Encrypted Storage of Medical Data on a Grid

 

 Buy Article Permissions and Reprints

Summary

Objectives: In this article we present grids as an architecture for medical image processing and health-care networks. We argue that confidential patient data should not be stored unprotected on a grid and explain why access control systems alone do not offer sufficient protection. The objective of our work is to propose a method that complements access control systems on a grid architecture and thus makes the storage of confidential data more secure.

Methods: Effective protection can be achieved by storing confidential data in encrypted form. This raises the problem of how authorized users get access to the data, since they need to have the decryption keys.

Results: Our proposal details a key management architecture, that allows encrypted storage and still enables users to access decryption keys for data they are authorized to see. To achieve this functionality we use distributed keyservers storing redundant shares of the keys.

Conclusions: The resulting architecture achieves our primary objective of making the storage of confidential data more secure without loosing the data sharing properties of the grid architecture. Furthermore our architecture is robust against breakdowns and denial of service attacks. It scales well with the number of users and does not introduce a single point of failure into the system.

• References

• 1 Seitz L, Pierson J, Brunie L. Semantic access control for medical applications in grid environments. In: Euro-Par 2003 Parallel Processing, volume LNCS 2790. Springer: 2003: 374-83.
  Google Scholar
• 2 Alfieri R, Cecchini R, Ciaschini V, dell Agnello L, Frohner ÁGianoli A, Lörentey K, Spataro F. VOMS, an authorization system for virtual organizations. In Proceedings of the 1st European Across Grids Conference. 2003
  Google Scholar
• 3 Declerck J. Large-scale distributed mammogram analysis: Mammogrid and ediamond. In Proceedings of the Health Grid conference. 2003 http://www.healthgrid.org/docs//pdf/proceedings_first_conference.pdf.
  PubMedGoogle Scholar
• 4 Berti G, Benkner S, Fenner J, Fingberg J, Lonsdale G, Middleton S, Surridge M. Medical Simulation Services via the Grid, Proceedings of the Health- Grid Conference, 2003. http://www.healthgrid.org/docs//pdf/proceedings_first_conference.pdf.
  PubMedGoogle Scholar
• 5 Sloot P. A distributed medical support system for drug therapy of hiv infection. Proceedings of the Health Grid conference, 2003. http://www.healthgrid.org/docs//pdf/proceedings_first_conference.pdf.
  PubMedGoogle Scholar
• 6 Fu K. Group Sharing and Random Access in Cryptographic Storage File Systems. Master’s Thesis, Massachusetts Institute of Technology, 1999. http://theory.lcs.mit.edu/~cis/theses/fumasters. pdf.
  PubMedGoogle Scholar
• 7 Hughes J, Feist C, Hawkinson S, Perrault J, O'Keefe M, Corcoran D. A Universal Access, Smart-Card-Based, Secure File System. Proceedings of the 3rd annual Atlanta Linux Showcase, 1999. http://www.network.com/hughes/sfspaper.pdf.
  PubMedGoogle Scholar
• 8 Shamir A. How to share a secret. In Communications of the ACM, volume. 1979; 22: 612-3.
  PubMedGoogle Scholar
• 9 Keahey K, Welch V. Fine-grain authorzation for resource management in the grid environment. Proceedings of the 3rd International Workshop on Grid Computing. 2002
  Google Scholar
• 10 Chadwick D, Otenko A. The permis x.509 role based privilege management infrastructure. Proceedings of the seventh ACM symposium on Access control models and technologies. 2002
  Google Scholar
• 11 Duque H, Montagnat J, Pierson J, Seitz L, Brunie L, Magin I. An architecture for large scale and high performance medical imaging applications. Available from. http://hectorduque.free.fr/recherche/tdPapers.html.
  PubMedGoogle Scholar