Privacy-enhancing methods for e-health applications: how to prevent statistical analyses and attacks

Stingl, Christian; Slamanig, Daniel

doi:10.1504/ijbidm.2008.022135

Cited by 12 publications

(4 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Stingl and Slaming [30] pointed out different attacks on patient health records including the statistical analysis of metadata which can be mostly launched by internal attackers. Even if metadata is encrypted the attacker can draw different conclusions from the data.…”

Section: Privacy and Metadatamentioning

confidence: 99%

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

et al. 2014

View full text Add to dashboard Cite

Section: Privacy and Metadatamentioning

confidence: 99%

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

et al. 2014

View full text Add to dashboard Cite

“…To achieve unlinkability between the objects (PATIENT, FOLDER, etc. ), pseudonymization of relationships [12,20,21] is adopted. In order to pseudonymize a relationship (e.g., PATIENT to FOLDER), the creator of the record chooses a second random primary key per record, encrypted and then integrated into the master table (PATIENT).…”

Section: Figurementioning

confidence: 99%

“…However, this does not imply that one can find a link to any other record in other tables, e.g., the patient. By applying simple obfuscation techniques as discussed in [20], one can hide the actual size of the sets in the partition and thus reduce the information accessible to an adversary.…”

Section: Figurementioning

confidence: 99%

Health Records and the Cloud Computing Paradigm from a Privacy Perspective

Stingl¹,

Slamanig²

2011

Journal of Healthcare Engineering

Self Cite

View full text Add to dashboard Cite

With the advent of cloud computing, the realization of highly available electronic health records providing location-independent access seems to be very promising. However, cloud computing raises major security issues that need to be addressed particularly within the health care domain. The protection of the privacy of individuals often seems to be left on the sidelines. For instance, common protection against malicious insiders, i.e., non-disclosure agreements, is purely organizational. Clearly, such measures cannot prevent misuses but can at least discourage it. In this paper, we present an approach to storing highly sensitive health data in the cloud whereas the protection of patient's privacy is exclusively based on technical measures, so that users and providers of health records do not need to trust the cloud provider with privacy related issues. Our technical measures comprise anonymous communication and authentication, anonymous yet authorized transactions and pseudonymization of databases.

show abstract

“…Even the cloud should not know the identities of the patients. Although the EHR contents are encrypted, it is not secure to expose the patients' identities, for attackers will possibly acquire general knowledge of the patients' healthcare activities (e.g., the attackers may discover at least which doctors one patient has visited from the doctors' signatures) and even more from analyzing the contents in EHRs stored in the cloud (Stingl & Slamanig, 2008).…”

Section: Introductionmentioning

confidence: 99%

A Decentralized Pseudonym Scheme for Cloud-based eHealth Systems

Cremers

2014

Proceedings of the International Conference on Health Informatics

View full text Add to dashboard Cite

A decentralized pseudonym scheme is proposed for providing storage, encryption and authentication of patients' EHRs in cloud-based eHealth systems. The pseudonyms of a patient are generated from the patient's secrets and each of them is used as the index of an EHR entry of the patient. An encryption key derived from the pseudonym can be used to encrypt the corresponding EHR entry. The pseudonyms can also be used for the patient proving the ownership of the EHR without disclosing the identity of the patient. Some protocols and remarks for using the pseudonym scheme are also discussed.

show abstract

Privacy-enhancing methods for e-health applications: how to prevent statistical analyses and attacks

Cited by 12 publications

References 13 publications

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

Health Records and the Cloud Computing Paradigm from a Privacy Perspective

A Decentralized Pseudonym Scheme for Cloud-based eHealth Systems

Contact Info

Product

Resources

About