(Georgia Institute of Technology, 2009)
Mohan, Apurva; Bauer, David; Blough, Douglas M.; Ahamad, Mustaque; Bamba, Bhuvan; Krishnan, Ramkumar; Liu, Ling; Mashima, Daisuke; Palanisamy, Balaji
The storage of health records in electronic format, and the
wide-spread sharing of these records among different health
care providers, have enormous potential benefits to the U.S.
healthcare system. These benefits include both improving
the quality of health care delivered to patients and reducing
the costs of delivering that care. However, maintaining the
security of electronic health record systems and the privacy
of the information they contain is paramount to ensure that
patients have confidence in the use of such systems. In this
paper, we propose a framework for electronic health record
sharing that is patient centric, i.e. it provides patients with
substantial control over how their information is shared and
with whom; provides for verifiability of original sources of
health information and the integrity of the data; and permits fine-grained decisions about when data can be shared
based on the use of attribute-based techniques for authorization and access control. We present the architecture of the
framework, describe a prototype system we have built based
on it, and demonstrate its use within a scenario involving
emergency responders' access to health record information.
(Georgia Institute of Technology, 2004-04-01)
Subbiah, Arun; Ahamad, Mustaque; Blough, Douglas M.
This paper addresses the problem of using proactive cryptosystems for generic data storage and retrieval. Proactive cryptosystems provide high security and confidentiality guarantees for stored data, and are capable of withstanding attacks that may compromise all the servers in the system over time. However, proactive cryptosystems are unsuitable for generic data storage uses for two reasons. First, proactive cryptosystems are usually used to store keys, which are rarely updated. On the other hand, generic data could be actively written and read. The system must therefore be highly available for both write and read operations. Second, existing share renewal protocols (the critical element to achieve proactive security) are expensive in terms of computation and communication overheads, and are time consuming operations. Since generic data will be voluminous, the share renewal process will consume substantial system resources and cause a significant amount of system downtime. Two schemes are proposed that combine Byzantine quorum systems and proactive secret sharing techniques to provide high availability and security guarantees for stored data, while reducing the overhead incurred during the share renewal process. Several performance metrics that can be used to evaluate proactively-secure generic data storage schemes are identified. The proposed schemes are thus shown to render proactive systems suitable for confidential generic data storage.