Database encryption

About: Database encryption is a research topic. Over the lifetime, 320 publications have been published within this topic receiving 10685 citations.

Multi-source longitudinal patient-level data encryption process

Abstract: Systems and processes for assembling de-itendified patient healthcare data records in a longitudinal database are provided. The systems and processes may be implemented over multiple data suppliers and common database facilities while ensuring patient privacy. At the data supplier locations, patient-identifying attributes in the dtaa records are placed in standard format and then doubly encrypted using a pair of encryption keys before transmission to a common database facility. The pair of encryption keys includes a key specific to the data supplier and a key specific to the common database facility. At the common database facility, the encryption specific to the data supplier is removed, so that multi-sourced data records have only the common database encryption. Without direct access to patient identifying-information, the encrypted data records assigned dummy labels or tags by which the data records can be longitudinally linked in the database. The tags are assigned based on statistical matching of the values of a select set of encrypted data attributes with a reference database of tags and associated encrypted data attribute values.

Chaotic Order Preserving Encryption for Efficient and Secure Queries on Databases

Abstract: The need for data encryption that protects sensitive data in a database has increased rapidly. However, encrypted data can no longer be efficiently queried because nearly all of the data should be decrypted. Several order-preserving encryption schemes that enable indexes to be built over encrypted data have been suggested to solve this problem. They allow any comparison operation to be directly applied to encrypted data. However, one of the main disadvantages of these schemes is that they expose sensitive data to inference attacks with order information, especially when the data are used together with unencrypted columns in the database. In this study, a new order-preserving encryption scheme that provides secure queries by hiding the order is introduced. Moreover, it provides efficient queries because any user who has the encryption key knows the order. The proposed scheme is designed to be efficient and secure in such an environment. Thus, it is possible to encrypt only sensitive data while leaving other data unencrypted. The encryption is not only robust against order exposure, but also shows high performance for any query over encrypted data. In addition, the proposed scheme provides strong updates without assumptions of the distribution of plaintext. This allows it to be integrated easily with the existing database system.

Searchable encrypted data

Abstract: Embodiments of the invention broadly described, introduce systems and methods for enabling the searching of encrypted data. One embodiment of the invention discloses a method for generating a searchable encrypted database. The method comprises receiving a plurality of sensitive data records comprising personal information of different users, identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user, generating a searchable field index for each of the one or more searchable fields, and encrypting the sensitive data records using a database encryption key.

Model-Driven Application-Level Encryption for the Privacy of E-health Data

Abstract: We propose a novel model-driven application-level encryption solution to protect the privacy and confidentiality of health data in response to the growing public concern about the privacy of health data. Domain experts specify sensitive data which are to be protected by encryption in the application’s domain model. Security experts specify the cryptographic parameters used for the encryption in a security configuration. Both specifications are highly flexible to support different granularities of data to be encrypted and appropriate security levels. Based on the domain model, our code generator for Model-Driven Software Development generates code and configuration artifacts to control the encryption and decryption logic in the application and perform database schema modifications. Our encryption infrastructure outside the database (hence, application-level encryption) utilizes the security configuration to perform encryption and decryption.The generator relieves application developers from a significant amount of migration work required by application-level encryption. Hence, our approach combines the flexibility, security and independence from database vendors of application-level encryption and the transparency of database-level encryption. Our model-driven application-level encryption has been integrated into our eHealth Framework, a comprehensive platform for the development of electronic health care solutions. Our approach can be applied to other domains as well.

Cyberinfrastructure for Open Science at the Montreal Neurological Institute

Abstract: Data sharing is becoming more of a requirement as technologies mature and as global research and communications diversify. As a result, researchers are looking for practical solutions, not only to enhance scientific collaborations, but also to acquire larger amounts of data, and to access specialized datasets. In many cases, the realities of data acquisition present a significant burden, therefore gaining access to public datasets allows for more robust analyses and broadly enriched data exploration. To answer this demand, the Montreal Neurological Institute has announced its commitment to Open Science, harnessing the power of making both clinical and research data available to the world (Owens 2016). As such, the LORIS and CBRAIN (Das 2015) platforms have been tasked with the technical challenges specific to the institutional-level implementation of open data sharing, including: 1) Comprehensive linking of multimodal data (phenotypic. clinical, neuroimaging, biobanking and genomics, etc.) 2) Secure database encryption, specifically designed for institutional and multi-project data sharing, ensuring subject confidentiality (using multi-tiered identifiers). 3) Querying capabilities with multiple levels of single study and institutional permissions, allowing public data sharing for all consented and de-identified subject data. 4) Configurable pipelines and flags to facilitate acquisition and analysis, as well as access to High Performance Computing clusters for rapid data processing and sharing of software tools. 5) Robust Workflows and Quality Control mechanisms ensuring transparency and consistency in best practices. 6) Long term storage (and web access) of data, reducing loss of institutional data assets. 7) Enhanced web-based visualization of imaging, genomics, and phenotypic data, allowing for real-time viewing and manipulation of data from anywhere in the world. 8) Numerous modules for data filtering, summary statistics, and personalized and configurable dashboards. Implementing the vision of Open Science at the Montreal Neurological Institute will be a concerted undertaking that seeks to facilitate data sharing for the global research community. Our goal is to utilize the years of experience in multi-site collaborative research infrastructure to implement the technical requirements to achieve this level of public data sharing in a practical, yet robust manner.