论文信息 - Securing Medical SaaS solutions using a Novel End-to-End Encryption Protocol

Securing Medical SaaS solutions using a Novel End-to-End Encryption Protocol

E-Health solutions using the Internet provide many benefits for health centers; hosting such solutions in public Cloud Computing environments as Software-as-a-Service becomes increasingly popular. However, the deployment of e-health services in shared environments is restricted due to regulations prohibiting medical data access by illegitimate parties, such as cloud computing intermediaries. A pivotal requirement is therefore having security “end-to-end”, namely from a user agent to the server process; yet there is no viable approach for contemporary browser-based SaaS solutions. This paper outlines a blueprint for e-health solution architectures featuring an end-to-end security mechanism to prevent intermediary data access and therefore to ensure appropriate patient data privacy and security. This blueprint is instantiated based on a novel security protocol, the Trusted Cloud Transfer Protocol (TCTP) in the form of a prototype implementation. The evaluation of the prototype demonstrates its fulfilment of healthcare-specific security and privacy requirements, as well as low implementation efforts for similar architectures, and no measurable performance overhead in a practical benchmark.

[1] Samee Ullah Khan,et al. > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 , 2008 .

[2] Jian-Guo Bau,et al. Secure Dynamic Access Control Scheme of PHR in Cloud Computing , 2012, Journal of Medical Systems.

[3] William Stallings,et al. Cryptography and Network Security: Principles and Practice , 1998 .

[4] Samir Chatterjee,et al. A Design Science Research Methodology for Information Systems Research , 2008 .

[5] R.T.Subhalakshmi,et al. Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption , 2016 .

[6] Mathias Slawik,et al. The Trusted Cloud Transfer Protocol , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[7] J. Hintze,et al. Violin plots : A box plot-density trace synergism , 1998 .

[8] Alan R. Hevner,et al. Design Research in Information Systems: Theory and Practice , 2010 .

[9] Tang Ming . Wei Lian. Si Tuo Lin Si,et al. Cryptography and Network Security - Principles and Practice , 2015 .

[10] Roy Fielding,et al. Architectural Styles and the Design of Network-based Software Architectures"; Doctoral dissertation , 2000 .