Date of Award

7-1-2017

Document Type

Thesis (Undergraduate)

Department or Program

Department of Computer Science

First Advisor

David Kotz

Abstract

Owners of mobile-health apps and devices often want to share their mHealth data with others, such as physicians, therapists, coaches, and caregivers. For privacy reasons, however, they typically want to share a limited subset of their information with each recipient according to their preferences. In this paper, we introduce ShareABEL, a scalable, usable, and practical system that allows mHealth-data owners to specify access-control policies and to cryptographically enforce those policies so that only parties with the proper corresponding permissions are able to decrypt data. The design (and prototype implementation) of this system makes three contributions: (1) it applies cryptographically-enforced access-control measures to wearable healthcare data, which pose different challenges than Electronic Medical Records (EMRs), (2) it recognizes the temporal nature of mHealth data streams and supports revocation of access to part or all of a data stream, and (3) it departs from the vendor- and device-specific silos of mHealth data by implementing a secure end-to-end system that can be applied to data collected from a variety of mHealth apps and devices.

Comments

Originally posted in the Dartmouth College Computer Science Technical Report Series, number TR2017-827. This Senior Honors Thesis was later revised and published as follows: Emily Greene, Patrick Proctor, and David Kotz. Secure Sharing of mHealth Data Streams through Cryptographically-Enforced Access Control. Journal of Smart Health, April 2018. DOI 10.1016/j.smhl.2018.01.003.

Share

COinS