SPARER: Secure Cloud-Proof Storage for e-Health Scenarios

With the surge of data breaches, practitioner ignorance and unprotected hardware, secure information management in healthcare environments is becoming a challenging problem. In the context of healthcare systems, confidentiality of patient data is of particular sensitivity. For economic reasons, cloud services are spreading, but there is still no clear solution to the problem of truly secure data storage at a remote location. To tackle this issue, we first examine if it is possible to have a secure storage of healthcare data without fully relying on trusted third-parties, and without impeding system usability on the side of the caregivers. The novelty of this approach is that it offers a standard-based deployable solution tailored for healthcare scenarios, using cloud services, but where trust is shifted from the cloud provider to the healthcare institution. This approach is unlike state-of-the-art solutions: there are secure cloud storage solutions that insist on having no knowledge of the stored data, but we discovered that they still require too much trust to manage user credentials, these credentials actually give them access to confidential data. In the paper, we present SPARER as a solution to the secure cloud storage problem and discuss the trade-offs of our approach. Moreover, we look at performance benchmarks that can hint to the feasibility and cost of using off-the-shelf cryptographic tools as building blocks in SPARER.