Privacy in Commercial Medical Storage Systems

  • Mehmet Tahir Sandıkkaya
  • Bart De Decker
  • Vincent Naessens
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 69)


Today, people grow older than some decades ago. This inevitably leads to an increasing number of commercial players in the healthcare domain. Privacy is a major concern in many eHealth application, especially when sensitive personal data is stored in databases. This paper presents a secure, fair and privacy-preserving solution to enforce the patient’s privacy preferences on his or her personal medical records. The proposed cryptographic tools and protocols are thoroughly explained. Moreover, a prototype implementation validates the concept. Finally, it is shown that a convenient, modular and generic system based on lightweight cryptographic primitives can be realized as proposed.


Emergency Physician Forward Secrecy Cryptographic Hash Function Identity Provider Current Timestamp 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: VLDB, pp. 143–154. Morgan Kaufmann, San Francisco (2002)Google Scholar
  2. 2.
    Bertino, E., Sandhu, R.S.: Database security-concepts, approaches, and challenges. IEEE Trans. Dependable Sec. Comput. 2(1), 2–19 (2005)CrossRefGoogle Scholar
  3. 3.
    Brands, S., Légaré, F.: Digital identity management based on digital credentials. In: Schubert, S.E., Reusch, B., Jesse, N. (eds.) GI Jahrestagung. LNI, vol. 19, pp. 120–126. GI (2002)Google Scholar
  4. 4.
    Camenisch, J., Van Herreweghen, E.: Design and implementation of the demix anonymous credential system. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security, pp. 21–30. ACM, New York (2002)Google Scholar
  5. 5.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  6. 6.
    Demuynck, L., De Decker, B.: Privacy-preserving electronic health records. In: Dittmann, J., Katzenbeisser, S., Uhl, A. (eds.) CMS 2005. LNCS, vol. 3677, pp. 150–159. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory 26(4), 401–406 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Lamport, L.: Password authentification with insecure communication. Commun. ACM 24(11), 770–772 (1981)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Lin, C.-C., Duann, J.-R., Liu, C.-T., Chen, H.-S., Su, J.-L., Chen, J.-H.: A unified multimedia database system to support telemedicine. IEEE Transactions on Information Technology in Biomedicine 2(3), 183–192 (1998)CrossRefGoogle Scholar
  10. 10.
    Maglogiannis, I., Kazatzopoulos, L.: Enabling location privacy and medical data encryption in patient telemonitoring systems. IEEE Trans. Inf. Technol. Biomed. (2009)Google Scholar
  11. 11.
    University of Illinois at Urbana-Champaign. I-living the assisted living project (August 2009),
  12. 12.
    University of Virginia. Smart in-home monitoring system (June 2009),
  13. 13.
    The European Parliament and the Council of the European Union. Directive 95/46/ec of the european parliament and of the council of October 24, 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities L(281), 31 (1995)Google Scholar
  14. 14.
    Schartner, P., Schaffer, M.: Efficient privacy-enhancing techniques for medical databases. In: Fred, A.L.N., Filipe, J., Gamboa, H. (eds.) BIOSTEC (Selected Papers). CCIS, vol. 25, pp. 467–478. Springer, Heidelberg (2008)Google Scholar
  15. 15.
    Schneier, B.: Applied Cryptography. Wiley, New York (1996)zbMATHGoogle Scholar
  16. 16.
    Steg, H., Strese, H., Loroff, C., Hull, J., Schmidt, S.: Europe is facing a demographic challenge ambient assisted living offers solutionsGoogle Scholar
  17. 17.
    Wu, C.-L., Liao, C.-F., Fu, L.-C.: Service-oriented smart-home architecture based on osgi and mobile-agent technology. IEEE Transactions on Systems, Man, and Cybernetics, Part C 37(2), 193–205 (2007)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2011

Authors and Affiliations

  • Mehmet Tahir Sandıkkaya
    • 1
    • 2
  • Bart De Decker
    • 3
  • Vincent Naessens
    • 2
  1. 1.İTÜ Bilgisayar Mühendisliği BölümüIstanbul Technical UniversityİstanbulTurkey
  2. 2.Katholieke Hogeschool Sint-LievenGentBelgium
  3. 3.Katholieke Universiteit LeuvenHeverleeBelgium

Personalised recommendations