An Improved Scheme for Protecting Medical Data in Public Clouds

Public Clouds offer a convenient way for storing and sharing the large amounts of medical data that are generated by, for example, wearable health monitoring devices. Nevertheless, using a public infrastructure raises significant security and privacy concerns. Even if the data are stored in an encrypted form, the data owner should share some information with the Cloud provider in order to enable the latter to perform access control; given the high sensitivity of medical data, even such limited information may jeopardize end-user privacy. In this paper we employ an access control delegation scheme to enable the users themselves to perform access control on their data, even though these are stored in a public Cloud. In our scheme access control policies are evaluated by a user-controlled gateway and Cloud providers are only entrusted with respecting the gateway’s decision. Furthermore, since medical data must often be shared with health providers of the user’s choice, we rely on a proxy re-encryption technique to allow such sharing to take place. Our scheme encrypts data before storing them in the Cloud and applies proxy re-encryption using Cloud resources to encrypt data separately for each (authorized) user. Our proxy re-encryption scheme ensures that misbehaving Cloud providers cannot use re-encryption keys to share content with unauthorized clients, while delegating the costly re-encryption operations to the Cloud.