A security scheme for distributing analysis codes supporting CDM-based research in a multi-center environment. (November 2022)
- Record Type:
- Journal Article
- Title:
- A security scheme for distributing analysis codes supporting CDM-based research in a multi-center environment. (November 2022)
- Main Title:
- A security scheme for distributing analysis codes supporting CDM-based research in a multi-center environment
- Authors:
- Jeon, Seungho
Shin, Chobyeol
Ko, Eunnarae
Moon, Jongsub - Abstract:
- Highlights: We designed the network protocol to securely distribute the CDM-analysis codes and return the analysis results. We formally verified the correctness of the proposed protocol using BAN logic. Abstract: Background: Although the common data model (CDM) has achieved a standardization of medical data and a de-identification of personal patient information, hospitals still store CDM data in an on-premises environment, making it difficult for researchers to access medical data. Objective: In this study, for easy access to CDM data in a multi-institutional participatory CDM research environment and to encourage data-driven research, researchers outside hospital networks securely access and analyze CDM data in the target medical center, analyze it, and respond to the results through a public network. We propose an automated security framework that operates on a public network, such as the Internet. Method: The proposed scheme allows authenticated researchers to securely deliver CDM data analysis codes to a medical institution distributed on the network. The institutional servers automatically execute authenticated codes and return the results to the researcher safely. For this purpose, we designed a scheme based on cryptography. The scheme operates on a group of servers consisting of an authentication process, a signing process, a ticket-granting process, a relaying process, and a data analysis process located at the hospital providing medical CDM data. The schemeHighlights: We designed the network protocol to securely distribute the CDM-analysis codes and return the analysis results. We formally verified the correctness of the proposed protocol using BAN logic. Abstract: Background: Although the common data model (CDM) has achieved a standardization of medical data and a de-identification of personal patient information, hospitals still store CDM data in an on-premises environment, making it difficult for researchers to access medical data. Objective: In this study, for easy access to CDM data in a multi-institutional participatory CDM research environment and to encourage data-driven research, researchers outside hospital networks securely access and analyze CDM data in the target medical center, analyze it, and respond to the results through a public network. We propose an automated security framework that operates on a public network, such as the Internet. Method: The proposed scheme allows authenticated researchers to securely deliver CDM data analysis codes to a medical institution distributed on the network. The institutional servers automatically execute authenticated codes and return the results to the researcher safely. For this purpose, we designed a scheme based on cryptography. The scheme operates on a group of servers consisting of an authentication process, a signing process, a ticket-granting process, a relaying process, and a data analysis process located at the hospital providing medical CDM data. The scheme consists of four phases for a secure medical data analysis in a distributed environment: authentication, code signing, ticket issuing, and distribution and return. Results: Although the CDM has de-identified patient privacy, the issue still needs to be carefully addressed. Therefore, we established four security objectives to verify that the proposed scheme can be operated safely and formally proved them using BAN logic. Conclusion: As a result of the proof using BAN logic, the proposed scheme was verified to achieve the proposed security goal. Although this scheme was designed solely for CDM, it can be applied to systems with similar environments and functional goals. … (more)
- Is Part Of:
- Computer methods and programs in biomedicine. Volume 226(2022)
- Journal:
- Computer methods and programs in biomedicine
- Issue:
- Volume 226(2022)
- Issue Display:
- Volume 226, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 226
- Issue:
- 2022
- Issue Sort Value:
- 2022-0226-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-11
- Subjects:
- Common data model -- Multi-centered medical research -- Secure distribution-protocol -- Kerberos
CDM common data model -- DES data encryption standard -- AES advanced encryption standard -- ECC elliptic curve cryptosystem -- OHDSI observational health data sciences and informatics -- AP authentication process -- SP signing process -- TGP ticket-granting process -- RP relaying process -- DAP data analysis process -- IDEA international data encryption algorithm -- ECDSA elliptic curve digital signature algorithm -- TLS transport layer security -- SSH secure shell -- PGP pretty good privacy -- KDC key distribution center -- BAN Burrows-Abadi-Needham -- JWT json web token -- LDAP lightweight directory access protocol -- AD active directory -- CAS central authentication service -- IAP identity-aware proxy -- SSO single-sign on -- MAC message authentication code
Medicine -- Computer programs -- Periodicals
Biology -- Computer programs -- Periodicals
Computers -- Periodicals
Medicine -- Periodicals
Médecine -- Logiciels -- Périodiques
Biologie -- Logiciels -- Périodiques
Biology -- Computer programs
Medicine -- Computer programs
Periodicals
Electronic journals
610.28 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01692607 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cmpb.2022.107159 ↗
- Languages:
- English
- ISSNs:
- 0169-2607
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.095000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 24260.xml