Efficient and Secure Cloud ‐ Based Healthcare Systems for the Storage of Electrical Medical Records La Trobe University, Monash University, Victoria University and RMIT
What We Will Cover Today • Introduction and Motivation • Introduction • About Us and the Project • Defining the Problem • Motivating Example • Manual Encryption Approach • Manual Encryption Example • Attribute Based Encryption • Overview • ABE example • Project Overview and Design • Project Overview • System Model and Design • Implementation Status 2
Introduction • About me • Name: Dr. Russell Paulet • Role: Research assistant and software engineer 3
About Us and the Project • Project: Efficient and Secure Cloud ‐ Based Healthcare Systems for the Storage of Electrical Medical Records • Research Team • Xun Yi (RMIT) • Hua Wang (VU) • Joseph Liu (Monash) • Naveen Chilamkurti (La Trobe) • Hui Cui (previously RMIT) • Russell Paulet (RMIT) • The target audience for this project is the health-care industry • This is the domain from which we draw examples and demonstrate the ABE implementation 4
Defining the Problem • Storing medical records as physical (paper-based) documents offers a high degree of security and privacy • But using physical medical records have a number of limitations • Easy to repeat medical tests because some records may be inaccessible or missing • Appropriate sharing of medical records is labour intensive • Either via transportation or copying of records 5
Defining the Problem • The use of e-Health records addresses the limitations associated with the management of physical health records • Records are more readily available when needed • Since e-Health records are more accessible, they also become more vulnerable to attack • So access control is typically restricted by using software to protect e-Health records • Where access to the records is granted only if some policy or rule is satisfied 6
Defining the Problem • Of course, the management of e-Health records has associated maintenance costs • Computing resources • Staffing resources • These costs can be significant when there are a large number of records to manage • Also, the number of records grow over time • One way to reduce these costs is to outsource to a cloud provider • This concept is known as Economies-of- Scale 7
Defining the Problem • Thus, we want to store e-Health records in the cloud to enjoy the benefits of economies-of-scale, but want to enforce secure access control of e-Health records • This includes ensuring privacy of the e-Health records • Delegating this responsibility to the Server Cloud cloud provider would require absolute trust to establish and maintain the privacy of the records 8
Defining the Problem • Additionally, an adversary may exploit vulnerabilities to override correct behaviour of the e-Health application running on the cloud • Either by breaking the security checks of the application or directly accessing the data • This project aims to use encryption to address these challenges in a Server Cloud more secure way • While reducing record management complexity 9
Motivating Example • A common model for access control is Role Based Access Control (RBAC) • Which means that the access policy is defined over roles (or attributes) of users • For our example we will consider the following users with their attributes User Attributes User Attributes John123 Doctor,Cardiology Jane84 Nurse,Cardiology Jay456 Doctor,Neurology Joe88 Receptionist,Cardiology Bob42 Nurse,Neurology Alice77 Technician,Cardiology • Suppose that we want to encrypt a record ℛ under policy 𝒬 : 𝒬 =“(Doctor OR Nurse OR Receptionist) AND (Cardiology)” 10
Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐿 3 Bob42 Nurse, Store ℛ Neurology 𝐿 4 Jane84 Nurse, Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 11
Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ Neurology 𝐿 4 Jane84 Nurse, Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 12
Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ Neurology 𝐿 4 Jane84 Nurse, Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 13
Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ Neurology 𝐿 4 Jane84 Nurse, Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 14
Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ 𝐹 𝐿 4 (ℛ) 2 Jane84 Neurology 𝐿 4 Jane84 Nurse, Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 15
Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ 𝐹 𝐿 4 (ℛ) 2 Jane84 Neurology 𝐿 4 Jane84 Nurse, 𝐹 𝐿 5 (ℛ) 3 Joe88 Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 16
Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ 𝐹 𝐿 4 (ℛ) 2 Jane84 Neurology 𝐿 4 Jane84 Nurse, 𝐹 𝐿 5 (ℛ) 3 Joe88 Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 17
Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ 𝐹 𝐿 4 (ℛ) 2 Jane84 Neurology 𝐿 4 Jane84 Nurse, 𝐹 𝐿 5 (ℛ) 3 Joe88 Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 18
Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ 𝐹 𝐿 4 (ℛ) 2 Jane84 Neurology 𝐿 4 Jane84 Nurse, 𝐹 𝐿 5 (ℛ) 3 Joe88 Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 19
Manual Encryption Approach • The main problem with this approach is that there is a ciphertext for each user who satisfies the policy (which is required for security) • Which can result in significant overheads for storage and communication • If the record needs to be updated, then all the copies need to be updated too • Also observe that this requires us to obtain the key for each user that satisfies the policy • Obviously a user’s key must be current and valid • Moreover, the data owner must manually encrypt records according to the policy before uploading the records to the cloud • Selecting the appropriate keys for any given policy is complex and error prone 20
Attribute Based Encryption Overview • We can overcome these problems by utilising Attribute Based Encryption (ABE) • Attribute Based Encryption was introduced by Amit Sahai and Brent Waters in 2005 • Informally, an Attribute Based Encryption scheme allows us to encode a policy into the encryption process • Where decryption is only possible if a user has the attributes that satisfy the policy • The user is assigned attributes according to their roles in the organisation • We will now explore how Attribute Based Encryption can be employed for our example 21
Attribute Based Encryption 𝑄𝑝𝑚𝑗𝑑𝑧 AND John123 Attributes={Doctor,Cardiology} Cardiology OR Nurse Doctor Receptionist 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 22
Attribute Based Encryption 𝑄𝑝𝑚𝑗𝑑𝑧 AND John123 Attributes={Doctor,Cardiology} Cardiology OR Nurse Doctor Receptionist 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 23
Recommend
More recommend