Anonymous Role-Based Access Control on E-Health Records

Electronic Health Record (EHR) system facilitates us a lot for health record management. Privacy risk of patients' records is the dominating obstacle in the widely deployed EHRs. Role-based access control (RBAC) schemes offer an access control on EHRs according to one's role. Only the medical staff with roles satisfying the specified access policies can read EHRs. In existing schemes, attackers can link patients' identities to their doctors. Therefore, the classification of patients' diseases are leaked without actually knowing patients' EHRs. To address this problem, we present an anonymous RBAC scheme. Not only it achieves flexible access control, but also realizes privacy-preserving for individuals. Moreover, our scheme maintains the property of constant size for the encapsulated EHRs. The proposed security models with semantic security and anonymity can be proven under decisional bilinear group assumptions. Besides, we provide an approach for EHR owners to search out their targeted EHR in the anonymous system. For better user experience, we apply "online/offline" approach to speed up data processing in our scheme. Experimental results show that the time consumption for key generation and EHR encapsulation can be done in milliseconds.

[1]  Allison Bishop,et al.  New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts , 2010, IACR Cryptol. ePrint Arch..

[2]  Jun Zhang,et al.  Auditing and Revocation Enabled Role-Based Access Control over Outsourced Private EHRs , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[3]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[4]  Xuemin Shen,et al.  PEACE: An efficient and secure patient-centric access control scheme for eHealth care system , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[5]  S. Levitus,et al.  US Government Printing Office , 1998 .

[6]  Ilias Iakovidis,et al.  Towards personal health record: current situation, obstacles and trends in implementation of electronic healthcare record in Europe , 1998, Int. J. Medical Informatics.

[7]  Xiang-Yang Li,et al.  Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption , 2016, IEEE Transactions on Information Forensics and Security.

[8]  Brent Waters,et al.  Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys , 2006, EUROCRYPT.

[9]  Yuguang Fang,et al.  Cross-Domain Data Sharing in Distributed Electronic Health Record Systems , 2010, IEEE Transactions on Parallel and Distributed Systems.

[10]  Yuguang Fang,et al.  HCPP: Cryptography Based Secure EHR System for Patient Privacy and Emergency Healthcare , 2011, 2011 31st International Conference on Distributed Computing Systems.

[11]  Reihaneh Safavi-Naini,et al.  Privacy preserving EHR system using attribute-based infrastructure , 2010, CCSW '10.

[12]  Ahmad-Reza Sadeghi,et al.  Securing the e-health cloud , 2010, IHI.

[13]  Fuchun Guo,et al.  Identity-Based Online/Offline Encryption , 2008, Financial Cryptography.

[14]  Ross J. Anderson Technical perspectiveA chilly sense of security , 2009, CACM.

[15]  Allison Bishop,et al.  New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques , 2012, CRYPTO.

[16]  A. Meyer The Health Insurance Portability and Accountability Act. , 1997, Tennessee medicine : journal of the Tennessee Medical Association.

[17]  Lillian Røstad,et al.  Personalized access control for a personally controlled health record , 2008, CSAW '08.

[18]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[19]  Matthew Green,et al.  Self-Protecting Electronic Medical Records Using Attribute-Based Encryption , 2010, IACR Cryptol. ePrint Arch..

[20]  M. S. Rajasree,et al.  Anonymous-CPABE: Privacy Preserved Content Disclosure for Data Sharing in Cloud , 2015, ARCS.

[21]  Mario Ciampi,et al.  A View-Based Acces Control Model for EHR Systems , 2014, IDC.

[22]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[23]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[24]  Yuguang Fang,et al.  PAAS: A Privacy-Preserving Attribute-Based Authentication System for eHealth Networks , 2012, 2012 IEEE 32nd International Conference on Distributed Computing Systems.

[25]  Koutarou Suzuki,et al.  Fully Secure Anonymous Hierarchical Identity-Based Encryption with Constant Size Ciphertexts , 2011, IACR Cryptol. ePrint Arch..

[26]  Jie Huang,et al.  A Hierarchical Framework for Secure and Scalable EHR Sharing and Access Control in Multi-cloud , 2012, 2012 41st International Conference on Parallel Processing Workshops.

[27]  Angelo Esposito,et al.  An access control model for easy management of patient privacy in EHR systems , 2013, 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013).

[28]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[29]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[30]  Xiang-Yang Li,et al.  Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption , 2015, IEEE Trans. Inf. Forensics Secur..

[31]  Brent Waters,et al.  Online/Offline Attribute-Based Encryption , 2014, IACR Cryptol. ePrint Arch..