A robust multi-key authority system for privacy-preserving distribution and access control of healthcare data

Abstract

Innovation in medical technology and communication has rapidly empowered the development of smart healthcare devices. This has led to privacy breaches, threats and vulnerabilities to sensitive patient data that result in unwanted or targeted advertising. Previous research has focused on protecting access to sensitive patient data from unauthorized entities, especially by defining roles of healthcare entities in the overall system with their access privileges. However, such efforts need to be further robust due to the involvement of a single key authority that may lead to a critical point of failure. In this paper, this vulnerability has been addressed by developing a novel approach to crucially increase the number of key authorities using homomorphic encryption. The proposed approach ensures genuine access to the verified entity by forming a subsystem of t key authorities from a total of n authorities (t<n). This creates rigorous challenge to a malicious attacker, obfuscating the selection and functioning of key access packets in a multi-key authority setup. The results of the proposed approach achieve medical data confidentiality, entity authentication, and strategic data sharing. The security of the proposed approach is assessed for different vulnerabilities of the overall system using a challenge-response game model. Moreover, the proposed approach is found to be better and secure as compared to existing schemes.