Taking Computation to Data: Integrating Privacy-preserving AI techniques and Blockchain Allowing Secure Analysis of Sensitive Data on Premise

PhD thesis in Information technologyWith the advancement of artificial intelligence (AI), digital pathology has seen significant progress in recent years. However, the use of medical AI raises concerns about patient data privacy. The CLARIFY project is a research project funded under the European Union’s Marie Sklodowska-Curie Actions (MSCA) program. The primary objective of CLARIFY is to create a reliable, automated digital diagnostic platform that utilizes cloud-based data algorithms and artificial intelligence to enable interpretation and diagnosis of wholeslide-images (WSI) from any location, maximizing the advantages of AI-based digital pathology. My research as an early stage researcher for the CLARIFY project centers on securing information systems using machine learning and access control techniques. To achieve this goal, I extensively researched privacy protection technologies such as federated learning, differential privacy, dataset distillation, and blockchain. These technologies have different priorities in terms of privacy, computational efficiency, and usability. Therefore, we designed a computing system that supports different levels of privacy security, based on the concept: taking computation to data. Our approach is based on two design principles. First, when external users need to access internal data, a robust access control mechanism must be established to limit unauthorized access. Second, it implies that raw data should be processed to ensure privacy and security. Specifically, we use smart contractbased access control and decentralized identity technology at the system security boundary to ensure the flexibility and immutability of verification. If the user’s raw data still cannot be directly accessed, we propose to use dataset distillation technology to filter out privacy, or use locally trained model as data agent. Our research focuses on improving the usability of these methods, and this thesis serves as a demonstration of current privacy-preserving and secure computing technologies

TSKY: a dependable middleware solution for data privacy using public storage clouds

Dissertação para obtenção do Grau de Mestre em Engenharia InformáticaThis dissertation aims to take advantage of the virtues offered by data storage cloud based systems on the Internet, proposing a solution that avoids security issues by combining different providers’ solutions in a vision of a cloud-of-clouds storage and computing. The solution, TSKY System (or Trusted Sky), is implemented as a middleware system, featuring a set of components designed to establish and to enhance conditions for security, privacy, reliability and availability of data, with these conditions being secured and verifiable by the end-user, independently of each provider. These components, implement cryptographic tools, including threshold and homomorphic cryptographic schemes, combined with encryption, replication, and dynamic indexing mecha-nisms. The solution allows data management and distribution functions over data kept in different storage clouds, not necessarily trusted, improving and ensuring resilience and security guarantees against Byzantine faults and at-tacks. The generic approach of the TSKY system model and its implemented services are evaluated in the context of a Trusted Email Repository System (TSKY-TMS System). The TSKY-TMS system is a prototype that uses the base TSKY middleware services to store mailboxes and email Messages in a cloud-of-clouds

A hybrid model for managing personal health records in South Africa

Doctors can experience difficulty in accessing medical information of new patients. One reason for this is that the management of medical records is mostly institution-centred. The lack of access to medical information may negatively affect patients in several ways. These include new medical tests that may need to be carried out at a cost to the patient and doctors prescribing drugs to which the patient is allergic. This research investigates how patients can play an active role in sharing their personal health records (PHRs) with doctors located in geographically separate areas. In order to achieve the goal of this research, existing literature concerning medical health records and standards was reviewed. A literature review of techniques that can be used to ensure privacy of health information was also undertaken. Interview studies were carried out with three medical practices in Port Elizabeth with the aim of contextualising the findings from the literature study. The Design Science Research methodology was used for this research. A Hybrid Model for Managing Personal Health Records in South Africa is proposed. This model allows patients to view their PHRs on their mobile phones and medical practitioners to manage the patients’ PHRs using a web-based application. The patients’ PHR information is stored both on a cloud server and on mobile devices hence the hybrid nature. Two prototypes were developed as a proof of concept; a mobile application for the patients and a web-based application for the medical practitioners. A field study was carried out with the NMMU health services department and 12 participants over a period of two weeks. The results of the field study were highly positive. The successful evaluation of the prototypes provides empirical evidence that the proposed model brings us closer to the realisation of ubiquitous access to PHRS in South Africa

Privacy in the Genomic Era

Genome sequencing technology has advanced at a rapid pace and it is now possible to generate highly-detailed genotypes inexpensively. The collection and analysis of such data has the potential to support various applications, including personalized medical services. While the benefits of the genomics revolution are trumpeted by the biomedical community, the increased availability of such data has major implications for personal privacy; notably because the genome has certain essential features, which include (but are not limited to) (i) an association with traits and certain diseases, (ii) identification capability (e.g., forensics), and (iii) revelation of family relationships. Moreover, direct-to-consumer DNA testing increases the likelihood that genome data will be made available in less regulated environments, such as the Internet and for-profit companies. The problem of genome data privacy thus resides at the crossroads of computer science, medicine, and public policy. While the computer scientists have addressed data privacy for various data types, there has been less attention dedicated to genomic data. Thus, the goal of this paper is to provide a systematization of knowledge for the computer science community. In doing so, we address some of the (sometimes erroneous) beliefs of this field and we report on a survey we conducted about genome data privacy with biomedical specialists. Then, after characterizing the genome privacy problem, we review the state-of-the-art regarding privacy attacks on genomic data and strategies for mitigating such attacks, as well as contextualizing these attacks from the perspective of medicine and public policy. This paper concludes with an enumeration of the challenges for genome data privacy and presents a framework to systematize the analysis of threats and the design of countermeasures as the field moves forward

Privacy-Enhanced Dependable and Searchable Storage in a Cloud-of-Clouds

In this dissertation we will propose a solution for a trustable and privacy-enhanced storage architecture based on a multi-cloud approach. The solution provides the necessary support for multi modal on-line searching operation on data that is always maintained encrypted on used cloud-services. We implemented a system prototype, conducting an experimental evaluation. Our results show that the proposal offers security and privacy guarantees, and provides efficient information retrieval capabilities without sacrificing precision and recall properties on the supported search operations. There is a constant increase in the demand of cloud services, particularly cloud-based storage services. These services are currently used by different applications as outsourced storage services, with some interesting advantages. Most personal and mobile applications also offer the user the choice to use the cloud to store their data, transparently and sometimes without entire user awareness and privacy-conditions, to overcome local storage limitations. Companies might also find that it is cheaper to outsource databases and keyvalue stores, instead of relying on storage solutions in private data-centers. This raises the concern about data privacy guarantees and data leakage danger. A cloud system administrator can easily access unprotected data and she/he could also forge, modify or delete data, violating privacy, integrity, availability and authenticity conditions. A possible solution to solve those problems would be to encrypt and add authenticity and integrity proofs in all data, before being sent to the cloud, and decrypting and verifying authenticity or integrity on data downloads. However this solution can be used only for backup purposes or when big data is not involved, and might not be very practical for online searching requirements over large amounts of cloud stored data that must be searched, accessed and retrieved in a dynamic way. Those solutions also impose high-latency and high amount of cloud inbound/outbound traffic, increasing the operational costs. Moreover, in the case of mobile or embedded devices, the power, computation and communication constraints cannot be ignored, since indexing, encrypting/decrypting and signing/verifying all data will be computationally expensive. To overcome the previous drawbacks, in this dissertation we propose a solution for a trustable and privacy-enhanced storage architecture based on a multi-cloud approach, providing privacy-enhanced, dependable and searchable support. Our solution provides the necessary support for dependable cloud storage and multi modal on-line searching operations over always-encrypted data in a cloud-of-clouds. We implemented a system prototype, conducting an experimental evaluation of the proposed solution, involving the use of conventional storage clouds, as well as, a high-speed in-memory cloud-storage backend. Our results show that the proposal offers the required dependability properties and privacy guarantees, providing efficient information retrieval capabilities without sacrificing precision and recall properties in the supported indexing and search operations

Unleashing The Potential of Data Ecosystems: Establishing Digital Trust through Trust-Enhancing Technologies

Companies increasingly innovate data-driven business models, enabling them to create new products and services. Emerging data ecosystems provide these companies access to complementary data, offering them additional potential. This, however remains untapped, as a lack of digital trust prevents companies from sharing data within these ecosystems. By using trust-enhancing technologies, companies can establish trust; this can be explained through the theoretical lens of system trust. Using a design research approach helped us to unlock the knowledge of 21 experts and identify five technologies with the potential to solve the trust challenge: self-sovereign identities, differential privacy, fully homomorphic encryption, trusted execution environments and secure multiparty computation. We integrated these technologies into the data sharing process in data ecosystems and elaborated on their limitations and maturity. Ultimately, we derived two principles that allow for adapting our results to future technological developments: complementarity and customization

Blockchain in Personal Health Information Exchange

The secure and efficient exchange of personal health information is a critical challenge in the healthcare sector. It is a social-technical issue, being concerned with the individual’s right to data protection as well as the interoperability of existing health information management systems, such as electronic medical record systems. In particular, there is the need to legally, securely, and efficiently share personal health information between different organisations and entities within and across regions. The various entities in personal health information exchange have different requirements and responsibilities. This thesis focuses on two of these: (1) individuals as data subjects should have the opportunity to oversee the processing of their health information by others and to restrict the exchange of their health information, and (2) entities should be able to verify that data controllers are securely sharing personal health information as agreed and in compliance with regulations, laws and the preferences of data subjects. To address these challenges, blockchain technology has been actively explored in the research community of health information exchange as a potential solution. This thesis is intended to contribute towards this global effort. Blockchain technology provides benefits on decentralisation, immutability, transparency and traceability of data transactions and public access of data by network users. As a distributed technology, the adoption of blockchain in health information exchange can support interoperability, security, and privacy protection. This thesis aims to explore the use of blockchain technology in personal health information exchange between stakeholders for privacy protection, confidentiality, non-repudiation, and auditability. The four main contributions of the thesis can be summarised as follows: Firstly, the research identified the requirements of different roles involved in the cases of health information exchange and the current challenges of health information exchange in the sector by reviewing related work on personal health information exchange and blockchain technology, and discussing existing blockchain-based applications in health information exchange. In summary, there are several challenges related to PHI exchange, including legal and regulatory barriers, privacy and security breaches, lack of interoperability between healthcare information systems, trust-building barriers, and low levels of patient engagement. Secondly, to explore the use of blockchain technology in data exchange, the study designed a blockchain-based auditing framework for workflows involving different entities. This framework, called AudiWFlow, provides an audit trail for records verification on-the-fly and after the fact using smart contracts and personal receipts. In the context of data exchange in the health sector, the AudiWFlow framework makes data transactions auditable and builds trust between different entities located in the same jurisdiction. Workflow entities share required protected data with each other and use the blockchain to store proof of integrity about transaction records. The blockchain plays the role of an audit server in the framework and has a stable time delay compared to traditional servers. Thirdly, to address challenges of secure cross-regional data exchange in health, particularly when combined with existing infrastructures in the health management system, this study developed a proper blockchain-based framework called BRUE that can help entities meet fit-for-purpose security requirements in the exchange of personal health information. The BRUE framework reconstructs the concepts of User-Managed Access protocol and uses personal data receipts and token-based records to achieve access control fulfilling the needs of privacy preservation, auditing, non-repudiation, and confidentiality. Finally, to improve privacy preservation in the exchange of personal health information, the study developed a blockchain-based framework named BRESPE. This framework utilises sticky policy triggered by smart contracts to enforce access control, aligning with user preferences and data protection regulations during data transmission