A consumer-centered security framework for sharing health data in social networks

Healthcare consumers should have control over their shared health data in social networks and cloud-based systems through specifying their data protection policies, and preventing unauthorized data access and modifications. This consumer-centered approach requires a completely secure framework and protocol that enables consumers to easily revoke users and have control over their data after data sharing. We aimed to develop a security framework that enables consumers to securely share data with the healthcare team, revoke users, and control their data after sharing, considering a complete authenticity between all parties involved in data sharing.Using the ElGamal and the ciphertext-policy attribute-based encryption (CP-ABE) algorithms, we developed a hardware-independent, role-based, and data type-based framework. We evaluated our framework in terms of “Secret ”, “Alive”, “Niagree, “WeakAgree” and “Nisynch” security claims. We also evaluated the secrecy of the suggested protocol by using an automated security verification tool (ProVerif). We evaluated the scalability of our solution to measure the maximum workload that it can tolerate. We also evaluated our framework in terms of the required time and volume of data to encrypt and access the data.The security evaluation showed that our framework for the four roles of consumer, physician, cloud server, and proxy server are secure against the security claims. ProVerif simulation results indicated that the suggested protocol was safe for consumers’ private information. Our resource utilization experiment showed that on average for 1617.1015 KB of input data, 10.282 seconds were needed. In addition, on average for 1617.0742 KB of data consumed, 0.797 s were required. The scalability test showed that the proxy server could respond to 2885 concurrent requests in 60 s and the cloud server could respond to 777 concurrent requests in 60 seconds.In comparison with the state-of-the-art approaches, the evaluations demonstrate that our framework provides more features such as flexible access control after data sharing and is also more efficient in terms of the computational cost of user revocation.