Please use this identifier to cite or link to this item:
Title: Secure and privacy-preserving sharing of personal health records with multi-party pre-authorization verification
Authors: Tan, Kheng Leong
Chi, Chi-Hung
Lam, Kwok-Yan
Keywords: Engineering::Computer science and engineering
Issue Date: 2022
Source: Tan, K. L., Chi, C. & Lam, K. (2022). Secure and privacy-preserving sharing of personal health records with multi-party pre-authorization verification. Wireless Networks.
Journal: Wireless Networks 
Abstract: Wireless communications play an important role in ensuring ease of access to shared electronic health records (EHR) across health service providers which is essential and significant for prompt patients’ care, especially in cases of emergency medical conditions. With the need to support anytime, anywhere access to, potentially bandwidth hungry, medical records, electronic healthcare applications will continue to benefit from advanced wireless network technologies such as 5G and beyond. With sharing, it is crucial to provide patients with security and privacy guarantees, and allow them to certain control of access to their data. Existing solutions mostly assume that patients are available to authorize requests to access their EHR, which is impractical as the patient may be unconscious. This paper proposes a secure and privacy protecting protocol whereby the patient can pre-delegate the authorization for the access of his/her EHR. Our patient(user)-centric proposal combines Self-Sovereign Identity (SSI) concepts and model with Secure Multi-party Computation (SMPC) and Threshold Cryptography (TC) to enable secure identity and authorization verification. A block cipher encryption sharing approach is adopted for the threshold SMPC which extends the AES-GCM symmetric encryption model into a full-fledged cryptographic platform. Two mechanisms are implemented for the block cipher encryption, namely XOR and Cascade, and experiments are conducted to compare them. We conclude that the XOR mechanism can scale for larger thresholds, while Cascade performed better for a lower threshold (≤ 3). This paper also performs a threat analysis of the protocol and approach, and validates its correctness and complexity. We conclude that the approach can achieve the security and privacy protection of the patient’s personal EHR, as well as the autonomy of the patient to control the authorization for the access and sharing.
ISSN: 1022-003-
DOI: 10.1007/s11276-022-03114-6
Schools: School of Computer Science and Engineering 
Research Centres: Strategic Centre for Research in Privacy-Preserving Technologies and Systems
Rights: © 2022 The Author(s), under exclusive licence to Springer Science Business Media, LLC, part of Springer Nature. All rights reserved. This version of the article has been accepted for publication, after peer review and is subject to Springer Nature’s AM terms of use, but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at:
Fulltext Permission: open
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Journal Articles

Files in This Item:
File Description SizeFormat 
springer-wireless-revised.pdf932.81 kBAdobe PDFThumbnail

Citations 50

Updated on Jun 16, 2024

Web of ScienceTM
Citations 50

Updated on Oct 22, 2023

Page view(s)

Updated on Jun 19, 2024


Updated on Jun 19, 2024

Google ScholarTM




Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.