• About
  • Policies
  • What is open access
  • Library
  • Contact
Advanced search
      View Item 
      •   BUIR Home
      • University Library
      • Bilkent Theses
      • Theses - Department of Computer Engineering
      • Dept. of Computer Engineering - Master's degree
      • View Item
      •   BUIR Home
      • University Library
      • Bilkent Theses
      • Theses - Department of Computer Engineering
      • Dept. of Computer Engineering - Master's degree
      • View Item
      JavaScript is disabled for your browser. Some features of this site may not work without it.

      A privacy-preserving solution for storage and processing of personal health records against brute-force attacks

      Thumbnail
      Embargo Lift Date: 2019-10-01
      View / Download
      2.2 Mb
      Author(s)
      Dilmaghani, Saharnaz Esmaeilzadeh
      Advisor
      Ayday, Erman
      Date
      2017-09
      Publisher
      Bilkent University
      Language
      English
      Type
      Thesis
      Item Usage Stats
      191
      views
      57
      downloads
      Abstract
      There is a crucial need for protecting patient's sensitive information, such as personal health record (PHR), from unauthorized users due to the increase in demands of electronic health records. Even though cryptography systems have been signi cantly developed, cyber attack is dramatically increased during the last couple of years. Although using high entropy passwords in the encryption methods can decrease the success of an adversarial attack, it is not popular among the users to choose such passwords. However, using a weak password makes the system vulnerable to brute-force attacks. Towards this end, we present a new framework as a solution for a secure storage of PHR data regardless of the password entropy. Our system is an application of Honey Encryption (HE) scheme which is a new approach that provides a security beyond the brute-force bound and therefore dominates the Password Based Encryption (PBE). We utilize almost 10K patients' information from various datasets in order to construct a precise encoder/ decoder model as a core element of HE. By providing the proposed model, we ensure that the encryption with invalid keys yields a valid-looking but incorrect health information of a patient to an adversary. The previous applications of HE are mainly on the static datasets that are not changing over the time. However, we were able to design an HE based model on a highly dynamic dataset of PHR. To the best of our knowledge, we are the rst to provide a robust password based framework against brute-force attacks of health records regardless of the password entropy. The results of the comparing our proposed encoding method with the direct application of the PBE scheme show that it is almost impossible for an adversary to eliminate any wrong password. We also consider real-life scenarios for di erent attacks with side information about a patient's health related attributes. We implement a robust and concrete framework for storing and processing the PHRs that is also a novel, practical solution for protecting PHR data.
      Keywords
      Security and Privacy
      Personal Health Record (PHR)
      Honey Encryption
      Permalink
      http://hdl.handle.net/11693/33730
      Collections
      • Dept. of Computer Engineering - Master's degree 566
      Show full item record

      Browse

      All of BUIRCommunities & CollectionsTitlesAuthorsAdvisorsBy Issue DateKeywordsTypeDepartmentsCoursesThis CollectionTitlesAuthorsAdvisorsBy Issue DateKeywordsTypeDepartmentsCourses

      My Account

      Login

      Statistics

      View Usage StatisticsView Google Analytics Statistics

      Bilkent University

      If you have trouble accessing this page and need to request an alternate format, contact the site administrator. Phone: (312) 290 2976
      © Bilkent University - Library IT

      Contact Us | Send Feedback | Off-Campus Access | Admin | Privacy