Paper Info
Title
Privacy-ensuring electronic health records in the cloud.
Abstract
Despite the evident benefits of the access to virtually unlimited computational resources in cloud environments, enterprises and researchers still face upending challenges when deploying applications that deal with sensitive information to the cloud. That is specially true for medical or tax records, for which there are strong legal restrictions to data escrow. In these cases one must be certain that a third party, such as the cloud provider, will never have access to the data. This work presents a solid access control framework that uses hybrid cryptography at client-side and a two-factor authentication technique to guarantee a secure key management protocol. We also demonstrate the use of homomorphic and order-preserving encryption as a viable solution for the computation of regular searches over electronic health records in the cloud, while preserving the confidentiality of clinical data and the privacy of patients, even in the face of a semi-honest, or "honest, but curious," cloud provider. We introduce a trusted element, a browser extension, to prevent attacks from malicious cloud providers. The result is evaluated through a full-featured prototype that manages health records modeled with a few OpenEHR archetypes. The prototype can be easily extended to handle any data structure modeled with OpenEHR.
Year
DOI
Venue
2017
10.1002/cpe.4045
CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE
Keywords
Field
DocType
cloud computing,homomorphic encryption,OpenEHR,two-factor authentication
openEHR,Authentication,Computer security,Computer science,Cryptography,Encryption,Access control,Information sensitivity,Multi-factor authentication,Distributed computing,Cloud computing
Journal
Volume
Issue
ISSN
29
SP11
1532-0626
Citations 
PageRank 
References 
2
0.43
5
Authors
5
Name
Order
Citations
PageRank
S. M. P. C. Souza120.43
R. F. Gonçalves220.43
E. Leonova320.43
Ricardo Staciarini Puttini411416.74
Anderson C. A. Nascimento526629.84