| Summary: | This paper investigates facilitating remote collection of a patient’s data in distributed system while protecting the security of the data, preserving the privacy of the patient’s ID, and preventing inference attack. The paper presents a novel framework called SPID stand for a Secure, ID Privacy, and Inference Threat Prevention Mechanisms for Distributed Systems. In designing this framework, we make the following novel contributions. The SPID presents a novel architecture that supports the use of a distributed set of servers owned by different service providers. The SPID allows the patient to access these servers using certificates generated by the patient. The SPID allows the patient to select one server to be the home server, and select a number of servers to be the foreign servers. The patient uses the foreign servers to upload data. The home server is responsible for collecting the patient’s data from the foreign servers and sending them to the healthcare provider. The SPID proposes a method for efficient verification of each request from the patient without searching in the server’s database for the verification key. This is done by using some of the Elliptic Curves Cryptography (ECC) properties. The SPID has been analyzed using a bench-marking tool and evaluated using queuing theory. The evaluation results indicate an efficient performance when the number of servers increases. We uses Shannon entropy method to measure the likelihood of the inference attack.
|
|---|