Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems

Maryam Zarezadeh, M. Ashouri-Talouki, Mohammad Siavashi
{"title":"Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems","authors":"Maryam Zarezadeh, M. Ashouri-Talouki, Mohammad Siavashi","doi":"10.22042/ISECURE.2020.174338.458","DOIUrl":null,"url":null,"abstract":"Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records in a cloud system. In their scheme, encrypted EHRs are stored in multiple clouds to provide scalability and privacy. In addition, they considered a role-based access control (RBAC) such that for any user, an EHR access policy must be determined. They also encrypt the EHRs by the public keys of all users. So, for a large amount of EHRs, this scheme is not efficient. Furthermore, using RBAC for access policy makes the policy changing difficult. In their scheme, users cannot search on encrypted EHRs based on diseases and some physicians must participate in the data retrieval by a requester physician. In this paper, we address these problems by considering a ciphertext-policy attribute-based encryption (CP-ABE) which is conceptually closer to the traditional access control methods such as RBAC. Our secure scheme can retrieve encrypted EHR based on a specific disease. Furthermore, the proposed scheme guarantees the user access control and the anonymity of the user or data owner during data retrieval. Moreover, our scheme is resistant against collusion between unauthorized retrievers to access the data. The analysis shows that our scheme is secure and efficient for cloud-based EHRs.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"79 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-05-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ISC Int. J. Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.22042/ISECURE.2020.174338.458","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

Abstract

Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records in a cloud system. In their scheme, encrypted EHRs are stored in multiple clouds to provide scalability and privacy. In addition, they considered a role-based access control (RBAC) such that for any user, an EHR access policy must be determined. They also encrypt the EHRs by the public keys of all users. So, for a large amount of EHRs, this scheme is not efficient. Furthermore, using RBAC for access policy makes the policy changing difficult. In their scheme, users cannot search on encrypted EHRs based on diseases and some physicians must participate in the data retrieval by a requester physician. In this paper, we address these problems by considering a ciphertext-policy attribute-based encryption (CP-ABE) which is conceptually closer to the traditional access control methods such as RBAC. Our secure scheme can retrieve encrypted EHR based on a specific disease. Furthermore, the proposed scheme guarantees the user access control and the anonymity of the user or data owner during data retrieval. Moreover, our scheme is resistant against collusion between unauthorized retrievers to access the data. The analysis shows that our scheme is secure and efficient for cloud-based EHRs.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于云的电子健康记录(EHR)系统基于属性的访问控制
电子健康档案(EHR)系统有助于整合患者的医疗信息,提高服务效率。然而,用户以保护隐私的方式访问患者数据仍然是一个具有挑战性的问题。许多研究都关注电子病历系统的安全性和隐私性。Rezaeibagha和Mu[1]提出了一种混合架构,用于在云系统中访问隐私保护的患者记录。在他们的方案中,加密的电子病历存储在多个云中,以提供可伸缩性和隐私。此外,他们还考虑了基于角色的访问控制(RBAC),以便为任何用户确定EHR访问策略。他们还使用所有用户的公钥对电子病历进行加密。因此,对于大量的电子病历,该方案效率不高。此外,对访问策略使用RBAC使策略更改变得困难。在他们的方案中,用户不能根据疾病搜索加密的电子病历,一些医生必须参与请求医生的数据检索。在本文中,我们通过考虑基于密文策略属性的加密(CP-ABE)来解决这些问题,该加密在概念上更接近于传统的访问控制方法,如RBAC。我们的安全方案可以根据特定疾病检索加密的电子病历。此外,该方案在数据检索过程中保证了用户访问控制和用户或数据所有者的匿名性。此外,我们的方案可以防止未经授权的检索者之间串通访问数据。分析表明,该方案对于基于云的电子病历来说是安全高效的。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
One-Shot Achievable Secrecy Rate Regions for Quantum Interference Wiretap Channel Quantum Multiple Access Wiretap Channel: On the One-Shot Achievable Secrecy Rate Regions Towards a Formal Approach for Detection of Vulnerabilities in the Android Permissions System Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks A Time Randomization-Based Countermeasure Against the Template Side-Channel Attack
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1