Privacy-preserving Distributed Access Control for Medical Data
Christian Maulany (Student TU Delft)
Majid Nateghizad (TU Delft - Electrical Engineering, Mathematics and Computer Science)
Bart Mennink (Radboud Universiteit Nijmegen)
Zekeriya Erkin (TU Delft - Electrical Engineering, Mathematics and Computer Science)
More Info
expand_more
Abstract
The availability of wearable devices such as smartwatches and fitness trackers are a recent development. Among other things, these devices can measure the activity and vital signs of their wearers. As the types of data these devices are able to gather increases the potential for them to be used as a source of data grows. This calls for a secure method of controlling the digital exchange of medical data between wearables and healthcare providers, and healthcare providers in general. By enforcing the exchange of data to go through a central authority, a patient can be given more control over who is able to access his medical data. This central authority is then given the task of monitoring access and ensuring that all access requirements are met. Though effective, this solution relies on a highly trusted central authority. In this work, we propose a scheme using Polymorphic Encryption and Pseudonomysation and Secret Sharing to provide anonymous data storage and data exchange. Our propos al removes the need for a central authority, and instead uses a group of authorities, of which a quorum is needed to facilitate the exchange of data.