Collaborative and secure sharing of healthcare data in multi-clouds

Information Systems - Tập 48 - Trang 132-150 - 2015
Benjamin Fabian1, Tatiana Ermakova2, Philipp Junghanns1
1Humboldt-Universität zu Berlin, Institute of Informations Systems, Spandauer Str. 1, 10178 Berlin, Germany
2Technical University of Berlin, Germany

Tóm tắt

Từ khóa


Tài liệu tham khảo

R.F. Chong, Changing the world: big data and the cloud, 〈http://www.theatlantic.com/sponsored/ibm-cloud-rescue/archive/2012/09/changing-the-world-big-data-and-the-cloud/262065/〉 (2012).

V. Koufi, F. Malamateniou, G. Vassilacopoulos, Ubiquitous access to cloud emergency medical services, in: Proceedings of 10th IEEE International Conference on Information Technology and Applications Biomedicine, 2010.

C.O. Rolim, F.L. Koch, C.B. Westphall, J. Werner, A. Fracalossi, G.S. Salvador, A cloud computing solution for patient׳s data collection in health care institutions, in: Proceedings of the 2nd Telemedicine and Social Medicine, 2010.

G. Kanagaraj, A. Sumathi, Proposal of an open-source cloud computing system for exchanging medical images of a hospital information system, in: Proceedings of 3rd International Conference on Trends in Information Sciences and Computing, 2011.

M. Poulymenopoulou, F. Malamateniou, G. Vassilacopoulos, E-EPR: a cloud-based architecture of an electronic emergency patient record, in: Proceedings of Pervasive Technologies Related to Assistive Environments, 2011.

N. Karthikeyan, R. Sukanesh, Cloud based emergency health care information service in India, J. Med. Syst. 6 (6).

OsiriX DICOM Viewer, DICOM Sample Image Sets, 〈http://www.osirix-viewer.com/datasets/〉, 2013.

P. Mell, T. Grance, The NIST Definition of Cloud Computing, Technical Report, National Institute of Standards and Technology, 2012.

S. Shini, T. Thomas, K. Chithraranjan, Cloud based medical image exchange-security challenges, in: Proceedings of International Conference on Modelling, Optimization and Computing, 2012.

K.A. Ratnam, D.D. Dominic, Cloud services—enhancing the Malaysian Healthcare Sector, in: Proceedings of International Conference on Computer and Information Science, 2012.

S. Basu, A. Karp, J. Li, J. Pruyne, J. Rolia, S. Singhal, J. Suermondt, R. Swaminathan, Fusion: managing healthcare records at cloud scale, in: IEEE Computer, Special Issue on Move Toward Electronic Health Records.

L. Guo, F. Chen, L. Chen, X. Tang, The building of cloud computing environment for E-health, in: Proceedings of International Conference on E-Health Networking, Digital Ecosyst. and Technologies, 2010.

M. Li, S. Yu, N. Cao, W. Lou, Authorized private keyword search over encrypted personal health records in cloud computing, in: Proceedings of 31st International Conference on Distributor Computer Systems, 2011.

Li, 2012, Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption, IEEE Trans. Parallel Distr. Syst., 24, 131, 10.1109/TPDS.2012.97

T.-S. Chen, C.-H. Liu, T.-L. Chen, C.-S. Chen, J.-G. Bau, T.-C. Lin, Secure dynamic access control scheme of PHR in cloud computing, J. Med. Syst. 6 (6).

L. Chen, D.B. Hoang, Novel data protection model in healthcare cloud, in: Proceedings of IEEE International Conference on High Performance Computing and Communications, 2011.

M. Li, S. Yu, K. Ren, W. Lou, Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings, in: Proceedings of SecureComm 2010, LNICST, vol. 50, 2010, pp. 89–106.

J.A. Akinyele, C.U. Lehmann, M.D. Green, M.W. Pagano, Z.N.J. Peterson, A.D. Rubin, Self-protecting Electronic Medical Records Using Attribute-based Encryption, Cryptology ePrint Archive, Report 2010/565, 2010.

U.S. Department of Health & Human Services, Health Information Privacy, 〈http://www.hhs.gov/ocr/privacy/〉, 2013.

H. Krawczyk, Secret sharing made short, in: Proceedings 13th Annual International Cryptology Conference on Advances in Cryptology, 1994, pp. 136–146.

J. Bethencourt, A. Sahai, B. Waters, Ciphertext-policy attribute-based encryption, in: Proceedings of IEEE Symposium on Security and Privacy, 2007, pp. 321–334.

T. Ermakova, B. Fabian, In submission: secret sharing for health data in multi-provider clouds, in: Proceedings of IEEE Conference on Business Informatics, 2013.

Hevner, 2010

Peffers, 2007, A design science research methodology for information systems research, J. Manage. Inf. Syst., 24, 45, 10.2753/MIS0742-1222240302

D.B. Hoang, L. Chen, Mobile Cloud for Assistive Healthcare (MoCAsH), in: Proceedings of IEEE Asia-Pacific Services Computing Conference, 2010.

S. Sharieh, F. Franek, A. Ferworn, Using cloud computing for medical applications, in: Proceedings of 15th Communications and Networking Simulation Symposium, 2012.

R.-D. Berndt, M.C. Takenga, S. Kuehn, P. Preik, G. Sommer, S. Berndt, SaaS—platform for mobile health application, in: Proceedings of 9th International Multi-Conference on Systems Signals and Devices, 2012.

M. Deng, M. Nalin, M. Petkovié, I. Baroni, A. Marco, Towards trustworthy health platform cloud, in: Proceedings of IEEE 4th International Conference on Cloud Computing, 2012.

OMG, Business Process Model and Notation, 〈http://www.bpmn.org/〉, (2013).

TRESOR Project, 〈http://www.cloud-tresor.com〉 (2013).

C. He, X. Jin, Z. Zhao, T. Xiang, A cloud computing solution for hospital information system, in: Proceedings of IEEE International Conference on Intelligent Computing and Intelligent System, 2010.

Q. Huang, L. Ye, M. Yu, F. Wu, R. Liang, Medical information integration based cloud computing, in: Proceedings of International Conference on Network Computing and Information Security, 2011.

L. Hardesty, Big medical data, 〈http://web.mit.edu/newsoffice/2013/big-medical-data-0125.html〉, January 25, 2013.

Cloud4Health Project, 〈http://www.cloud4health.de/〉.

GeneCloud Project, 〈http://transinsight.com/genecloud-2/?lang=en〉, 2013.

D. Vazhenin, Cloud-based web-service for health 2.0., in: Proc. Joint Int. Conf. on Human-Centered Computer Environments, 2012.

ENISA, Cloud computing: benefits, risks and recommendations for information security, 〈http://www.enisa.europa.eu/〉, 2009.

NIST, Guidelines on Security and Privacy in Public Cloud Computing, NIST Special Publication 800-144 (December 2011).

Juels, 2013, New approaches to security and availability for cloud data, Commun. ACM, 56, 64, 10.1145/2408776.2408793

T. Ermakova, B. Fabian, In submission: security and privacy requirements for adopting cloud computing in healthcare scenarios, in: Submission to Americas Conference on Information System, 2013.

H. Loehr, A.-R. Sadeghi, M. Winandy, Securing the E-health cloud, in: Proceedings ACM International Health Informatics Symposium, 2010.

I.M. Abbadi, M. Deng, M. Nalin, A. Martin, M. Petkovic, I. Baroni, Trustworthy middleware services in the cloud, in: Proceedings of 3rd International Workshop on Cloud Data Management, 2011.

Z.-R. Li, E.-C. Chang, K.-H. Huang, F. Lai, A secure electronic medical record sharing mechanism in the cloud computing platform, in: Proceedings of IEEE 15th International Symposium on Consumer Electronics, 2011.

Y.-Y. Chen, J.-C. Lu, J.-K. Jan, A secure EHR system based on hybrid clouds, J. Med. Syst. 5 (5).

S. Yu, C. Wang, K. Ren, W. Lou, Achieving secure, scalable, and fine-grained data access control in cloud computing, in: Proceedings of 29th Conference on Information Communications, 2010.

S. Narayan, M. Gagne, R. Safavi-Naini, Privacy preserving EHR system using attribute-based infrastructure, in: Proceedings of ACM Workshop on Cloud Computing Security Workshop, 2010.

A. Bessani, M. Correia, B. Quaresma, F. Andre, P. Sousa, Depsky: dependable and secure storage in a cloud-of-clouds, in: Proceedings of 6th European Conference on Computer, 2011, pp. 31–46.

Fabian, 2010, A comparison of security requirements engineering methods, Requir. Eng., 15, 7, 10.1007/s00766-009-0092-x

Stallings, 2010

T. Dierks, E. Rescorla, The Transport Layer Security ({TLS}) Protocol, 〈http://www.ietf.org/rfc/rfc4346.txt〉, 2006.

OASIS, Web Services Security v1.1.1, 〈https://www.oasis-open.org/standards#wssv1.1.1〉, 2012.

Shim, 2005, Federated identity management, IEEE Comput., 38, 120, 10.1109/MC.2005.408

Ferraiolo, 2007

M. Krawczyk, H. Bellare, R. Canettia, HMAC: keyed-hashing for message authentication, 〈http://www.ietf.org/rfc/rfc2104.txt〉, 1997.

Ferraiolo, 2001, Proposed NIST standard for role-based access control, ACM Trans. Inf. Syst. Security, 4, 224, 10.1145/501978.501980

Fabian, 2013, Secure federation of semantic information services, Decis. Support Syst., 55, 385, 10.1016/j.dss.2012.05.049

L. Ibraimi, M. Asim, M. Petkovic, Secure Management of Personal Health Records by Applying Attribute-Based Encryption, Technical Report, University of Twente, 2009.

Shamir, 1979, How to share a secrets, Commun. ACM, 22, 612, 10.1145/359168.359176

Rabin, 1989, Efficient dispersal of information for security, load balancing, and fault tolerance, J. ACM, 36, 335, 10.1145/62044.62050

H. Krawczyk, Distributed fingerprints and secure information dispersal, in: Proceedings of 12th Annual ACM Symposium on Principles of Distributed Computing, 1993, pp. 207–218.

D. Eastlake, P. Jones, US Secure Hash Algorithm 1 (SHA1), 〈http://www.ietf.org/rfc/rfc3174.txt〉, 2001.

Google Cloud Storage – Using Service Accounts for Authentication, 〈https://developers.google.com/storage/docs/authentication#service_accounts〉, 2013.

R.T. Fielding, Chapter 5: Representational state transfer (REST), architectural styles and the design of network-based software architectures, Dissertation.

NIST, Advanced Encryption Standard (AES), National Institute of Science and Technology, Federal Information Processing Standard (FIPS) 197 (November 2001).

NIST, Recommendation for Block Cipher Modes of Operation – Methods and Techniques, NIST Special Publication 800-38 A, 2001.

NIST, The Keyed-Hash Message Authentication Code (HMAC), Federal Information Processing Standards Publication 198-1, 2008.

NIST, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-3, 2009.

Amazon Simple Storage Service (Amazon S3), 〈http://aws.amazon.com/s3/〉, 2013.

Google Cloud Storage – Cloud Platform, 〈https://cloud.google.com/products/cloud-storage〉, 2013.

Jersey, 〈http://jersey.java.net/〉, 2013.

Apache HttpClient 4.2.3, 〈http://hc.apache.org/httpcomponents-client-ga/index.html〉, 2013.

Bouncy Castle Crypto APIs, 〈http://www.bouncycastle.org/java.html〉, 2013.

J. Wang, J. Perrochet, M. Grossi, S. Weiland, Java realization for “ciphertext-policy attribute based encryption” (CP-ABE), 〈https://github.com/wakemecn/cpabe〉, 2013.

A. De Caro, The Java Pairing Based Cryptography Library (jPBC), 〈http://gas.dia.unisa.it/projects/jpbc/〉, 2012.

〈http://cran.r-project.org/web/packages/vioplot/vioplot.pdf〉, February 15, 2013.

Hintze, 1998, Violin plots, Am. Stat., 52, 181, 10.1080/00031305.1998.10480559

D.A. Schultz, B. Liskov, M. Liskov, MPSS: mobile proactive secret sharing, ACM Trans. Inf. Syst. Security 13 (4) 34).