Skip to main content
Springer Nature Link
Log in

Private Verification of Access on Medical Data: An Initial Study

  • Conference paper
  • First Online:
Data Privacy Management, Cryptocurrencies and Blockchain Technology (DPM 2017, CBT 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10436))

  • 5638 Accesses

Abstract

Patient-centered medical systems promote empowerment of patients, who can decide on the accesses and usage of their personal data. To inspire a sense of trust and encourage the adoption of such systems, it is desired to allow one to verify whether the system has acted in accordance with the patients’ preferences. However, it is argued that even audit logs and usage policies, normally used when verifying such property, may already be enough for one to learn sensitive information, e.g., the medical specialists a given patient has visited in the past. This is not only damaging for the patients, but is also against the interests of the medical system, which may lose back the trust earned and gain a bad reputation. Verifiability should not come at the expense of patients’ privacy. It is, therefore, imperative that these systems take necessary precautions towards patient’s information when providing means for verifiability. In this work we study how to realize that. In particular, we explore how searchable encryption techniques could be applied to allow the verification of systems in a private fashion, providing no information on patient’s sensitive data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Definition taken from the Online Oxford Dictionaries.

  2. 2.

    https://www.healthvault.com/.

  3. 3.

    https://www.esante.lu/portal/fr/espace-patient/le-dsp-au-quotidien,199.html?

References

  1. Barker, E.: NIST Special Publication 800-57 Part 1 Revision 4—Recommendation for Key Management (Part 1: General) (2016)

    Google Scholar 

  2. Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24676-3_30

    Chapter  Google Scholar 

  3. Boneh, D., Raghunathan, A., Segev, G.: Function-private identity-based encryption: hiding the function in functional encryption. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 461–478. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40084-1_26

    Chapter  MATH  Google Scholar 

  4. Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007). doi:10.1007/978-3-540-70936-7_29

    Chapter  Google Scholar 

  5. Bösch, C., Hartel, P., Jonker, W., Peter, A.: A survey of provably secure searchable encryption. ACM Comput. Surv. (CSUR) 47(2), 18 (2015)

    Google Scholar 

  6. Bösch, C., Tang, Q., Hartel, P., Jonker, W.: Selective document retrieval from encrypted database. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 224–241. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33383-5_14

    Chapter  Google Scholar 

  7. Butin, D., Le Métayer, D.: Log analysis for data protection accountability. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 163–178. Springer, Cham (2014). doi:10.1007/978-3-319-06410-9_12

    Chapter  Google Scholar 

  8. Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Roşu, M.-C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for boolean queries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 353–373. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40041-4_20

    Chapter  Google Scholar 

  9. Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 442–455. Springer, Heidelberg (2005). doi:10.1007/11496137_30

    Chapter  Google Scholar 

  10. Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. J. Comput. Secur. 19(5), 895–934 (2011)

    Article  Google Scholar 

  11. Dreier, J., Giustolisi, R., Kassem, A., Lafourcade, P., Lenzini, G.: A framework for analyzing verifiability in traditional and electronic exams. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 514–529. Springer, Cham (2015). doi:10.1007/978-3-319-17533-1_35

    Chapter  Google Scholar 

  12. Dreier, J., Jonker, H., Lafourcade, P.: Defining verifiability in e-auction protocols. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 547–552. ACM (2013)

    Google Scholar 

  13. Fisch, B.A., Vo, B., Krell, F., Kumarasubramanian, A., Kolesnikov, V., Malkin, T., Bellovin, S.M.: Malicious-client security in blind seer: a scalable private DBMS. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 395–410. IEEE (2015)

    Google Scholar 

  14. Flores, A.E., Vergara, V.M.: Functionalities of open electronic health records system: a follow-up study. In: 6th International Conference on Biomedical Engineering and Informatics, pp. 602–607. IEEE (2013)

    Google Scholar 

  15. Gajanayake, R., Sahama, T.R., Lane, B., Grunwell, D.: Designing an information accountability framework for eHealth. In: IEEE Healthcom 2013 15th International Conference on E-Health Networking, Application and Services. Instituto Superior de Ciências Sociais e Políticas - Technical University of Lisbon, Lisbon, Portugal, June 2013. https://eprints.qut.edu.au/60690/

  16. Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)

    Google Scholar 

  17. Goh, E.J., et al.: Secure indexes. IACR Cryptology ePrint Archive 2003, 216 (2003). http://eprint.iacr.org/2003/216

  18. Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM (JACM) 43(3), 431–473 (1996)

    Article  MathSciNet  Google Scholar 

  19. Golle, P., Staddon, J., Waters, B.: Secure conjunctive keyword search over encrypted data. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 31–45. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24852-1_3

    Chapter  Google Scholar 

  20. Grunwell, D., Gajanayake, R., Sahama, T.: The security and privacy of usage policies and provenance logs in an information accountability framework. In: Proceedings of the Eighth Australasian Workshop on Health Informatics and Knowledge Management (HIKM2015), vol. 164, pp. 33–40. Australian Computer Society (2015)

    Google Scholar 

  21. Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., Müller, G.: Aspects of privacy for electronic health records. Int. J. Med. Inf. 80(2), e26–e31 (2011)

    Article  Google Scholar 

  22. Hu, V.C., Ferraiolo, D., Kuhn, D.R.: Assessment of access control systems. US Department of Commerce, National Institute of Standards and Technology (2006)

    Google Scholar 

  23. Kamara, S., Moataz, T.: Boolean searchable symmetric encryption with worst-case sub-linear complexity. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 94–124. Springer, Cham (2017). doi:10.1007/978-3-319-56617-7_4

    Chapter  Google Scholar 

  24. King, J.T., Smith, B., Williams, L.: Modifying without a trace: general audit guidelines are inadequate for open-source electronic health record audit mechanisms. In: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, pp. 305–314. ACM (2012)

    Google Scholar 

  25. Kremer, S., Ryan, M., Smyth, B.: Election verifiability in electronic voting protocols. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 389–404. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15497-3_24

    Chapter  Google Scholar 

  26. Kurosawa, K.: Garbled searchable symmetric encryption. In: Financial Cryptography, vol. 2014, pp. 234–251 (2014)

    Google Scholar 

  27. Marshall, G.: Security audit and access accountability message XML. Technical report, RFC 3881 (2004)

    Google Scholar 

  28. Microsoft: Microsoft Privacy Statement (2017). https://privacy.microsoft.com/en-gb/privacystatement. Accessed 15 May 2017

  29. Moataz, T., Shikfa, A.: Boolean symmetric searchable encryption. In: Proceedings of the 8th ACM SIGSAC symposium on Information, Computer and Communications Security, pp. 265–276. ACM (2013)

    Google Scholar 

  30. Pappas, V., Krell, F., Vo, B., Kolesnikov, V., Malkin, T., Choi, S.G., George, W., Keromytis, A., Bellovin, S.: Blind seer: a scalable private DBMS. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 359–374. IEEE (2014)

    Google Scholar 

  31. Reuben, J., Martucci, L.A., Fischer-Hübner, S.: Automated log audits for privacy compliance validation: a literature survey. In: Aspinall, D., Camenisch, J., Hansen, M., Fischer-Hübner, S., Raab, C. (eds.) Privacy and Identity 2015. IAICT, vol. 476, pp. 312–326. Springer, Cham (2016). doi:10.1007/978-3-319-41763-9_21

    Chapter  Google Scholar 

  32. Røstad, L.: An initial model and a discussion of access control in patient controlled health records. In: 2008 Third International Conference on Availability, Reliability and Security, ARES 2008, pp. 935–942. IEEE (2008)

    Google Scholar 

  33. Seneviratne, O., Kagal, L.: Enabling privacy through transparency. In: 2014 Twelfth Annual International Conference on Privacy, Security and Trust (PST), pp. 121–128. IEEE (2014)

    Google Scholar 

  34. Shi, E., Bethencourt, J., Chan, T.H., Song, D., Perrig, A.: Multi-dimensional range query over encrypted data. In: 2007 IEEE Symposium on Security and Privacy, SP 2007, pp. 350–364. IEEE (2007)

    Google Scholar 

  35. Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: 2000 IEEE Symposium on Security and Privacy, S&P 2000, Proceedings, pp. 44–55. IEEE (2000)

    Google Scholar 

  36. Spagnuelo, D., Lenzini, G.: Transparent medical data systems. J. Med. Syst. 41(1), 8 (2017)

    Article  Google Scholar 

  37. Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. NDSS 4, 5–6 (2004)

    Google Scholar 

  38. Wickramage, C., Sahama, T., Fidge, C.: Anatomy of log files: implications for information accountability measures. In: 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom), pp. 1–6. IEEE (2016)

    Google Scholar 

Download references

Acknowledgments

Thais Bardini Idalino acknowledges funding granted from CNPq-Brazil [233697/2014-4]. Dayana Spagnuelo’s research is supported by the Luxembourg National Research Fund (FNR), AFR project 7842804 - TYPAMED. The authors would also like to thank Dr. Gabriele Lenzini and Prof. Peter Y.A. Ryan for contributing to this work with relevant discussions and valuable advice.

Author information

Authors and Affiliations

  1. School of Electrical Engineering and Computer Science, University of Ottawa, Ottawa, Canada

    Thaís Bardini Idalino

  2. Interdisciplinary Centre for Security Reliability and Trust (SnT), University of Luxembourg, Luxembourg, Luxembourg

    Dayana Spagnuelo

  3. Departamento de Informática e Estatística, Universidade Federal de Santa Catarina, Florianópolis, Brazil

    Jean Everson Martina

Authors
  1. Thaís Bardini Idalino
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dayana Spagnuelo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean Everson Martina
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dayana Spagnuelo .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  2. Department of Information and Communications Engineering, Autonomous University of Barcelona, Bellaterra, Spain

    Guillermo Navarro-Arribas

  3. Karlsruhe Institute of Technology, Karlsruhe, Germany

    Hannes Hartenstein

  4. Autonomous University of Barcelona, Bellaterra, Spain

    Jordi Herrera-Joancomartí

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Idalino, T.B., Spagnuelo, D., Martina, J.E. (2017). Private Verification of Access on Medical Data: An Initial Study. In: Garcia-Alfaro, J., Navarro-Arribas, G., Hartenstein, H., Herrera-Joancomartí, J. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2017 2017. Lecture Notes in Computer Science(), vol 10436. Springer, Cham. https://doi.org/10.1007/978-3-319-67816-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67816-0_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67815-3

  • Online ISBN: 978-3-319-67816-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics