Online at Will: A Novel Protocol for Mutual Authentication in Peer-to-Peer Networks for Patient-Centered Health Care Information Systems

Yari, Imrana Abdullahi; Dehling, Tobias; Kluge, Felix; Eskofier, Bjoern M.; Sunyaev, Ali

doi:10.24251/hicss.2021.463

Cited by 2 publications

(11 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An effective IAS addresses security issues such as Sybil attacks, poisoning attacks, pollution attacks, and MitM attacks [ 65 , 81 , 140 ] and is essential for health care information systems [ 2 , 30 ]. By authenticating users and resources shared, the origin of pollution or poisoning attacks can be traced, and the attackers can be held accountable.…”

Section: Discussionmentioning

confidence: 99%

“…Individual PHS providers leveraging an effective IAS can strengthen security, which has the potential to increase patients’ intention to use P2P PHSs. In Germany, the German HTI planned to provide user authentication through smart cards as a security measure for PHS providers [ 65 , 141 ]. However, the introduction of national HTIs often leads to ambiguous, expensive, and protracted projects [ 65 , 141 ].…”

Section: Discussionmentioning

confidence: 99%

“…P2P PHSs (eg, COVID-19 contact tracing systems such as PEPP-PT [22] or OnePatient [15]) require research from many perspectives to facilitate widespread use because they are an emerging phenomenon, pose major security issues (eg, by requiring patients to manage information security largely by themselves [65]), and are understudied. Extant research on PHS security, privacy, and end-user features [2,[28][29][30][31] focuses on centralized and DLT-based PHS.…”

Section: Contributionsmentioning

confidence: 99%

“…Large health care IT organizations (eg, the German Healthcare Technology Infrastructure; HTI [ 2 , 65 ]) are represented at the top of the hierarchy in the architecture to facilitate certification of various PHS providers (tier 1, Figure 3 ). They define and enforce the implementation of various data regulations, representation standards, and ontologies (eg, Health Level Seven and Fast Health care Interoperability Resources [ 6 ]) to share heterogeneous medical records across PHS networks.…”

Section: Introductionmentioning

confidence: 99%

“…Each common peer on the network (corresponding to a patient) is modeled on the local PHS and on the hyper peer’s private cloud server. Common peer s can grant access to their health records to any party through single-hop radio communication (without involving a third party in the communication, eg, Wi-Fi direct) or multihop network communications via the cloud storage of the hyper peers [ 65 ]. Other parties, such as researchers looking for data for research purposes, can obtain read-permissions for patient records by interacting with the practitioner via the hospitals' private network, which forwards permission requests to patients.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review

Yari¹,

Dehling²,

Kluge³

et al. 2021

J Med Internet Res

Self Cite

View full text Add to dashboard Cite

Background Patient-centered health care information systems (PHSs) enable patients to take control and become knowledgeable about their own health, preferably in a secure environment. Current and emerging PHSs use either a centralized database, peer-to-peer (P2P) technology, or distributed ledger technology for PHS deployment. The evolving COVID-19 decentralized Bluetooth-based tracing systems are examples of disease-centric P2P PHSs. Although using P2P technology for the provision of PHSs can be flexible, scalable, resilient to a single point of failure, and inexpensive for patients, the use of health information on P2P networks poses major security issues as users must manage information security largely by themselves. Objective This study aims to identify the inherent security issues for PHS deployment in P2P networks and how they can be overcome. In addition, this study reviews different P2P architectures and proposes a suitable architecture for P2P PHS deployment. Methods A systematic literature review was conducted following PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) reporting guidelines. Thematic analysis was used for data analysis. We searched the following databases: IEEE Digital Library, PubMed, Science Direct, ACM Digital Library, Scopus, and Semantic Scholar. The search was conducted on articles published between 2008 and 2020. The Common Vulnerability Scoring System was used as a guide for rating security issues. Results Our findings are consolidated into 8 key security issues associated with PHS implementation and deployment on P2P networks and 7 factors promoting them. Moreover, we propose a suitable architecture for P2P PHSs and guidelines for the provision of PHSs while maintaining information security. Conclusions Despite the clear advantages of P2P PHSs, the absence of centralized controls and inconsistent views of the network on some P2P systems have profound adverse impacts in terms of security. The security issues identified in this study need to be addressed to increase patients’ intention to use PHSs on P2P networks by making them safe to use.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Section: Contributionsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review

Yari¹,

Dehling²,

Kluge³

et al. 2021

J Med Internet Res

Self Cite

View full text Add to dashboard Cite

show abstract

Aligning Federated Learning with Existing Trust Structures in Health Care Systems

Yari

Raab

Küderle

et al. 2023

IJERPH

View full text Add to dashboard Cite

Patient-centered health care information systems (PHSs) on peer-to-peer (P2P) networks (e.g., decentralized personal health records) enable storing data locally at the edge to enhance data sovereignty and resilience to single points of failure. Nonetheless, these systems raise concerns on trust and adoption in medical workflow due to non-alignment to current health care processes and stakeholders’ needs. The distributed nature of the data makes it more challenging to train and deploy machine learning models (using traditional methods) at the edge, for instance, for disease prediction. Federated learning (FL) has been proposed as a possible solution to these limitations. However, the P2P PHS architecture challenges current FL solutions because they use centralized engines (or random entities that could pose privacy concerns) for model update aggregation. Consequently, we propose a novel conceptual FL framework, CareNetFL, that is suitable for P2P PHS multi-tier and hybrid architecture and leverages existing trust structures in health care systems to ensure scalability, trust, and security. Entrusted parties (practitioners’ nodes) are used in CareNetFL to aggregate local model updates in the network hierarchy for their patients instead of random entities that could actively become malicious. Involving practitioners in their patients’ FL model training increases trust and eases access to medical data. The proposed concepts mitigate communication latency and improve FL performance through patient–practitioner clustering, reducing skewed and imbalanced data distributions and system heterogeneity challenges of FL at the edge. The framework also ensures end-to-end security and accountability through leveraging identity-based systems and privacy-preserving techniques that only guarantee security during training.

show abstract

Online at Will: A Novel Protocol for Mutual Authentication in Peer-to-Peer Networks for Patient-Centered Health Care Information Systems

Cited by 2 publications

References 0 publications

Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review

Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review

Aligning Federated Learning with Existing Trust Structures in Health Care Systems

Contact Info

Product

Resources

About