dc.contributor.advisor | Ayday, Erman | |
dc.contributor.author | Dilmaghani, Saharnaz Esmaeilzadeh | |
dc.date.accessioned | 2017-09-25T13:28:59Z | |
dc.date.available | 2017-09-25T13:28:59Z | |
dc.date.copyright | 2017-09 | |
dc.date.issued | 2017-09 | |
dc.date.submitted | 2017-09-25 | |
dc.identifier.uri | http://hdl.handle.net/11693/33730 | |
dc.description | Cataloged from PDF version of article. | en_US |
dc.description | Thesis (M.S.): Bilkent University, Department of Computer Engineering, İhsan Doğramacı Bilkent University, 2017. | en_US |
dc.description | Includes bibliographical references (leaves 57-63). | en_US |
dc.description.abstract | There is a crucial need for protecting patient's sensitive information, such as
personal health record (PHR), from unauthorized users due to the increase in
demands of electronic health records. Even though cryptography systems have
been signi cantly developed, cyber attack is dramatically increased during the
last couple of years. Although using high entropy passwords in the encryption
methods can decrease the success of an adversarial attack, it is not popular among
the users to choose such passwords. However, using a weak password makes
the system vulnerable to brute-force attacks. Towards this end, we present a
new framework as a solution for a secure storage of PHR data regardless of the
password entropy.
Our system is an application of Honey Encryption (HE) scheme which is a
new approach that provides a security beyond the brute-force bound and therefore
dominates the Password Based Encryption (PBE). We utilize almost 10K
patients' information from various datasets in order to construct a precise encoder/
decoder model as a core element of HE. By providing the proposed model,
we ensure that the encryption with invalid keys yields a valid-looking but incorrect
health information of a patient to an adversary. The previous applications of
HE are mainly on the static datasets that are not changing over the time. However,
we were able to design an HE based model on a highly dynamic dataset of
PHR. To the best of our knowledge, we are the rst to provide a robust password
based framework against brute-force attacks of health records regardless of the
password entropy. The results of the comparing our proposed encoding method with the direct application of the PBE scheme show that it is almost impossible for an adversary
to eliminate any wrong password. We also consider real-life scenarios for di erent
attacks with side information about a patient's health related attributes. We
implement a robust and concrete framework for storing and processing the PHRs
that is also a novel, practical solution for protecting PHR data. | en_US |
dc.description.statementofresponsibility | by Saharnaz Esmaeilzadeh Dilmaghani. | en_US |
dc.format.extent | xii, 63 leaves : charts ; 30 cm. | en_US |
dc.language.iso | English | en_US |
dc.rights | info:eu-repo/semantics/openAccess | en_US |
dc.subject | Security and Privacy | en_US |
dc.subject | Personal Health Record (PHR) | en_US |
dc.subject | Honey Encryption | en_US |
dc.title | A privacy-preserving solution for storage and processing of personal health records against brute-force attacks | en_US |
dc.title.alternative | Kişisel sağlık verilerinin kaba güç saldırılarına karşı güvenli saklanması ve işlenmesi | en_US |
dc.type | Thesis | en_US |
dc.department | Department of Computer Engineering | en_US |
dc.publisher | Bilkent University | en_US |
dc.description.degree | M.S. | en_US |
dc.identifier.itemid | B156499 | |
dc.embargo.release | 2019-10-01 | |