9,635 research outputs found
An efficient PHR service system supporting fuzzy keyword search and fine-grained access control
Outsourcing of personal health record (PHR) has attracted considerable interest recently. It can not only bring much convenience to patients, it also allows efficient sharing of medical information among researchers. As the medical data in PHR is sensitive, it has to be encrypted before outsourcing. To achieve fine-grained access control over the encrypted PHR data becomes a challenging problem. In this paper, we provide an affirmative solution to this problem. We propose a novel PHR service system which supports efficient searching and fine-grained access control for PHR data in a hybrid cloud environment, where a private cloud is used to assist the user to interact with the public cloud for processing PHR data. In our proposed solution, we make use of attribute-based encryption (ABE) technique to obtain fine-grained access control for PHR data. In order to protect the privacy of PHR owners, our ABE is anonymous. That is, it can hide the access policy information in ciphertexts. Meanwhile, our solution can also allow efficient fuzzy search over PHR data, which can greatly improve the system usability. We also provide security analysis to show that the proposed solution is secure and privacy-preserving. The experimental results demonstrate the efficiency of the proposed scheme.Peer ReviewedPostprint (author's final draft
Visions and Challenges in Managing and Preserving Data to Measure Quality of Life
Health-related data analysis plays an important role in self-knowledge,
disease prevention, diagnosis, and quality of life assessment. With the advent
of data-driven solutions, a myriad of apps and Internet of Things (IoT) devices
(wearables, home-medical sensors, etc) facilitates data collection and provide
cloud storage with a central administration. More recently, blockchain and
other distributed ledgers became available as alternative storage options based
on decentralised organisation systems. We bring attention to the human data
bleeding problem and argue that neither centralised nor decentralised system
organisations are a magic bullet for data-driven innovation if individual,
community and societal values are ignored. The motivation for this position
paper is to elaborate on strategies to protect privacy as well as to encourage
data sharing and support open data without requiring a complex access protocol
for researchers. Our main contribution is to outline the design of a
self-regulated Open Health Archive (OHA) system with focus on quality of life
(QoL) data.Comment: DSS 2018: Data-Driven Self-Regulating System
A systematic literature review of cloud computing in eHealth
Cloud computing in eHealth is an emerging area for only few years. There
needs to identify the state of the art and pinpoint challenges and possible
directions for researchers and applications developers. Based on this need, we
have conducted a systematic review of cloud computing in eHealth. We searched
ACM Digital Library, IEEE Xplore, Inspec, ISI Web of Science and Springer as
well as relevant open-access journals for relevant articles. A total of 237
studies were first searched, of which 44 papers met the Include Criteria. The
studies identified three types of studied areas about cloud computing in
eHealth, namely (1) cloud-based eHealth framework design (n=13); (2)
applications of cloud computing (n=17); and (3) security or privacy control
mechanisms of healthcare data in the cloud (n=14). Most of the studies in the
review were about designs and concept-proof. Only very few studies have
evaluated their research in the real world, which may indicate that the
application of cloud computing in eHealth is still very immature. However, our
presented review could pinpoint that a hybrid cloud platform with mixed access
control and security protection mechanisms will be a main research area for
developing citizen centred home-based healthcare applications
Privacy in the Genomic Era
Genome sequencing technology has advanced at a rapid pace and it is now
possible to generate highly-detailed genotypes inexpensively. The collection
and analysis of such data has the potential to support various applications,
including personalized medical services. While the benefits of the genomics
revolution are trumpeted by the biomedical community, the increased
availability of such data has major implications for personal privacy; notably
because the genome has certain essential features, which include (but are not
limited to) (i) an association with traits and certain diseases, (ii)
identification capability (e.g., forensics), and (iii) revelation of family
relationships. Moreover, direct-to-consumer DNA testing increases the
likelihood that genome data will be made available in less regulated
environments, such as the Internet and for-profit companies. The problem of
genome data privacy thus resides at the crossroads of computer science,
medicine, and public policy. While the computer scientists have addressed data
privacy for various data types, there has been less attention dedicated to
genomic data. Thus, the goal of this paper is to provide a systematization of
knowledge for the computer science community. In doing so, we address some of
the (sometimes erroneous) beliefs of this field and we report on a survey we
conducted about genome data privacy with biomedical specialists. Then, after
characterizing the genome privacy problem, we review the state-of-the-art
regarding privacy attacks on genomic data and strategies for mitigating such
attacks, as well as contextualizing these attacks from the perspective of
medicine and public policy. This paper concludes with an enumeration of the
challenges for genome data privacy and presents a framework to systematize the
analysis of threats and the design of countermeasures as the field moves
forward
Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications
We present Chameleon, a novel hybrid (mixed-protocol) framework for secure
function evaluation (SFE) which enables two parties to jointly compute a
function without disclosing their private inputs. Chameleon combines the best
aspects of generic SFE protocols with the ones that are based upon additive
secret sharing. In particular, the framework performs linear operations in the
ring using additively secret shared values and nonlinear
operations using Yao's Garbled Circuits or the Goldreich-Micali-Wigderson
protocol. Chameleon departs from the common assumption of additive or linear
secret sharing models where three or more parties need to communicate in the
online phase: the framework allows two parties with private inputs to
communicate in the online phase under the assumption of a third node generating
correlated randomness in an offline phase. Almost all of the heavy
cryptographic operations are precomputed in an offline phase which
substantially reduces the communication overhead. Chameleon is both scalable
and significantly more efficient than the ABY framework (NDSS'15) it is based
on. Our framework supports signed fixed-point numbers. In particular,
Chameleon's vector dot product of signed fixed-point numbers improves the
efficiency of mining and classification of encrypted data for algorithms based
upon heavy matrix multiplications. Our evaluation of Chameleon on a 5 layer
convolutional deep neural network shows 133x and 4.2x faster executions than
Microsoft CryptoNets (ICML'16) and MiniONN (CCS'17), respectively
Systematizing Genome Privacy Research: A Privacy-Enhancing Technologies Perspective
Rapid advances in human genomics are enabling researchers to gain a better
understanding of the role of the genome in our health and well-being,
stimulating hope for more effective and cost efficient healthcare. However,
this also prompts a number of security and privacy concerns stemming from the
distinctive characteristics of genomic data. To address them, a new research
community has emerged and produced a large number of publications and
initiatives.
In this paper, we rely on a structured methodology to contextualize and
provide a critical analysis of the current knowledge on privacy-enhancing
technologies used for testing, storing, and sharing genomic data, using a
representative sample of the work published in the past decade. We identify and
discuss limitations, technical challenges, and issues faced by the community,
focusing in particular on those that are inherently tied to the nature of the
problem and are harder for the community alone to address. Finally, we report
on the importance and difficulty of the identified challenges based on an
online survey of genome data privacy expertsComment: To appear in the Proceedings on Privacy Enhancing Technologies
(PoPETs), Vol. 2019, Issue
- …