Cryptography on Untrustworthy Cloud Storage for Healthcare Applications

Abstract

For cross-sectoral sharing of health data, cloud services provide benefits regarding the availability of relevant information in critical situations. Nevertheless, storing electronic health records in the cloud may impact patient's privacy, since the cloud service provider might lack trustworthiness. Client-side cryptography mitigates the privacy risk by encrypting data in the user's computational environment before transmitting them to the cloud. However, client-side cryptography raises performance concerns. This paper investigates Web Assembly and JavaScript solutions that enable client-side cryptography in web applications and compares their performance against server-side cryptography. We contextualize the study within two healthcare web applications: a prototype for patient record sharing during acute stroke care and an application for sharing data in sleep medicine treatment. Our results show that JavaScript and Web Assembly libraries add more time to encryption and decryption than server-side cryptography. However, due to the concurrency introduced by simultaneous users, the performance of server-side cryptography is worse than client-side, taking longer times to attend to the demand and requiring a larger infrastructure to be effective. Moreover, the JavaScript library asmCrypto and Web Assembly approaches perform better than other libraries and are feasible candidates for application development.