International Journal of Computer Network and Information Security(IJCNIS)
ISSN: 2074-9090 (Print), ISSN: 2074-9104 (Online)
Published By: MECS Press
IJCNIS Vol.10, No.1, Jan. 2018
Achieving Confidentiality in Electronic Health Records using Cloud Systems
Full Text (PDF, 514KB), PP.18-25
Currently, existing methods for enforcing access to records in an Electronic Health Record system relies on a single Trusted Server which stores health records and mediates access. Such Trusted Severs employ either a Ciphertext-Policy Attribute-Based Encryption (CP-ABE) or Key-Policy Attribute-Based Encryption (KP-ABE) method for storing and controlling access. However, Trusted Server storage of health records is susceptible to single-point-of-threat attack and a successful attack invariably leads to compromising the integrity of records on the server. In this research work. This paper presents a methodology that defines and creates simple Access Structures and eliminates need for private keys during encryption and/or decryption of health records which is the Enhanced Ciphertext-Policy Attribute-Based Encryption (ECP-ABE). The ECP-ABE yields high cryptographic performance creates simple Access Structures, eliminates need for private keys and presents an implementation architecture that makes cloud-based EHR system secure and confidential. The ECP-ABE also performs cryptographic functions using less CPU time, minimal computer memory and produces high encryption and decryption throughput especially with increasing file sizes.
Cite This Paper
Robert French-Baidoo, Dominic Asamoah, Stephen Opoku Oppong,"Achieving Confidentiality in Electronic Health Records using Cloud Systems", International Journal of Computer Network and Information Security(IJCNIS), Vol.10, No.1, pp.18-25, 2018.DOI: 10.5815/ijcnis.2018.01.03
Jafari, M., Safavi-Naini. R. & Sheppard, N. P., A Rights Management Approach to Protection of Privacy in a Cloud of Electronic Health Records. Chicago, Association for computing Machinery, pp. 23-30, 2011.
Brino, A., Cloud still sparks fear of breaches. [Online] Available at: http://www.healthcareitnews.com/news/cloud-still-sparks-fear-breaches, 2014.
Rodzinka, M.. United States Legislation and HIPAA. In: Cross-Enterprise Access Control: Security for Electrionic Health Records: Technical, Practical and Legislation Impact. Rochester, New York: s.n., pp. 7-11, 2012.
Rouse, M. & Pawliw, B., cryptography. [Online] Available at: http://searchsoftwarequality.techtarget.com/definition/cryptography, 2014.
Szolovit, P. et al., Guardian Angel:Patient Cenetered Health Information Systems. Massachusetts Institute of Technology Laboratory for Computer Science, 1994.
Narayan, S., Gagné, M. & Safavi-Naini, R., Privacy Preserving EHR System Using Attribute-based Infrastructure. Canada: University of Calgary, Alberta, Canada, 2010.
Chien-Ding, L., A Cryptographic Key Management Solution For HIPAA Privacy/Security Regulations, 1994.
Sahai, A. & Waters, B., Fuzzy Identity Based Encryption. pp. 469-472, 2005.
Goyal, V., Pandey, O., Sahai, A. & Waters, B., Attribute Based Encryption for Fine-Grained Access Control of Encryption Data. Virginia, 2006.
Ibraimi, L. et al., Ciphertext-Policy Attribute-Based Threshold Decryption with Flexible Delegation and Revocation of User Attributes (extended version)., Enschede: UT Publications, 2009.
Scholl, M., Stine, K., Lin, K. & Steinberg, D., Draft Security Architecture Design Process For Health Information Exchanges. Gaithersburg, MD: National Institute of Standards and Technology, 2009.
Microsoft Corporation, A Brief Introduction to Role-Based Access Control – Part 1. [Online] Available at: http://blogs.technet.com/b/nexthop/archive/2010/06/06/refrbac1.aspx, 2010.
Li, M., Yu, S., Ren, K. & Lou, W. Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings. Security and Privacy in Communication networks, Volume 50, 2010.
Janssen, C., Attribute-Based Access Control (ABAC). [Online] Available at: http://www.techopedia.com/definition/29706/attribute-based-access-control-abac, 2015.
Bethencourt, J., Sahai, A. & Waters, B. Ciphertext-Policy Attribute-Based Encryption. Los Angeles: IEEE Computer Society, 2007.