More Web Proxy on the site http://driver.im/

research-article

Anonymous Role-Based Access Control on E-Health Records

Authors:

Xingguang Zhou,

Qianhong WuAuthors Info & Claims

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Pages 559 - 570

https://doi.org/10.1145/2897845.2897871

Published: 30 May 2016 Publication History

Abstract

Electronic Health Record (EHR) system facilitates us a lot for health record management. Privacy risk of patients' records is the dominating obstacle in the widely deployed EHRs. Role-based access control (RBAC) schemes offer an access control on EHRs according to one's role. Only the medical staff with roles satisfying the specified access policies can read EHRs. In existing schemes, attackers can link patients' identities to their doctors. Therefore, the classification of patients' diseases are leaked without actually knowing patients' EHRs. To address this problem, we present an anonymous RBAC scheme. Not only it achieves flexible access control, but also realizes privacy-preserving for individuals. Moreover, our scheme maintains the property of constant size for the encapsulated EHRs. The proposed security models with semantic security and anonymity can be proven under decisional bilinear group assumptions. Besides, we provide an approach for EHR owners to search out their targeted EHR in the anonymous system. For better user experience, we apply "online/offline" approach to speed up data processing in our scheme. Experimental results show that the time consumption for key generation and EHR encapsulation can be done in milliseconds.

References

[1]

Health insurance portability and accountability act. U.S. Government Printing Office.

[2]

Recommendations for the interpretation and application of the personal information protection and electronic documents act (s.c.2000, c.5) in the health research context. In Institutes of Health Research.

[3]

J. A. Akinyele, C. U. Lehmann, M. D. Green, M. W. Pagano, Z. N. J. Peterson, and A. D. Rubin. Self-protecting electronic medical records using attribute-based encryption. Cryptology ePrint Archive, Report 2010/565, 2010. http://eprint.iacr.org/.

[4]

M. Atallah, M. Blanton, N. Fazio, and K. Frikken. Dynamic and efficient key management for access hierarchies. ACM Transactions on Information and System Security, 12(3), 2009.

Digital Library

[5]

M. Barua, X. Liang, R. Lu, and X. Shen. Peace: An efficient and secure patient-centric access control scheme for ehealth care system. In INFOCOM WKSHPS '11, pages 970--975. IEEE, 2011.

[6]

D. Boneh, X. Boyen, and E. J. Goh. Hierarchical identity based encryption with constant size ciphertext. In EUROCRYPT '05, pages 440--456. Springer Berlin Heidelberg, 2005.

Digital Library

[7]

D. Boneh, E. J. Goh, and K. Nissim. Evaluating 2-dnf formulas on ciphertexts. In TCC '05, pages 325--341. Springer.

Digital Library

[8]

D. Boneh, E.-J. Goh, and K. Nissim. Conjunctive, subset, and range queries on encrypted data. In TCC '07, pages 535--554. Springer Berlin Heidelberg, 2007.

Digital Library

[9]

D. Boneh, A. Sahai, and B. Watersn. Fully collusion resistant traitor tracing with short ciphertexts and private keys. In EUROCRYPT '06, pages 573--592. Springer Berlin Heidelberg, 2006.

Digital Library

[10]

M. S. E. Ciampi. A view-based acces control model for ehr systems. In Intelligent Distributed Computing VIII, pages 443--452. Springer Berlin Heidelberg, 2015.

[11]

M. S. Esposito. An access control model for easy management of patient privacy in ehr systems. In Internet Technology and Secured Transactions'2013, pages 463--470. IEEE, 2013.

[12]

G. Fuchun and Y. Mu. Identity-based online/offline encryption. Intel It, 2012.

[13]

V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. In ACM CCS'06, pages 89--98. Proc of Acmccs, 2006.

Digital Library

[14]

L. Guo, C. Zhang, J. Sun, and Y. Fang. Paas: A privacy-preserving attribute-based authentication system for ehealth networks. In ICDCS '12, pages 224--233. IEEE, 2012.

Digital Library

[15]

S. Hohenberger and B. Waters. Online/offline attribute-based encryption. In PKC '14, pages 293--310. Springer Berlin Heidelberg, 2014.

Digital Library

[16]

J. Huang, M. Sharaf, and C. T. Huang. A hierarchical framework for secure and scalable ehr sharing and access control in multi-cloud. In ICPPW '12, pages 279--287. IEEE, 2012.

Digital Library

[17]

lakovidis I. Towards personal health record: Current situation, obstacles and trends in implementation of electronic healthcare record in europe. International Journal of Medical Informatics, 53(1--3):105--115, 1998.

[18]

A. Lewko and B. Waters. New techniques for dual system encryption and fully secure hibe with short ciphertexts. In TCC '10, pages 455--479. Springer Berlin Heidelberg, 2010.

Digital Library

[19]

A. Lewko and B. Waters. New proof methods for attribute-based encryption: Achieving full security through selective techniques. In CRYPTO '12, pages 180--198. Springer Berlin Heidelberg, 2012.

Digital Library

[20]

W. Liu, X. Liu, J. Liu, Q. Wu, J. Zhang, and Y. Li. Auiting and revocation enabled role-based access contrl over outsourced private ehrs. In HPCC '15. IEEE, 2015.

Digital Library

[21]

H. Löhr, A.-R. Sadeghi, and M. Winandy. Securing the e-health cloud. In IHI '10, pages 220--229. ACM, 2010.

Digital Library

[22]

S. Narayan, M. Gagné, and R. Safavi-Naini. Privacy preserving ehr system using attribute-based infrastructure. In CCSW '10, pages 47--52. ACM, 2010.

Digital Library

[23]

A. Ross. Technical perspective a chilly sense of security. In ACM '09, pages 90--90. Commun., 2009.

[24]

L. Røstad and O. Nytrø. Personalized access control for a personally controlled health record. In CSAW '08, pages 9--16. ACM, 2008.

Digital Library

[25]

S. Sabitha and M. Rajasree. Anonymous-cpabe: Privacy preserved content disclosure for data sharing in cloud. In ARCS 2015, pages 146--157. Springer International Publishing, 2015.

[26]

J. Sedayao. Enhancing cloud security using data anonymization. Cryptology, 9(1):35--67, 1996.

[27]

J. H. Seo, T. Kobayashi, M. Ohkubo, and K. Suzuki. Anonymous hierarchical identity-based encryption with constant size ciphertexts. In PKC '09, pages 215--234. Springer Berlin Heidelberg, 2009.

Digital Library

[28]

E. Shimon and S. Micali. On-line/off-line digital signatures. Cryptology, 9(1):35--67, 1996.

Digital Library

[29]

J. Sun and Y. Fang. Cross-domain data sharing in distributed electronic health record systems. IEEE Transactions on Parallel and Distributed Systems, 21(6):754--764, 2010.

Digital Library

[30]

J. Sun, X. Zhu, C. Zhang, and Y. Fang. Hcpp: Cryptography based secure ehr system for patient privacy and emergency healthcare. In ICDCS '11, pages 373--382. IEEE, 2011.

Digital Library

[31]

J. Taeho, X. Li, Z. Wan, and W. Meng. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. In Transaction '15, pages 190--199. IEEE, 2015.

[32]

X. Zhou, J. Liu, W. Liu, and Q. Wu. Anonymous role-based access control on e-health records. Cryptology ePrint Archive, Report 2016/176, 2016. http://eprint.iacr.org/.

Cited By

Saisree YLalitha NFelix A(2024)Access Control in E Health Care Records Employing Mobile Cloud Computing Model and Big Data Analytics2024 International Conference on Computing and Data Science (ICCDS)10.1109/ICCDS60734.2024.10560369(1-6)Online publication date: 26-Apr-2024
https://doi.org/10.1109/ICCDS60734.2024.10560369
Kalpana CRevathy S(2024)A hybrid boosted neural sensitive attribute detection machine learning algorithm for HABAC systemsMultimedia Tools and Applications10.1007/s11042-024-18215-xOnline publication date: 23-Jan-2024
https://doi.org/10.1007/s11042-024-18215-x
Saxena SArya NBharti SDwivedi V(2023)A Lightweight and Efficient Scheme for e-Health Care System using Blockchain Technology2023 6th International Conference on Information Systems and Computer Networks (ISCON)10.1109/ISCON57294.2023.10111937(1-5)Online publication date: 3-Mar-2023
https://doi.org/10.1109/ISCON57294.2023.10111937
Show More Cited By

Index Terms

Anonymous Role-Based Access Control on E-Health Records
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption
  2. Security services
    1. Access control
    2. Privacy-preserving protocols

Recommendations

An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Domain Administration of Task-role Based Access Control for Process Collaboration Environments
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01

The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. Task-role based access control is an important security mechanism to protect data and ...
A smart contract-driven access control scheme with integrity checking for electronic health records
Abstract
The application of healthcare systems has led to an explosive growth in personal electronic health records (EHRs). These EHRs are generated from different healthcare institutions and stored in cloud data centers, respectively. However, data owners ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

May 2016

958 pages

ISBN:9781450342339

DOI:10.1145/2897845

General Chair:
Xiaofeng Chen
Xidian University, China
,
Program Chairs:
XiaoFeng Wang
Indiana University at Bloomington, USA
,
Xinyi Huang
Fujian Normal University, China

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Natural Science Foundation of China
Natural Science Foundation of Beijing Municipality
Fundamental Research Funds for Central Universities
National Key Basic Research Program

Conference

ASIA CCS '16

Sponsor:

SIGSAC

ASIA CCS '16: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2016

Xi'an, China

Acceptance Rates

ASIA CCS '16 Paper Acceptance Rate 73 of 350 submissions, 21%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
334
Total Downloads

Downloads (Last 12 months)22
Downloads (Last 6 weeks)3

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Saisree YLalitha NFelix A(2024)Access Control in E Health Care Records Employing Mobile Cloud Computing Model and Big Data Analytics2024 International Conference on Computing and Data Science (ICCDS)10.1109/ICCDS60734.2024.10560369(1-6)Online publication date: 26-Apr-2024
https://doi.org/10.1109/ICCDS60734.2024.10560369
Kalpana CRevathy S(2024)A hybrid boosted neural sensitive attribute detection machine learning algorithm for HABAC systemsMultimedia Tools and Applications10.1007/s11042-024-18215-xOnline publication date: 23-Jan-2024
https://doi.org/10.1007/s11042-024-18215-x
Saxena SArya NBharti SDwivedi V(2023)A Lightweight and Efficient Scheme for e-Health Care System using Blockchain Technology2023 6th International Conference on Information Systems and Computer Networks (ISCON)10.1109/ISCON57294.2023.10111937(1-5)Online publication date: 3-Mar-2023
https://doi.org/10.1109/ISCON57294.2023.10111937
Saxena UAlam T(2023)Role-based access using partial homomorphic encryption for securing cloud dataInternational Journal of System Assurance Engineering and Management10.1007/s13198-023-01896-214:3(950-966)Online publication date: 30-Mar-2023
https://doi.org/10.1007/s13198-023-01896-2
Nait Hamoud OKenaza TChallal YBen-Abdelatif LOuaked M(2022)Implementing a secure remote patient monitoring systemInformation Security Journal: A Global Perspective10.1080/19393555.2022.204783932:1(21-38)Online publication date: 17-Mar-2022
https://doi.org/10.1080/19393555.2022.2047839
Zhou XMeng ZLiu Y(2021)Fast Settlement Scheme of Aviation Business Privacy Preservation Based on Consortium Blockchain2021 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom)10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00197(1460-1468)Online publication date: Sep-2021
https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00197
Buhnova BKazickova TGe MWalletzky LCaputo FCarrubbo L(2021)A Cross-Domain Landscape of ICT Services in Smart CitiesArtificial Intelligence, Machine Learning, and Optimization Tools for Smart Cities10.1007/978-3-030-84459-2_5(63-95)Online publication date: 11-Aug-2021
https://doi.org/10.1007/978-3-030-84459-2_5
Zhou XLiu JZhang ZWu QSha K(2020)Secure Outsourced Medical Data against Unexpected Leakage with Flexible Access Control in a Cloud Storage SystemSecurity and Communication Networks10.1155/2020/83472132020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/8347213
Mallissery SWu MBau CHuang GYang CLin WWu YSun HShieh SGu GAteniese G(2020)POSTER: Data Leakage Detection for Health Information System based on Memory IntrospectionProceedings of the 15th ACM Asia Conference on Computer and Communications Security10.1145/3320269.3405437(898-900)Online publication date: 5-Oct-2020
https://dl.acm.org/doi/10.1145/3320269.3405437
Fan KRen YWang YLi HYang Y(2018)Blockchain‐based efficient privacy preserving and data sharing scheme of content‐centric network in 5GIET Communications10.1049/iet-com.2017.061912:5(527-532)Online publication date: 28-Feb-2018
https://doi.org/10.1049/iet-com.2017.0619
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents