Secure Data Aggregation and Access control in a Cloud Assisted eHealth Care System
Recently electronic health (eHealth) care system has drawn a lot of attention from the research community and the industry to face the challenge of rapidly growing elderly population and ever rising health care spending. The health care sector is also driven by the need to reduce costs while simultaneously increasing the service of quality for patients, especially extending health care to patient's residence. Advances in wireless body area networks (WBANs) have made it possible to monitor patient's physiological signals (such as electrocardiogram (ECG), blood oxygen levels) and other health related information (such as physical activity levels) in a residential setting or a mobile setting. Integrating this technology with existing 3G or 4G wireless technologies permits real-time mobile and permanent monitoring of patients, even during their daily normal activities. In such a heterogeneous wireless environment, we can use Ad-hoc network instead of traditional infrastructure-based wireless networks that can reduces cost of deployment, enhances network performance, increases the overall network coverage area as well as reduces the service cost. However, secure communication with data integrity and confidentiality in this type of network is a very challenging task due to different wireless technologies and subscription from various service providers. In addition, instead of storing the PHI at local health-service provider, the recent advancement of cloud computing allows us to store all personal health information (PHI) at cloud-storage and ensures availability with reduce the capital and operational expenditures. However, they also bear new risks and raise challenges with respect to security and privacy aspects. Stored data confidentiality with patient-centric access control is considered as one of the biggest challenges raised by cloud-storage used in eHealth care system.
To address these challenges, in this thesis, we first identify unique features of the eHealth care system with security and privacy consideration. We then propose a light weight secure data forwarding scheme for the WBNs environment. A hybrid approach, integrated with public and private key cryptography was adopted to ensure the effectiveness of the scheme. Due to critical and real-time nature of the health application, WBANs also need to provide acceptable Quality of Service(QoS) in order to provide an efficient, valuable and fully reliable assistance to patients. Taking QoS as an evaluation metric, we study packet scheduling schemes for realtime transmission in WBAN and classified real-time and non real-time traffic to minimize the waiting time of eHealth application's data traffic.
Secondly, we propose an Agent-based Secure and Trustworthy packet-forwarding Protocol (ASTP) for a cooperative mobile social network. In a cooperative mobile social network environment patient equipped with WBANs forms an on-demand adhoc network and use multi-hop routing to enhance network performance, minimize the cost of deployment, increase the coverage area as well as reduce the overall service cost. We use Semi-agent-symmetric trust metric, considering neighbor nodes' previous and recent activities and incorporate with proper security tools that enhanced the overall performance. Renewable pseudo-identities are used to ensure patients' identity privacy. Security analysis and experimental results demonstrate that ASTP improves the average packet delivery ratio and maintains the require security and privacy at the cost of an acceptable communication delay.
Considering patients living in rural area, thirdly we introduce a delay-tolerant secure long-term health care scheme, RuralCare, for collecting patient's sensitive PHI by using conventional transportation vehicles (e.g., cars, buses) as relay nodes. These vehicles are expected to store, carry, and forward the PHI to the health-service-provider located mostly at the city area following an opportunistic routing. RuralCare improves network performance by providing incentive to the cooperative vehicles, and encompasses identity based cryptography to ensure security and privacy of the PHI during the routing period by using short digital signature and pseudo-identity. Network fairness and resistance to different possible attacks are also ensured by RCare. Extensive security and performance analyses demonstrate that RuralCare is able to achieve desired security requirements with effectiveness in terms of high delivery ratio.
Finally, to store patients' sensitive PHI at the cloud storage and ensure availability with reducing the capital and operational expenditures, we propose a patient-centric personal health information sharing and access control scheme (ESPAC). ESPAC relieves the health service provider's (HSP) additional burden for PHI storage, management, and maintenance by incorporating cloud storage services to electronic Health (eHealth) care system. ESPAC adopts attribute based encryption and assigns different attributes to PHI access requesters based on their roles and relation to the patient. To ensure authenticated PHI access with minimum computation, we further enhance the proposed scheme ESPAC as M-ESPAC by introducing multi-parties proxy re-encryption protocol. Light weight partial and block PHI audits make the M-ESPAC efficient to ensure stored PHI integrity and availability. Extensive performance and security analyses demonstrate that proposed schemes are able to achieve desired security requirements with acceptable computation and storage costs.
The research results of the thesis should be useful for the implementation of secure and privacy-preserving eHealth care system with patient centric access control of stored PHIs.