Crypt-EHRServer: Protecting Confidentiality with Attribute-Based Encryption and Encrypted Query Processing

摘要

OpenEHR is an open standard specification for developing flexible electronic health record (EHR) management system. It defines the standard service models and APIs, and offers a whole lifetime data storage method to the patient's record. As an important OpenEHR system component, EHRServer plays the role of back-end services repository for data storage and query. It complies with the openEHR specifications and adopts MySQL database. However, current EHRServer has many limitations. For example, its official requirement stresses that one organization cannot access the EHR owned by other organizations. The original EHRServer database is in plaintext format. It can lead to the risk of electronic record leakage. Encryption is one common protection method, but the current EHRServer APIs do not support encrypted data query. That restricts building EHRServer on the cloud. What's more, the inconvenience of information sharing among different organizations may also hinder the extension of OpenEHR coverage to more domains and countries. To solve the above open problems, in this paper, we explore two approaches which guarantee the security and flexibility of sharing EHR on the cloud and thus propose a new architecture called Crypt-EHRServer. Firstly, we use attribute-based encryption to realize flexible EHR access authority for different authorized organizations. Secondly, we learn from an efficient ciphertext query model, CryptDB, and adopt their onion encryption approach to support standard SQL queries on the encrypted EHR. The result of our work could provide a flexible, scalable and secure EHR system. Crypt-EHRServer will benefit OpenEHR's widespread adoption in the world, and will also arouse people's awareness about incorporating security criteria into the design of electronic health records management systems.