Advanced Secure Cloud Encrypted Platform for Internationally Orchestrated Solutions in Healthcare

Challenges. The ASCLEPIOS proposal identified three key cybersecurity challenges. (1) Many of the existing cybersecurity approaches fail to protect users’ data against attacks that originate from inside and/or external adversaries. (2) Healthcare practitioners and researchers want to analyse healthcare and medical data while preserving privacy and providing security. (3) A new generation of healthcare and medical devices is emerging in which some hardware components are replaced by software, so users cannot attest the trustworthiness of these devices and must rely on the assurances of device vendors, operators, and maintainers.

Objectives. The vision of ASCLEPIOS was to maximize and fortify the trust of users on cloud-based healthcare services by developing mechanisms to protect sensitive corporate and personal data. The project addressed the above listed key challenges targeting the following main objectives. (1) Creating cybersecurity solutions based on Searchable Symmetric Encryption (SSE), Attribute Based Encryption (ABE) and Attribute-based Access Control (ABAC) to prevent unauthorized access to data stored in both local and remote storages. (2) Elaborating a novel solution that enables users in the Healthcare sector to run Functional Encryption (FE) enabled analytics on healthcare and medical data in a privacy-preserving and secure way. (3) Developing new attestation protocols to check trustworthiness of healthcare and medical devices.

To achieve these objectives the project developed the ASCLEPIOS framework which integrates cybersecurity services based on ABE, ABAC, SSE and FE schemes and medical device attestation. To showcase the ASCLEPIOS achievements the project implemented three near-production level demonstrators for acute stroke response, sleep disorder and antibiotics prescription analytics. The use cases are provided by the ASCLEPIOS medical partners and involve leading European hospitals.

Work performed. ASCLEPIOS collected and analysed the user and technical requirements focusing on privacy and security requirements of the Healthcare sector. Having these requirements first, the project partners developed the ASCLEPIOS reference architecture. Next, they elaborated the ASCLEPIOS services based on a new SSE scheme, on the ABE scheme extended with a new revocation mechanism, on the new FE-enabled analytics and on the new attestation protocols for healthcare and medical devices. Further, the project partners elaborated the technical architecture of the ASCLEPIOS framework and started to integrate the ASCLEPIOS service to create this framework. They set up the ASCLEPIOS testbed to support customization and development of the ASCLEPIOS demonstrators. Having the testbed, the demonstrator owners in cooperation with the technology provider partners created early prototypes of the demonstrator applications. These activities were supplemented with a wide range of dissemination activities.

Progress beyond the state of art. The ASCLEPIOS services, based on cutting edge research, created new knowledge. The new SSE scheme defines how different entities can and should communicate with each other to provide protection against malicious adversaries. The data owners can use the extended ABE scheme to encrypt the symmetric key with which the sensitive medical data have been encrypted. The FE-enabled analytics supports authorized users to analyze encrypted data in a privacy preserving way. The new attestation protocol verifies integrity of devices and services in Trusted Execution Environments (TEE) checking correctness, for example the authenticity and integrity of an application, service. These services improve security and increase the way how privacy is preserved in the Healthcare sector.