Premium
Privacy‐ensuring electronic health records in the cloud
Author(s) -
Souza S. M. P. C.,
Gonçalves R. F.,
Leonova E.,
Puttini R. S.,
Nascimento A. C. A.
Publication year - 2017
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.4045
Subject(s) - cloud computing , computer science , computer security , key escrow , encryption , cryptography , masking (illustration) , authentication (law) , access control , confidentiality , password , internet privacy , public key cryptography , art , visual arts , operating system
Summary Despite the evident benefits of the access to virtually unlimited computational resources in cloud environments, enterprises and researchers still face upending challenges when deploying applications that deal with sensitive information to the cloud. That is specially true for medical or tax records, for which there are strong legal restrictions to data escrow. In these cases one must be certain that a third party, such as the cloud provider, will never have access to the data. This work presents a solid access control framework that uses hybrid cryptography at client‐side and a two‐factor authentication technique to guarantee a secure key management protocol. We also demonstrate the use of homomorphic and order‐preserving encryption as a viable solution for the computation of regular searches over electronic health records in the cloud, while preserving the confidentiality of clinical data and the privacy of patients, even in the face of a semi‐honest, or “honest, but curious,” cloud provider. We introduce a trusted element, a browser extension, to prevent attacks from malicious cloud providers. The result is evaluated through a full‐featured prototype that manages health records modeled with a few OpenEHR archetypes. The prototype can be easily extended to handle any data structure modeled with OpenEHR.