Model-Driven Application-Level Encryption for the Privacy of E-health Data

We propose a novel model-driven application-level encryption solution to protect the privacy and confidentiality of health data in response to the growing public concern about the privacy of health data. Domain experts specify sensitive data which are to be protected by encryption in the application’s domain model. Security experts specify the cryptographic parameters used for the encryption in a security configuration. Both specifications are highly flexible to support different granularities of data to be encrypted and appropriate security levels. Based on the domain model, our code generator for Model-Driven Software Development generates code and configuration artifacts to control the encryption and decryption logic in the application and perform database schema modifications. Our encryption infrastructure outside the database (hence, application-level encryption) utilizes the security configuration to perform encryption and decryption.The generator relieves application developers from a significant amount of migration work required by application-level encryption. Hence, our approach combines the flexibility, security and independence from database vendors of application-level encryption and the transparency of database-level encryption. Our model-driven application-level encryption has been integrated into our eHealth Framework, a comprehensive platform for the development of electronic health care solutions. Our approach can be applied to other domains as well.

[1]  Kevin Kenan Cryptography in the Database: The Last Line of Defense , 2005 .

[2]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[3]  Thomas Neubauer,et al.  A secure architecture for the pseudonymization of medical data , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[4]  A. Meyer The Health Insurance Portability and Accountability Act. , 1997, Tennessee medicine : journal of the Tennessee Medical Association.

[5]  K. Pommerening,et al.  Secondary use of the EHR via pseudonymisation. , 2004, Studies in health technology and informatics.

[6]  Lianzhong Liu,et al.  A new lightweight database encryption scheme transparent to applications , 2008, 2008 6th IEEE International Conference on Industrial Informatics.

[7]  Stefan Fenz,et al.  Pseudonymization for improving the Privacy in E-Health Applications , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[8]  Andreas Ekelhart,et al.  An evaluation of technologies for the pseudonymization of medical data , 2009, SAC '09.

[9]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[10]  Thomas Liebscher,et al.  ICW eHealth Framework. , 2008, Studies in health technology and informatics.

[11]  Ulf T. Mattsson A practical implementation of transparent encryption and separation of duties in enterprise databases: protection against external and internal attacks on databases , 2005, Seventh IEEE International Conference on E-Commerce Technology (CEC'05).