How To Protect Health Data In The Cloud

Transcription

1 e-health Cloud: Privacy Concerns and Mitigation Strategies Assad Abbas North Dakota State University, USA Samee U. Khan North Dakota State University, USA Abstract Cloud based solutions have permeated in the healthcare domain due to a broad range of benefits offered by the cloud computing. Besides the financial advantages to the healthcare organizations, cloud computing also offers large-scale and on-demand storage and processing services to various entities of the cloud based health ecosystem. However, outsourcing the sensitive health information to the third-party cloud providers can result in serious privacy concerns. This chapter highlights the privacy issues related to the health-data and also presents privacy preserving requirements. Besides the benefits of the cloud computing in healthcare, cloud computing deployment models are also discussed from the perspective of healthcare systems. Moreover, some recently developed strategies to mitigate the privacy concerns and to fulfill the privacy preserving requirements are also discussed in detail. Furthermore, strengths and weaknesses of each of the presented strategies are reported and some open issues for the future research are also presented. Keywords: cloud computing, e-health, encryption, privacy preserving 1. Introduction Technological developments have greatly influenced conventional healthcare practices. Consequently, healthcare sector has advanced from conventional clinical settings with paperbased medical prescriptions to Electronic Medical Records (EMR), Personal Health Records (PHR), and Electronic Health Records (EHR) [1]. The need to integrate electronic medical information from dispersed locations, such as clinics, hospitals, clinical laboratories, and health insurance organizations has given rise to the phenomenon called e-health. World Health Organization (WHO) defines e-health as the transfer of healthcare information and resources to healthcare professionals and consumers by employing the Information Technology (IT) infrastructure and e-commerce practices [2]. However, the exchange and integration of electronic medical information managed by several healthcare providers and other participating organizations is inflated and difficult to manage, which calls for utilizing the cloud computing services in healthcare domain [1]. The cloud computing model has relieved healthcare

2 organizations of the strenuous tasks of infrastructure management and has urged them to become accustomed to third-party IT service providers [3]. Moreover, the cloud computing paradigm has exhibited great potential: (a) to enhance collaboration among various participating entities of healthcare domain [4] and (b) to offer the most anticipated benefits, such as scalability, agility, cost effectiveness, and round the clock availability of health related information [5], [6]. On the other hand, due to the sharing and storage of sensitive electronic health-data and Personal Health Information (PHI) through Internet, various privacy and security concerns arise [7]. The literature pertaining to the e-health clouds discusses the apprehensions about the probable disclosure of health information to entities that are not supposed to have access. One of the key reasons for patients concerns about the PHI privacy is the distributed architecture of the cloud. Storing gigantic volumes of confidential health-data to third-party data centers and transmission over networks is vulnerable to disclosure or theft [8]. Particularly, in public clouds, administered by commercial service providers, health-data privacy is the most anticipated concern. Therefore, the Cloud Service Providers (CSP) should not only identify but also deal with health-data security issues to maximize the trust level of patients and healthcare organizations [9]. Governments have also shown interest to protect the privacy of health-data. For example, in the United States, the use and disclosure of patient health information is protected by the Health Insurance Portability and Accountability Act (HIPAA). The health-data privacy rules specified by HIPAA offer federal protection for the PHI and ensure the confidentiality, integrity, and availability of electronic health information [10]. Likewise, the Health Information Technology for Economic and Clinical Health (HITECH) Act [11] also mandates the secure exchange of electronic health information. Various approaches, such as cryptographic and non-cryptographic are used to preserve the privacy of health-data in the cloud. The majority of the solutions use certain cryptographic techniques to conceal the contents of health records, while quite a few solutions, such as [5], [12], and [13] are based on non-cryptographic approaches using policy based authorizations. The benefit of cryptographic techniques is that they not only are capable of encrypting the data in storage and over the network [14], but also employ authentication mechanisms requiring decryption keys and verification through digital signatures. Moreover, fine-grained and patientcentric access control mechanisms have also been deployed that enable patients to specify the individuals who could have access to health-data. Furthermore, quite a few privacy preserving solutions allow the patients themselves to encrypt the health data and provide the decryption keys to the individuals with right-to-know privilege. This chapter encompasses the recent efforts that have been made to preserve the privacy of the health-data in the cloud environment. We highlight the threats to the health-data in the cloud and present discussion on the requirements to be fulfilled to mitigate the threats. Moreover, the benefits of cloud computing and discussion on the cloud deployment models in context of healthcare are presented. Furthermore, the strengths and weaknesses of each of the discussed strategy to preserve privacy are reported and some open research issues are also highlighted.

3 The chapter is organized as follows. Section 2 presents an overview of the preliminary concepts of cloud computing in terms of healthcare. Section 3 presents the recent strategies developed to overcome the privacy issues of health. Section 4 presents discussion on the performance of discussed strategies and highlights open issues whereas Section 5 concludes the chapter. 2. An Overview of the e-health Cloud The e-health cloud can be regarded as a standard platform that offers standardized services to manage large volumes of health-data [15]. The e-health cloud ensures the service provision for storage and processing of different types of health records that are originated and utilized by multiple providers and other participating entities, such as pharmacies, laboratories, and insurance providers. Typically the health records in an e-health system include the EMRs, the EHRs, and the PHRs. Each of the aforementioned type of health records are the electronic versions of patient health information. However, there are certain differences that are should be understood. The EMR is the electronic version of a patient s health information that is created, used, and maintained by the healthcare providers or care delivery organizations. The EMRs contain information about the diagnosis obtained through the clinical decision support system, clinical notes, and medication. The EHRs on the other hand present a broader view of the patients health information. A subset of the information contained in the EMRs is also present in the EHRs. However, the EHRs are shared for the purpose of consultation and treatment among multiple healthcare providers belonging to different care delivery organizations [1]. The PHRs are the health records that are managed by the patients themselves and comprise of the information instigated from diverse sources. The typical information that a PHR may contain includes, treatments and diagnosis, surgeries, laboratory reports, insurance claims data, and patients personal notes and wellness charts to keep track of the health themselves [16]. Fig. 1 presents a distinction among the EMRs, the EHRs, and the PHRs e-health Cloud Benefits and Opportunities Cloud computing besides various other scientific and business domains has greatly impacted the healthcare sector. Shifting the health records to the cloud environment brings the following opportunities and benefits to the health service providers: Cost Reduction The cloud computing relieves the organization of the obligations of purchasing the hardware and software [17]. Instead the clients pay to the CSPs for the services on the basis of pay-as-yougo model. Adopting cloud services eradicates the need for possessing the aforesaid resources. Therefore, one of the key incentives for healthcare organizations to embrace cloud services is the significant cost reduction in terms of purchase of computing resources.

4 Easy Infrastructure Management For healthcare organizations with limited hardware and software resources and support staff with inadequate technical capabilities, the tasks of infrastructure management can be cumbersome. Therefore, healthcare organizations can get rid of the arduous management tasks by delegating them to cloud service providers [18] Availability Contemporary developments in healthcare systems, focusing on accessing information anytime and anywhere, offer health service providers with a great opportunity to move healthcare information to the cloud. This will also ensure the ubiquity of the health information for all of the stakeholders of the e-health cloud Scalable Healthcare Services Fig. 1. Distinction among the EMR, PHR, and EHR Scalability refers to expanding the IT infrastructure by increasing the number of computers, network interconnections, and storage capacity of the data centers while maintaining performance [17]. The latest trends in healthcare demand the scalability of health cloud infrastructure to facilitate all the geographically scattered stakeholders, such as patients, doctors, clinical staff, lab staff, and insurance companies. Therefore, clouds have the ability to facilitate large numbers of healthcare providers with millions of health records.

5 2.2. Deployment Models for Cloud Based e-health Systems To offer the cloud computing services for healthcare, mostly the following deployment models are used: (a) private cloud, (b) public cloud, and (c) hybrid cloud. The cloud deployment models for healthcare domain work in the same way as in other business and scientific domains Private Cloud The private cloud is usually owned and administered by an organization [19], [20]. In a particular e-health scenario, the cloud infrastructure, such as the storage and processing units are typically managed by the hospitals or any designated third-party. However, due to the restricted exposure to the public Internet, the EMRs stored at the private cloud are considered much secure as compared to the other deployment models. The reason is that the EMRs in a private cloud environment are only accessed by the employees of the healthcare organizations that mostly are considered as trusted except a few exceptions. A private e-health cloud is represented in Fig Public Cloud Fig. 2. An illustration of private cloud in context of e-health The public cloud comprises of the shared physical infrastructure that is managed by the thirdparty providers [20]. The organizations utilizing the cloud services procure the services from the Cloud Service Providers (CSPs). In a public e-health cloud, the EHRs may be shared among different participating entities, such as clinics, hospitals, insurance companies, pharmacies, and clinical laboratories. Moreover, the EHRs are stored at the off premises servers managed by the CSPs. Therefore, the EHRs are highly vulnerable to malicious attacks and forgery attempts both by the internal as well as external entities. Therefore, mechanisms are needed to mitigate the privacy concerns and to ensure confidentiality guarantees through strong cryptographic techniques, patient-centric access control, and efficient signature verification schemes. An illustration of the public cloud in context of e-health is presented in Fig. 3.

6 Hybrid Cloud Fig. 3. An illustration of public cloud in context of e-health The hybrid clouds are combination of two or more cloud providers (public or private) such that each of them operates independently but are bound together through standardized technologies [19]. The hybrid cloud deployment model is truly beneficial for healthcare services where the healthcare providers with limited physical resources and interested in using their legacy systems can procure the third-party services to store huge clinical and medical imaging data [21]. However, a key limitation such model is that relatively more security measures are required to cope with the privacy preserving requirements. An illustration of hybrid cloud is presented in Fig Threats to Health Data Privacy in the Cloud The PHI in transit or at a data center may contain sensitive health-data, such as patient medical histories, current disease information, symptoms, and various laboratory test reports. The security and privacy of health-data may be at stake in variety of ways. For example, healthdata may be susceptible to access by unauthorized external entities when stored at a CSP or is in transit from a general practitioner to a remote medical specialist [9]. Likewise, the other threats to the health-data may be internal [22]. For example, the CSP might learn about the contents of health-data that is highly undesirable. Therefore, the access control mechanisms must ensure that access to sensitive information should only be granted to entities having right-to-know privilege.

7 Spoofing Identity Fig. 4. An illustration of hybrid cloud in context of e-health The spoofing identity threats include the unlawful attempts by other users or machines to pose as the valid users or machines [22]. In the e-health cloud, the unlawful entities may obtain access to the patients health data by spoofing the identities of the authorized users, such as doctors and patients themselves. Therefore, to counter the spoofing identity attacks, strong authentication mechanisms are needed to restrict the unlawful data access Data Tampering The malicious attempt to modify the data contents is called data tampering [19]. The health data is more vulnerable to tampering by both insiders and outsiders. The insiders include the hospital staff, pharmacy personnel, and insurance companies staff that can modify the health data contents to obtain certain benefits. Moreover, the data is also vulnerable to tampering by other insiders, for example employees of the CSP who may act maliciously. Therefore, to ensure that the data present in the repositories is not modified through illegal means, data audit and robust accountability mechanisms are needed Repudiation The repudiation refers to denying the obligations of a contract. The entities in a health cloud can falsely deny about the happening of an event with the health data contents [23]. Therefore, the data must be digitally signed to have evidences for all manipulations of the data Denial of Service (DoS) In the DoS attacks, the services are denied to the privileged users [24]. Such issues arise due to the flaws in identity management schemes and the incompetence s of the authorization mechanisms. Consequently, the legitimate users, for example the physicians or emergency staff may not be able to access the cloud services when required.

8 Privacy preserving requirements Unlawful Privilege Escalation The unlawful users might obtain the access to the data and can subsequently infiltrate into the system such that the data contents at a large scale are compromised [22]. The aforementioned data breaches in the healthcare domain are extremely critical and require the mechanisms to maintain the integrity of the health data Essential Requirements for Privacy Preserving A model called CIA (confidentiality, integrity, availability) triad defines the regulations to maintain the privacy of data within an organization [25]. However, the data outsourced to the third-party vendors requires more privacy measures than those specified in CIA triad. Therefore, to deal with the threats presented in Section 2.3.1, the following privacy preserving requirements should essentially be fulfilled: (a) confidentiality, (b) integrity, (c) collusion resistance, (d) anonymity, (e) authenticity, and (f) unlinkability. Fig. 5 presents taxonomy of privacy preserving requirements. Confidentiality Integrity Essential Requirements Collusion Resistance Anonymity Authenticity Unlinkability Fine-grained Access Control Patient Driven Requirements Access Revocation Auditing Fig. 5. Taxonomy of essential requirements and patient driven requirements Confidentiality The confidentiality requirement for the health data in the cloud environment requires that the data must be protected not only from the external entities, such as the CSP but also from the unauthorized insiders [9].

9 Integrity The integrity of the health data stored in the cloud requires the assurance that the data has not been modified through any illegitimate actions of either authorized or unauthorized users. In other words, the data present in the healthcare repositories must be a true characterization of the intended contents of the data Collusion Resistance Collusion in context of cloud based healthcare systems refers to a mutual cooperation to learn about the user identities and contents of the health data illegitimately among the authorized or unauthorized entities. Therefore, collusion resistant approaches are inevitable to ensure the privacy of health data from not only from the external adversaries but also from the valid insiders Anonymity Anonymity refers to storing the health data contents in such a way that the identities, such as the name and social security number of the subjects are hidden [26]. The patients identities have to be protected from the CSPs, researchers, unprivileged users, and other malicious internal or external adversaries. The methodologies used to maintain anonymity also include the use of pseudonyms. The pseudonyms are the identifiers that are used for identification of a subject instead of the real name. It is also important to distinguish between the anonymity and pseudonymity where pseudonymity is one of the methods used to maintain anonymity. Moreover, anonymity also requires that the adversaries should not be able to infer meaningful information to help prevent revealing data owners identities Authenticity To ensure that access to health information is being requested by the authorized users only. Only the entities possessing valid authentication codes and keys should only be granted access to the health information Unlinkability The unauthorized entities of the health data should not be able to infer the relationships between the (a) identifying information of the patients, such as the name, address, social security number and the (b) health data, for example diagnosis and medical history. The adversaries attempt to observe the query patterns for certain records and attempt to interlink the personal information with the medical histories User/Patient Driven Privacy Preserving Requirements Besides the aforementioned privacy preserving requirements there are also certain other patient driven requirements that should be fulfilled to ensure the fine-grained access control over

10 the health data. The requirements include: (a) patient-centric access control, (b) access revocation, and (c) auditing. The requirements are briefly elaborated as below Patient-Centric Access Control The users or patients can grant access to different entities over the health information according to different access policies. The users can encrypt their PHRs before storing at the cloud storage and users are permitted on role basis. Patient Controlled Encryption (PCE) based approach to delegate the access rights has been presented in [27] Access Revocation The data owners or patients must be able to revoke the access rights granted to different entities over the health information in such a way that the users should not be able to access the health information anymore Auditing The auditing of health data ensures that all the activities and manipulations with the patients health data are being monitored either by the patients themselves or any other entity nominated by the patients [28]. Another similar concept is the accountability of health data where the users of data are held responsible in the light of agree upon conditions [9] Adversarial Models in e-health Cloud The key participants of the cloud based e-health ecosystem include the patients, healthcare providers, pharmacies, clinical laboratories, and health insurance companies. The health data is shared among all of the aforementioned participating entities of the cloud and therefore, is vulnerable to theft and disclosure [3]. The proposals developed to preserve the privacy or mitigate the security risks rely on any of the following adversarial models: (a) trusted model, (b) untrusted model, and (c) semi-trusted model. In trusted adversarial model, the data stored on the cloud storage is mostly protected from the external threats. However, certain insiders can behave maliciously and disclose the information to the unauthorized entities [29]. On the other hand, the untrusted adversarial model assumes threats to the data privacy from both the internal and external adversaries. Therefore, the health data outsourced to the untrusted cloud storage requires strong security guarantees to fulfill the privacy requirements. In semi-trusted adversarial model, the cloud servers are assumed to be honest that follow the protocol in general but are curious to learn about the contents of the data [30], [31]. Therefore, to mitigate the privacy disclosure risks in such models, identity management solutions that anonymize the identities of the patients and maintain unlinkability of health information flows. 3. Privacy Preserving Strategies Employed in e-health Cloud To mitigate the privacy concerns related to the health-data, various strategies have been employed. Both the cryptographic and non-cryptographic approaches are used to preserve the

11 data privacy. The cryptographic approaches mostly utilize the Public Key Encryption (PKE), Symmetric Key Encryption (SKE), and El-Gamal cryptosystem. However, other cryptographic primitives, such as Attribute Based Encryption (ABE) and its variants, Identity Based Encryption (IBE), Hierarchical Predicate Encryption (HPE), Proxy Re-encryption (PRE), and Homomorphic encryption have also been used to ensure the privacy of health-data stored in cloud. In addition, digital signatures and digital certificates have also been used for authentication. Interested readers are encouraged to consult [9] for details of each of the aforementioned cryptographic approaches. On the other hand, the non-cryptographic approaches use policy based and broker based authorization mechanisms to ensure the data privacy. The approaches to fulfill each of the essential requirements defined in Section 2.5 are discussed below Approaches to Maintain the Confidentiality in the e-health Cloud Various mechanisms have been employed to protect the confidentiality of health-data in the cloud computing environment. Some recent approaches along with their strengths and weaknesses are presented below. A platform for remote monitoring and secure exchange of health-data in the cloud environment is proposed by Thilakanathan et al. [32]. The security protocol is implemented through El-Gamal based proxy re-encryption methodology. The patients can transmit their health-data to the data consumers, such as the doctors and nurses in a secure manner. A key benefit of using the proxy re-encryption in the approach is that the ciphertext generated under the public key of patient or data owner is translated by a semi-trusted proxy into a ciphertext that can be decrypted only by another user s private key. The construction does not permit any of the users to know the full decryption key. A trusted service called Data Sharing Service (DSS) decrypts the keys using all of the pieces of the key corresponding to the requesting user. The decrypted keys are subsequently used to decrypt the data files shared in the cloud. The methodology also ensures revocation by simply removing the key pieces corresponding to the revoked users in the proxies thereby eliminating the need to redistribute the keys to all of the users. Han et al. [33] proposed a scheme to maintain the confidentiality of the health data in cloudassisted Wireless Body Area Networks (WBANs). The scheme is intended to achieve secure communication between the WBANs and the cloud. The data encrypted by the users can only be decrypted by the intended receivers possessing the appropriate keys. The scheme utilizes multivalued encoding rules that are equipped with ambiguous properties to circumvent the attacks. The decoding process utilizes a complete finite graph to represent the encoded words correctly and utilizes the Dijkstra s algorithm [34] to determine the factorization that has high time complexities. Therefore, the approach can result additional overheads in encoding and decoding the messages. Another approach to ensure the confidentiality of the health-data outsourced to the cloud environment is proposed by Tong et al. [35]. The approach allows efficient searching on the

12 encrypted data by using the Searchable Symmetric Encryption (SSE). To avoid the key wear-out, the approach frequently updates the keys. To enforce the auditability of the health data, the authors combined the threshold control signature with the ABE. Instead of delegating access control to individuals, a role based access control is introduced to grant access in emergency situations where the trusted authorities can verify the signatures. Moreover, to ensure the unlinkability of the portions of health information the key management is performed through a pseudorandom generator. Furthermore, the presented scheme also preserves the search pattern privacy, anonymity, and keyword privacy. However, the approach may be deficient in terms of dynamic access policy specification to grant role based access due to complex access structure. A proposal called Privacy Preserving Attribute Based Group Key Management (PP AB- GKM) to delegate the access control over the EHRs in the public clouds is presented in [36]. The authors employed a Two Layer Encryption (TLE) methodology where the data owner performs a coarse-grained encryption while the fine-grained encryption is implemented by the cloud. A broadcast encryption methodology is employed that after encrypting the message, transmits it to a subset of users. Moreover, the methodology uses Oblivious Commitment Based Envelop (OCBE) protocol to obliviously distribute the messages to users satisfying the particular access conditions. The Access Control Policies (ACPs) are enforced through attributes, such as role, insurance plan, type, and years of service. The policies for the role attribute are regulated by the data owners whereas the cloud re-encrypts the data that is already encrypted by the data owner. The methodology effectively minimizes the overheads at the data owners end by reducing the number of attributes to be handled. In addition, the newly inserted group members or revoked users are effectively managed in the methodology. On the other hand, the methodology can result in key escrow problems at the CSP because of delegating partial encryption tasks to the cloud. The key escrow refers to the arrangement where the decryption keys are made available to certain other users or third-parties in addition to senders and receivers. However, there are possibilities that the third-parties having access to the keys may misuse the keys. There are also other methodologies developed to preserve the confidentiality of the healthdata in the cloud. For example, the authors in [37] and [38] used the PKE whereas [39] and [40] used the SKE to ensure confidentiality. Table 1 presents a quick overview of the strategies used to maintain confidentiality of the health-data in the cloud. The symbol in each of Table 1 Table 6 represents that a particular patient driven requirement is fulfilled by the technique whereas the symbol - represents that a particular feature/requirement is not fulfilled or is not addressed by the authors of the technique. Moreover, some entries in Table 1 Table 6 are abbreviated as follows due to space limitations: Threat Model: TM, Trusted: T, Untrusted: U, Semi-trusted: S, Authentication Mechanism: AM, Patient-Centric Access Control: PAC, Audit: AT, Revocation: RV, Confidentiality: CO, Integrity: IN, Collusion Resistance: CR, Anonymity: AN, Authenticity: AU, and Unlinkability: UN.

13 3.2. Approaches to Maintain Data Integrity in the e-health Cloud Various mechanisms have been employed to ensure the integrity of health-data in the cloud computing environment. Some recent approaches along with their strengths and weaknesses are presented below. A hybrid approach to preserve the privacy of health-data shared in the cloud is presented by Yang et al. [41]. The model uses cryptography and statistical analysis to ensure multi-level privacy. The medical datasets are partitioned vertically such that on each partition of the EMR, a different security level is implemented. The identifying attributes of the EMR, such as name, date of birth, and address are encrypted through the symmetric encryption. On the other hand, the portion of the EMR comprising of the clinical data and treatments history is stored as plain text. Because the data is partitioned, it is difficult for the adversary to link the information. Moreover, only the authorized recipients with appropriate authentication can merge the partitions through the decryptions keys and quasi identifiers. The data owners and the data recipients respectively ensure the integrity of the medical data locally and remotely. However, a limitation of the approach is that the data recipient, which in this case is a cloud provider, can act maliciously and disclose the information that can help linking the portions of medical records. Table 1: A quick overview of the approaches employed to maintain confidentiality Ref. Encryption type Strength(s) Weakness (es) TM AM PAC AT RV Others [32] Proxy reencryption, El-Gamal cryptosystem Easy revocation [33] SKE Ensures data confidentiality [35] ABE Keyword search privacy [36] PKE Difficult to manage dynamic policies Less support for complex access policies High encryption and decryption overheads Dynamic access policies management Key escrow issues T T - T U - Password /PIN - - CR Digital signature - UN, AN - - A secure and scalable cloud based architecture for medical wireless networks is proposed by Lounis et al. [24]. The integrity of the outsourced medical data is ensured and a fine-grained access control is implemented through the CP-ABE based construction. The system utilizes the Wireless Sensor Network (WSN) to collect data from the patients whereas the data stored on cloud servers are accessed by the healthcare professionals through an application. Considering

14 the complexities in applying the access policies in medical domain where some users are granted access while others are not, the authors used the ABE and the symmetric cryptography. The data file before storage at cloud is encrypted through a symmetric key and the keys are further encrypted through the ABE. Only the users possessing the secret keys satisfying the access policies can decrypt the data files. In addition, the authors introduced a role called Healthcare Authority (HA) to define and enforce the policies and to generate the security parameters. A key benefit of the approach is that in case of change of access policies, it requires the re-encryption of only the keys that results in reduction of the encryption overheads of the ABE. However, the approach can come across the management issues arising due to the frequent policy changes particularly in case of access revocation. A proposal to enhance the integrity and accountability of the EHRs by enforcing either the explicit or implicit patient control over the EHRs is presented by Mashima et al. [42]. A monitoring agent monitors how and when the data is accessed. The authors employed the PKE to encrypt the health records. To make sure that only the valid and trusted entities access and use the health records, the scheme employs a standard digital signature called Designated Verifier Signatures (UDVS). In addition, besides encrypting and digital signing, the entities interested in accessing the health records must contact the monitoring agent to confirm that they intend to use the records. On the other hand, the authors assumption that the record issuers are knowledgeable about the record contents and keys can result in information disclosure as a result of any malicious activity by the issuers. Wang et al. [43] presented a scheme to circumvent tampering attempts to the health data outsourced to the third-party cloud servers. The scheme deploys an independent third-party to maintain the health-data integrity and prevents illegitimate data modification attempts by the cloud providers, hospitals, and patients. Before uploading to the cloud, the data is encrypted by the patients through the SKE under the private keys of the patients. Homomorphic verifiable tags are used to ensure the computations on the encrypted data. In addition, Diffie Hellman based key exchange strategy is employed that securely exchange the keys in a multi-member scenario. Nonetheless, the large ciphertexts that are particular for homomorphic encryption can result in performance issues. The authors in [44] also used homomorphic encryption with the IBE to preserve the patients privacy for a mobile health monitoring system. In addition to the above approaches, few other strategies have also been proposed to maintain the integrity of the health-data in the cloud. The authors in [45] used the PKE and digital signatures whereas Hierarchical Predicate Encryption (HPE) and the ABE have been used in [46]. Similarly, policy based authorization methodology has been proposed in [47] to help maintain data integrity. Table 2 presents a summary of the approaches fulfilling the integrity requirement.

15 3.3. Approaches to Ensure Collusion Resistance in the e-health Cloud Numerous approaches have been proposed to ensure collusion resistance in the e-health cloud. Some recent approaches developed to deal with the collusion attacks are presented below. A scheme to resist against collusion attacks by the semi-trusted CSP is presented by Dong et al. [31]. Through the CP-ABE and the IBE, the access control on the attributes of the health-data files stored at the cloud has been enforced. A public-private key pair for each of the attributes is defined and the secret key of the users are constructed such that it is a combination of the public key of user and the secret key of the attribute. The users can decrypt only those ciphertexts that match with the defined access structure. The scheme is collusion resistant in a way that even if the unauthorized users collude with the authorized users, it is impossible for them to get a clue about the contents of the data file. The resistance against collusion is enforced by associating the public keys of the users with the respective attributes to stop combining with Table 2: A quick overview of the approaches employed to maintain integrity Ref. Encryption type Strength(s) Weakness (es) TM AM PAC AT RV Others [41] SKE Ensures multi-level privacy Possible disclosure by CSP S [24] ABE, SKE Fine grained access control Policy specification issues U Digital certificate - CO [42] PKE Monitoring of data while being used Record issuer may disclose sensitive information U Digital signature - - AU [43] PKE Effective against tampering Increased key management overheads U Digital signatures the other users attributes. Although the approach claims to be managing the key management issues by key assignment through the cloud, key escrow problems may still exist due to the assumption of a semi-trusted adversarial mode. A methodology called Priority based Health Data Aggregation (PHDA) that preserves the identity and data privacy while transmission from the WBANs is presented in [48]. The scheme employs Paillier cryptosystem to resist against the eavesdropping. To gain access to the health data of a particular patient, the requesting entity, for example, doctors request the mobile users through the CSP. Only the entities possessing the valid secret keys are granted access to the

16 health-data. Moreover, the identities of the patients are anonymized by changing the pseudonyms in different periods of time and only the trusted authority has the ability to link different pseudonyms. Furthermore, the methodology resists against the forgery attempts by the malicious insiders in a way that the trusted authority authenticates the correctness of data requested by the doctors before transmission. However, a limitation of the methodology is that it incurs sufficient overheads in terms of key management. Wang et al. [49] presented an attributed based methodology to enforce the patient-centric access control to the health-data stored in the cloud through constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE). The framework introduces a trusted authority that is responsible for generating the encryption and decryption keys and parameters. Another trusted authority called encryption service provider is used to help data owners generate partial encrypted headers based on the attributes specified in the access policies. The methodology is claimed to be effective for collusion attacks by honest but curious cloud servers. A key benefit of the approach is that it attempts to minimize the encryption overheads at the data owner sides where the data owners can partially delegate the encryption tasks to the encryption service providers. In addition, fixed sizes of ciphertexts are useful in reducing the overheads that are typical faced because of the CP-ABE. However, the approach permits other roles, for example nurses to delegate access to the health-data that can possibly make disclosure attempts. Another CP-ABE based approach called Efficient and Secure Patient-centric Access control Scheme (ESPAC) for cloud storage based is proposed in [50]. The scheme implements a patient centric access control and utilizes the IBE to establish secure communication between the remote patients and the CSP. To establish the access structure, the patients transmit the secret keys to CSP. The approach ensures integrity of the transmitted message, authenticity of the message originator, non-repudiation, and is also resistant to collusion and Denial of Service (DOS) attacks. The performance results show that the ESPAC scheme is applicable to resist DOS attacks in a dual server mode. The lack of dynamicity and flexibility in patient data attainment and then transmitting to the hospital servers makes this approach inefficient. In addition, the hospital servers can be bottleneck and in the event of failure the access to the data stored on the cloud may be restricted. Liu et al. [51] proposed a cloud based patient-centric Clinical Decision Support System (CDSS) and claimed that the privacy of patients data obtained during the clinical visits is preserved. Diagnosis is performed by mapping the symptom of the patients to the past patients through a Naïve Bayes classifier. The data of existing patients are stored on the cloud. However, storing such huge volumes of private data on third-party servers entails serious threats of data theft and collusion. Therefore, the approach ensures the privacy of the historical data of existing patients by employing El-Gamal encryption based methodology called Additive Homomorphic Proxy Aggregation (AHPA). The model mainly comprises of entities, such as Trusted Authority (TA), Cloud Platform (CP), Data Provider (DP), and Processing Unit (PU). The approach assumes honest but curious server that generally follows the protocol. The approach effectively

17 deals with the collusion attacks both by the CP and the PU by performing a re-encryption of the ciphertext, which makes decryption impossible for the adversary without knowing the private key. However, a limitation of the approach is that it may incur high communication overheads because of key generation and re-encryption operations. Table 3 presents a summary of the approaches developed to overcome the collusion. Table 3: A quick overview of the approaches employed to ensure collusion resistance Ref. Encryption type Strength(s) Weakness (es) TM AM PA C AT RV Others [31] CP-ABE Minimized key management overheads Key escrow S [48] Paillier cryptograph, PKE Priority based data aggregation Key management issues S Secret keys, certific ates - - [49] ABE Constant sized ciphertexts Issues with delegation of access control S UN [51] Homomorph ic/el-gamal cryptosyste m Secure data sharing Computation overhead S [50] CP-ABE Patient centric access control Hospital servers may be single point of failure T Digital signat ures - - CO, AU 3.4. Approaches to Maintain the Anonymity in the e-health Cloud Various mechanisms have been employed to maintain the anonymity of health-data in the cloud environment. Some recently developed approaches along with their strengths and weaknesses are presented below. Shen et al. [13] presented a health monitoring architecture for geo-distributed clouds. To circumvent the identification of patient identities through traffic analysis attacks, the authors employed a traffic-shaping algorithm. The shaping algorithm equally distributes both the health data traffic and non-health data traffic. The autocorrelations obtained for the shaped health data traffic are observed close to the non-health data traffic. The authors analyzed the capability of the traffic analyzer by employing the Kullback Leibler (K-L) divergence. The K-L divergence is an entropy measure used to differentiate between two probability distributions [52]. The approach is claimed to be effective for privacy preserving to a reasonable level. A limitation of the approach

18 is that the shaping algorithm incurs high communication delays because of geo-distributed clouds. Zhang et al. [53] proposed a secure methodology to form a social group of patients suffering from the similar diseases in cloud assisted WBANs. The approach divides the whole district into different blocks where each block has a designated block manager and patients with mobile devices (sinks) move around the blocks. The block managers sense and collect the Personal Health Information (PHI), such as the Electrocardiogram (ECG) and Electroencephalography (EEG) data from the mobile devices of the patients. Moreover, the block managers also update and distribute the private keys. The threat model assumes that the adversaries may compromise more sensors than the threshold in a fixed block location and in a single period of time from different blocks. The methodology proposes the use of resource constrained mobile devices that are less vulnerable to the attacks and also the block managers are supposed to be the trusted entities. There exists a secure communication channel established through the Diffie-Hellman key exchange protocol among the sink nodes and the block managers. To maintain the anonymity of the on-body sensors and the patients, identity blinding matrices are employed. In addition, the compromised on-body sensors in the event of a compromise are revoked and cannot be further exploited to derive the keys. However, the approach does not offer any solution for valid insiders who may behave in a malicious way and help adversaries by disclosing the sensitive health information or the keys. The authors in [26] presented a methodology for secure sharing of data in multi-cloud environment. The approach enforces the role based access control through Ciphertext Policy Attribute Based Encryption (CP-ABE). A key benefit of the CP-ABE in the proposed multicloud scenario is that only the delegated users can have access to specified attributes. The patients health-data are signed and encrypted by the doctor and subsequently sent to a local Multi-cloud Proxy (MCP). The MCP splits the health record according to a secret sharing scheme and each portion of the record is subsequently stored at different cloud providers locations. Splitting the health record into multiple portions not only enhances the unlinkability of the health data and patients personal information but also ensures that the patients identities are anonymized. Moreover, to ensure that the privacy of portions stored at different cloud providers is not compromised, the approach employs hash based identifiers. The cloud provider or any other adversaries are not able to deduce the meaningful information from the hash because cryptographic hashes are difficult to invert. However, the approach is limited in user revocation and handling emergency expectations. In addition, the complexities of searching for the identifiers from different cloud providers while reconstructing the health records also results in increased computational overheads. A proposal for pseudonymization of the secondary use of EHRs stored at the cloud is presented by Xu et al. [54]. The authors propose to remove all those unnecessary third-parties that are potentially considered as malicious. A trusted authority issues the certificates to all the entities, such as doctors, pharmacists, and insurance companies. Each of the requesting

19 user/entities generates his/her private key that subsequently along with the user name and other information is digitally signed by the trusted authority. On the other hand, the patients generate the pairs of private and public keys. The public keys are made available to the insurance companies to get the certificate whereas the private key, which is only known to the patient, is stored at the protected memory of the patient s smart card. However, the certificate issued by the insurance company does not contain patient s identifying information. It can be difficult for the scheme to differentiate between the valid certificate applicants and malicious insiders, such as employees of the insurance company that eventually can result in not only revealing the patients identities but also can disclose the primary health information. In addition, the authors in [55] used the ABE whereas [56] used SSH protocol to ensure the anonymity of patients in the cloud environment. Table 4 presents a summary of the approaches developed to maintain anonymity in the health cloud environment. Table 4: A quick overview of the approaches employed to maintain anonymity Ref. Encryption type Strength(s) Weakness (es) TM AM PAC AT RV Others [13] Not used Privacy preservation without encryption High communication delays U [53] SKE Efficient key management Lacks means to deal with malicious insiders T Digital signature - - CO [26] CP-ABE Secure sharing in hybrid cloud Inefficient revocation S Digital signature [54] PKE easy pseudonym generation Difficult to differentiate between the actual users and malicious users during certificate generation S Digital certificate Approaches to Ensure Authenticity in the e-health Cloud Several methodologies have also been employed to ensure the authenticity of health-data in the cloud environment. Some recently developed approaches along with their strengths and weaknesses are presented below. The authors in [57] presented a standard model for automated collection of health-data generated by the personal devices, such as wireless glucometers and smartphone of the patients.

20 The health-data is subsequently transmitted to the authorized providers. The model allows the patients to exercise access control on their health-data. The data requested by the clinicians are encrypted as the S/MIME attachments. The sending entities sign the messages to ensure that the messages have not been tampered during transit. The tasks of message encryption and digital signing are accomplished through the robust public key infrastructure based protocols. Each message contains a certificate created by a digital certificate authority. Nevertheless, the DIRECT messaging to access request does not specify whether a certificate authority is trusted or not and therefore, can possibly lead to tampering. Yu et al. [58] presented a methodology that permits the physicians to collect the patients evidence based data to share with other physicians. The privacy of the data is preserved through a secure authentication mechanism. The new physicians in the system are authenticated through the Health Personal Cards (HPCs). For the existing physicians, the access to the health-data is provided through the Secure Sockets Layer (SSL) protocol. The SSL establishes encrypted communication between the servers and the browser. In addition, patients identifying information is encrypted through the Advanced Encryption Standard (AES) of the symmetric key encryption, which helps in maintaining unlinkability. Zhou et al. [59] proposed a scheme that ensures the confidentiality and anonymity of the patients in m-healthcare cloud system. An Attribute Based Designated Verifier Signature scheme (ADVS) is proposed to ensure the patient-self controllable access over the health information. The patients encrypt the PHI instead of assigning the secret keys to each of the physicians; define the access policies for different user groups or classes. The access control is realized for the groups: (a) directly authorized physicians, (b) indirectly authorized physicians, and (c) unauthorized persons or adversaries. The authorized physicians are provided complete access to the patients health information and are also aware of the identities of the patients. Although the indirectly authorized physicians can view the health information, they are unable to know about the identities of the patients. On the other hand, the unauthorized patients cannot have access to any information. The users from each of the groups need to satisfy the access structure defined on the respective attributes. The scheme permits the patients to generate the attribute based signatures for each group that is different from the others and are not linkable in any way. A key strength of the approach is that despite of using the attribute based access structure, the computational and communication overheads are minimized. On the other hand, it is difficult to revoke the access rights from the indirectly authorized physicians. The authors in [60] used the PKE and the Content Key Encryption (CKE) to fulfil the authenticity requirement. Yu et al. [30] used Key Policy-Attribute Based Encryption (KP-ABE), proxy re-encryption, and lazy re-encryption to achieve a secure and scalable access control and to ensure the authenticity of the health information. Table 5 presents a summary of the approaches developed to ensure the authenticity of health-data.