Privacy protection and security in eHealth cloud platform for medical image sharing

Sharing medical images in public cloud can greatly help physician in their daily practice by allowing them to reach a diagnostic more quickly. However, such images are sensitive and need to be protected. In the current literature, the security aspects of this issue are well studied but the privacy aspects and especially the linkability problem is under estimated. In this paper, we propose two mechanisms to solve this issue. First, a caching third party that prevent the cloud provider (CP) to link the records from their time of acquisition is proposed. Then the use of Oblivious Transfer (OT) is put forward to prevent the CP from knowing which images are accessed by a given consumer practitioner. The global architecture for medical images sharing is then described and discussed.

[1]  Moni Naor,et al.  Computationally Secure Oblivious Transfer , 2004, Journal of Cryptology.

[2]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[3]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[4]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[5]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[6]  Noboru Sonehara,et al.  Aspects of privacy for electronic health records , 2011, Int. J. Medical Informatics.

[7]  Yuguang Fang,et al.  CAM: Cloud-Assisted Privacy Preserving Mobile Health Monitoring , 2013, IEEE Transactions on Information Forensics and Security.

[8]  Jyh-Charn Liu,et al.  SAPPHIRE: Anonymity for enhanced control and private collaboration in healthcare clouds , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[9]  Emiliano De Cristofaro,et al.  Efficient Techniques for Privacy-Preserving Sharing of Sensitive Information , 2011, TRUST.

[10]  Helmut Krcmar,et al.  Evaluation Framework for Personal Health Records: Microsoft HealthVault Vs. Google Health , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[11]  Wei Pan,et al.  Secure Public Cloud Platform for Medical Images Sharing , 2015, MIE.

[12]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[13]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[14]  Samee Ullah Khan,et al.  > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 , 2008 .

[15]  Ling Liu,et al.  Security Models and Requirements for Healthcare Application Clouds , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[16]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.