Secure and privacy-preserving sharing of personal health records with multi-party pre-authorization verification
Copyright policy )Secure and privacy-preserving sharing of personal health records with multi-party pre-authorization verification
Wireless communications play an important role in ensuring ease of access to shared electronic health records (EHR) across health service providers which is essential and significant for prompt patients’ care, especially in cases of emergency medical conditions. With the need to support anytime, anywhere access to, potentially bandwidth hungry, medical records, electronic healthcare applications will continue to benefit from advanced wireless network technologies such as 5G and beyond. With sharing, it is crucial to provide patients with security and privacy guarantees, and allow them to certain control of access to their data. Existing solutions mostly assume that patients are available to authorize requests to access their EHR, which is impractical as the patient may be unconscious. This paper proposes a secure and privacy protecting protocol whereby the patient can pre-delegate the authorization for the access of his/her EHR. Our patient(user)-centric proposal combines Self-Sovereign Identity (SSI) concepts and model with Secure Multi-party Computation (SMPC) and Threshold Cryptography (TC) to enable secure identity and authorization verification. A block cipher encryption sharing approach is adopted for the threshold SMPC which extends the AES-GCM symmetric encryption model into a full-fledged cryptographic platform. Two mechanisms are implemented for the block cipher encryption, namely XOR and Cascade, and experiments are conducted to compare them. We conclude that the XOR mechanism can scale for larger thresholds, while Cascade performed better for a lower threshold (≤ 3). This paper also performs a threat analysis of the protocol and approach, and validates its correctness and complexity. We conclude that the approach can achieve the security and privacy protection of the patient’s personal EHR, as well as the autonomy of the patient to control the authorization for the access and sharing. National Research Foundation (NRF) Submitted/Accepted version This work was supported by the National Research Foundation, Singapore under its Strategic Capability Research Centres Funding Initiative.
- Nanyang Technological University Singapore
Cryptographic Controls, :Computer science and engineering [Engineering], Algorithm/Protocol Design and Analysis
Cryptographic Controls, :Computer science and engineering [Engineering], Algorithm/Protocol Design and Analysis
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).5 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Top 10% influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Average impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Top 10%
Citations provided by BIP!Popularity provided by BIP!