Security framework for portable NFC mobile based health record system

A portable healthcard on the patient mobile device can integrate Patient Health Records (PHRs) dispersed on various Hospital Information Systems (HIS) to provide a highly available medical history for correct diagnosis and treatment. In this paper, we present a broad overview of the design issues for the security framework of a novel NFC and Secure Element-based healthcard on a mobile device known as S-MAPLE (Secure Mobility-Assisted PortabLE) healthcard. We provide detailed design for Role-Based Access Control (RBAC) with selective read and write access. Evaluation results on Android-based devices indicate satisfactory performance results for delays due to security overheads.

[1]  Prateek Mittal,et al.  EASiER: encryption-based access control in social networks with efficient revocation , 2011, ASIACCS '11.

[2]  Steven J. Murdoch,et al.  Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks , 2007, USENIX Security Symposium.

[3]  Tooska Dargahi,et al.  On the Feasibility of Attribute-Based Encryption on Smartphone Devices , 2015, IoT-Sys@MobiSys.

[4]  Eric S. Hall,et al.  Enabling remote access to personal electronic medical records. , 2003, IEEE engineering in medicine and biology magazine : the quarterly magazine of the Engineering in Medicine & Biology Society.

[5]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[6]  Reihaneh Safavi-Naini,et al.  Privacy preserving EHR system using attribute-based infrastructure , 2010, CCSW '10.

[7]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[8]  Liaojun Pang,et al.  A Survey of Research Progress and Development Tendency of Attribute-Based Encryption , 2014, TheScientificWorldJournal.

[9]  Daya Gupta,et al.  NFC based secure mobile healthcare system , 2014, 2014 Sixth International Conference on Communication Systems and Networks (COMSNETS).

[10]  Robert H. Deng,et al.  A smart-card-enabled privacy preserving E-prescription system , 2004, IEEE Transactions on Information Technology in Biomedicine.

[11]  Nikita Borisov,et al.  PIRATTE: Proxy-based Immediate Revocation of ATTribute-based Encryption , 2012, ArXiv.

[12]  Matthew Green,et al.  Securing electronic medical records using attribute-based encryption on mobile devices , 2011, SPSM '11.

[13]  Ahmad-Reza Sadeghi,et al.  Securing the Access to Electronic Health Records on Mobile Phones , 2011, BIOSTEC.

[14]  Busra Ozdenizci,et al.  A Survey on Near Field Communication (NFC) Technology , 2012, Wireless Personal Communications.

[15]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[16]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.