This article describes how a major risk factor in the deployment of patient health records systems in the cloud is the security and privacy of data. Hybrid cloud solutions have been proposed that leverage the public and private cloud deployment to manage and alleviate accessibility, access control and privacy concerns. This article presents a privacy preserving and secure architecture for data acquisition, storage, processing and sharing. The proposed architecture is composed of a public cloud-based services that interact with a low-cost cloud computing cluster (LoC4) as a backend. A lightweight data security eco-system based on attribute based encryption is developed to provide security for public cloud-based data storage. Performance of the deployment is evaluated in a real-time deployment environment. The results show that the proposed ABE-based system is 2.3 times faster than AES-based for a variety of sizes of data blocks. It is further noted that the low-cost and affordability of LoC4 platform offers excellent opportunities for academic research in cloud based health informatics.
Top1. Introduction
Electronic health record (EHR) and personal health record (PHR) systems are widely available and use different technologies and standards (Bahga, 2015; Sun, 2013). The variety and size of medical health records data makes it difficult for researchers to accurately and easily integrate data from various sources. Due to the high cost of building and maintaining specialized data centers many healthcare providers have been outsourcing PHR systems to third part cloud service providers such as Microsoft Health Vault, Google Health, General Electric’s Centricity Patient Online, eClinicalWorks and many more. Cloud computing provides storage for large scale data on external servers allowing researchers and developers to easily access the data (Fang, 2016). Although the technology is being used in recent years with many benefits such as reducing the cost for maintaining servers whereas improving the availability of the systems, there have been wide spread privacy concerns since personal healthcare information can be exposed to unauthorized parties.
Due to the sensitivity of personal information, the cloud based PHRs could potentially become targets of various malicious behaviors. Furthermore, Guo et. al. in (Guo, 2016) and (Abbas, 2017) describe various security issues and threats in cloud computing environment. In (Asija R., 2016), researchers develop a security aware public cloud based SaaS model for healthcare applications embedding XML based meta data for PHRs. Works presented in (ZhouJ, 2015), (ZhouCao, 2015) and (Li, 2013) have proposed several cloud-based secure systems, especially cloud-based PHR systems using encryption where PHR data is encrypted and stored in cloud based storage. In (Man, 2017), (Wang, 2014) and (Zhou, 2015) authors deduce that any public cloud based security model may have inherent threats of trust, security and privacy. They highlight that the complexity of key management in encrypted PHR systems increases for the owners and users resulting in Quality of Service issues. (Liu, 2017) note that hybrid cloud environment integrating the public and private cloud infrastructure is a more applicable solution for PHR sharing.
In this paper, we take inspiration from (Liu, 2017) to investigate requirements for the deployment of a secure hybrid cloud environment for a PHR system. A two-tier hybrid cloud architecture is proposed addressing security and privacy preserving mechanisms for information storage and retrieval in the cloud. A light weight data security eco system is developed to provide Attribute Based Encryption (ABE) for public cloud based data storage that enables multiple users to share data. We further introduce LoC4, an affordable and low-cost cloud computing cluster for health informatics research in universities and academic institutions. The proposed hybrid cloud based PHR system is developed and deployed using an experimental setup coupling public and private cloud based implementations. We conduct several experiments to analyze the performance criteria including computation efficiency, storage and network efficiency, task completion rate, response time etc. Furthermore, we compare the performance the proposed Encryption scheme and compare the response time for task execution for various sizes of data blocks. Results show that LoC4 provides an affordable hybrid cloud based backend solution for low cost, energy efficient and secure deployment.
The contributions of this paper are in the following:
- •
Requirements of a secure hybrid cloud environment for a PHR system are presented. Based on an extensive investigation, a three-layered architecture is proposed including: i) secure data acquisition, ii) storage of PHRs in public cloud and iii) encryption and privacy layers;
- •
A two-tier, light weight encryption eco-system is developed encompassing public cloud service and private cloud based cluster deployment;
- •
Design details and implementation of a LoC4 cluster using SBCs is provided. The Cluster deployment parameters are optimized for performance and energy efficiency;
- •
A light weight middleware for communication and interaction between public cloud service and the LoC4 Cluster is developed. This middleware enables real time performance measurement of the proposed system.