Secure access delegation of encrypted medical information

Arnab Deb Gupta, Yuriy Polyakov, Kurt Rohloff

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The design of modern medical data information systems is driven by the need to collect and present data to authorized users. For collected medical data to be effective and improve patient treatment it must be transported from a device, aggregated, and analyzed to produce results that can be shared with care providers. Medical data may be analyzed and used years after collection at different locations because data sources and care providers often operate on different time scales and are geographically distributed. The need for distributed and long-term medical data storage thus requires an effective security model to delegate data access. Current data access delegation models do not provide end-to-end protection. An effective delegation model must keep data encrypted at all times and avoid the need to share decryption keys to avoid security vulnerabilities. We present a secure information architecture and prototype to implement such a model with end-to-end data encryption while restricting data access to designated recipients. Our architecture integrates recent Proxy Re-Encryption (PRE) advances into a client-server based security model that can be applied to open Internet communications. We discuss design tradeoffs and show experimental results. Our architecture lowers health care data management costs by enabling the secure outsourcing of data hosting to low-cost cloud computing environments. The architecture will also reduce the vulnerability of health care data systems to security challenges such as attacks compromising confidentiality and malicious insiders.

Original languageEnglish (US)
Title of host publication2016 10th International Symposium on Medical Information and Communication Technology, ISMICT 2016
PublisherIEEE Computer Society
ISBN (Electronic)9781509028498
DOIs
StatePublished - Jun 23 2016
Event10th International Symposium on Medical Information and Communication Technology, ISMICT 2016 - Worcester, United States
Duration: Mar 20 2016Mar 23 2016

Publication series

NameInternational Symposium on Medical Information and Communication Technology, ISMICT
Volume2016-June
ISSN (Print)2326-828X
ISSN (Electronic)2326-8301

Other

Other10th International Symposium on Medical Information and Communication Technology, ISMICT 2016
CountryUnited States
CityWorcester
Period3/20/163/23/16

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Health Informatics
  • Health Information Management

Fingerprint Dive into the research topics of 'Secure access delegation of encrypted medical information'. Together they form a unique fingerprint.

Cite this