Person:
Ahamad,
Mustaque
Ahamad,
Mustaque
Permanent Link
Associated Organization(s)
Organizational Unit
ORCID
ArchiveSpace Name Record
Publication Search Results
Now showing
1 - 3 of 3
-
ItemA Patient-centric, Attribute-based, Source-verifiable Framework for Health Record Sharing(Georgia Institute of Technology, 2009) Mohan, Apurva ; Bauer, David ; Blough, Douglas M. ; Ahamad, Mustaque ; Bamba, Bhuvan ; Krishnan, Ramkumar ; Liu, Ling ; Mashima, Daisuke ; Palanisamy, BalajiThe storage of health records in electronic format, and the wide-spread sharing of these records among different health care providers, have enormous potential benefits to the U.S. healthcare system. These benefits include both improving the quality of health care delivered to patients and reducing the costs of delivering that care. However, maintaining the security of electronic health record systems and the privacy of the information they contain is paramount to ensure that patients have confidence in the use of such systems. In this paper, we propose a framework for electronic health record sharing that is patient centric, i.e. it provides patients with substantial control over how their information is shared and with whom; provides for verifiability of original sources of health information and the integrity of the data; and permits fine-grained decisions about when data can be shared based on the use of attribute-based techniques for authorization and access control. We present the architecture of the framework, describe a prototype system we have built based on it, and demonstrate its use within a scenario involving emergency responders' access to health record information.
-
ItemUsing Byzantine Quorum Systems to Manage Confidential Data(Georgia Institute of Technology, 2004-04-01) Subbiah, Arun ; Ahamad, Mustaque ; Blough, Douglas M.This paper addresses the problem of using proactive cryptosystems for generic data storage and retrieval. Proactive cryptosystems provide high security and confidentiality guarantees for stored data, and are capable of withstanding attacks that may compromise all the servers in the system over time. However, proactive cryptosystems are unsuitable for generic data storage uses for two reasons. First, proactive cryptosystems are usually used to store keys, which are rarely updated. On the other hand, generic data could be actively written and read. The system must therefore be highly available for both write and read operations. Second, existing share renewal protocols (the critical element to achieve proactive security) are expensive in terms of computation and communication overheads, and are time consuming operations. Since generic data will be voluminous, the share renewal process will consume substantial system resources and cause a significant amount of system downtime. Two schemes are proposed that combine Byzantine quorum systems and proactive secret sharing techniques to provide high availability and security guarantees for stored data, while reducing the overhead incurred during the share renewal process. Several performance metrics that can be used to evaluate proactively-secure generic data storage schemes are identified. The proposed schemes are thus shown to render proactive systems suitable for confidential generic data storage.
-
ItemCollective Endorsement and the Dissemination Problem in Malicious Environments(Georgia Institute of Technology, 2004-03-08) Lakshmanan, Subramanian ; Manohar, Deepak J. ; Ahamad, Mustaque ; Venkateswaran, H.We consider the problem of disseminating an update known to a set of servers to other servers in the system via a gossip protocol. Some of the servers can exhibit malicious behavior. We require that only the updates introduced by authorized clients are accepted by non-malicious servers. Spurious updates, in particular those generated by compromised nodes, are not accepted by non-malicious servers. We take the approach of collective endorsement where each server endorses an accepted update by computing a list of message authentication codes with symmetric keys allocated to it. We use a novel key allocation scheme that allocates a set of symmetric keys to each participating server to minimize the total number of keys. Our protocol is designed to minimize update diffusion time. In the absence of faulty nodes, its diffusion time is O(log n), which is the best possible time achieved when nodes only suffer from benign faults. If the actual number of Byzantine faults experienced during an update's dissemination is f, the diffusion time increases to O(log n + f). This is better than the latency of previously known protocols that take O(log n + b) time, where b is the assumed threshold that defines the maximum number of malicious servers that can be tolerated rather than f, the actual number of failures. The buffer requirements and message sizes are higher in our protocol than other known protocols and thus it trades off memory and bandwidth resources to improve latency.