Issues and Challenges in Securing eHealth Systems

With the widespread eHealth usage, security of eHealth services is becoming increasingly important. In this paper, we analyze the security problems in eHealth systems, discuss various approaches of securing health data collection and sharing proposed in the recent literature on eHealth security, and provide comparative evaluations that include advantages and limitations of each approach. Possible future research directions on each approach for enhancing security for eHealth applications are also suggested.

[1]  Athanasios V. Vasilakos,et al.  ReTrust: Attack-Resistant and Lightweight Trust Management for Medical Sensor Networks , 2012, IEEE Transactions on Information Technology in Biomedicine.

[2]  Flora Malamateniou,et al.  A Mediation Framework for the Implementation of Context-Aware Access Control in Pervasive Grid-Based Healthcare Systems , 2009, GPC.

[3]  Flora Malamateniou,et al.  An Event-Based, Role-Based Authorization Model for Healthcare Workflow Systems , 2010, eHealth.

[4]  Mimoza Durresi,et al.  Trust Management of Social Networks in Health Care , 2012, 2012 15th International Conference on Network-Based Information Systems.

[5]  Patrick C. K. Hung,et al.  Privacy Access Control Model for Aggregated e-Health Services , 2007, 2007 Eleventh International IEEE EDOC Conference Workshop.

[6]  Yi Hong,et al.  Protection of Patient's Privacy and Data Security in E-Health Services , 2008, 2008 International Conference on BioMedical Engineering and Informatics.

[7]  Lawrence Chung,et al.  Managing security and privacy in ubiquitous eHealth information interchange , 2011, ICUIMC '11.

[8]  Klaus Wehrle,et al.  Efficient and context-aware access control for pervasive medical sensor networks , 2010, 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[9]  Heejo Lee,et al.  Enforcing Access Control Using Risk Assessment , 2007, Fourth European Conference on Universal Multiservice Networks (ECUMN'07).

[10]  Matt Bishop,et al.  Trust of medical devices, applications, and users in pervasive healthcare , 2011, PETRA '11.

[11]  Indrajit Ray,et al.  A Trust-Based Access Control Model for Pervasive Computing Applications , 2009, DBSec.

[12]  Cem Ersoy,et al.  Wireless sensor networks for healthcare: A survey , 2010, Comput. Networks.

[13]  Xiaodong Lin,et al.  Sage: a strong privacy-preserving scheme against global eavesdropping for ehealth systems , 2009, IEEE Journal on Selected Areas in Communications.

[14]  Antonio Corradi,et al.  A Quality of Context-Aware Approach to Access Control in Pervasive Environments , 2009, MOBILWARE.

[15]  Vivy Suhendra A Survey on Access Control Deployment , 2011, FGIT-SecTech.

[16]  Bernhard Rinner,et al.  A systematic approach towards user-centric privacy and security for smart camera networks , 2010, ICDSC '10.

[17]  Matt Welsh,et al.  Sensor networks for emergency response: challenges and opportunities , 2004, IEEE Pervasive Computing.

[18]  Torbjorn Sund,et al.  Standardization work on personalized eHealth systems , 2008, 2008 30th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[19]  Ravi S. Sandhu,et al.  An Attribute Based Framework for Risk-Adaptive Access Control Models , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[20]  Hongxia Jin,et al.  Quantified risk-adaptive access control for patient privacy protection in health information systems , 2011, ASIACCS '11.

[21]  Hamidah Ibrahim,et al.  Security privacy access control for policy integration and conflict reconciliation in health care organizations collaborations , 2009, iiWAS.

[22]  Ning Zhang,et al.  An Enhanced Approach to Supporting Controlled Access to EPRs with Three Levels of Identity Privacy Preservations , 2011, USAB.

[23]  Elisa Bertino,et al.  Privacy-Preserving Enforcement of Spatially Aware RBAC , 2012, IEEE Transactions on Dependable and Secure Computing.

[24]  Georgios Mantas,et al.  A New Framework Architecture for Next Generation e-Health Services , 2013, IEEE Journal of Biomedical and Health Informatics.

[25]  Liang Chen,et al.  Obligations in risk-aware access control , 2012, 2012 Tenth Annual International Conference on Privacy, Security and Trust.

[26]  Shamik Sural,et al.  Role Based Access Control with Spatiotemporal Context for Mobile Applications , 2009, Trans. Comput. Sci..

[27]  Xiaohui Liang,et al.  ESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computing , 2011, Int. J. Secur. Networks.

[28]  Frode Hansen APPLICATION OF ROLE-BASED ACCESS CONTROL IN WIRELESS HEALTHCARE INFORMATION SYSTEMS , 2003 .

[29]  Christos Douligeris,et al.  Spatio temporal emergency role based access control (STEM-RBAC): A time and location aware role based access control model with a break the glass mechanism , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[30]  Belén Prados-Suárez,et al.  Contextualized Access to Electronical Health Records in Cardiology , 2012, IEEE Transactions on Information Technology in Biomedicine.

[31]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[32]  Chen Wu,et al.  New Framework for Authentication and Authorization for e-Health Service Systems , 2006, 2006 IEEE International Conference on Industrial Technology.

[33]  Richard O. Sinnott,et al.  Dynamic trust negotiation for flexible e-health collaborations , 2008, Mardi Gras Conference.

[34]  Dimitrios N. Serpanos,et al.  Security and Privacy in Distributed Smart Cameras , 2008, Proceedings of the IEEE.

[35]  K. Sakamura,et al.  Context-aware access control for clinical information systems , 2012, 2012 International Conference on Innovations in Information Technology (IIT).

[36]  Wipawee Usaha,et al.  RL-based routing in biomedical mobile wireless sensor networks using trust and reputation , 2012, 2012 International Symposium on Wireless Communication Systems (ISWCS).

[37]  T. Dimitriou,et al.  Security issues in biomedical wireless sensor networks , 2008, 2008 First International Symposium on Applied Sciences on Biomedical and Communication Technologies.

[38]  Liang Chen,et al.  Risk-Aware Role-Based Access Control , 2011, STM.

[39]  Philip W. L. Fong Relationship-based access control: protection model and policy language , 2011, CODASPY '11.

[40]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[41]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[42]  Elfed Lewis,et al.  Efficiently securing data on a wireless sensor network , 2007 .

[43]  David F. Ferraiolo,et al.  Specifying and managing role-based access control within a corporate intranet , 1997, RBAC '97.

[44]  Kamel Adi,et al.  Dynamic risk-based decision methods for access control systems , 2012, Comput. Secur..

[45]  Mehmet Hadi Gunes,et al.  Ensuring access control in cloud provisioned healthcare systems , 2011, 2011 IEEE Consumer Communications and Networking Conference (CCNC).

[46]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[47]  Andrew C. Simpson,et al.  Securing web services for deployment in health grids , 2006, Future Gener. Comput. Syst..

[48]  Richard E. Newman,et al.  STRBAC - An approach towards spatio-temporal role-based access control , 2006, Communication, Network, and Information Security.

[49]  Inger Anne Tøndel,et al.  A Risk-Based Evaluation of Group Access Control Approaches in a Healthcare Setting , 2011, ARES.

[50]  Lan Wang,et al.  Addressing security in medical sensor networks , 2007, HealthNet '07.

[51]  Ricardo Dahab,et al.  NanoECC: Testing the Limits of Elliptic Curve Cryptography in Sensor Networks , 2008, EWSN.

[52]  Muttukrishnan Rajarajan,et al.  Timestamp authentication protocol for remote monitoring in eHealth , 2008, Pervasive 2008.

[53]  Sajal K. Das,et al.  Adaptive and context-aware privacy preservation schemes exploiting user interactions in pervasive environments , 2012, 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[54]  Mahmoud Elkhodr,et al.  Enhancing the security of mobile health monitoring systems through trust negotiations , 2011, 2011 IEEE 36th Conference on Local Computer Networks.

[55]  Genevieve B. Melton,et al.  HealthTrust: trust-based retrieval of you tube's diabetes channels , 2011, CIKM '11.

[56]  F. Kargl,et al.  Security, Privacy and Legal Issues in Pervasive eHealth Monitoring Systems , 2008, 2008 7th International Conference on Mobile Business.

[57]  Marcelo Masera,et al.  A context-related authorization and access control method based on RBAC: , 2002, SACMAT '02.

[58]  Elisa Bertino,et al.  Context-Aware Adaptation of Access-Control Policies , 2008, IEEE Internet Computing.

[59]  Sungyoung Lee,et al.  A Highly Reliable Access Control Model for Ad Hoc Networks , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).