Stakeholders’ Perspectives on Malleable Signatures in a Cloud-based eHealth Scenario

Title

Stakeholders’ Perspectives on Malleable Signatures in a Cloud-based eHealth Scenario

Authors

A. Alaqra, S. Fischer- Hübner, J.S. Pettersson and E. Wästlund (Karlstad University)

Abstract

In this paper, we discuss end user requirements that we elicited for the use of malleable signatures in a Cloud-based eHealth scenario. The concept of a malleable signature, which is a privacy enhancing cryptographic scheme that enables the redaction of personal information from signed documents while preserving the validity of the signature, might be counterintuitive to end users as its functionality does not correspond to the one of a traditional signature scheme. A qualitative study via a series of semi-structured interviews and focus groups has been conducted to understand stakeholders’ opinions and concerns in regards to the possible applications of malleable signatures in the eHealth area, where a medical record is first digitally signed by a doctor and later redacted by the patient in the cloud. Results from this study yielded user requirements such as the need for suitable metaphors and guidelines, usable templates, and clear redaction policies.

Venue

International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016) (http://haisa.org/)

Place and date

Frankfurt Germany, 19th - 21st July 2016