Integrating Self-Monitoring Devices Into the Untrusted Cloud for Healthcare

Abstract

Over the last few years, healthcare providers have moved to digital healthcare management systems. This electronic approach to healthcare data (e-health) promises numerous benefits over traditional healthcare. The patient can gain more control over which data about him is being gathered, and how different healthcare providers are allowed to share this data. Furthermore, this sharing of medical data would reduce the number of complications due to misinformation.

Parallel to the emergence of e-health, we are seeing the rise of a new related product category. By 2020, the market for wearables is expected to more than double compared to 2016. More specifically, the amount of healthcare wearable shipments is expected to grow from 2.5 million to over 50 million over the same period of time. The current healthcare wearables allow a patient to monitor their health and fitness throughout the day, however, sharing this information with healthcare providers is still complicated. We see that current self-monitoring devices store their data in the cloud. However, the cloud providers do not treat the data they gather as medical data, and instead choose to compromise the data's privacy, by using it for advertisement and analytics.

In this thesis, we propose a new form of medical data management, in which data gathered by self-monitoring devices can securely be shared with healthcare providers. We analyze the privacy and security of e-health and self-monitoring devices, and the state of the art of current medical data security. Finally, we propose two cryptographic methods which could serve as the foundation for the future of e-health, granting the patient privacy, security, and full control over his medical data, even when this data is stored at an untrusted cloud provider.