Worcester Polytechnic Institute Electronic Theses and Dissertations Collection

Title page for ETD etd-070311-134150

Document Typethesis
Author NameZHENG, YAO
TitlePrivacy-Preserving Personal Health Record System Using Attribute-Based Encryption
DepartmentElectrical & Computer Engineering
  • Wenjing Lou, Advisor
  • Xinming Huang, Committee Member
  • Shucheng Yu, Committee Member
  • Keywords
  • PHR
  • ABE
  • fine-grained access control
  • security
  • privacy
  • Date of Presentation/Defense2011-06-27
    Availability unrestricted


    Personal health record (PHR) service is an emerging model for health information exchange. It allows patients to create, manage, control and share their health information with other users as well as healthcare providers. In reality, a PHR service is likely to be hosted by third-party cloud service providers in order to enhance its interoperability. However, there have been serious privacy concerns about outsourcing PHR data to cloud servers, not only because cloud providers are generally not covered entities under HIPAA, but also due to an increasing number of cloud data breach incidents happened in recent years.

    In this thesis, we propose a privacy-preserving PHR system using attribute-based encryption (ABE). In this system, patients can encrypt their PHRs and store them on semi-trusted cloud servers such that servers do not have access to sensitive PHR contexts. Meanwhile patients maintain full control over access to their PHR files, by assigning fine-grained, attribute-based access privileges to selected data users, while different users can have access to different parts of their PHR. Our system also provides extra features such as populating PHR from professional electronic health record (EHR) using ABE.

    In order to evaluate our proposal, we create a Linux library that implement primitive of key-policy attribute-based encryption (KP-ABE) algorithms. We also build a PHR application based on Indivo PCHR system that allow doctors to encrypt and submit their prescription and diagnostic note to PHR servers using KP-ABE. We evaluate the performance efficiency of different ABE schemes as well as the data query time of Indivo PCHR system when PHR data are encrypted under ABE scheme.

  • Yao_Zheng_Thesis.pdf

  • Browse by Author | Browse by Department | Search all available ETDs

    [WPI] [Library] [Home] [Top]

    Questions? Email etd-questions@wpi.edu
    Maintained by webmaster@wpi.edu