Top

Telecommunication Systems

Published in:

29-06-2023

Secure fine grained access control for telecare medical communication system

Authors: Amitesh Kumar Pandit, Kakali Chatterjee, Ashish Singh

Published in: Telecommunication Systems | Issue 1/2023

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Modern healthcare institutions are now equipped to provide telecare services because of substantial improvements in telecommunication. Numerous services are provided through the telecare system. For efficient utilization of telecare service, Personal Health Information (PHI) must be shared among various stakeholders. Due to sensitiveness of healthcare data, sharing may create a slew of security and privacy challenges. The Attribute-Based Access Control (ABAC) seems an appropriate cryptographic solution. But, a small amount of healthcare data may reveal a patient’s identity or other information. The minimum amount of PHI sharing is recommended to maintain an individual’s privacy. However, the existing ABAC does not support partial access control on PHI. They either allow access to the entire PHI or restrict it completely. To achieve this finest level of access control, if ABAC applies on each data attribute separately, it will increase computation and communication overhead. Therefore, existing ABAC protocols are unsuitable for a Telecare Medical Communication System (TMCS). The paper proposes a fine-grain access control framework for TMCS based on Multi-authority Attribute Based Access Control. It provides partial access control over PHI and assures the security and privacy of PHI. During the PHI access phase, multiple attribute authorities perform most of the computation simultaneously, increasing the present scheme’s efficiency and scalability. Further, symmetric bilinear pairing enhances its efficiency and makes it suitable for resource constraint environments. The k-out-of-n oblivious transfer protocol hides the data access pattern and maintains privacy. Security analysis proves that the present scheme is secure under the hardness of the discrete logarithm problem and the Decisional Bilinear Diffie–Hellman assumption.

next article Multiserver call center retrial queue under Bernoulli vacation schedule with two-way communication and orbital search

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Gunal, M. M., & Karatas, M. (2019). Industry 4.0, digitisation in manufacturing, and simulation: A review of the literature. Simulation for Industry 4.0: Past, Present, and Future. https://doi.org/10.1007/978-3-030-04137-3_2

Karatas, M., Eriskin, L., Deveci, M., Pamucar, D., & Garg, H. (2022). Big data for healthcare industry 4.0: Applications, challenges and future perspectives. Expert Systems with Applications, 200, 116912.

Eriskin, L., Karatas, M., & Zheng, Y.-J. (2022). A robust multi-objective model for healthcare resource management and location planning during pandemics. Annals of Operations Research. https://doi.org/10.1007/s10479-022-04760-x

Karatas, M., Erişkin, L., & Bozkaya, E. (2022). Transportation and location planning during epidemics/pandemics: Emerging problems and solution approaches. IEEE Transactions on Intelligent Transportation Systems, 23(12), 25139–25156.CrossRef

Health information privacy. https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html. Accessed March, 2023

Jayasri, T., Manasa Manvitha, M., Shalima, S., & Anil, J. (2022). Maintenance of personal health record system with cipher text policy attribute-based encryption and quick decryption. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 13(03), 1131–1138.

Hamsanandhini, S., Eswaran, M., & Varanambika, V. (2022). Health record maintenance using cloud computing and multi authority attribute based encryption. In 2022 International conference on computer communication and informatics (ICCCI) (pp. 01–08). IEEE.

Singh, A., & Chatterjee, K. (2017). Cloud security issues and challenges: A survey. Journal of Network and Computer Applications, 79, 88–115.CrossRef

Singh, A., & Chatterjee, K. (2019). Security and privacy issues of electronic healthcare system: A survey. Journal of Information and Optimization Sciences, 40(8), 1709–1729.CrossRef

10.

Singh, A., & Chatterjee, K. (2021). Securing smart healthcare system with edge computing. Computers and Security, 108, 102353.CrossRef

11.

Kundalwal, M. K., Singh, A., & Chatterjee, K. (2018). A privacy framework in cloud computing for healthcare data. In 2018 International conference on advances in computing, communication control and networking (ICACCCN) (pp. 58–63). IEEE.

12.

Singh, A., & Chatterjee, K. (2020). An adaptive mutual trust based access control model for electronic healthcare system. Journal of Ambient Intelligence and Humanized Computing, 11, 2117–2136.CrossRef

13.

Singh, A., & Chatterjee, K. (2017). A mutual trust based access control framework for securing electronic healthcare system. In 2017 14th IEEE India council international conference (INDICON), (pp. 1–6). IEEE.

14.

Singh, A., & Chatterjee, K. (2019). Rtbac: A new approach for securing electronic healthcare system. In 2019 International conference on computing, power and communication technologies (GUCON) (pp. 269–273). IEEE.

15.

Singh, A., & Chatterjee, K. (2019). Trust based access control model for securing electronic healthcare system. Journal of Ambient Intelligence and Humanized Computing, 10, 4547–4565.CrossRef

16.

Singh, A., Chandra, U., Kumar, S., & Chatterjee, K. (2019). A secure access control model for e-health cloud. In TENCON 2019-2019 IEEE Region 10 conference (TENCON) (pp. 2329–2334). IEEE.

17.

Singh, A., & Chatterjee, K. (2019). Itrust: Identity and trust based access control model for healthcare system security. Multimedia Tools and Applications, 78(19), 28309–28330.CrossRef

18.

Chaudhary, R. R. K., & Chatterjee, K. (2020). An efficient lightweight cryptographic technique for iot based e-healthcare system. In 2020 7th International conference on signal processing and integrated networks (SPIN) (pp. 991–995). IEEE.

19.

Kundalwal, M. K., Chatterjee, K., & Singh, A. (2019). An improved privacy preservation technique in health-cloud. ICT Express, 5(3), 167–172.CrossRef

20.

Li, M., Shucheng, Yu., Zheng, Y., Ren, K., & Lou, W. (2012). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems, 24(1), 131–143.CrossRef

21.

Son, S., Lee, J., Kim, M., Yu, S., Das, A. K., & Park, Y. (2020). Design of secure authentication protocol for cloud-assisted telecare medical information system using blockchain. IEEE Access, 8, 192177–192191.CrossRef

22.

Radhakrishnan, N., & Karuppiah, M. (2019). An efficient and secure remote user mutual authentication scheme using smart cards for telecare medical information systems. Informatics in Medicine Unlocked, 16, 100092.CrossRef

23.

Singh, A., & Chatterjee, K. (2017). A multi-dimensional trust and reputation calculation model for cloud computing environments. In 2017 ISEA Asia security and privacy (ISEASP) (pp. 1–8).

24.

Park, J. S., Sandhu, R., & Ahn, G.-J. (2001). Role-based access control on the web. ACM Transactions on Information and System Security (TISSEC), 4(1), 37–71.CrossRef

25.

Kumar, A., Tripathi, S., & Jaiswal, P. (2015). Design of efficient id-based group key agreement protocol suited for pay-tv application. In 2015 International conference on advances in computing, communications and informatics (ICACCI) (pp. 1940–1944). IEEE.

26.

Kumar, A., & Tripathi, S. (2016). Anonymous id-based group key agreement protocol without pairing. International Journal of Network Security, 18(2), 263–273.

27.

Benaloh, J., Chase, M., Horvitz, E., & Lauter, K. (2009). Patient controlled encryption: Ensuring privacy of electronic medical records. In Proceedings of the 2009 ACM workshop on Cloud computing security (pp. 103–114).

28.

Dong, C., Russello, G., & Dulay, N. (2011). Shared and searchable encrypted data for untrusted servers. Journal of Computer Security, 19(3), 367–397.CrossRef

29.

Gritti, C., Refik Molva, M., Susilo, W., & Plantard, T. (2018). Device identification and personal data attestation in networks. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 9(4), 1–25.

30.

Liu, Y., Changqiao, X., Zhan, Y., Liu, Z., Guan, J., & Zhang, H. (2017). Incentive mechanism for computation offloading using edge computing: A stackelberg game approach. Computer Networks, 129, 399–409.CrossRef

31.

Raghavendra, S., Meghana, K., Doddabasappa, P. A., Geeta, C. M., Buyya, R., Venugopal, K. R., Iyengar, S. S., & Patnaik, L. M. (2016). Index generation and secure multi-user access control over an encrypted cloud data. Procedia Computer Science, 89, 293–300.CrossRef

32.

Gokuldev, S., & Leelavathi, S. (2013). Hasbe: A hierarchical attribute-based solution for flexible and scalable access control by separate encryption/decryption in cloud computing. International Journal of Engineering Science and Innovative Technology (IJESIT), 2(3), 139–145.

33.

Liu, Y., Quan, W., Wang, T., & Wang, Yu. (2018). Delay-constrained utility maximization for video ads push in mobile opportunistic d2d networks. IEEE Internet of Things Journal, 5(5), 4088–4099.CrossRef

34.

Kotenko, I. V., Saenko, I., & Branitskiy, A. (2018). Applying big data processing and machine learning methods for mobile internet of things security monitoring. Journal of Internet Services and Information Security, 8(3), 54–63.

35.

Tanwar, S., Parekh, K., & Evans, R. (2020). Blockchain-based electronic healthcare record system for healthcare 4.0 applications. Journal of Information Security and Applications, 50, 102407.CrossRef

36.

Mitra, B., Sural, S., Vaidya, J., & Atluri, V. (2017). Migrating from rbac to temporal rbac. IET Information Security, 11(5), 294–300.CrossRef

37.

Alam, Q., Malik, S. U., Akhunzada, A., Raymond Choo, K.-K., Tabbasum, S., & Alam, M. (2016). A cross tenant access control (ctac) model for cloud computing: formal specification and verification. IEEE Transactions on Information Forensics and Security, 12(6), 1259–1268.CrossRef

38.

Goyal, V., Pandey, O., Sahai, A, & Waters, B. (2006). Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on computer and communications security (pp. 89–980).

39.

Kumar, A., & Verma, R. (2020). Attribute-based authenticated group key transfer protocol without pairing. Wireless Personal Communications, 113(4), 1791–1805.CrossRef

40.

Shi, Y., Zheng, Q., Liu, J., & Han, Z. (2015). Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation. Information Sciences, 295, 221–231.CrossRef

41.

Gupta, M., Awaysheh, F. M., Benson, J., Alazab, M., Patwa, F., & Sandhu, R. (2020). An attribute-based access control for cloud enabled industrial smart vehicles. IEEE Transactions on Industrial Informatics, 17(6), 4288–4297.CrossRef

42.

Li, L., Tianlong, G., Chang, L., Zhoubo, X., Liu, Y., & Qian, J. (2017). A ciphertext-policy attribute-based encryption based on an ordered binary decision diagram. IEEE Access, 5, 1137–1145.CrossRef

43.

Liu, Z., & Wong, D. S. (2016). Practical attribute-based encryption: Traitor tracing, revocation and large universe. The Computer Journal, 59(7), 983–1004.CrossRef

44.

Rana, S., & Mishra, D. (2020). Efficient and secure attribute based access control architecture for smart healthcare. Journal of Medical Systems, 44, 1–11.CrossRef

45.

Liu, J. K., Yuen, T. H., Zhang, P., & Liang, K. (2018). Time-based direct revocable ciphertext-policy attribute-based encryption with short revocation list. In Applied cryptography and network security: 16th international conference, ACNS 2018, Leuven, Belgium, July 2–4, proceedings 16 (pp. 516–534). Springer.

46.

Esposito, C., Santis, A. D., Tortora, G., Chang, H., & Raymond Choo, K.-K. (2018). Blockchain: A panacea for healthcare cloud-based data security and privacy? IEEE Cloud Computing, 5(1), 31–37.CrossRef

47.

Oecd. (2020). Opportunities and challenges of blockchain technologies in health care. https://www.oecd.org/finance/opportunities-and-challenges-of-blockchain-technologies-in-health-care.pdf. Accessed on 29, March 2023.

48.

Di Pietro, R., Salleras, X, Signorini, M., Waisbard, E. (2018). A blockchain-based trust system for the internet of things. In Proceedings of the 23nd ACM on symposium on access control models and technologies (pp. 77–83).

49.

Chen, Z., Weidong, X., Wang, B., & Hua, Yu. (2021). A blockchain-based preserving and sharing system for medical data privacy. Future Generation Computer Systems, 124, 338–350.CrossRef

50.

Lee, T.-F., Li, H.-Z., & Hsieh, Y.-P. (2021). A blockchain-based medical data preservation scheme for telecare medical information systems. International Journal of Information Security, 20, 589–601.CrossRef

51.

Mamo, N., Martin, G. M., Desira, M., Ellul, B., & Ebejer, J.-P. (2020). Dwarna: A blockchain solution for dynamic consent in biobanking. European Journal of Human Genetics, 28(5), 609–626.CrossRef

52.

The European parliament and the council of the European union. general data protection regulation (gdpr)-article 17-right to erasure (’right to be forgotten’). 2018. https://gdpr.eu/article-17-right-to-be-forgotten/. Accessed on March 2023

53.

Ali, Z., Ghani, A., Khan, I., Ashraf Chaudhry, S., Hafizul Islam, S. K., & Giri, D. (2020). A robust authentication and access control protocol for securing wireless healthcare sensor networks. Journal of Information Security and Applications, 52, 102502.CrossRef

54.

Dharminder, D., Mishra, D., & Li, X. (2020). Construction of rsa-based authentication scheme in authorized access to healthcare services: Authorized access to healthcare services. Journal of Medical Systems, 44, 1–9.CrossRef

55.

Gupta, B. B., Prajapati, V., Nedjah, N., Vijayakumar, P., Abd El-Latif, A. A., & Chang, X. (2021). Machine learning and smart card based two-factor authentication scheme for preserving anonymity in telecare medical information system (tmis). Neural Computing and Applications, 1–26.

56.

Ahamad, S. S., Al-Shehri, M., & Keshta, I. (2022). A secure and resilient scheme for telecare medical information systems with threat modeling and formal verification. IEEE Access, 10, 120227–120244.CrossRef

57.

Xiao, L., Xie, S., Han, D., Liang, W., Guo, J., & Chou, W.-K. (2021). A lightweight authentication scheme for telecare medical information system. Connection Science, 33(3), 769–785.CrossRef

58.

Kumar, C. M., Amin, R., & Brindha, M. (2023). Cryptanalysis of secure ecc-based three factor mutual authentication protocol for telecare medical information system. Cyber Security and Applications, 1, 100013.CrossRef

59.

Servos, D., & Osborn, S. L. (2017). Current research and open problems in attribute-based access control. ACM Computing Surveys (CSUR), 49(4), 1–45.CrossRef

60.

Pool, J., Akhlaghpour, S., Fatehi, F., & Gray, L. C. (2022). Data privacy concerns and use of telehealth in the aged care context: An integrative review and research agenda. International Journal of Medical Informatics, 104707.

61.

Kumar, P., Alphonse, P. J. A., et al. (2018). Attribute based encryption in cloud computing: A survey, gap analysis, and future directions. Journal of Network and Computer Applications, 108, 37–52.CrossRef

62.

Namasudra, S., Devi, D., Choudhary, S., Patan, R., & Kallam, S. (2018). Security, privacy, trust, and anonymity. In Advances of DNA computing in cryptography (pp. 138–150). Chapman and Hall/CRC.

63.

Namasudra, S. (2020). Fast and secure data accessing by using dna computing for the cloud environment. IEEE Transactions on Services Computing, 15(4), 2289–2300.CrossRef

64.

Yan, Z., Li, X., Kantola, R. (2017). Heterogeneous data access control based on trust and reputation in mobile cloud computing. In Advances in mobile cloud computing and big data in the 5G era (pp. 65–113).

65.

Chatterjee, K. (2017). An efficient biometric based remote user authentication technique for multi-server environment. Wireless Personal Communications, 97, 4729–4745.CrossRef

66.

Behera, P. K., & Khilar, P. M. (2017). A novel trust based access control model for cloud environment. In Proceedings of the international conference on signal, networks, computing, and systems: ICSNCS 2016, (Vol. 1, pp. 285–295). Springer.

67.

Au, M. H., Hon Yuen, T., Liu, J. K., Susilo, W., Huang, X., Xiang, Y., & Jiang, Z. L. (2017). A general framework for secure sharing of personal health records in cloud system. Journal of Computer and System Sciences, 90, 46–62.

Title: Secure fine grained access control for telecare medical communication system
Authors: Amitesh Kumar Pandit
Kakali Chatterjee
Ashish Singh
Publication date: 29-06-2023
Publisher: Springer US
Published in: Telecommunication Systems / Issue 1/2023
Print ISSN: 1018-4864
Electronic ISSN: 1572-9451
DOI: https://doi.org/10.1007/s11235-023-01033-1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2023

Post-quantum secure authenticated key agreement protocol for wireless sensor networks

A deep learning-based antenna selection approach in MIMO system

Multiserver call center retrial queue under Bernoulli vacation schedule with two-way communication and orbital search

A new formal approach for performance evaluation of green MAC protocol in energy harvesting WSNs

Performance improvement for DCO-OFDM and ACO-OFDM systems using symbol time compression

Energy-efficiency schemes for base stations in 5G heterogeneous networks: a systematic literature review