CLOUD-BASED ENCRYPTED EHR SYSTEM WITH SEMANTICALLY RICH ACCESS CONTROL

Files

Primary Walid_umbc_0434D_12821.pdf (2.64 MB)

Links to Files

Permanent Link

http://hdl.handle.net/11603/31246

Collections

UMBC Theses and Dissertations
UMBC Graduate School
UMBC Information Systems Department
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2023-01-01

Type of Work

dissertation
Text
application:pdf

Department

Information Systems

Program

Information Systems

Citation of Original Publication

Rights

This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu
Distribution Rights granted to UMBC by the author.

Subjects

Abstract

Cloud-based Electronic Health Record (EHR) systems provide essential security controls by encrypting patient data. However, the patient records cannot be queried without decrypting each record. As the volume of the data reaches Big Data levels, it is essential to search over these encrypted patient records without decrypting them to ensure that the medical caregivers can efficiently and quickly access the EHRs or find any particular record. These are often required in many situations, such as a physician who wants to find and treat patients having a contagious disease to prevent the spread among the community. A scenario like this requires a searchable encryption function in the EHR systems to reduce service delays. Moreover, Attribute-Based Encryption (ABE) is widespread in EHR systems to secure patient data. In such systems, the users' attributes keep changing with time; for example, users might leave an organization, get promotions, or move to other departments. These situations require user attributes to be revoked in the policy string of the encrypted data to protect patient privacy and data security. The current work does not address these issues in an EHR system. We have made two major contributions to this thesis. We have developed a novel cloud-based EHR system that uses ABE to secure patient data. Our system uses Semantic Web Technologies to facilitate Attribute-Based Access Control (ABAC) to an EHR, ensuring only users with valid attributes can access a particular EHR at a field level instead of a document level. The system also includes searchable encryption using keyword index and search trapdoor by adding an extra layer of protection, which allows querying EHR records without decrypting patients' EHR records in the system. Further, our system addresses all user attribute changes and revokes unwanted attributes in the policy string of the encrypted data. The attribute revocation feature is efficiently managed by delegating the secret key and ciphertext revision to the Cloud Service Provider (CSP). The second contribution is our novel approach to storing encrypted patient data in the nodes of a knowledge graph. Our system uses a comprehensive knowledge graph that stores all medical data in encrypted nodes, offering several advantages. For example, our system can handle heterogeneous patient data. It can also maintain good query performance, and we demonstrated it using the MIMIC-III dataset. The query performances were almost the same for different data sizes because, for a particular task, the graph never needs to touch other nodes. Each vertex only keeps the information about its immediate neighbors; there is no global index of vertex connections. As a result, the graph maintains its performance as the data amount expands. Moreover, using a knowledge graph in our system allows flexible expansion of schemas while serving queries.