Secure Sharing of mHealth Data Streams through Cryptographically-Enforced Access Control
[greene:sharehealth]Emily Greene, Patrick Proctor, and David Kotz. Secure Sharing of mHealth Data Streams through Cryptographically-Enforced Access Control. Journal of Smart Health, volume 12, pages 49–65. Elsevier, April 2019. doi:10.1016/j.smhl.2018.01.003. ©Copyright Elsevier.
Owners of mobile-health apps and devices often want to share their mHealth data with others, such as physicians, therapists, coaches, and caregivers. For privacy reasons, however, they typically want to share a limited subset of their information with each recipient according to their preferences. In this paper, we introduce ShareHealth, a scalable, usable, and practical system that allows mHealth-data owners to specify access-control policies and to cryptographically enforce those policies so that only parties with the proper corresponding permissions are able to decrypt data. The design and prototype implementation of this system make three contributions: (1) they apply cryptographically-enforced access-control measures to stream-based (specifically mHealth) data, (2) they recognize the temporal nature of mHealth data streams and support revocation of access to part or all of a data stream, and (3) they depart from the vendor- and device-specific silos of mHealth data by implementing a secure end-to-end system that can be applied to data collected from a variety of mHealth apps and devices.
Citable with [BibTeX]
Keywords: [iot] [mhealth] [privacy] [security] [sensors] [wearable]
Available from the publisher: [DOI]
Available from the author:
The publisher does not allow us to post a pdf copy; contact me if you are unable to obtain a copy from the publisher.