Securing Patient Information in Medical Databases.
Master's thesis, University of Twente.
Full text available as:
In hospitals, medical data is stored in databases. These medical databases store anything from diagnoses to patient information. Some of the data in a medical database is sensitive and access to this data should be limited to authorized persons. Furthermore, the integrity of the data should be protected to prevent unauthorized persons from making alterations. Currently, the medical database itself controls access to the data to prevent unauthorized disclosure of, and control alterations to, the data. However, this puts a lot of trust in the database. The database itself can access and alter the data and therefore the database administration can as well. If the database server is subject to a successful hacking attempt, all data stored in the database is visible to the attacker. We aim to reduce the risk of information leakage and we want to protect the integrity of the data, without trusting the database. Even if the database server is compromised, the data remains confidential and any alterations to the data can be detected easily.
We identified entities who have, or should not have, access to the database and discussed the security requirements of a medical database. We discussed several encryption schemes that can be used to provide confidentiality of the data, in particular Type-Based Proxy Re-Encryption, and signatures schemes, such as the Bilinear Aggregate Signature Scheme, to provide data integrity. A prototype of a secure medical database was implemented and run to compare the performance of a secure medical database against a non-secure medical database.
Our contributions are a theoretical discussion on the security of a medical database, the implementation of a prototype to simulate a secure medical database and the results of several experiments that we conducted. In this thesis, we show that the performance impact of providing confidentiality and integrity within a medical database is considerable. Even though our prototype is relatively slow, in practice the impact is probably less. If a doctor has to wait only one second to retrieve information of a patient, as opposed to waiting a few milliseconds with the non-secure medical database, the security benefits will outweigh the performance impact. Furthermore, by using a re-encryption scheme, a part of the decryption process, namely the re-encryption, can be offloaded to a proxy, thereby spreading the computational costs. Additionally, we have shown that our prototype scales linearly, which is an interesting property when large databases need to be secured. This leads to the conclusion that securely designing a medical database is possible without putting trust in the database itself.
|Item Type:||Master's Thesis|
|Research Group:||EWI-DIES: Distributed and Embedded Security|
|Research Program:||CTIT-ISTRICE: Integrated Security and Privacy in a Networked World, UT-CST: Crime Science Twente|
|Uncontrolled Keywords:||Securing, Patient, Information, Medical,
|Deposited On:||31 August 2011|
Export this item as:
To correct this item please ask your editor
Repository Staff Only: edit this item