Securing electronic medical records using attribute-based encryption on mobile devices

Joseph A. Akinyele, Matthew W. Pagano, Matthew D. Green, Christoph U. Lehmann, Zachary N.J. Peterson, Aviel D. Rubin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

68 Scopus citations

Abstract

We provide a design and implementation of self-protecting electronic medical records (EMRs) using attribute-based encryption on mobile devices. Our system allows healthcare organizations to export EMRs to locations outside of their trust boundary. In contrast to previous approaches, our solution is designed to maintain EMR availability even when providers are offline, i.e., where network connectivity is not available. To balance the needs of emergency care and patient privacy, our system is designed to provide fine-grained encryption and is able to protect individual items within an EMR, where each encrypted item may have its own access control policy. We implemented a prototype system using a new key- and ciphertext-policy attribute-based encryption library that we developed. Our implementation, which includes an iPhone app for storing and managing EMRs offline, allows for flexible and automated policy generation. An evaluation of our design shows that our ABE library performs well, has acceptable storage requirements, and is practical and usable on modern smartphones.

Original languageEnglish (US)
Title of host publicationSPSM'11 - Proceedings of the 1st ACM Workshop
Subtitle of host publicationSecurity and Privacy in Smartphones and Mobile Devices
Pages75-86
Number of pages12
DOIs
StatePublished - Nov 14 2011
Externally publishedYes
Event1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM'11, Held in Association with the 18th ACM Conference on Computer and Communications Security, CCS 2011 - Chicago, IL, United States
Duration: Oct 17 2011Oct 17 2011

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM'11, Held in Association with the 18th ACM Conference on Computer and Communications Security, CCS 2011
CountryUnited States
CityChicago, IL
Period10/17/1110/17/11

Keywords

  • access control
  • attribute-based encryption
  • continuity of care record
  • electronic medical record
  • medical security
  • mobile device
  • privacy
  • public-key cryptography

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Securing electronic medical records using attribute-based encryption on mobile devices'. Together they form a unique fingerprint.

  • Cite this

    Akinyele, J. A., Pagano, M. W., Green, M. D., Lehmann, C. U., Peterson, Z. N. J., & Rubin, A. D. (2011). Securing electronic medical records using attribute-based encryption on mobile devices. In SPSM'11 - Proceedings of the 1st ACM Workshop: Security and Privacy in Smartphones and Mobile Devices (pp. 75-86). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2046614.2046628