More Web Proxy on the site http://driver.im/

research-article

DeCanSec: A Decentralized Architecture for Secure Statistical Computations on Distributed Health Registry Data

Authors:

Narasimha Raghavan Veeraragavan,

Jan Franz NygårdAuthors Info & Claims

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Article No.: 140, Pages 1 - 9

https://doi.org/10.1145/3465481.3470071

Published: 17 August 2021 Publication History

Abstract

The architectures presented in the literature, and current practices and solutions for computing statistics on data from health registries distributed across the world are manual and suffers from security and privacy problems. In this paper, we suggest a solution design with a infrastructure architecture providing improved security, automation and privacy guarantees compared to the related works. Our solution builds on top of the key research accomplishments from several areas such as distributed computing, blockchain, cryptography, and medical informatics rather than completely re-inventing the wheel from scratch for the healthcare domain. The proposed architecture is currently being prototyped in the Cancer Registry of Norway.

References

[1]

[n.d.]. NORDCAN Call for data. Retrieved May 18, 2021 from https://github.com/CancerRegistryOfNorway/NORDCAN/wiki/Call-for-data---Incidence

[2]

[n.d.]. NORDCAN GitHub. Retrieved May 18, 2021 from https://github.com/CancerRegistryOfNorway/NORDCAN/wiki

[3]

[n.d.]. NORDCAN preprocessing. Retrieved May 18, 2021 from https://github.com/CancerRegistryOfNorway/NORDCAN/wiki/NORDCAN-R-nordcanpreprocessing

[4]

[n.d.]. NORDCAN Website. Retrieved May 18, 2021 from https://nordcan.iarc.fr/en

[5]

[n.d.]. TUF Specifications. Retrieved May 16, 2021 from https://github.com/theupdateframework/specification/blob/master/tuf-spec.md

[6]

[n.d.]. Understand the Noitary service architecture. Retrieved May 16, 2021 from https://docs.docker.com/notary/service_architecture/

[7]

George Alter, Brett Hemenway Falk, Steve Lu, and Rafail Ostrovsky. 2018. Computing Statistics from Private Data. Data Science Journal 17(2018).

[8]

Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin, Konstantinos Christidis, Angelo De Caro, David Enyeart, Christopher Ferris, Gennady Laventman, Yacov Manevich, 2018. Hyperledger fabric: a distributed operating system for permissioned blockchains. In Proceedings of the thirteenth EuroSys conference. 1–15.

Digital Library

[9]

Johes Bater, Gregory Elliott, Craig Eggen, Satyender Goel, Abel Kho, and Jennie Rogers. 2016. SMCQL: secure querying for federated databases. arXiv preprint arXiv:1606.06808(2016).

[10]

Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson. 2019. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali. 351–371.

[11]

Juan Benet. 2014. Ipfs-content addressed, versioned, p2p file system. arXiv preprint arXiv:1407.3561(2014).

[12]

John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-policy attribute-based encryption. In 2007 IEEE symposium on security and privacy (SP’07). IEEE, 321–334.

Digital Library

[13]

Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, and Michele Orrù. 2017. Homomorphic secret sharing: optimizations and applications. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2105–2122.

Digital Library

[14]

Miguel Castro, Barbara Liskov, 1999. Practical byzantine fault tolerance. In OSDI, Vol. 99. 173–186.

[15]

Ruichuan Chen, Alexey Reznichenko, Paul Francis, and Johanes Gehrke. 2012. Towards statistical queries over distributed private user data. In 9th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 12). 169–182.

[16]

Richard Cleve. 1986. Limits on the security of coin flips when half the processors are faulty. In Proceedings of the eighteenth annual ACM symposium on Theory of computing. 364–369.

Digital Library

[17]

Cynthia Dwork. 2008. Differential privacy: A survey of results. In International conference on theory and applications of models of computation. Springer, 1–19.

[18]

G. Engholm, J. Ferlay, N. Christensen, F. Bray, M. L. Gjerstorff, A. Klint, J. E. Kotlum, E. Olafsdottir, E. Pukkala, and H. H. Storm. 2010. NORDCAN - a Nordic tool for cancer information, planning, quality control and research. Acta Oncologica 49, 5 (2010), 725–736. https://doi.org/10.3109/02841861003782017

[19]

J. Ferlay, M. Colombet, I. Soerjomataram, D. M. Parkin, M. Pineros, A. Znaor, and F. Bray. 2021. Cancer statistics for the year 2020: An overview. Int J Cancer (2021). https://doi.org/10.1002/ijc.33588

[20]

David Froelicher, Patricia Egger, João Sá Sousa, Jean Louis Raisaro, Zhicong Huang, Christian Mouchet, Bryan Ford, and Jean-Pierre Hubaux. 2017. Unlynx: a decentralized system for privacy-conscious data sharing. Proceedings on Privacy Enhancing Technologies 2017, 4(2017), 232–250.

[21]

David Froelicher, Juan Ramón Troncoso-Pastoriza, Joao Sa Sousa, and Jean-Pierre Hubaux. 2020. Drynx: Decentralized, secure, verifiable system for statistical queries and machine learning on distributed datasets. IEEE Transactions on Information Forensics and Security 15 (2020), 3035–3050.

[22]

Adrià Gascón, Phillipp Schoppmann, Borja Balle, Mariana Raykova, Jack Doerner, Samee Zahur, and David Evans. 2017. Privacy-preserving distributed linear regression on high-dimensional data. Proceedings on Privacy Enhancing Technologies 2017, 4(2017), 345–364.

[23]

Amadou Gaye, Yannick Marcon, Julia Isaeva, Philippe LaFlamme, Andrew Turner, Elinor M Jones, Joel Minion, Andrew W Boyd, Christopher J Newby, Marja-Liisa Nuotio, 2014. DataSHIELD: taking the analysis to the data, not the data to the analysis. International journal of epidemiology 43, 6 (2014), 1929–1944.

[24]

Craig Gentry. 2009. Fully homomorphic encryption using ideal lattices. In Proceedings of the forty-first annual ACM symposium on Theory of computing. 169–178.

Digital Library

[25]

Oded Goldreich, Silvio Micali, and Avi Wigderson. 2019. How to play any mental game, or a completeness theorem for protocols with honest majority. In Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali. 307–328.

[26]

Christian Gorenflo, Stephen Lee, Lukasz Golab, and Srinivasan Keshav. 2020. FastFabric: Scaling hyperledger fabric to 20 000 transactions per second. International Journal of Network Management 30, 5 (2020), e2099.

Digital Library

[27]

Karthik A Jagadeesh, David J Wu, Johannes A Birgmeier, Dan Boneh, and Gill Bejerano. 2017. Deriving genomic diagnoses without revealing patient genomes. Science 357, 6352 (2017), 692–695.

[28]

Michael Jones, John Bradley, and Nat Sakimura. 2015. JSON web signature (JWS). Internet Requests for Comments, RFC 7515 (2015).

[29]

Michael Jones, Brain Campbell, and Chuck Mortimore. 2015. JSON Web Token (JWT) profile for OAuth 2.0 client authentication and authorization Grants. May-2015.{Online}. Available: https://tools. ietf. org/html/rfc7523 (2015).

[30]

Michael Jones and Joe Hildebrand. 2015. Json web encryption (jwe). Internet Requests for Comments, RFC 7516 (2015).

[31]

Miran Kim, Yongsoo Song, Shuang Wang, Yuhou Xia, and Xiaoqian Jiang. 2018. Secure logistic regression based on homomorphic encryption: Design and evaluation. JMIR medical informatics 6, 2 (2018), e19.

[32]

Luca Melis, George Danezis, and Emiliano De Cristofaro. 2015. Efficient private statistics with succinct sketches. arXiv preprint arXiv:1508.06110(2015).

[33]

L. Mery and F. Bray. 2020. Population-based cancer registries: a gateway to improved surveillance of non-communicable diseases. Ecancermedicalscience 14(2020), ed95. https://doi.org/10.3332/ecancer.2020.ed95

[34]

Arturo Moncada-Torres, Frank Martin, Melle Sieswerda, Johan Van Soest, and Gijs Geleijnse. 2020. VANTAGE6: an open source priVAcy preserviNg federaTed leArninG infrastructurE for Secure Insight eXchange. In AMIA Annual Symposium Proceedings, Vol. 2020. American Medical Informatics Association, 870.

[35]

Valeria Nikolaenko, Udi Weinsberg, Stratis Ioannidis, Marc Joye, Dan Boneh, and Nina Taft. 2013. Privacy-preserving ridge regression on hundreds of millions of records. In 2013 IEEE Symposium on Security and Privacy. IEEE, 334–348.

Digital Library

[36]

Antonis Papadimitriou, Ranjita Bhagwan, Nishanth Chandran, Ramachandran Ramjee, Andreas Haeberlen, Harmeet Singh, Abhishek Modi, and Saikrishna Badrinarayanan. 2016. Big data analytics over encrypted datasets with seabed. In 12th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 16). 587–602.

[37]

E. Pukkala, G. Engholm, L. K. Hojsgaard Schmidt, H. Storm, S. Khan, M. Lambe, D. Pettersson, E. Olafsdottir, L. Tryggvadottir, T. Hakanen, N. Malila, A. Virtanen, T. B. Johannesen, S. Laronningen, and G. Ursin. 2018. Nordic Cancer Registries - an overview of their procedures and data comparability. Acta Oncol 57, 4 (2018), 440–455. https://doi.org/10.1080/0284186X.2017.1407039

[38]

Narasimha Raghavan and Roman Vitenberg. 2011. Balancing the communication load of state transfer in replicated systems. In 2011 IEEE 30th International Symposium on Reliable Distributed Systems. IEEE, 41–50.

Digital Library

[39]

Jean Louis Raisaro, Juan Ramon Troncoso-Pastoriza, Mickael Misbach, Joao Sa Sousa, Sylvain Pradervand, Edoardo Missiaglia, Olivier Michielin, Bryan Ford, and Jean-Pierre Hubaux. 2019. MedCo: Enabling Secure and Privacy-Preserving Exploration of Distributed Clinical and Genomic Data. IEEE/ACM Trans. Comput. Biol. Bioinformatics 16, 4 (July 2019), 1328–1341.

Digital Library

[40]

Justin Samuel, Nick Mathewson, Justin Cappos, and Roger Dingledine. 2010. Survivable key compromise in software update systems. In Proceedings of the 17th ACM conference on Computer and communications security. 61–72.

Digital Library

[41]

Amir Shpilka and Amir Yehudayoff. 2010. Arithmetic circuits: A survey of recent results and open questions. Now Publishers Inc.

[42]

Ewa Syta, Iulia Tamas, Dylan Visher, David Isaac Wolinsky, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khoffi, and Bryan Ford. 2016. Keeping authorities” honest or bust” with decentralized witness cosigning. In 2016 IEEE Symposium on Security and Privacy (SP). Ieee, 526–545.

[43]

Shaohua Tang. 2004. Simple secret sharing and threshold RSA signature schemes. Journal of Information and Computational Science 1, 2 (2004), 259–262.

[44]

Parth Thakkar, Senthil Nathan, and Balaji Viswanathan. 2018. Performance benchmarking and optimizing hyperledger fabric blockchain platform. In 2018 IEEE 26th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS). IEEE, 264–276.

[45]

Narasimha Raghavan Veeraragavan and Karen Lees. 2017. Privacy Broker: Message Oriented Middleware to Implement Privacy Controls in Schibsted’s Ecosystem of Services. In IWPE@ SP. 49–56.

[46]

Narasimha Raghavan Veeraragavan, Hein Meling, and Roman Vitenberg. 2013. QoE estimation models for tele-immersive applications. In Eurocon 2013. IEEE, 154–161.

[47]

Narasimha Raghavan Veeraragavan, Leonardo Montecchi, Nicola Nostro, Roman Vitenberg, Hein Meling, and Andrea Bondavalli. 2015. Modeling QoE in dependable tele-immersive applications: A case study of world opera. IEEE Transactions on Parallel and Distributed Systems 27, 9 (2015), 2667–2681.

Digital Library

[48]

Andrew C Yao. 1982. Protocols for secure computations. In 23rd annual symposium on foundations of computer science (sfcs 1982). IEEE, 160–164.

Digital Library

[49]

Andrew Chi-Chih Yao. 1986. How to generate and exchange secrets. In 27th Annual Symposium on Foundations of Computer Science (sfcs 1986). IEEE, 162–167.

[50]

Xiaojie Zhu, Erman Ayday, Roman Vitenberg, and Narasimha Raghavan Veeraragavan. 2021. Privacy-Preserving Search for a Similar Genomic Makeup in the Cloud. IEEE Transactions on Dependable and Secure Computing (2021).

[51]

Yan Zhu, Hongxin Hu, Gail-Joon Ahn, Mengyang Yu, and Hongjia Zhao. 2012. Comparison-based encryption for fine-grained access control in clouds. In Proceedings of the second ACM conference on Data and Application Security and Privacy. 105–116.

Digital Library

Cited By

Liu XTu XLuo DXu GXiong NChen X(2023)Secure Multi-Party Computation of Graphs’ Intersection and Union under the Malicious ModelElectronics10.3390/electronics1202025812:2(258)Online publication date: 4-Jan-2023
https://doi.org/10.3390/electronics12020258
Veeraragavan NNygård J(2023)Securing Federated GANs: Enabling Synthetic Data Generation for Health Registry ConsortiumsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605041(1-9)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605041
Karimireddy SVeeraragavan NElvatun SNygård J(2023)Federated Learning Showdown: The Comparative Analysis of Federated Learning Frameworks2023 Eighth International Conference on Fog and Mobile Edge Computing (FMEC)10.1109/FMEC59375.2023.10305961(224-231)Online publication date: 18-Sep-2023
https://doi.org/10.1109/FMEC59375.2023.10305961
Show More Cited By

Index Terms

DeCanSec: A Decentralized Architecture for Secure Statistical Computations on Distributed Health Registry Data
1. Applied computing
2. Software and its engineering
  1. Software organization and properties

Index terms have been assigned to the content through auto-classification.

Recommendations

Sharing Health Records in Senegal Using Blockchain
ICBTA '21: Proceedings of the 2021 4th International Conference on Blockchain Technology and Applications

Electronic Health Records offer real advantages for accessing and storing patient health information, which can improve the management of patient care. However, the attractive features of electronic records (accessibility, portability, and portability ...
Blockchain Survey for Security and Privacy in the e-Health Ecosystem
Risks and Security of Internet and Systems
Abstract
This survey paper focuses on the use of blockchain technology to ensure security and privacy properties in e-health applications. For that, background information on blockchain technology was conducted, followed by a classification of e-health ...
Is blockchain for Internet of Medical Things a panacea for COVID-19 pandemic?
Abstract
The outbreak of the COVID-19 pandemic has deeply influenced the lifestyle of the general public and the healthcare system of the society. As a promising approach to address the emerging challenges caused by the epidemic of infectious ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

August 2021

1447 pages

ISBN:9781450390514

DOI:10.1145/3465481

Copyright © 2021 ACM.

Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES 2021

ARES 2021: The 16th International Conference on Availability, Reliability and Security

August 17 - 20, 2021

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
134
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)2

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu XTu XLuo DXu GXiong NChen X(2023)Secure Multi-Party Computation of Graphs’ Intersection and Union under the Malicious ModelElectronics10.3390/electronics1202025812:2(258)Online publication date: 4-Jan-2023
https://doi.org/10.3390/electronics12020258
Veeraragavan NNygård J(2023)Securing Federated GANs: Enabling Synthetic Data Generation for Health Registry ConsortiumsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605041(1-9)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605041
Karimireddy SVeeraragavan NElvatun SNygård J(2023)Federated Learning Showdown: The Comparative Analysis of Federated Learning Frameworks2023 Eighth International Conference on Fog and Mobile Edge Computing (FMEC)10.1109/FMEC59375.2023.10305961(224-231)Online publication date: 18-Sep-2023
https://doi.org/10.1109/FMEC59375.2023.10305961
Liu XZhang RXu GChen XXiong N(2021)Confidentially judging the relationship between an integer and an interval against malicious adversaries and its applicationsComputer Communications10.1016/j.comcom.2021.09.011180:C(115-125)Online publication date: 1-Dec-2021
https://dl.acm.org/doi/10.1016/j.comcom.2021.09.011

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents