Abstract
Secure and privacy-preserving management of Personal Health Records (PHRs) has proved to be a major challenge in modern healthcare. Current solutions generally do not offer patients a choice in where the data is actually stored, and also rely on at least one fully trusted element that patients must also trust with their data. In this work, we present the Health Access Broker (HAB), a patient-controlled service for secure PHR sharing that (a) does not impose a specific storage location (uniquely for a PHR system), and (b) does not assume any of its components to be fully secure against adversarial threats. Instead, HAB introduces a novel auditing and intrusion-detection mechanism where its workflow is securely logged and continuously inspected to provide auditability of data access and quickly detect any intrusions .
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334. IEEE (2007)
Conti, M., Dragoni, N., Lesyk, V.: A survey of man in the middle attacks. IEEE Commun. Surv. Tutorials 18(3), 2027–2051 (2016)
Desmedt, Y., Shaghaghi, A.: Function-Based Access Control (FBAC): Towards Preventing Insider Threats in Organizations, pp. 143–165. Springer International Publishing, Cham (2018)
Dolin, R.H., et al.: Hl7 clinical document architecture, release 2. J. Am. Med. Inform. Assoc. 13(1), 30–39 (2006)
Doshi, N., Oza, M., Gorasia, N.: An enhanced scheme for PHR on cloud servers using CP-ABE. In: Information and Communication Technology for Competitive Strategies, pp. 439–446. Springer (2019)
Eom, J., Lee, D.H., Lee, K.: Patient-controlled attribute-based encryption for secure electronic health records system. J. Med. Syst. 40(12), 253 (2016)
Greene, E., Proctor, P., Kotz, D.: Secure sharing of mhealth data streams through cryptographically-enforced access control. Smart Health 12, 49–65 (2018)
Ibraimi, L., Petkovic, M., Nikova, S., Hartel, P., Jonker, W.: Mediated ciphertext-policy attribute-based encryption and its application. In: International Workshop on Information Security Applications, pp. 309–323. Springer (2009)
JahanJahan, M., et al.: Light weight write mechanism for cloud data. IEEE Trans. Parallel Distrib. Syst. 29(5), 1131–1146 (2017)
Jahan, M., Roy, P.S., Sakurai, K., Seneviratne, A., Jha, S.: Secure and light weight fine-grained access mechanism for outsourced data. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 201–209. IEEE (2017)
Jazi, H.H., Gonzalez, H., Stakhanova, N., Ghorbani, A.A.: Detecting http-based application layer dos attacks on web servers in the presence of sampling. Comput. Netw. 121, 25–36 (2017)
Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2012)
Liu, J., Huang, X., Liu, J.K.: Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Future Gener. Comput. Syst. 52, 67–76 (2015)
Liu, Q., Wang, G., Wu, J.: Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. Inf. Sci. 258, 355–370 (2014)
Liu, V., Musen, M.A., Chou, T.: Data breaches of protected health information in the united states. JAMA 313(14), 1471–1473 (2015)
Matos, D.R., Pardal, M.L., Adão, P., Silva, A.R., Correia, M.: Securing electronic health records in the cloud. In: Proceedings of the 1st Workshop on Privacy by Design in Distributed Systems, p. 1. ACM (2018)
Mubarakali, A., Ashwin, M., Mavaluru, D., Kumar, A.D.: Design an attribute based health record protection algorithm for healthcare services in cloud environment. Multimedia Tools Appl. 79(5), 3943–3956 (2020)
Nair, S.K., et al.: Towards secure cloud bursting, brokerage and aggregation. In: 2010 Eighth IEEE European Conference on Web Services, pp. 189–196. IEEE (2010)
Narayan, S., Gagné, M., Safavi-Naini, R.: Privacy preserving EHR system using attribute-based infrastructure. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, pp. 47–52. ACM (2010)
Qian, H., Li, J., Zhang, Y., Han, J.: Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation. Int. J. Inf. Secur. 14(6), 487–497 (2015)
Wu, R., Ahn, G.-J., Hu, H.: Secure sharing of electronic health records in clouds. In: 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pp. 711–718. IEEE (2012)
Xhafa, F., Li, J., Zhao, G., Li, J., Chen, X., Wong, D.S.: Designing cloud-based electronic health record system with attribute-based encryption. Multimedia Tools Appl. 74(10), 3441–3458 (2015)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE INFOCOM, pp. 1–9. IEEE (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Abaid, Z., Shaghaghi, A., Gunawardena, R., Seneviratne, S., Seneviratne, A., Jha, S. (2021). Health Access Broker: Secure, Patient-Controlled Management of Personal Health Records in the Cloud. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-57805-3_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57804-6
Online ISBN: 978-3-030-57805-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)