Auditable Medical Data Sharing through Recoverable Key Agreement
J.S. van Assen (TU Delft - Cyber Security)
Roland Kromes (TU Delft - Web Information Systems, TU Delft - Cyber Security)
Z. Erkin (TU Delft - Cyber Security)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Medical research benefits from large quantities of high-quality data. Internet-based data-sharing platforms bring the advantage of rapidly sharing data medical data. However, ensuring security and accountability in networked medical systems remains a challenge. In this paper, we propose a secure and auditable data-sharing platform for hospitals and research groups based on a distributed ledger. A two-party protocol for recoverable key agreement lies at the basis of securing the data sharing. This protocol enables two parties to agree on an encryption key and put the encryption key under the escrow of a board of semi-trusted auditors. A quorum of these auditors is required in order to recover the encryption key. The recoverable key agreement ensures that past communication can be audited, even if one of the two parties is malicious. We provide a realization of the protocol and analyze its complexity and performance. Based on these analyses, we demonstrate that the protocol is suitable for real-world use cases and resource-constrained devices.