Controllable Privacy-Preserving Online Diagnosis with Outsourced SVM over Encrypted Medical Data

Abstract

With the widespread application of online diagnosis systems, users can upload their physical characteristics anytime and from anywhere to receive clinical diagnoses. However, for privacy and intellectual property considerations, users' physical characteristics, diagnosis results, and the medical diagnosis model should be protected. To achieve an efficient and secure online diagnosis, secure outsourcing and low burden become research objectives. However, few of the existing privacy-preserving schemes focus on the secure outsourcing of the training process, and few consider the supervision of the hospital for the online diagnosis process. By introducing a four-party architecture with two non-colluding servers, a hospital and users, in this paper, we propose a controllable privacy-preserving online diagnosis scheme (CPPOD) with outsourced SVM over encrypted medical data. Concretely, an integer vector homomorphic encryption is employed to protect medical data and user requests. In the encrypted domain, a series of collaborative protocols including data collection, sequence minimum optimization solver, SVM model building, and online diagnosis are constructed and take place between different participants, while no significant increase in computation on either the hospital or user side. CPPOD enables the hospital to delegate online diagnosis services to a cloud server while ensuring that its regulatory capabilities cannot be bypassed unauthorized. Security analysis and performance evaluation suggest that CPPOD performs well regarding security and efficiency.