Secure Multiparty Computation for Privacy Preserving Range Queries on Medical Records for Star Exchange Topology

Full Text (PDF, 906KB), PP.8-16

Views: 0 Downloads: 0

Author(s)

Ahmed M. Tawfik 1,* Sahar F. Sabbeh 2 Tarek A. EL-Shishtawy 3

1. Information Technology Dept. Faculty of Computers and Informatics, Benha University, Egypt

2. Information System Dept. Faculty of Computers and Information Technology, King Abdulaziz

3. Information System Dept. Faculty of Computers and Informatics, Benha University, Egypt

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2018.03.02

Received: 25 Oct. 2017 / Revised: 10 Nov. 2017 / Accepted: 17 Nov. 2017 / Published: 8 Mar. 2018

Index Terms

Privacy preservation, electronic medical records, secure multiparty computation, star exchange topology, range query, trusted third party

Abstract

Moving from a paper-based to electronic-based medical records has become recently a target for many medical institutions to increase efficiency and decrease costs. However, this makes patient's sensitive data – collected and stored in electronic medical records (EMRs) – more vulnerable and at the risk of privacy violations and breaches. For this sake, institutions try to protect the privacy of its patients' data. However, being a part of a bigger medical system may require that an institution be a part of a global query, such situation imposes new challenges for hospitals to preserve their data privacy while being able to participate in global analytical queries with other hospitals. Secure multi-party computation protocols (SMC) help in executing global analytical queries between a set of distrustful data owners who have no desire to share their confidential data, however they all need to cooperate to answer global queries about patients' medical history. The bulk of SMC protocols targets the ring topology execution environment in which query results at one node are passed to next node in the topology. In this paper, we propose a privacy preserving SMC technique to execute equality-test and range queries on EMRs. Our proposed technique uses bucketization to reduce computational cost. We replaced the conventional ring topology by start where each party can exchange messages directly over a private connection with the mediator. This too can improve management and improves the overall performance. Our experimental results show the effectiveness of our technique which provides better privacy without the need for trusted third party (TTP).

Cite This Paper

Ahmed M. Tawfik, Sahar F. Sabbeh, Tarek A. EL-Shishtawy, "Secure Multiparty Computation for Privacy Preserving Range Queries on Medical Records for Star Exchange Topology", International Journal of Computer Network and Information Security(IJCNIS), Vol.10, No.3, pp.8-16, 2018. DOI:10.5815/ijcnis.2018.03.02

Reference

[1]D. Wu, “Research on patient privacy protection for medical data in cloud computing,” Journal of Networks, vol. 8, no. 11, pp. 2678-2684, 2013.
[2]T. Y. e. a. Zhou S G, Li F, “Privacy preservation in database applications: a survey,” Chinese Journal of Computers, pp. 847-861, 2009.
[3]R. Sheikh and D. K. Mishra, “Secure Sum Computation for Insecure Networks,” Proceeding ICTCS '16 Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies Article No. 102 , ACM ICTCS '16 Proceedings of the Second International Conference on Information and Communicat, 2016.
[4]R. Agrawal, A. Evfimievski, and R. Srikant, “Information sharing across private databases,” Proceedings of the 2003 ACM SIGMOD international conference on Management of data, p. 86, 2003.
[5]A. C.-c. Yao, “How to Generate and Exchange Secrets,” Proc. 27th Annu. Symp. Found. Comput. Sci. IEEE Comput. Soc., no. 1, pp. 162-167, 1986.
[6]Y. Lindell, “A Proof of Security of Yao's Protocol for Two-Party Computation,” J. Cryptol, vol. 22, pp. 161-188, 2009.
[7]A. Iliev and S. W. Smith, “Small, Stupid, and Scalable: Secure Computing with Faerieplay,” The ACM Workshop on Scalable Trusted Computing, pp. 41-51, 2010.
[8]D. Evans and J. Katz, “Faster Secure Two-Party Computation Using Garbled Circuits,” 20th USENIX Security Symposium, no. August, pp. 8-12, 2011.
[9]M. Bellare, V. T. Hoang, and P. Rogaway, “Foundations of Garbled Circuits,” Proceedings of the 2012 ACM conference on Computer and communications security -CCS '12, p. 784, 2012.
[10]D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella, “Fairplay- Secure Two-Party Computation System,” USENIX Security Symposium, pp. 287-302, 2004.
[11]Y. Huang, J. Katz, and D. Evans, “Efficient secure two-party computation using symmetric cut-and-choose,” Crypto, vol. 8043 LNCS, no. PART 2, pp. 18-35, 2013.
[12]O. Goldreich, S. Micali, and A. Wigderson, “How to Play any Mental Game,” Symposium on Theory of Computing, pp. 218-229, 1987.
[13]D. Beaver, “Efficient Multiparty Protocols Using Circuit Randomization,” Crypto, vol. 576, no. 814, pp. 420-432, 1991.
[14]P. Pullonen, D. Bogdanov, and T. Schneider, “Institute of Information Security The design and implementation of a two-party protocol suite for Sharemind 3,” CYBERNET-ICA Institute of Information Security Institute of Information Security, 2013.
[15]J. Bringer, H. Chabanne, M. Favre, A. Patey, T. Schneider, and M. Zohner, “GSHADE: faster privacy-preserving distance computation and biometric identification,” Proceedings of the 2nd ACM workshop on Information hiding and multimedia security, pp. 187-198, 2014.
[16]Q. A. Mahmoud, “Polynomial Differential-based information- theoretically secure Verifiable Secret Sharing Scheme,” IJITCS, vol. 6, no. November, pp. 18-23, 2014.
[17]M. Naor and B. Pinkas, “Oblivious Polynomial Evaluation,” SIAM Journal on Computing, vol. 35, no. 5, pp. 1254-1281, 2006.
[18]M. Ozarar and A. Ozgit, “Secure Multiparty Overall Mean Computation via Oblivious Polynomial Evaluation,” proceeding of the first international conference on security and networks, 2008.
[19]Y. C. Chang and C. J. Lu, “Oblivious polynomial evaluation and oblivious neural learning,” Theoretical Computer Science, vol. 341, no. 1-3, pp. 39-54, 2005.
[20]L. Luyao, D. Zongtao, and W. Qinglong, “Unconditionally secure Oblivious Polynomial Evaluation protocol,” International Conference on Advanced Information and Communication Technology for Education, no. Icaicte, pp. 579-583, 2013.
[21]R. L. Rivest and M. L. Dertouzos, “ON DATA BANKS AND PRIVACY HOMOMORPHISMS,” Proc. IEEE Annu. Symp. Found. Comput. Sci., 1978.
[22]M. Osadchy, B. Pinkas, A. Jarrous, and B. Moskovich, “SCiFI-a system for secure face identification,” 2010 IEEE Symposium on Security a Privacy, no. 2, pp. 239-254, 2010.
[23]H. Carter, C. Amrutkar, I. Dacosta, and P. Traynor, “For your phone only: Custom protocols for efficient secure function evaluation on mobile devices,” Security and Communication Networks, vol. 7, no. 7, pp. 1165-1176, 2014.
[24]J. Brickell and V. Shmatikov, “Privacy-preserving graph algorithms in the semi-honest model,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3788 LNCS, pp. 236-252, 2005.
[25]C. Hazay and Y. Lindell, “Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries,” Journal of Cryptology, vol. 23, no. 3, pp. 422-456, 2010.
[26]A. Miyaji and M. S. Rahman, “Privacy-Preserving Data Mining in Presence of Covert Adversaries,” Adma 2010, vol. 1, no. LNCS 6440, pp. 429-440, 2010.
[27]Y. Zhang, X. S. Zhou, Y. W. Law, and M. Palaniswami, “Efficient Homomorphic Hashing Approach for Secure Reprogramming in Wireless Sensor Networks,” IJWMT, vol. 2, no. 1, pp. 1-9, 2012.
[28]J. Vaidya and C. Clifton, “Secure Set Intersection Cardinality with Application to Association Rule Mining,” Journal of Computer Security, pp. 1-28, 2004.
[29]K. Huang and R. Tso, “A commutative encryption scheme based on ElGamal encryption,” Proceedings - 3rd International Conference on Information Security and Intelligent Control, ISIC 2012, pp. 156-159, 2012.
[30]S. H. Khayat, “Using Commutative Encryption to Share a Secret Key Idea Proposed Scheme Description,” Electrical Engineering, pp. 1-6, 2008.
[31]M. Sepehri, S. Cimato, and E. Damiani, “Privacy- Preserving Query Processing by Multi-Party Computation,” Security in Computer Systems and Networks, The Computer Journal, vol. 58, no. 10, pp. 2195-2212, 2015.
[32]M. J. Freedman, K. Nissim, and B. Pinkas, “Efficient Private Matching and Set Intersection,” Euro crypto 2004, no. i, pp. 1-19, 2004.
[33]Y. Sang, H. Shen, Y. Tan, and N. Xiong, “Efficient Protocols for privacy preserving matching against distributed datasets,” Information and Communications Security, Proceedings, vol. 4307, pp. 210-227, 2006.
[34]L. Kissner and D. X. Song, “Privacy-Preserving Set Operations,” Crypto 2005, vol. 3621, no. February 2005, pp. 241-257, 2005.
[35]M. Sepehri, Privacy-Preserving Query Processing by Multi-Party Computation and Encrypted Data Outsourcing. PhD thesis, 2012.
[36]R. Li and C. K.Wu, “Co-operative private equality test,” International Journal of Network Security, vol. 1, no. 3, pp. 149-153, 2005.