An Efficient Ensemble Architecture for Privacy and Security of Electronic Medical Records

Abstract

Electronic medical records, one of the sensitive data, are stored in public or private cloud service providers. Cloud systems provide security with firewall and intrusion detection systems, and these systems ensure privacy with access control and end-to-end encryption. However, while sending data to the cloud system, attackers can capture the data with the help of Man in the Middle attacks and vulnerabilities of the storage systems. In the middleware architecture proposed in this study, access control protocol, key distributor and end-to-end hybrid encryption which are based on user roles were innovatively used to overcome security issues in data transmission. In this system, writing and updating requests are encrypted asymmetrically, and reading requests were encrypted symmetrically. This solution distinguishes the proposed method from previous studies. According to this solution the operating performance of the system is increased. In addition, the attacker cannot see the actual data in a cyber-attacks because the sensitive data is distributed to the users with their private keys. This result shows that the access, write and update of electronic medical records are performed with the principles of security and privacy.