Security of Electronic Medical Records

We propose to utilize novel cryptographic techniques to protect Electronic Medical Records (EMRs) and to provide secure means for storing the EMRs in untrusted locations, such as in the cloud or on an individual’s smartphone. Medical records include a wide variety of information such as results from lab tests, images, diagnoses, prescriptions, and medical histories. EMRs offer tremendous advantages over paper based medical records. Portability and easy, ubiquitous access reduce cost, morbidity and mortality by reducing the risk of duplication of potentially harmful tests (such as radiological exams), adverse events such as allergic reactions, and complications due to missed/unavailable critical information. Using personal health records (PHRs) patients may take ownership of their medical records, with the potential for greater privacy and better access to their records when needed. The proposed work will study protecting EMRs with new cryptographic techniques and building a pilot system that will be deployed at JHMI. The pilot will enable storage of protected records across a distributed environment that includes untrusted outsourced databases and mobile devices. Patients will be able to interface with Public Healthcare Record (PHR) systems such as Google Health and Microsoft Health Vault or other cloud services.

Below are current projects and publications in this area:

  • "Securing Electronic Medical Records Using Attribute-Based Encryption On Mobile Devices." J. A. Akinyele, M. W. Pagano, M. Green, C. Lehmann, Z. Peterson, A. Rubin. 2011.
    To appear in the 1st ACM CCS-SPSM workshop.
  • "A Research Roadmap for Healthcare IT Security Inspired by the PCAST Health Information Technology Report." M. Green, A. Rubin. HealthSec 2011 workshop.
  • "Self-protecting Electronic Medical Records using Attribute-Based Encryption." J. A. Akinyele, C. Lehmann, M. Green, M. W. Pagano, Z. Peterson, A. Rubin. 2010. (ePrint PDF)
  • "Securing Medical Records on Smartphones." R. W. Gardner, S. Garera, M. W. Pagano, M. Green and A. Rubin. In SPIMACS 2009.

Charm-Crypto: A framework for rapidly prototyping cryptosystems

Over the past decade the cryptographic research community has made impressive progress in developing new cryptographic protocols. This work has advanced our understanding of basic technologies such as public key encryption, key agreement, and digital signatures. Moreover, it has given us entirely new paradigms for securing data, such as Identity-based and Attribute Based Encryption, anonymous credentials and techniques for computing on encrypted data.

Despite these advances, only a trickle of new cryptographic technology has filtered down to the systems community in the form of useable cryptographic implementations. Even supported prototype research implementations are few and far between. This is a major loss for researchers, to say nothing of industry and the open source community. We present Charm, an extensible Python-based framework for rapidly prototyping cryptographic systems. Charm was designed from the ground up to support the development of advanced cryptographic schemes. It includes support for multiple cryptographic settings, an extensive library of re-usable code, along with the infrastructure necessary to quickly implement interactive protocols. Our framework also provides a series of specialized tools that enable different cryptosystems to interoperate.

Through several examples, we show that our approach produces a potential order of magnitude decrease in code size compared to standard C implementations, while inducing an acceptable performance impact. Please see our project website for code and technical paper at