Ph.D., Information Systems, 2023
Redwan Walid graduated in 2023 from the University of Maryland, Baltimore County (UMBC) and was advised by Dr. Karuna Joshi. His research interests lie in Machine Learning, Cloud Security, Data Analytics, and Data Protection.
He worked on the Delegated Access Control using ABE project, looking at techniques for Cloud EHR access control using Attribute-Based Encryption.
He is currently working as a Data Scientist.
Redwan in Commencement 2024
Publications
- R. Walid, K. P. Joshi, and S. Choi, “Secure Cloud EHR with Semantic Access Control, Searchable Encryption and Attribute Revocation“, In Proceedings of IEEE International Conference on Digital Health (ICDH) 2021 in IEEE World Congress on Services 2021.
- R. Walid, K. P. Joshi, S. Choi, and D. L. Kim, “Cloud-based Encrypted EHR System with Semantically Rich Access Control and Searchable Encryption“, InProceedings of 2020 IEEE International Conference on Big Data (IEEE BigData 2020), December 2020.
Redwan successfully defended his Ph.D. Thesis on August 29, 2023.
Thesis: Cloud-Based Encrypted EHR System with Semantically Rich Access Control
Committee: Dr. Karuna P Joshi (Chair), Dr. Zhiyuan Chen, Dr. James Foulds, Dr. Tim Finin, Dr. Seung Geol Choi (USNA)
Abstract: Cloud-based Electronic Health Record (EHR) systems provide essential security controls by encrypting patient data. However, the patient records cannot be queried without decrypting each record. As the volume of the data reaches Big Data levels, it is essential to search over these encrypted patient records without decrypting them to ensure that the medical caregivers can efficiently and quickly access the EHRs or find any particular record. These are often required in many situations, such as a caregiver who wants to find and treat patients having a contagious disease to prevent the spread among the community. A scenario like this requires a searchable encryption function in the EHR systems to reduce service delays. Moreover, Attribute-Based Encryption (ABE) is widespread in EHR systems to secure patient data. In such systems, the users’ attributes keep changing with time; for example, a user might leave an organization, get a promotion, or move to another department. These situations require user attributes to be revoked to protect patient privacy and data security. The current work does not address these issues in an EHR system.
We have made two major contributions to this thesis. We have developed a novel cloud-based EHR system that uses ABE to secure patient data. Our system uses Semantic Web Technologies to facilitate Attribute-Based Access Control (ABAC) to an EHR, ensuring only users with valid attributes can access a particular EHR at a field level instead of a document level. The system also includes searchable encryption using keyword index and search trapdoor by adding an extra layer of protection, which allows querying EHR records without decrypting patients’ EHR records in the system. Further, our system addresses all user attribute changes and revokes unwanted attributes. The attribute revocation feature is efficiently managed by delegating the secret key and ciphertext revision to the Cloud Service Provider (CSP).
The second contribution is our novel approach to storing encrypted patient data in the nodes of a knowledge graph. Our system uses a comprehensive knowledge graph that stores all medical data in encrypted nodes, offering several advantages. For example, our system can handle heterogeneous patient data. It can also maintain good query performance, and we demonstrated it using the MIMIC-III dataset. The query performances were almost the same for different data sizes because, for a particular task, the graph never needs to touch other nodes. Each vertex only keeps the information about its immediate neighbors; there is no global index of vertex connections. As a result, the graph maintains its performance as the data amount expands. Moreover, using a knowledge graph in our system allows flexible expansion of schemas while serving queries.
Redwan successfully defended his Ph.D. Proposal in December 2021.
Proposal: Cloud-Based Encrypted EHR System with Semantically Rich Access Control
Committee: Dr. Karuna P Joshi (Chair), Dr. Zhiyuan Chen, Dr. James Foulds, Dr. Tim Finin, Dr. Seung Geol Choi (USNA)
Abstract: Cloud-based Electronic Health Record (EHR) systems provide essential security controls by encrypting patient data. However, these records cannot be queried without decrypting the entire record, which puts a considerable burden on network bandwidth and the client-side computation. As the volume of the instances reaches Big Data levels, it is essential to search over these encrypted patient records without decrypting them to ensure that the medical caregivers can efficiently access the EHRs or find any particular record. The situation is especially critical if the caregivers have access to only certain sections of the patient EHR and should not decrypt the whole record. Often, in an attribute-based system, the users’ attributes keep changing with time; for example, a user might leave an organization, get a promotion, or move to another department. These scenarios require user attributes to be revoked. Also, healthcare data is usually complex, time-varying, and heterogeneous. The challenge is to efficiently store and analyze this data promptly to assist medical users and researchers.
In this thesis, we propose a novel cloud-based EHR system that uses Attribute-Based Encryption (ABE) combined with Semantic Web technologies to facilitate differential access to an EHR, thereby ensuring only Users with valid attributes can access a particular field of the EHR. The system also includes searchable encryption using keyword index and search trapdoor, which allows querying EHR fields without decrypting the entire patient record. The attribute revocation feature is efficiently managed in the framework by delegating the secret key and ciphertext revision to the Cloud Service Provider (CSP). Heterogeneity is handled in the system by storing data in the nodes of a knowledge graph. Our methodology incorporates advanced security features that eliminate malicious use of EHR data and significantly ensure secure digital health systems on the Cloud.