Hybrid Zero-knowledge Access Control System in e-Health

Privacy and security of sensitive health information represents a significant issue within electronic health (e-Health). With breakthroughs in security and privacy in recent decades, the application of cloud technologies on health services have progressed forward. The aim of this research paper is to introduce an appropriate access control model for use in e-Health. To determine the requirements of a modern access control method, research was carried out on numerous scholarly articles sourced from the Google Scholar search engine. A survey which utilized sampling techniques will also be done to affirm the validity of the research. The target audience of the survey are large to medium scale healthcare providers. Qualitative data will be gathered as it better describes the different types of data obtained. As a result, the paper proposed a combination of Role-based Access Control and Attribute-based Access Control which utilizes zero-knowledge SNARK to ensure privacy of patients. Recommendations for future research include experimentation with other encryption algorithms in the proposed system, assessment on the use of different zero-knowledge proof methods for better efficiency and scalability, as well as modern access control methods that embrace expansions and simple authorization.