Max-Planck-Institut für Informatik
max planck institut
mpii logo Minerva of the Max Planck Society

MPI-INF or MPI-SWS or Local Campus Event Calendar

<< Previous Entry Next Entry >> New Event Entry Edit this Entry Login to DB (to update, delete)
What and Who
Title:Privacy Preserving Personal Health Record against Brute-Force Attack
Speaker:Saharnaz E. Dilmaghani
coming from:Bilkent University - Turkey
Speakers Bio:Master student
Event Type:PhD Application Talk
Visibility:D1, D2, D3, D4, D5, SWS, RG1, MMCI
We use this to send out email in the morning.
Level:Public Audience
Date, Time and Location
Date:Monday, 19 June 2017
Duration:90 Minutes
Building:E1 4
Personal health records (PHRs) of individuals carry significant privacy-sensitive information about

them. Due to this nature of PHRs, there is a crucial need to protect them from unauthorized users,
especially considering cyber-attacks are dramatically increased during the last couple of years. Cryp-
tography (i.e., encrypting PHRs) is typically a good solution to store PHRs resilient against such
attacks. However, cryptographic solutions are shown to be vulnerable against brute-force attacks,
especially considering weak passwords selected by the users for encryption. Although using high en-
tropy (i.e., complex) passwords for the encryption may decrease the success of such an adversarial
attack, it is not popular among the users to choose such passwords. Towards this end, we present a
new framework as a solution for a secure storage of PHR data against brute-force attacks (even when
users select low entropy passwords for encryption).
Our system utilizes Honey Encryption (HE), a new cryptographic tool that provides security be-
yond brute-force bound, as a building block. The previous applications of HE are mainly on the static
datasets that do not change over time. We design a HE-based model on a highly dynamic dataset of
PHRs. For construction and evaluation, we collected almost 10k patients information from various
datasets (e.g., PatientsLikeMe, TCGA) in order to construct a precise encoder/decoder model as a
core element for HE. Proposed model ensures that the decryption of an encrypted PHR record with
incorrect keys yields a valid-looking but incorrect PHR record to an adversary. To the best of our
knowledge, we are the rst to provide a robust password-based framework against brute-force attacks
of health records regardless of the entropy of the password. Comparison of our proposed method with
the direct application of the password-based encryption scheme shows that it is almost impossible
for an adversary to eliminate any wrong password. We also consider real-life scenarios for di erent
attacks with side information about a patient's health-related attributes.

Name(s):imprs office team
Phone:+49 681 - 93 25 1800
EMail:--email address not disclosed on the web
Video Broadcast
Video Broadcast:NoTo Location:
Tags, Category, Keywords and additional notes
Attachments, File(s):

Caroline Brill/MPI-INF, 06/14/2017 01:37 PM
Last modified:
halma/MPII/DE, 01/17/2019 02:55 AM
  • Caroline Brill, 06/14/2017 01:44 PM -- Created document.