Privacy-preserving Health Data Sharing for Medical Cyber-Physical Systems

TL;DR

This paper introduces a user-centric, secure data storage and sharing method for Medical Cyber-Physical Systems that combines selective encryption with fragmentation to enhance privacy even if transmission media and keys are compromised.

Contribution

It proposes a novel data protection approach that shifts security focus from keys to data itself, enabling end-user control and resilience against key exposure.

Findings

Efficient performance on smartphone platforms demonstrated.

Enhanced data privacy even when transmission media and keys are compromised.

User-centric design allows end-user control over data sharing.

Abstract

The recent spades of cyber security attacks have compromised end users' data safety and privacy in Medical Cyber-Physical Systems (MCPS). Traditional standard encryption algorithms for data protection are designed based on a viewpoint of system architecture rather than a viewpoint of end users. As such encryption algorithms are transferring the protection on the data to the protection on the keys, data safety and privacy will be compromised once the key is exposed. In this paper, we propose a secure data storage and sharing method consisted by a selective encryption algorithm combined with fragmentation and dispersion to protect the data safety and privacy even when both transmission media (e.g. cloud servers) and keys are compromised. This method is based on a user-centric design that protects the data on a trusted device such as end user's smartphone and lets the end user to control the access for data sharing. We also evaluate the performance of the algorithm on a smartphone platform to prove the efficiency.