Authentication and Access Control in e-Health Systems in the Cloud

The opportunity to access on-demand, unbounded computation and storage resources has increasingly motivated users to move their health records from local data centers to the cloud environment. This change can reduce the costs associated with the management of data sharing, communication overhead and improve Quality of Service (QoS). Processing, storing, hosting and archiving data related to e-Health systems without physical access and control can exacerbate authentication and access control issues in this new environment. Therefore, convincing users to move sensitive medical records to the cloud environment requires implementing secure and strong authentication and access control methods to protect the data. This paper proposes a new information access method that preserves both authentication and access control in cloud-based e-Health systems. Our method is based on a zero-knowledge protocol combined with two-stage keyed access control. In each access request, based on the maximum rights of user, the minimum access is extracted. To establish secure connections between different entities in the system, a two-step combination of public key encryption and DUKPT is used. We analyze our scheme with respect to data confidentiality and resistance to common attacks on the network. Experimental results show that the proposed method tolerates a high number of concurrent authentication requests with a reasonable response time.

[1]  Xiaohui Liang,et al.  ESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computing , 2011, Int. J. Secur. Networks.

[2]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[3]  Elisa Bertino,et al.  Privacy Protection , 2022 .

[4]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[5]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[6]  Yiwei Thomas Hou,et al.  Privacy-preserving multi-keyword fuzzy search over encrypted data in the cloud , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[7]  Danwei Chen,et al.  Access Control of Cloud Service Based on UCON , 2009, CloudCom.

[8]  Abhishek Majumder,et al.  Taxonomy and Classification of Access Control Models for Cloud Environments , 2014 .

[9]  William J. Buchanan,et al.  DACAR Platform for eHealth Services Cloud , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[10]  Rui Jiang,et al.  A Novel Data Access Scheme in Cloud Computing , 2013 .

[11]  Marios D. Dikaiakos,et al.  Data-centric privacy protocol for intensive care grids , 2010, IEEE Transactions on Information Technology in Biomedicine.

[12]  JongWon Kim,et al.  Design of Attribute-Based Access Control in Cloud Computing Environment , 2011, ICITCS.

[13]  Xiaohui Liang,et al.  Secure and quality of service assurance scheduling scheme for WBAN with application to eHealth , 2011, 2011 IEEE Wireless Communications and Networking Conference.

[14]  Thomas Peyrin,et al.  A Forward-Secure Symmetric-Key Derivation Protocol - How to Improve Classical DUKPT , 2010, ASIACRYPT.

[15]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[16]  Huang Xiuli,et al.  Access Control of Cloud Service Based on UCON , 2009, CLOUD-II 2009.

[17]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[18]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[19]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[20]  Ueli Maurer,et al.  Unifying Zero-Knowledge Proofs of Knowledge , 2009, AFRICACRYPT.

[21]  Muttukrishnan Rajarajan,et al.  Secure data access in cloud computing , 2010, 2010 IEEE 4th International Conference on Internet Multimedia Services Architecture and Application.

[22]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[23]  Meikang Qiu,et al.  Privacy Protection for Preventing Data Over-Collection in Smart City , 2016, IEEE Transactions on Computers.

[24]  Yiwei Thomas Hou,et al.  Privacy-Preserving Keyword Search Over Encrypted Data in Cloud Computing , 2014, Secure Cloud Computing.

[25]  Cong Wang,et al.  Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data , 2014 .

[26]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[27]  Gail-Joon Ahn,et al.  Towards temporal access control in cloud computing , 2012, 2012 Proceedings IEEE INFOCOM.