Privacy-Preserving Data Sharing using Multi-layer Access Control Model in Electronic Health Environment

Electronic Health Data (EHD) is an emerging health information exchange model that facilitates healthcare providers and patients to efficiently store and share their private healthcare information from any place and at any time as per demand. Generally, Cloud services provide the infrastructure by reducing the cost of storing, processing and updating information with improved efficiency and quality. However, the privacy of Electronic Health Records (EHR) is a significant hurdle while outsourcing private health data in the cloud because there is a higher peril of leaking health information to unauthorized parties. Several existing techniques are able to analyse the security and privacy issues associated with e-healthcare services. These methods are designed for single database, or databases, with an authentication centre and thus cannot adequately protect the data from insider attacks. Therefore, this research study mainly focusses on how to ensure the patient privacy while sharing the sensitive data between same or different organisations as well as healthcare providers in a cloud environment. This paper proposes a multi-layer access control mechanism named MLAC Model to construct a secure and privacy-preserving EHR system that enables patients to share their data with stakeholders. In this paper, we use a Dual layer access control model named Pseudo-Role Attribute based access control (PR-ABAC) mechanism that integrates attributes with roles for the secure sharing of EHR between multiple collaborators. The proposed framework also uses the concept of Provenance to ensure the Integrity of patient data. This work is expected to provide a foundation for developing security solutions against cyber-attacks, and thus contribute to the robustness of healthcare information sharing environments. Received on 08 February 2019; accepted on 20 May 2019; published on 04 July 2019

[1]  Yanchun Zhang,et al.  A flexible payment scheme and its role-based access control , 2005, IEEE Transactions on Knowledge and Data Engineering.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Yanchun Zhang,et al.  On Secure Wireless Communications for Service Oriented Computing , 2018, IEEE Transactions on Services Computing.

[4]  Xuemin Shen,et al.  SPS: Secure personal health information sharing with patient-centric access control in cloud computing , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[5]  Rajendra K. Raj,et al.  Secure Access Control for Health Information Sharing Systems , 2013, 2013 IEEE International Conference on Healthcare Informatics.

[6]  Hua Wang,et al.  Trust-Involved Access Control in Collaborative Open Social Networks , 2010, 2010 Fourth International Conference on Network and System Security.

[7]  Mohiuddin Ahmed,et al.  False Data Injection Attacks in Healthcare , 2017, AusDM.

[8]  Ruoyu Wu,et al.  Secure sharing of electronic health records in clouds , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[9]  Jameela Al-Jaroodi,et al.  e-Health Cloud: Opportunities and Challenges , 2012, Future Internet.

[10]  Elisa Bertino,et al.  Multiparty privacy protection for electronic health records , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[11]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[12]  D. Richard Kuhn,et al.  Adding Attributes to Role-Based Access Control , 2010, Computer.

[13]  Georgios Kambourakis,et al.  Special issue on Security, Privacy and Trust in network-based Big Data , 2015, Inf. Sci..

[14]  Song Guo,et al.  Privacy-Preserving Access to Big Data in the Cloud , 2016, IEEE Cloud Computing.

[15]  Hua Wang,et al.  Microaggregation Sorting Framework for K-Anonymity Statistical Disclosure Control in Cloud Computing , 2020, IEEE Transactions on Cloud Computing.

[16]  Samee Ullah Khan,et al.  > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 , 2008 .

[17]  Milan Petkovic,et al.  Secure management of personal health records by applying attribute-based encryption , 2009, Proceedings of the 6th International Workshop on Wearable, Micro, and Nano Technologies for Personalized Health.

[18]  Reihaneh Safavi-Naini,et al.  Privacy preserving EHR system using attribute-based infrastructure , 2010, CCSW '10.

[19]  Elisa Bertino,et al.  Building access control policy model for privacy preserving and testing policy conflicting problems , 2014, J. Comput. Syst. Sci..

[20]  Hua Wang,et al.  Extended k-anonymity models against sensitive attribute disclosure , 2011, Comput. Commun..

[21]  Clemens Scott Kruse,et al.  Impact of Electronic Health Records on Long-Term Care Facilities: Systematic Review , 2017, JMIR medical informatics.

[22]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[23]  Xiaohong Jiang,et al.  Secure k-NN Query on Encrypted Cloud Data with Multiple Keys , 2017 .

[24]  Vladimir A. Oleshchuk,et al.  A Patient-Centric Attribute Based Access Control Scheme for Secure Sharing of Personal Health Records Using Cloud Computing , 2016, 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC).

[25]  Hua Wang,et al.  Semantic access control for cloud computing based on e-Healthcare , 2012, Proceedings of the 2012 IEEE 16th International Conference on Computer Supported Cooperative Work in Design (CSCWD).

[26]  R.T.Subhalakshmi,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption , 2016 .

[27]  Jiankun Hu,et al.  A novel statistical technique for intrusion detection systems , 2018, Future Gener. Comput. Syst..

[28]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[29]  Hua Wang,et al.  Privacy-Preserving Task Recommendation Services for Crowdsourcing , 2021, IEEE Transactions on Services Computing.

[30]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[31]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[32]  Hans-Ulrich Prokosch,et al.  A scoping review of cloud computing in healthcare , 2015, BMC Medical Informatics and Decision Making.