Acta Informatica Pragensia 2022, 11(3), 361-379 | DOI: 10.18267/j.aip.1823217

Improving Privacy-preserving Healthcare Data Sharing in a Cloud Environment Using Hybrid Encryption

Insaf Boumezbeur ORCID..., Karim Zarour ORCID...
LIRE Laboratory, Software and Information Systems Technologies Department, Faculty of Information and Communication Technology, Constantine 2 University – Abdelhamid Mehri, Nouvelle ville Ali Mendjli BP67A, Constantine, Algeria

In recent years, cloud computing has been widely used in various fields and is gaining importance in healthcare systems. Patients’ health data are outsourced to cloud storage, enabling healthcare professionals to easily access health information from anywhere and at any time to improve health services. Once patient data are stored in the cloud, they are vulnerable to attacks such as data loss, denial of service (DoS), distributed denial of service (DDoS) and other sorts of cyberattacks. Data confidentiality and patient privacy are more of a problem in the cloud computing context due to their public availability. If a patient's personal information is stolen, he or she may face a range of problems. These are concerns that necessitate more security. The transmission of this sensitive information over the internet is always susceptible to hacking. Therefore, the privacy of patients’ data is considered one of healthcare organizations’ main issues. To overcome this problem, encryption mechanisms that place a significant emphasis on securing data within the cloud environment are used to preserve sensitive health data. A hybrid cryptography approach is employed in this paper to ensure the secure sharing of health data over the cloud. To maintain data privacy and secrecy, a hybrid cryptography mechanism for storing and transporting data to and from the cloud is used. To protect data from malevolent insiders, the encryption key is separated into two halves, controlling access to patient records via a specific technique. This paper shows the implementation and performance evaluation of the proposal as a functional system prototype. The evaluation is based on the key generation time, the record encryption time, the record decryption time, the record upload time and the record download time for different user numbers and different file sizes varying from 0.1 MB to 500 MB. The findings show that the proposal performs better than other state-of-the-art systems and can practically share secure health data in cloud environments.

Keywords: Cloud computing; Encryption; Healthcare; Privacy; Confidentiality.

Received: April 12, 2022; Revised: May 24, 2022; Accepted: June 13, 2022; Prepublished online: June 16, 2022; Published: December 26, 2022  Show citation

ACS AIP APA ASA Harvard Chicago Chicago Notes IEEE ISO690 MLA NLM Turabian Vancouver
Boumezbeur, I., & Zarour, K. (2022). Improving Privacy-preserving Healthcare Data Sharing in a Cloud Environment Using Hybrid Encryption. Acta Informatica Pragensia11(3), 361-379. doi: 10.18267/j.aip.182
Download citation
  • BibTeX (.bib)
  • Bookends (.ris)
  • EasyBib (.ris)
  • EndNote (.enw)
  • EndNote 8 (.xml)
  • ISI WoS (.isi)
  • Medlars (.medlars)
  • Mendeley (.ris)
  • MODS (.xml)
  • Papers (.ris)
  • RefWorks (.txt)
  • RefManager (.ris)
  • RIS (.ris)
  • MS Word (.xml)
  • Zotero (.ris)
    • Open full article

    References

    1. ACT. (1996). Health insurance portability and accountability act of 1996. Public law. https://aspe.hhs.gov/report/health-insurance-portability-and-accountability-act-1996
    2. Ali, M., Dhamotharan, R., Khan, E., Khan, S. U., Vasilakos, A. V., Li, K., & Zomaya, A. Y. (2017). SeDaSC: Secure Data Sharing in Clouds. IEEE Systems Journal, 11(2), 395-404. https://doi.org/10.1109/jsyst.2014.2379646 Go to original source...
    3. Al-Issa, Y., Ottom, M. A., & Tamrawi, A. (2019). eHealth Cloud Security Challenges: A Survey. Journal of Healthcare Engineering, 2019, Article ID 7516035. https://doi.org/10.1155/2019/7516035 Go to original source...
    4. Anderson, N. R., Lee, E. S., Brockenbrough, J. S., Minie, M. E., Fuller, S., Brinkley, J., & Tarczy-Hornoch, P. (2007). Issues in Biomedical Research Data Management and Analysis: Needs and Barriers. Journal of the American Medical Informatics Association : JAMIA, 14(4), 478-488. https://doi.org/10.1197/jamia.M2114 Go to original source...
    5. Andrews, L., Gajanayake, R., & Sahama, T. (2014). The Australian general public's perceptions of having a personally controlled electronic health record (PCEHR). International Journal of Medical Informatics, 83(12), 889-900. https://doi.org/10.1016/j.ijmedinf.2014.08.002 Go to original source...
    6. Babitha, M., & Babu, K.R. (2016). Secure cloud storage using aes encryption. In 2016 International Conference on Automatic Control and Dynamic Optimization Tech- niques (ICACDOT), (pp.859-864). IEEE. https://doi.org/10.1109/ICACDOT.2016.7877709 Go to original source...
    7. Babrahem, A. S., & Monowar, M. M. (2021). Preserving confidentiality and privacy of the patient's EHR using the OrBAC and AES in cloud environment. International Journal of Computers and Applications, 43(1), 50-61. https://doi.org/10.1080/1206212X.2018.1505025 Go to original source...
    8. Bentajer, A., Hedabou, M., Abouelmehdi, K., Igarramen, Z., & El Fezazi, S. (2019). An IBE-based design for assured deletion in cloud storage. Cryptologia, 43(3), 254-265. https://doi.org/10.1080/01611194.2018.1549123 Go to original source...
    9. Boumezbeur, I., & Zarour, K. (2022a). Privacy-Preserving and Access Control for Sharing Electronic Health Record using Blockchain Technology. Acta Informatica Pragensia, 11(1), 105-122. https://doi.org/10.18267/j.aip.176 Go to original source...
    10. Boumezbeur, I., & Zarour, K. (2022b). EMR Sharing with Privacy Preservation Using Blockchain Technology. In Proceedings of the The 1st national Conference on Information and Communication (CICT), (pp.41-43). Tamanrasset.
    11. Chen, Y.-Y., Lu, J.-C., & Jan, J.-K. (2012). A Secure EHR System Based on Hybrid Clouds. Journal of Medical Systems, 36(5), 3375-3384. https://doi.org/10.1007/s10916-012-9830-6 Go to original source...
    12. HealthData.gov. (2021). HealthIT. https://healthit.gov
    13. Hema, V., & Kesavan, R. (2019). ECC Based Secure Sharing of Healthcare Data in the Health Cloud Environment. Wireless Personal Communications, 108(2), 1021-1035. https://doi.org/10.1007/s11277-019-06450-7 Go to original source...
    14. HHS. (2006). Personal health records and personal health record systems. A Report and Recommendations from the National Committee on Vital and Health Statistics. US Department of Health & Human Services. https://ncvhs.hhs.gov/wp-content/uploads/2014/05/0602nhiirpt.pdf
    15. ISO. (2011). ISO 18308:2011, Health Informatics: Requirements for an Electronic Health Record Architecture. International Organization for Standardization.
    16. Jana,B., Poray, J., Mandal. T., & Kule, M. (2017). A multilevel encryption technique in cloud security. In 2017 7th International Conference on Communication Systems and Network Technologies (CSNT), (pp. 220-224). IEEE. https://doi.org/10.1109/CSNT.2017.8418541 Go to original source...
    17. Khan, A. N., Kiah, M. L. M., Madani, S. A., Ali, M., Khan, A. ur R., & Shamshirband, S. (2013). Incremental proxy re-encryption scheme for mobile cloud computing environment. The Journal of Supercomputing, 68(2), 624-651. https://doi.org/10.1007/s11227-013-1055-z Go to original source...
    18. Kuo, A. M.-H. (2011). Opportunities and Challenges of Cloud Computing to Improve Health Care Services. Journal of Medical Internet Research, 13(3), e67. https://doi.org/10.2196/jmir.1867 Go to original source...
    19. Low, C., & Hsueh Chen, Y. (2012). Criteria for the Evaluation of a Cloud-Based Hospital Information System Outsourcing Provider. Journal of Medical Systems, 36(6), 3543-3553. https://doi.org/10.1007/s10916-012-9829-z Go to original source...
    20. Mahalle, V.S. & Shahade, A.K. (2014). Enhancing the data security in cloud by implementing hybrid (rsa & aes) encryption algorithm. In 2014 International Conference on Power, Automation and Communication (INPAC), (pp.146-149). IEEE. https://doi.org/10.1109/INPAC.2014.6981152 Go to original source...
    21. Michalas, A., Bakas, A., Dang, H.V., & Zalitko, A. (2019). MicroSCOPE: Enabling Access Control in Searchable Encryption with the Use of Attribute-Based Encryption and SGX. In Nordic Conference on Secure IT Systems, (pp. 254-270). Springer. https://doi.org/10.1007/978-3-030-35055-0_16 Go to original source...
    22. Noumeir, R. (2011). Sharing Medical Records: The XDS Architecture and Communication Infrastructure. IT Professional, 13(4), 46-52. https://doi.org/10.1109/mitp.2010.123 Go to original source...
    23. Oliveira, M. T., Bakas, A., Frimpong, E., Groot, A. E. D., Marquering, H. A., Michalas, A., & Olabarriaga, S. D. (2020). A break-glass protocol based on ciphertext-policy attribute-based encryption to access medical records in the cloud. Annals of Telecommunications, 75(3-4), 103-119. https://doi.org/10.1007/s12243-020-00759-2 Go to original source...
    24. Oliveira, M. T., Dang, H.-V., A. Reis, L. H., Marquering, H. A., & D. Olabarriaga, S. (2021). AC-AC: Dynamic revocable access control for acute care teams to access medical records. Smart Health, 20, 100190. https://doi.org/10.1016/j.smhl.2021.100190 Go to original source...
    25. Poulymenopoulou, M., Malamateniou, F., & Vassilacopoulos, G. (2011). Emergency Healthcare Process Automation Using Mobile Computing and Cloud Services. Journal of Medical Systems, 36(5), 3233-3241. https://doi.org/10.1007/s10916-011-9814-y Go to original source...
    26. Pugazhenthi, A., & Chitra, D. (2019). Data Access Control and Secured Data Sharing Approach for Health Care Data in Cloud Environment. Journal of Medical Systems, 43(8). https://doi.org/10.1007/s10916-019-1381-7 Go to original source...
    27. Rajakumar, M., Ramya, J., Sonia, R., & Uma Maheswari, B. (2021). A Novel Scheme for Encryption and Decryption of 3D Point and Mesh Cloud Data in Cloud Computing. Journal of Control Engineering and Applied Informatics, 23(1), 93-102.
    28. Zhang, L., Hu, G., Mu, Y., & Rezaeibagha, F. (2019). Hidden Ciphertext Policy Attribute-Based Encryption With Fast Decryption for Personal Health Record System. IEEE Access, 7, 33202-33213. https://doi.org/10.1109/access.2019.2902040 Go to original source...
    29. Seo, S.-H., Nabeel, M., Ding, X., & Bertino, E. (2014). An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds. IEEE Transactions on Knowledge and Data Engineering, 26(9), 2107-2119. https://doi.org/10.1109/tkde.2013.138 Go to original source...
    30. Seol, K., Kim, Y.-G., Lee, E., Seo, Y.-D., & Baik, D.-K. (2018). Privacy-Preserving Attribute-Based Access Control Model for XML-Based Electronic Health Record System. IEEE Access, 6, 9114-9128. https://doi.org/10.1109/access.2018.2800288 Go to original source...
    31. Singh, N., & Singh, A. K. (2017). Data Privacy Protection Mechanisms in Cloud. Data Science and Engineering, 3(1), 24-39. https://doi.org/10.1007/s41019-017-0046-0 Go to original source...
    32. Suresh, D., & Florence, M. L. (2019). Securing Personal Health Record System in Cloud Using User Usage Based Encryption. Journal of Medical Systems, 43(6). https://doi.org/10.1007/s10916-019-1301-x Go to original source...
    33. Svantesson, D., & Clarke, R. (2010). Privacy and consumer risks in cloud computing. Computer Law & Security Review, 26(4), 391-397. https://doi.org/10.1016/j.clsr.2010.05.005 Go to original source...
    34. Technavio. (2020). COVID-19 Impact and Recovery Analysis- Global Healthcare Cloud Computing Market 2020-2024| Increasing Cloud Assisted Medical Collaborations to Boost Market Growth. https://www.technavio.com
    35. Yang, Y., Zheng, X., Guo, W., Liu, X., & Chang, V. (2019). Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system. Information Sciences, 479, 567-592. https://doi.org/10.1016/j.ins.2018.02.005 Go to original source...
    36. Zhang, L., Wu, Q., Mu, Y., & Zhang, J. (2016). Privacy-Preserving and Secure Sharing of PHR in the Cloud. Journal of Medical Systems, 40(12). https://doi.org/10.1007/s10916-016-0595-1 Go to original source...

    This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.


    Return to the content