Security and Privacy Preservation in Healthcare System


Recently electronic health (eHealth) care system has drawn a lot of attention from the research community and the industry to face the challenge of rapidly growing elderly population and rapidly rising health care spending. Recent advances in Wireless Body Area Networks (WBANs) have made it possible to deploy wearable sensors on the bodies of patients in a residential setting or a mobile setting, allowing continuous monitoring of physiological signals and health related information. Integrating this technology with other existing 3G/4G wireless technologies permits real-time mobile and permanent monitoring of patients, even during their daily normal activities. In such a heterogeneous wireless environment, secure communication of patient's PHI with data integrity and confidentiality guarantees is an essential part of a reliable eHealth care system. Major challenges are classified as i) key management and secure communication in WBAN ii) Cooperative, cost-effective secure data (PHI) forwarding, and iii) Patient-centric access control to the stored PHIs.

Cooperative Secure Data Forwarding Protocol:

To deliver PHI from an individual user to the health service provider is a challenging job when patients do not have direct link to the Internet or wireless access-point. Even if the patient in a cellular network coverage, due to service-cost and continuous data forwarding requirement, it is not a suitable solution. Extending existing wireless network to cooperative multi-hop wireless network can permit long-term permanent monitoring with low-cost. In this cooperative environment, users can form an on-demand ad-hoc network and use multi-hop routing to enhance network performance, minimize the cost of deployment, increase the coverage area as well as reduce the overall service cost. Interested research issues include trust based neighbor node selection, incentive and reward provision policy, data integrity, and user's privacy.

Patient-centric and Fine-grained PHI Access Control in Health-Cloud:

eHealth care system needs to ensure the availability of PHI in electronic form adheres to the same levels of privacy and disclosure policy as applicable to present-day paper-based patient-record accessible only from the physician office. Instead of storing the PHI locally, the recent advancement of cloud computing allows us to store all PHIs at cloud-storage and ensures availability with reduces the capital and operational expenditures. My research works also include patient-centric access control of stored PHI with user revocation and efficiency.

Security and Privacy in Mobile Cloud Computing:

Mobile Cloud Computing is a combination of processing at mobile devices, mobile internet, and interaction with central cloud infrastructure. It integrates the advantages of mobile computing, mobile internet, and cloud computing. Ensuring contex-aware adaptive security and privacy in this environment is a challenging issue. Proposing secure framework for Mobile Cloud Computing is also a part of my research interest.