TY - GEN
T1 - Cryptography on Untrustworthy Cloud Storage for Healthcare Applications
T2 - 11th Brazilian Symposium on Computing Systems Engineering, SBESC 2021
AU - Reis, Lucio H.A.
AU - De Oliveira, Marcela T.
AU - Bowden, James
AU - Krefting, Dagmar
AU - Olabarriaga, Silvia D.
AU - Mattos, Diogo M.F.
PY - 2021
Y1 - 2021
N2 - For cross-sectoral sharing of health data, cloud services provide benefits regarding the availability of relevant information in critical situations. Nevertheless, storing electronic health records in the cloud may impact patient's privacy, since the cloud service provider might lack trustworthiness. Client-side cryptography mitigates the privacy risk by encrypting data in the user's computational environment before transmitting them to the cloud. However, client-side cryptography raises performance concerns. This paper investigates Web Assembly and JavaScript solutions that enable client-side cryptography in web applications and compares their performance against server-side cryptography. We contextualize the study within two healthcare web applications: a prototype for patient record sharing during acute stroke care and an application for sharing data in sleep medicine treatment. Our results show that JavaScript and Web Assembly libraries add more time to encryption and decryption than server-side cryptography. However, due to the concurrency introduced by simultaneous users, the performance of server-side cryptography is worse than client-side, taking longer times to attend to the demand and requiring a larger infrastructure to be effective. Moreover, the JavaScript library asmCrypto and Web Assembly approaches perform better than other libraries and are feasible candidates for application development.
AB - For cross-sectoral sharing of health data, cloud services provide benefits regarding the availability of relevant information in critical situations. Nevertheless, storing electronic health records in the cloud may impact patient's privacy, since the cloud service provider might lack trustworthiness. Client-side cryptography mitigates the privacy risk by encrypting data in the user's computational environment before transmitting them to the cloud. However, client-side cryptography raises performance concerns. This paper investigates Web Assembly and JavaScript solutions that enable client-side cryptography in web applications and compares their performance against server-side cryptography. We contextualize the study within two healthcare web applications: a prototype for patient record sharing during acute stroke care and an application for sharing data in sleep medicine treatment. Our results show that JavaScript and Web Assembly libraries add more time to encryption and decryption than server-side cryptography. However, due to the concurrency introduced by simultaneous users, the performance of server-side cryptography is worse than client-side, taking longer times to attend to the demand and requiring a larger infrastructure to be effective. Moreover, the JavaScript library asmCrypto and Web Assembly approaches perform better than other libraries and are feasible candidates for application development.
KW - Cloud
KW - Electronic Health Records
KW - Encryption
KW - Security
KW - Web Application
UR - http://www.scopus.com/inward/record.url?scp=85122994620&partnerID=8YFLogxK
U2 - 10.1109/SBESC53686.2021.9628260
DO - 10.1109/SBESC53686.2021.9628260
M3 - Conference contribution
AN - SCOPUS:85122994620
T3 - Brazilian Symposium on Computing System Engineering, SBESC
BT - 2021 11th Brazilian Symposium on Computing Systems Engineering, SBESC 2021
PB - IEEE
Y2 - 22 November 2021 through 25 November 2021
ER -