Authentication and Authorization in Blind Data Miners

Abstract

Chronic pain is defined as pain that lasts for at least 12 weeks. People with chronic pain conditions can have difficulties getting through daily tasks because the pain can limit their mobility, strength, and endurance.

As of 2021, there is no universal treatment that works for all cases of chronic pain. A tool that can give personalized treatment alternatives for each patient can benefit this group of patients significantly.

This thesis is a part of the chronic pain research project at the Norwegian Centre for E-health Research, where they make a privacy-preserving distributed storage system called blind data miners. This system will store and compute statistics on patient-reported outcomes and experiences from treatments on chronic pain. The data is collected directly from patients via a mobile app and Fitbit. The data can then be used by health workers to give personalized treatments to chronic pain patients.

Several reports and studies have shown that almost every health app on the market is vulnerable to API attacks in some way. Health apps store highly sensitive data, so this data must be protected from unauthorized access.

This thesis is looking at a decentralized alternative for authentication and authorization in blind data miners. This alternative is implemented and evaluated according to a set of requirements. Based on this, the thesis concludes with a discussion on whether the proposed alternative is viable for use in blind data miners.