Skip to main content
SpringerLink
Log in
Book cover

Computational Intelligence in Security for Information Systems Conference

CISIS 2019: 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020) pp 111–121Cite as

Health Access Broker: Secure, Patient-Controlled Management of Personal Health Records in the Cloud

  • Conference paper
  • First Online:

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1267))

Abstract

Secure and privacy-preserving management of Personal Health Records (PHRs) has proved to be a major challenge in modern healthcare. Current solutions generally do not offer patients a choice in where the data is actually stored, and also rely on at least one fully trusted element that patients must also trust with their data. In this work, we present the Health Access Broker (HAB), a patient-controlled service for secure PHR sharing that (a) does not impose a specific storage location (uniquely for a PHR system), and (b) does not assume any of its components to be fully secure against adversarial threats. Instead, HAB introduces a novel auditing and intrusion-detection mechanism where its workflow is securely logged and continuously inspected to provide auditability of data access and quickly detect any intrusions .

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    http://indivohealth.org.

  2. 2.

    https://www.myhealthrecord.gov.au.

  3. 3.

    https://www.djangoproject.com/.

  4. 4.

    www.pythonanywhere.com.

References

  1. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334. IEEE (2007)

    Google Scholar 

  2. Conti, M., Dragoni, N., Lesyk, V.: A survey of man in the middle attacks. IEEE Commun. Surv. Tutorials 18(3), 2027–2051 (2016)

    Article  Google Scholar 

  3. Desmedt, Y., Shaghaghi, A.: Function-Based Access Control (FBAC): Towards Preventing Insider Threats in Organizations, pp. 143–165. Springer International Publishing, Cham (2018)

    Google Scholar 

  4. Dolin, R.H., et al.: Hl7 clinical document architecture, release 2. J. Am. Med. Inform. Assoc. 13(1), 30–39 (2006)

    Article  Google Scholar 

  5. Doshi, N., Oza, M., Gorasia, N.: An enhanced scheme for PHR on cloud servers using CP-ABE. In: Information and Communication Technology for Competitive Strategies, pp. 439–446. Springer (2019)

    Google Scholar 

  6. Eom, J., Lee, D.H., Lee, K.: Patient-controlled attribute-based encryption for secure electronic health records system. J. Med. Syst. 40(12), 253 (2016)

    Article  Google Scholar 

  7. Greene, E., Proctor, P., Kotz, D.: Secure sharing of mhealth data streams through cryptographically-enforced access control. Smart Health 12, 49–65 (2018)

    Article  Google Scholar 

  8. Ibraimi, L., Petkovic, M., Nikova, S., Hartel, P., Jonker, W.: Mediated ciphertext-policy attribute-based encryption and its application. In: International Workshop on Information Security Applications, pp. 309–323. Springer (2009)

    Google Scholar 

  9. JahanJahan, M., et al.: Light weight write mechanism for cloud data. IEEE Trans. Parallel Distrib. Syst. 29(5), 1131–1146 (2017)

    Article  Google Scholar 

  10. Jahan, M., Roy, P.S., Sakurai, K., Seneviratne, A., Jha, S.: Secure and light weight fine-grained access mechanism for outsourced data. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 201–209. IEEE (2017)

    Google Scholar 

  11. Jazi, H.H., Gonzalez, H., Stakhanova, N., Ghorbani, A.A.: Detecting http-based application layer dos attacks on web servers in the presence of sampling. Comput. Netw. 121, 25–36 (2017)

    Article  Google Scholar 

  12. Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2012)

    Article  Google Scholar 

  13. Liu, J., Huang, X., Liu, J.K.: Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Future Gener. Comput. Syst. 52, 67–76 (2015)

    Article  Google Scholar 

  14. Liu, Q., Wang, G., Wu, J.: Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. Inf. Sci. 258, 355–370 (2014)

    Article  Google Scholar 

  15. Liu, V., Musen, M.A., Chou, T.: Data breaches of protected health information in the united states. JAMA 313(14), 1471–1473 (2015)

    Article  Google Scholar 

  16. Matos, D.R., Pardal, M.L., Adão, P., Silva, A.R., Correia, M.: Securing electronic health records in the cloud. In: Proceedings of the 1st Workshop on Privacy by Design in Distributed Systems, p. 1. ACM (2018)

    Google Scholar 

  17. Mubarakali, A., Ashwin, M., Mavaluru, D., Kumar, A.D.: Design an attribute based health record protection algorithm for healthcare services in cloud environment. Multimedia Tools Appl. 79(5), 3943–3956 (2020)

    Article  Google Scholar 

  18. Nair, S.K., et al.: Towards secure cloud bursting, brokerage and aggregation. In: 2010 Eighth IEEE European Conference on Web Services, pp. 189–196. IEEE (2010)

    Google Scholar 

  19. Narayan, S., Gagné, M., Safavi-Naini, R.: Privacy preserving EHR system using attribute-based infrastructure. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, pp. 47–52. ACM (2010)

    Google Scholar 

  20. Qian, H., Li, J., Zhang, Y., Han, J.: Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation. Int. J. Inf. Secur. 14(6), 487–497 (2015)

    Article  Google Scholar 

  21. Wu, R., Ahn, G.-J., Hu, H.: Secure sharing of electronic health records in clouds. In: 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pp. 711–718. IEEE (2012)

    Google Scholar 

  22. Xhafa, F., Li, J., Zhao, G., Li, J., Chen, X., Wong, D.S.: Designing cloud-based electronic health record system with attribute-based encryption. Multimedia Tools Appl. 74(10), 3441–3458 (2015)

    Article  Google Scholar 

  23. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE INFOCOM, pp. 1–9. IEEE (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The University of New South Wales (UNSW), Sydney, Australia

    Zainab Abaid, Arash Shaghaghi, Aruna Seneviratne & Sanjay Jha

  2. Centre for Cyber Security Research and Innovation, Deakin University, Geelong, Australia

    Arash Shaghaghi

  3. Data61, CSIRO, Eveleigh, Australia

    Aruna Seneviratne

  4. The University of Sydney, Sydney, Australia

    Ravin Gunawardena & Suranga Seneviratne

  5. University of Moratuwa, Moratuwa, Sri Lanka

    Ravin Gunawardena

Authors
  1. Zainab Abaid
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arash Shaghaghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ravin Gunawardena
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Suranga Seneviratne
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Aruna Seneviratne
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sanjay Jha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Arash Shaghaghi .

Editor information

Editors and Affiliations

  1. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Álvaro Herrero

  2. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Carlos Cambra

  3. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Daniel Urda

  4. Technological Institute of Castilla y León, Burgos, Spain

    Javier Sedano

  5. Department of Industrial Engineering, University of A Coruña, La Coruña, Spain

    Héctor Quintián

  6. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Abaid, Z., Shaghaghi, A., Gunawardena, R., Seneviratne, S., Seneviratne, A., Jha, S. (2021). Health Access Broker: Secure, Patient-Controlled Management of Personal Health Records in the Cloud. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_11

Download citation

Publish with us

Policies and ethics

Search

Navigation