[...]
Can dAppsheet help in anyway to get medical records online and still be in a secure manner without having to go to the hospital or having them mail it but actually getting it through the chain
Yes, 100% , a hospital can provide outside connection to the records. But I honestly do not see it happening due to current HIPPA regulations and the risk the hospital would have to be comfortable with. This could happen in 5-7 years though.
When in future hospitals can legally use a decentralized database, would the Darcrus team need to be involved to make this hasten or would the hospital IT administrators be able to handle this from their end?
It will depend on how competent their team is. I want to provide a complete solution, but implementing something that has 1 2 3 instructions is still too much for some. There are opportunities for us to have administrators assigned to deploy a dAppsheet as an onsite admin, basically in this scenario we become a contracting company for services and personnel.
With customers' data being in the blockchain, I assume that customers will be able to access their data from anywhere in the world with a internet connection?
This, again, is up to the business policy for that particular company.
Is dAppsheet hacker proof?
It is not hacker proof, it protects any info that's hacked with encryption. Thus making the hacked information essentially useless. Hacked information can be properly secured as for example was BTC-E database, which is stolen from few years but properly secured and not cracked as of now.
Encryption alone is not sufficient to protect outsourced databases, in particular to inference attacks. I would like to point out to one of the main papers that brought much attention to these type of attacks. The author has a link to the paper (in pdf format) if you may search for the title on google.
http://dl.acm.org/citation.cfm?id=2813651 Title: Inference Attacks on Property-Preserving Encrypted Databases.
Authors: Muhammad Naveed University of Illinois at Urbana Champaign, Urbana, IL, USA
Seny Kamara Microsoft Research, Redmond, WA, USA
Charles V. Wright Portland State University, Portland, OR, USA
Abstract:
Many encrypted database (EDB) systems have been proposed in the last few years as cloud computing has grown in popularity and data breaches have increased. The state-of-the-art EDB systems for relational databases can handle SQL queries over encrypted data and are competitive with commercial database systems. These systems, most of which are based on the design of CryptDB (SOSP 2011), achieve these properties by making use of property-preserving encryption schemes such as deterministic (DTE) and order- preserving encryption (OPE). In this paper, we study the concrete security provided by such systems. We present a series of attacks that recover the plaintext from DTE- and OPE-encrypted database columns using only the encrypted column and publicly-available auxiliary information. We consider well-known attacks, including frequency analysis and sorting, as well as new attacks based on combinatorial optimization.
We evaluate these attacks empirically in an electronic medical records (EMR) scenario using real patient data from 200 U.S. hospitals. When the encrypted database is operating in a steady-state where enough encryption layers have been peeled to permit the application to run its queries, our experimental results show that an alarming amount of sensitive information can be recovered. In particular, our attacks correctly recovered certain OPE-encrypted attributes (e.g., age and disease severity) for more than 80% of the patient records from 95% of the hospitals; and certain DTE- encrypted attributes (e.g., sex, race, and mortality risk) for more than 60% of the patient records from more than 60% of the hospitals.Does your work protect against inference attacks and can you explain why or whynot?
P.s The idea is cool but needs to be safe before investing.
It helps a lot since NXT itself is going through some changes right now. 