The adoption of big data analytics in healthcare applications is overwhelming not only because of the huge volume of data being analyzed, but also because of the heterogeneity and sensitivity of the data. Effective and efficient analysis and visualization of secure patient health records are needed to e.g., find new trends in disease management, determining risk factors for diseases, and personalized medicine. In this paper, we propose a novel community cloud architecture to help clinicians and researchers to have easy/increased accessibility to data sets from multiple sources, while also ensuring security compliance of data providers is not compromised. Our cloud-based system design configuration with cloudlet principles ensures application performance has high-speed processing, and data analytics is sufficiently scalable while adhering to security standards (e.g., HIPAA, NIST). Through a case study, we show how our community cloud architecture can be implemented along with best practices in an ophthalmology case study which includes health big data (i.e., Health Facts database, I2B2, Millennium) hosted in a campus cloud infrastructure featuring virtual desktop thin-clients and relevant Data Classification Levels in storage.
more »
« less
A cloud-based secure and privacy-preserving clustering analysis of infectious disease
The early detection of where and when fatal infectious diseases outbreak is of critical importance to the public health. To effectively detect, analyze and then intervene the spread of diseases, people's health status along with their location information should be timely collected. However, the conventional practices are via surveys or field health workers, which are highly costly and pose serious privacy threats to participants. In this paper, we for the first time propose to exploit the ubiquitous cloud services to collect users' multi-dimensional data in a secure and privacy-preserving manner and to enable the analysis of infectious disease. Specifically, we target at the spatial clustering analysis using Kulldorf scan statistic and propose a key-oblivious inner product encryption (KOIPE) mechanism to ensure that the untrusted entity only obtains the statistic instead of individual's data. Furthermore, we design an anonymous and sybil-resilient approach to protect the data collection process from double registration attacks and meanwhile preserve participant's privacy against untrusted cloud servers. A rigorous and comprehensive security analysis is given to validate our design, and we also conduct extensive simulations based on real-life datasets to demonstrate the performance of our scheme in terms of communication and computing overhead.
more »
« less
- Award ID(s):
- 1722791
- NSF-PAR ID:
- 10072664
- Date Published:
- Journal Name:
- The Second IEEE Symposium on Privacy-Aware Computing (PAC'18)
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Symptoms-tracking applications allow crowdsensing of health and location related data from individuals to track the spread and outbreaks of infectious diseases. During the COVID-19 pandemic, for the first time in history, these apps were widely adopted across the world to combat the pandemic. However, due to the sensitive nature of the data collected by these apps, serious privacy concerns were raised and apps were critiqued for their insufficient privacy safeguards. The Covid Nearby project was launched to develop a privacy-focused symptoms-tracking app and to understand the privacy preferences of users in health emergencies. In this work, we draw on the insights from the Covid Nearby users' data, and present an analysis of the significantly varying trends in users' privacy preferences with respect to demographics, attitude towards information sharing, and health concerns, e.g. after being possibly exposed to COVID-19. These results and insights can inform health informatics researchers and policy designers in developing more socially acceptable health apps in the future.more » « less
-
null (Ed.)Benefiting from the advance of Deep Learning technology, IoT devices and systems are becoming more intelligent and multi-functional. They are expected to run various Deep Learning inference tasks with high efficiency and performance. This requirement is challenged by the mismatch between the limited computing capability of edge devices and large-scale Deep Neural Networks. Edge-cloud collaborative systems are then introduced to mitigate this conflict, enabling resource-constrained IoT devices to host arbitrary Deep Learning applications. However, the introduction of third-party clouds can bring potential privacy issues to edge computing. In this paper, we conduct a systematic study about the opportunities of attacking and protecting the privacy of edge-cloud collaborative systems. Our contributions are twofold: (1) we first devise a set of new attacks for an untrusted cloud to recover arbitrary inputs fed into the system, even if the attacker has no access to the edge device’s data or computations, or permissions to query this system. (2) We empirically demonstrate that solutions that add noise fail to defeat our proposed attacks, and then propose two more effective defense methods. This provides insights and guidelines to develop more privacy-preserving collaborative systems and algorithms.more » « less
-
more » « less
Abstract Today, patients are demanding a newer and more sophisticated health care system, one that is more personalized and matches the speed of modern life. For the latency and energy efficiency requirements to be met for a real‐time collection and analysis of health data, an edge computing environment is the answer, combined with 5G speeds and modern computing techniques. Previous health care surveys have focused on new fog architecture and sensor types, which leaves untouched the aspect of optimal computing techniques, such as encryption, authentication, and classification that are used on the devices deployed in an edge computing architecture. This paper aims first to survey the current and emerging edge computing architectures and techniques for health care applications, as well as to identify requirements and challenges of devices for various use cases. Edge computing application primarily focuses on the classification of health data involving vital sign monitoring and fall detection. Other low‐latency applications perform specific symptom monitoring for diseases, such as gait abnormalities in Parkinson's disease patients. We also present our exhaustive review on edge computing data operations that include transmission, encryption, authentication, classification, reduction, and prediction. Even with these advantages, edge computing has some associated challenges, including requirements for sophisticated privacy and data reduction methods to allow comparable performance to their Cloud‐based counterparts, but with lower computational complexity. Future research directions in edge computing for health care have been identified to offer a higher quality of life for users if addressed.
-
As more critical applications move to the cloud, there is a pressing need to provide privacy guarantees for data and computation. While cloud infrastructures are vulnerable to a variety of attacks, in this work, we focus on an attack model where an untrusted cloud operator has physical access to the server and can monitor the signals emerging from the processor socket. Even if data packets are encrypted, the sequence of addresses touched by the program serves as an information side channel. To eliminate this side channel, Oblivious RAM constructs have been investigated for decades, but continue to pose large overheads. In this work, we make the case that ORAM overheads can be significantly reduced by moving some ORAM functionality into the memory system. We first design a secure DIMM (or SDIMM) that uses commodity low-cost memory and an ASIC as a secure buffer chip. We then design two new ORAM protocols that leverage SDIMMs to reduce bandwidth, latency, and energy per ORAM access. In both protocols, each SDIMM is responsible for part of the ORAM tree. Each SDIMM performs a number of ORAM operations that are not visible to the main memory channel. By having many SDIMMs in the system, we are able to achieve highly parallel ORAM operations. The main memory channel uses its bandwidth primarily to service blocks requested by the CPU, and to perform a small subset of the many shuffle operations required by conventional ORAM. The new protocols guarantee the same obliviousness properties as Path ORAM. On a set of memory-intensive workloads, our two new ORAM protocols - Independent ORAM and Split ORAM - are able to improve performance by 1.9x and energy by 2.55x, compared to Freecursive ORAM.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- The DOI is not currently available.
