et al.  Another Look at Tightness , 2011, IACR Cryptol. ePrint Arch..

[11]  Xiaojiang Du,et al.  A survey of key management schemes in wireless sensor networks , 2007, Comput. Commun..

[12]  Chunguang Ma,et al.  On the (in)security of some smart-card-based password authentication schemes for WSN , 2012, IACR Cryptol. ePrint Arch..

[13]  Ahmad-Reza Sadeghi,et al.  Flexible patient-controlled security for electronic health records , 2012, IHI '12.

[14]  Andrew Beng Jin Teoh,et al.  Personalised cryptographic key generation based on FaceHashing , 2004, Comput. Secur..

[15]  Chung-Ming Wang,et al.  An efficient key-management scheme for hierarchical access control based on elliptic curve cryptosystem , 2006, J. Syst. Softw..

[16]  Technologie NIST Special Publication 800-53 , 2010 .

[17]  Dharma P. Agrawal,et al.  Distributed key management for dynamic groups in MANETs , 2008, Pervasive Mob. Comput..

[18]  Toshihiko Kato,et al.  A hierarchical group key management scheme for secure multicast increasing efficiency of key distribution in leave operation , 2007, Comput. Networks.

[19]  Tolga Acar,et al.  Key Management In Distributed Systems , 2010 .

[20]  Ankur,et al.  An Introduction to Pseudorandom Number Generator , 2013 .

[21]  Eric Horvitz,et al.  Patient controlled encryption: ensuring privacy of electronic medical records , 2009, CCSW '09.

[22]  Berry Schoenmakers,et al.  Concrete Security of the Blum-Blum-Shub Pseudorandom Generator , 2005, IMACC.

[23]  Dahl A. Gerberick Cryptographic key management , 1990, SGSC.

[24]  Zhoujun Li,et al.  Efficient and dynamic key management for multiple identities in identity-based systems , 2013, Inf. Sci..

[25]  Thomas Peltier Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management , 2001 .

[26]  Yuguang Fang,et al.  HCPP: Cryptography Based Secure EHR System for Patient Privacy and Emergency Healthcare , 2011, 2011 31st International Conference on Distributed Computing Systems.

[27]  Nigel P. Smart Certificates, Key Transport and Key Agreement , 2016 .

[28]  Adebayo Omotosho,et al.  Private Key Management Scheme Using Image Features , 2015 .