Evaluation of Attribute-Based Access Control (ABAC) for EHR in Fog Computing Environment

Fog computing - a connection of billions of devices nearest to the network edge- was recently proposed to support latency-sensitive and real time applications. Electronic Medical Record (EMR) systems are latency-sensitive in nature therefore fog computing considered as appropriate choice for it. This paper proposes a fog environment for E-health system that contains highly confidential information of patients Electronic Health Records (EHR). The proposed E-health system has two main goals: (1) Manage and share EHRs between multiple fog nodes and the cloud,(2) Secure access into EHR on Fog computing without effecting the performance of fog nodes. This system will serve different users based on their attributes and thus providing Attribute Based Access Control ABAC into the EHR in fog to prevent unauthorized access. We focus on reducing the storing and processes in fog nodes to support low capabilities of storage and computing of fog nodes and improve its performance. There are three major contributions in this paper first; a simulator of an E-health system is implemented using both iFogSim and our iFogSimEhealthSystem simulator. Second, the ABAC was applied at the fog to secure the access to patients EHR. Third, the performance of the proposed securing access in E-health system in fog computing was evaluated. The results showed that the performance of fog computing in the secure E-health system is higher than the performance of cloud computing

A Methodology for Secure Sharing of Personal Health Records in the Cloud

In the health care sector has resulted in value effective and convenient exchange of non-public Health Records (PHRs) among many taking part entities of the e-Health systems. still, storing the confidential health data to cloud servers is prone to revelation or larceny and demand the event of methodologies that make sure the privacy of the PHRs. Therefore, we tend to propose a technique referred to as SeSPHR for secure sharing of the PHRs within the cloud. The SeSPHR theme ensures patient-centric management on the PHRs and preserves the confidentiality of the PHRs. The patients store the encrypted PHRs on the un-trusted cloud servers and by selection grant access to differing types of users on totally different parts of the PHRs. A semi-trusted proxy referred to as Setup and Re-encryption Server (SRS) is introduced to line up the public/private key pairs and to supply the re-encryption keys. Moreover, the methodology is secure against business executive threats and conjointly enforces a forward and backward access management. Moreover, we tend to formally analyze and verify the operating of SeSPHR methodology through the High Level Petri Nets (HLPN). Performance analysis concerning time consumption indicates that the SeSPHR methodology has potential to use for firmly sharing the PHRs within the cloud. conjointly we tend to Implement as a contribution during this paper time Server, Secure Auditing Storage, in Time Server PHR Owner add the start and Ending time attach to uploaded Encrypted files, and conjointly implement the TPA Module for verify the PHR Record its hack or corrupted for the other hacker and wrongdoer if information hack from hacker facet discover all system details of wrongdoer like Macintosh Address and information science Address its our contribution in our project.

Secure and Trustable Electronic Medical Records Sharing using Blockchain

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall costComment: AMIA 2017 Annual Symposium Proceeding

Systematizing Genome Privacy Research: A Privacy-Enhancing Technologies Perspective

Rapid advances in human genomics are enabling researchers to gain a better understanding of the role of the genome in our health and well-being, stimulating hope for more effective and cost efficient healthcare. However, this also prompts a number of security and privacy concerns stemming from the distinctive characteristics of genomic data. To address them, a new research community has emerged and produced a large number of publications and initiatives. In this paper, we rely on a structured methodology to contextualize and provide a critical analysis of the current knowledge on privacy-enhancing technologies used for testing, storing, and sharing genomic data, using a representative sample of the work published in the past decade. We identify and discuss limitations, technical challenges, and issues faced by the community, focusing in particular on those that are inherently tied to the nature of the problem and are harder for the community alone to address. Finally, we report on the importance and difficulty of the identified challenges based on an online survey of genome data privacy expertsComment: To appear in the Proceedings on Privacy Enhancing Technologies (PoPETs), Vol. 2019, Issue

Towards A Well-Secured Electronic Health Record in the Health Cloud

The major concerns for most cloud implementers particularly in the health care industry have remained data security and privacy. A prominent and major threat that constitutes a hurdle for practitioners within the health industry from exploiting and benefiting from the gains of cloud computing is the fear of theft of patients health data in the cloud. Investigations and surveys have revealed that most practitioners in the health care industry are concerned about the risk of health data mix-up amongst the various cloud providers, hacking to comprise the cloud platform and theft of vital patients’ health data.An overview of the diverse issues relating to health data privacy and overall security in the cloud are presented in this technical report. Based on identifed secure access requirements, an encryption-based eHR security model for securing and enforcing authorised access to electronic health data (records), eHR is also presented. It highlights three core functionalities for managing issues relating to health data privacy and security of eHR in health care cloud

A systematic literature review of cloud computing in eHealth

Cloud computing in eHealth is an emerging area for only few years. There needs to identify the state of the art and pinpoint challenges and possible directions for researchers and applications developers. Based on this need, we have conducted a systematic review of cloud computing in eHealth. We searched ACM Digital Library, IEEE Xplore, Inspec, ISI Web of Science and Springer as well as relevant open-access journals for relevant articles. A total of 237 studies were first searched, of which 44 papers met the Include Criteria. The studies identified three types of studied areas about cloud computing in eHealth, namely (1) cloud-based eHealth framework design (n=13); (2) applications of cloud computing (n=17); and (3) security or privacy control mechanisms of healthcare data in the cloud (n=14). Most of the studies in the review were about designs and concept-proof. Only very few studies have evaluated their research in the real world, which may indicate that the application of cloud computing in eHealth is still very immature. However, our presented review could pinpoint that a hybrid cloud platform with mixed access control and security protection mechanisms will be a main research area for developing citizen centred home-based healthcare applications

On the Deployment of Healthcare Applications over Fog Computing Infrastructure

Fog computing is considered as the most promising enhancement of the traditional cloud computing paradigm in order to handle potential issues introduced by the emerging Interned of Things (IoT) framework at the network edge. The heterogeneous nature, the extensive distribution and the hefty number of deployed IoT nodes will disrupt existing functional models, creating confusion. However, IoT will facilitate the rise of new applications, with automated healthcare monitoring platforms being amongst them. This paper presents the pillars of design for such applications, along with the evaluation of a working prototype that collects ECG traces from a tailor-made device and utilizes the patient's smartphone as a Fog gateway for securely sharing them to other authorized entities. This prototype will allow patients to share information to their physicians, monitor their health status independently and notify the authorities rapidly in emergency situations. Historical data will also be available for further analysis, towards identifying patterns that may improve medical diagnoses in the foreseeable future

Secure spontaneous emergency access to personal health record

We propose a system which enables access to the user's Personal Health Record (PHR) in the event of emergency. The access typically occurs in an ad-hoc and spontaneous manner and the user is usually unconscious, hence rendering the unavailability of the user's password to access the PHR. The proposed system includes a smart card carried by the user at all time and it is personalized with a pseudo secret, an URL to the PHR Server, a secret key shared with the PHR Server and a number of redemption tokens generated using a hash chain. In each emergency session, a one-time use redemption token is issued by the smart card, allowing the emergency doctor to retrieve the user's PHR upon successful authentication of his credentials and validation of the redemption token. The server returns the PHR encrypted with a one-time session key which can only be decrypted by the emergency doctor. The devised interaction protocol to facilitate emergency access to the user's PHR is secure and efficient