A privacy-preserving solution for storage and processing of personal health records against brute-force attacks

Simple item page
buir.advisorAyday, Erman
dc.contributor.authorDilmaghani, Saharnaz Esmaeilzadeh
dc.date.accessioned2017-09-25T13:28:59Z
dc.date.available2017-09-25T13:28:59Z
dc.date.copyright2017-09
dc.date.issued2017-09
dc.date.submitted2017-09-25
dc.departmentDepartment of Computer Engineeringen_US
dc.descriptionCataloged from PDF version of article.en_US
dc.descriptionThesis (M.S.): Bilkent University, Department of Computer Engineering, İhsan Doğramacı Bilkent University, 2017.en_US
dc.descriptionIncludes bibliographical references (leaves 57-63).en_US
dc.description.abstractThere is a crucial need for protecting patient's sensitive information, such as personal health record (PHR), from unauthorized users due to the increase in demands of electronic health records. Even though cryptography systems have been signi cantly developed, cyber attack is dramatically increased during the last couple of years. Although using high entropy passwords in the encryption methods can decrease the success of an adversarial attack, it is not popular among the users to choose such passwords. However, using a weak password makes the system vulnerable to brute-force attacks. Towards this end, we present a new framework as a solution for a secure storage of PHR data regardless of the password entropy. Our system is an application of Honey Encryption (HE) scheme which is a new approach that provides a security beyond the brute-force bound and therefore dominates the Password Based Encryption (PBE). We utilize almost 10K patients' information from various datasets in order to construct a precise encoder/ decoder model as a core element of HE. By providing the proposed model, we ensure that the encryption with invalid keys yields a valid-looking but incorrect health information of a patient to an adversary. The previous applications of HE are mainly on the static datasets that are not changing over the time. However, we were able to design an HE based model on a highly dynamic dataset of PHR. To the best of our knowledge, we are the rst to provide a robust password based framework against brute-force attacks of health records regardless of the password entropy. The results of the comparing our proposed encoding method with the direct application of the PBE scheme show that it is almost impossible for an adversary to eliminate any wrong password. We also consider real-life scenarios for di erent attacks with side information about a patient's health related attributes. We implement a robust and concrete framework for storing and processing the PHRs that is also a novel, practical solution for protecting PHR data.en_US
dc.description.degreeM.S.en_US
dc.description.statementofresponsibilityby Saharnaz Esmaeilzadeh Dilmaghani.en_US
dc.embargo.release2019-10-01
dc.format.extentxii, 63 leaves : charts ; 30 cm.en_US
dc.identifier.itemidB156499
dc.identifier.urihttp://hdl.handle.net/11693/33730
dc.language.isoEnglishen_US
dc.publisherBilkent Universityen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectSecurity and Privacyen_US
dc.subjectPersonal Health Record (PHR)en_US
dc.subjectHoney Encryptionen_US
dc.titleA privacy-preserving solution for storage and processing of personal health records against brute-force attacksen_US
dc.title.alternativeKişisel sağlık verilerinin kaba güç saldırılarına karşı güvenli saklanması ve işlenmesien_US
dc.typeThesisen_US
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
Saharnaz Esmaeilzadeh Dilmaghani_MSc Thesis_September 2017.pdf
Size:
2.23 MB
Format:
Adobe Portable Document Format
Description:
Full printable version
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description:
Download
Collections
Dept. of Computer Engineering - Master's degree