Use this URL to cite or link to this record in EThOS:
Title: Supporting access to distributed EPRs (electronic patient records) with three levels of identity privacy preservation
Author: Addas, Rima Mahmoud
ISNI:       0000 0004 5369 9396
Awarding Body: University of Manchester
Current Institution: University of Manchester
Date of Award: 2015
Availability of Full Text:
Access from EThOS:
Access from Institution:
The extensive use of the Internet has been accompanied by the augmentation of e-services, such as e-health. Particularly, the improvement in e-health has put a massive load of sensitive information in the hands of service providers and other parties, where privacy risks might exist when accessing sensitive data stored in the form of electronic patient records (EPRs). EPRs support efficient access to patient data by multiple healthcare providers and third party users, which will consequently improve patient care. However, the sensitive nature of this data requires access restrictions to only those 'who need to know'. How to achieve this without compromising patient privacy remains an open issue that needs further consideration. This thesis, therefore, addresses privacy problems with distributed EPRs and how to allow authorised users to access them with multiple levels of identity privacy preservations. The thesis investigates existing security solutions for achieving privacy preserving distributed data access and analyses their strengths and weaknesses. It then proposes a novel method to support secure access to distributed EPRs with three levels of patient identity privacy preservations, i.e., the 3LI2P version 1 (3LI2Pv1) method. The idea of the method is to integrate a number of significant features, which have not been considered in the related work, and these features are: (1) supporting three levels of controlled distributed EPR accesses by different legitimate user groups while preserving patient identity privacy; (2) making use of different digital credentials to support the three levels of access; (3) simplifying key management distribution; (4) optimising performance; and(5) supporting separation of duties among trusted third parties, ensuring accountability. The 3LI2Pv1 method makes use of three layers of pseudonyms to achieve these properties, i.e., each patient has multiple pseudonyms layered at three levels. The method relies on a combined cryptographic primitives, symmetric cryptosystem, asymmetric cryptosystem and a hash function, to generate these pseudonyms. The security properties and the performance of the 3LI2Pv1 method are analysed, evaluated and compared with related work. The results from the comparison show that our 3LI2Pv1 method is better in terms of supporting the requirements necessary to preserve a patient's identity privacy in a distributed setting at no significant additional costs. The thesis also proposes an enhanced version of the above method called the 3LI2P version 2 (3LI2Pv2) method. This latter method enhances the 3LI2Pv1 method in terms of reducing key management burden on central trusted third party, enforcing the least access privilege principle, not only among users and central trusted third party, but also among health service providers who manage the patients' data, further improving performance, ensuring the integrity of patient pseudonyms, providing pseudonyms uniqueness and finally, facilitating a more ne-grained access control by introducing an additional linkable anonymousa ccess sub-level. The 3LI2Pv2 method has been analysed in terms of security and performance. Based on the 3LI2Pv2 method, the thesis introduces a novel 3LI2Pv2 protocol. The protocol is designed specifically for the 3LI2Pv2 method to facilitate different types of accesses, linkable access, Level-2 inter-HSP linkable anonymous access, Level-2 intra-HSP linkable anonymous access and anonymous access, and to allow different user groups to securely access distributed EPRs according to their privileges, without compromising the patient's privacy. The security properties of the 3LI2Pv2 protocol are formally verified using the Casper/FDR2 verification tool. To evaluate its performance, a prototype of the 3LI2Pv2 protocol has been implemented using Java under two different settings, a single machine and distributed machines settings. Using these implementation settings, performance evaluations of the protocol were conducted. The results from the evaluations (under both settings) confirmed that we have successfully balanced between security and performance without compromising the patient's privacy.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available