Privacy-preserving range query over multi-source electronic health records in public clouds

Abstract Range query is an important data search technique in cloud-based electronic healthcare (eHealth) systems. It enables authorized doctors to retrieve target electronic health records (EHRs) that are generated and outsourced by patients from the cloud server. In reality, patients always encrypt their EHRs before outsourcing, making the range query impossible. In this paper, we identify three threats in real cloud-based eHealth systems, i.e., privacy leakage, frequency analysis, and identical data inference. To capture the security properties that resist these threats, we define a security notion of indistinguishability under multi-source ordered chosen plaintext attack (IND-MSOCPA). Then, we propose a multi-source order-preserving encryption (MSOPE) scheme for cloud-based eHealth systems to enable range queries over encrypted EHRs from multiple patients. Security analysis proves that the MSOPE scheme is IND-MSOCPA secure. We also conduct comprehensive performance evaluations, which demonstrate the high efficiency of the MSOPE scheme.