Fine-grained Database Field Search Using Attribute-Based Encryption for E-Healthcare Clouds

Enabling Health Data Sharing with Fine-Grained Privacy

Sharing health data is vital in advancing medical research and transforming knowledge into clinical practice. Meanwhile, protecting the privacy of data contributors is of paramount importance. To that end, several privacy approaches have been proposed to protect individual data contributors in data sharing, including data anonymization and data synthesis techniques. These approaches have shown promising results in providing privacy protection at the dataset level. In this work, we study the privacy challenges in enabling fine-grained privacy in health data sharing. Our work is motivated by recent research findings, in which patients and healthcare providers may have different privacy preferences and policies that need to be addressed. Specifically, we propose a novel and effective privacy solution that enables data curators (e.g., healthcare providers) to protect sensitive data elements while preserving data usefulness. Our solution builds on randomized techniques to provide rigorous privacy protection for sensitive elements and leverages graphical models to mitigate privacy leakage due to dependent elements. To enhance the usefulness of the shared data, our randomized mechanism incorporates domain knowledge to preserve semantic similarity and adopts a block-structured design to minimize utility loss. Evaluations with real-world health data demonstrate the effectiveness of our approach and the usefulness of the shared data for health applications.

Distributed Memetic Algorithm for Outsourced Database Fragmentation

Data privacy and utility are two essential requirements in outsourced data storage. Traditional techniques for sensitive data protection, such as data encryption, affect the efficiency of data query and evaluation. By splitting attributes of sensitive associations, database fragmentation techniques can help protect data privacy and improve data utility. In this article, a distributed memetic algorithm (DMA) is proposed for enhancing database privacy and utility. A balanced best random distributed framework is designed to achieve high optimization efficiency. In order to enhance global search, a dynamic grouping recombination operator is proposed to aggregate and utilize evolutionary elements; two mutation operators, namely, merge and split, are designed to help arrange and create evolutionary elements; a two-dimension selection approach is designed based on the priority of privacy and utility. Furthermore, a splicing-driven local search strategy is embedded to introduce rare utility elements without violating constraints. Extensive experiments are carried out to verify the performance of the proposed DMA. Furthermore, the effectiveness of the proposed distributed framework and novel operators is verified.

Granular Data Access Control with a Patient-Centric Policy Update for Healthcare

Healthcare is a multi-actor environment that requires independent actors to have a different view of the same data, hence leading to different access rights. Ciphertext Policy-Attribute-based Encryption (CP-ABE) provides a one-to-many access control mechanism by defining an attribute’s policy over ciphertext. Although, all users satisfying the policy are given access to the same data, this limits its usage in the provision of hierarchical access control and in situations where different users/actors need to have granular access of the data. Moreover, most of the existing CP-ABE schemes either provide static access control or in certain cases the policy update is computationally intensive involving all non-revoked users to actively participate. Aiming to tackle both the challenges, this paper proposes a patient-centric multi message CP-ABE scheme with efficient policy update. Firstly, a general overview of the system architecture implementing the proposed access control mechanism is presented. Thereafter, for enforcing access control a concrete cryptographic construction is proposed and implemented/tested over the physiological data gathered from a healthcare sensor: shimmer sensor. The experiment results reveal that the proposed construction has constant computational cost in both encryption and decryption operations and generates constant size ciphertext for both the original policy and its update parameters. Moreover, the scheme is proven to be selectively secure in the random oracle model under the q-Bilinear Diffie Hellman Exponent (q-BDHE) assumption. Performance analysis of the scheme depicts promising results for practical real-world healthcare applications.

Blockchain-based health care monitoring for privacy preservation of COVID-19 medical records

The explosion and unpredictable global spread of COVID-19 has revealed the shortcomings of conventional health care systems in dealing with public health emergencies in a timely manner. The health care system enabled by the Internet of Things (IoT) is competent for tracking COVID-19 patients efficiently through an integrated network. The popular technologies in digital health care monitoring pose serious risks in terms of privacy and security issues such as data transfer and data transaction logging. Such medical data confidentiality and privacy issues could result in a delay in the advancement of treatment, thus endangering the patient's life. This chapter aims to assist infected people online by smart devices using IoT and Blockchain technologies. IoT-based health care smart devices gather valuable information and provide additional perceptions into symptoms and behaviors. Blockchain facilitates the secure exchange of information concerning patient health and it controls the medical delivery network. Blockchains are computationally expensive and require a high bandwidth with extra computing power, and therefore they are not completely suitable for most resource-constrained IoT devices intended for smart cities. Here, a customized blockchain model framework is proposed that is appropriate for the dispersed IoT devices, which are added with enhanced network confidentiality characteristics. Here, proxy reencryption and advanced cryptographic primitives are used to satisfy the additional privacy and security properties. This study provides a structure for COVID-19 infectious disease patients, and discusses electronic medical record issues and diagnostics. The work also highlights the data and transactions over a blockchain-based network that is more secure and anonymous. A widespread security analysis demonstrates that the model being introduced is certifiably successful for ensuring the privacy and resistance to intrusion. Finally, the performance assessment signifies that the projected model realizes superior overall efficiency as compared to other techniques.

An Adaptive Biomedical Data Managing Scheme Based on the Blockchain Technique

A crucial role is played by personal biomedical data when it comes to maintaining proficient access to health records by patients as well as health professionals. However, it is difficult to get a unified view pertaining to health data that have been scattered across various health centers/hospital sections. To be specific, health records are distributed across many places and cannot be integrated easily. In recent years, blockchain has arisen as a promising solution that helps to achieve the sharing of individual biomedical information in a secure way, whilst also having the benefit of privacy preservation because of its immutability. This research puts forward a blockchain-based managing scheme that helps to establish interpretation improvements pertaining to electronic biomedical systems. In this scheme, two blockchains were employed to construct the base, whereby the second blockchain algorithm was used to generate a secure sequence for the hash key that was generated in first blockchain algorithm. This adaptive feature enables the algorithm to use multiple data types and also combines various biomedical images and text records. All data, including keywords, digital records, and the identity of patients, are private key encrypted with a keyword searching function so as to maintain data privacy, access control, and a protected search function. The obtained results, which show a low latency (less than 750 ms) at 400 requests/second, indicate the possibility of its use within several health care units such as hospitals and clinics.

Searchable and revocable multi-data owner attribute-based encryption scheme with hidden policy in cloud storage

With the development of outsourcing data services, data security has become an urgent problem that needs to be solved. Attribute-based encryption is a valid solution to data security in cloud storage. There is no existing scheme that can guarantee the privacy of access structures and achieve attribute-based encryption with keyword search and attribute revocation. In this article, we propose a new searchable and revocable multi-data owner attribute-based encryption scheme with a hidden policy in cloud storage. In the new scheme, the same access policy is used in both the keyword index and message encryption. The advantage of keyword index with access policy is that as long as a user’s attributes satisfy the access policy, the searched ciphertext can be correctly decrypted. This property improves the accuracy of the search results. The hidden policy is used in both the ciphertext and the keyword index to protect users’ privacy. The new scheme contains attribute revocation, which is suitable for the actual situation that a user’s attributes maybe changed over time. In the general bilinear group model, the security of the scheme is demonstrated, and the efficiency of the scheme is analyzed.

Unified Fine-Grained Access Control for Personal Health Records in Cloud Computing

Attribute-based encryption has been a promising encryption technology to secure personal health records (PHRs) sharing in cloud computing. PHRs consist of the patient data often collected from various sources including hospitals and general practice centres. Different patients' access policies have a common access sub-policy. In this paper, we propose a novel attribute-based encryption scheme for fine-grained and flexible access control to PHRs data in cloud computing. The scheme generates shared information by the common access sub-policy, which is based on different patients' access policies. Then, the scheme combines the encryption of PHRs from different patients. Therefore, both time consumption of encryption and decryption can be reduced. Medical staff require varying levels of access to PHRs. The proposed scheme can also support multi-privilege access control so that medical staff can access the required level of information while maximizing patient privacy. Through implementation and simulation, we demonstrate that the proposed scheme is efficient in terms of time. Moreover, we prove the security of the proposed scheme based on security of the ciphertext-policy attribute-based encryption scheme.

Secure Sharing of mHealth Data Streams through Cryptographically-Enforced Access Control

Owners of mobile-health apps and devices often want to share their mHealth data with others, such as physicians, therapists, coaches, and caregivers. For privacy reasons, however, they typically want to share a limited subset of their information with each recipient according to their preferences. In this paper, we introduce ShareHealth, a scalable, usable, and practical system that allows mHealth-data owners to specify access-control policies and to cryptographically enforce those policies so that only parties with the proper corresponding permissions are able to decrypt data. The design and prototype implementation of this system make three contributions: (1) they apply cryptographically-enforced access-control measures to stream-based (specifically mHealth) data, (2) they recognize the temporal nature of mHealth data streams and support revocation of access to part or all of a data stream, and (3) they depart from the vendor- and device-specific silos of mHealth data by implementing a secure end-to-end system that can be applied to data collected from a variety of mHealth apps and devices.