Skip to main content

2017 | OriginalPaper | Buchkapitel

Secure Role-Based Access Control over Outsourced EMRs Against Unwanted Leakage

verfasst von : Xingguang Zhou, Jie Chen, Zongyang Zhang, Jianwei Liu, Qianhong Wu

Erschienen in: Cyberspace Safety and Security

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Along with large scale deployment of electronic medical record systems, huge amount of health data is collected. To protect the sensitive information, it must be securely stored and accessed. Considering secure storage on cloud servers, we summary a series of attack behaviors and present the security model against many types of unwanted privacy leakage. In this model, the privacy of unleaked medical records is guaranteed, and the influences of privacy leakage are confined in a strict manner. We also propose a role-based access control scheme for hierarchical healthcare organizations to achieve flexible access on these private records. One can access medical records only if his role satisfies the defined access policy, which implies a fine-grained access control. Theoretical and experimental analyses show the efficiency of our scheme in terms of computation and communication.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: CCS 2008, pp. 417–426. ACM (2008) Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: CCS 2008, pp. 417–426. ACM (2008)
2.
Zurück zum Zitat Li, M., Yu, S., Zheng, Y.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)CrossRef Li, M., Yu, S., Zheng, Y.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)CrossRef
3.
Zurück zum Zitat Yao, X., Han, X., Du, X.: A lightweight multicast authentication mechanism for small scale iot applications. IEEE Sens. J. 13(10), 3693–3701 (2013)CrossRef Yao, X., Han, X., Du, X.: A lightweight multicast authentication mechanism for small scale iot applications. IEEE Sens. J. 13(10), 3693–3701 (2013)CrossRef
4.
Zurück zum Zitat Mont, M.C., Bramhall, P., Harrison, K.: A flexible role-based secure messaging service: exploiting IBE technology for privacy in health care. In: International Workshop on Database and Expert Systems Applications, pp. 432–437. IEEE Computer Society (2003) Mont, M.C., Bramhall, P., Harrison, K.: A flexible role-based secure messaging service: exploiting IBE technology for privacy in health care. In: International Workshop on Database and Expert Systems Applications, pp. 432–437. IEEE Computer Society (2003)
6.
Zurück zum Zitat Narayan, S., Gagné, M., Safavi-Naini, R.: Privacy preserving EHR system using attribute-based infrastructure. In: CCSW 2010, pp. 47–52. ACM (2010) Narayan, S., Gagné, M., Safavi-Naini, R.: Privacy preserving EHR system using attribute-based infrastructure. In: CCSW 2010, pp. 47–52. ACM (2010)
7.
Zurück zum Zitat Mao, B.B., Sun, Y.F.: Role based access control model. Comput. Sci. 30(1), 121–123 (2003) Mao, B.B., Sun, Y.F.: Role based access control model. Comput. Sci. 30(1), 121–123 (2003)
8.
Zurück zum Zitat Motta, G.H.M.B., Furuie, S.S.: A contextual role-based access control authorization model for electronic patient record. IEEE Trans. Inf. Technol. Biomed. 7(3), 202–207 (2003)CrossRef Motta, G.H.M.B., Furuie, S.S.: A contextual role-based access control authorization model for electronic patient record. IEEE Trans. Inf. Technol. Biomed. 7(3), 202–207 (2003)CrossRef
9.
Zurück zum Zitat Qin, B., Liu, S.: Leakage-flexible CCA-secure public-key encryption: simple construction and free of pairing. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 19–36. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54631-0_2 CrossRef Qin, B., Liu, S.: Leakage-flexible CCA-secure public-key encryption: simple construction and free of pairing. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 19–36. Springer, Heidelberg (2014). doi:10.​1007/​978-3-642-54631-0_​2 CrossRef
10.
Zurück zum Zitat Paterson, K.G., Schuldt, J.C.N., Sibborn, D.L.: Related randomness attacks for public key encryption. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 465–482. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54631-0_27 CrossRef Paterson, K.G., Schuldt, J.C.N., Sibborn, D.L.: Related randomness attacks for public key encryption. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 465–482. Springer, Heidelberg (2014). doi:10.​1007/​978-3-642-54631-0_​27 CrossRef
11.
Zurück zum Zitat Hoang, V.T., Katz, J., O’Neill, A., Zaheri, M.: Selective-opening security in the presence of randomness failures. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 278–306. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53890-6_10 CrossRef Hoang, V.T., Katz, J., O’Neill, A., Zaheri, M.: Selective-opening security in the presence of randomness failures. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 278–306. Springer, Heidelberg (2016). doi:10.​1007/​978-3-662-53890-6_​10 CrossRef
12.
Zurück zum Zitat Bellare, M., Tackmann, B.: Nonce-based cryptography: retaining security when randomness fails. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 729–757. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49890-3_28 CrossRef Bellare, M., Tackmann, B.: Nonce-based cryptography: retaining security when randomness fails. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 729–757. Springer, Heidelberg (2016). doi:10.​1007/​978-3-662-49890-3_​28 CrossRef
13.
Zurück zum Zitat Albrecht, M.R., Paterson, K.G.: Lucky microseconds: a timing attack on Amazon’s s2n implementation of TLS. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 622–643. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49890-3_24 CrossRef Albrecht, M.R., Paterson, K.G.: Lucky microseconds: a timing attack on Amazon’s s2n implementation of TLS. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 622–643. Springer, Heidelberg (2016). doi:10.​1007/​978-3-662-49890-3_​24 CrossRef
14.
Zurück zum Zitat Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: CCS, CCS 2006, pp. 89–98 (2006) Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: CCS, CCS 2006, pp. 89–98 (2006)
15.
Zurück zum Zitat Nabeel, M., Bertino, E.: Privacy preserving delegated access control in the storage as a service model. In: International Conference on Information Reuse and Integration 2012, pp. 645–652. IEEE (2012) Nabeel, M., Bertino, E.: Privacy preserving delegated access control in the storage as a service model. In: International Conference on Information Reuse and Integration 2012, pp. 645–652. IEEE (2012)
16.
Zurück zum Zitat Wan, Z., e Liu, J., Deng, R.H.: Hasbe: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012)CrossRef Wan, Z., e Liu, J., Deng, R.H.: Hasbe: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012)CrossRef
17.
Zurück zum Zitat Wang, H., He, D., Shen, J., Zheng, Z., Zhao, C., Zhao, M.: Verifiable outsourced ciphertext-policy attribute-based encryption in cloud computing. Soft Comput. 1–11 (2016) Wang, H., He, D., Shen, J., Zheng, Z., Zhao, C., Zhao, M.: Verifiable outsourced ciphertext-policy attribute-based encryption in cloud computing. Soft Comput. 1–11 (2016)
18.
Zurück zum Zitat Barua, M., Liang, X., Lu, R., Shen, X.: Peace: an efficient and secure patient-centric access control scheme for ehealth care system. In: INFOCOM WKSHPS 2011, pp. 970–975. IEEE (2011) Barua, M., Liang, X., Lu, R., Shen, X.: Peace: an efficient and secure patient-centric access control scheme for ehealth care system. In: INFOCOM WKSHPS 2011, pp. 970–975. IEEE (2011)
19.
Zurück zum Zitat Yeh, L.Y., Chiang, P.Y., Tsai, Y.L., Huang, J.L.: Cloud-based fine-grained health information access control framework for lightweight IOT devices with dynamic auditing and attribute revocation. IEEE Trans. Cloud Comput. 1(1) (2015) Yeh, L.Y., Chiang, P.Y., Tsai, Y.L., Huang, J.L.: Cloud-based fine-grained health information access control framework for lightweight IOT devices with dynamic auditing and attribute revocation. IEEE Trans. Cloud Comput. 1(1) (2015)
20.
Zurück zum Zitat Guo, L., Zhang, C., Sun, J., Fang, Y.: Paas: a privacy-preserving attribute-based authentication system for ehealth networks. In: ICDCS 2012, pp. 224–233. IEEE (2012) Guo, L., Zhang, C., Sun, J., Fang, Y.: Paas: a privacy-preserving attribute-based authentication system for ehealth networks. In: ICDCS 2012, pp. 224–233. IEEE (2012)
21.
Zurück zum Zitat Liu, W., Liu, X., Liu, J., Wu, Q., Zhang, J., Li, Y.: Auditing and revocation enabled role-based access control over outsourced private ehrs. In: HPCC 2015, pp. 336–341. IEEE (2015) Liu, W., Liu, X., Liu, J., Wu, Q., Zhang, J., Li, Y.: Auditing and revocation enabled role-based access control over outsourced private ehrs. In: HPCC 2015, pp. 336–341. IEEE (2015)
22.
Zurück zum Zitat Zhou, X., Liu, J., Liu, W., Wu, Q.: Anonymous role-based access control on e-health records. In: AsiaCCS 2016, pp. 559–570. ACM (2016) Zhou, X., Liu, J., Liu, W., Wu, Q.: Anonymous role-based access control on e-health records. In: AsiaCCS 2016, pp. 559–570. ACM (2016)
23.
Zurück zum Zitat Liu, W., Liu, J., Wu, Q., Qin, B.: Hierarchical identity-based broadcast encryption. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 242–257. Springer, Cham (2014). doi:10.1007/978-3-319-08344-5_16 Liu, W., Liu, J., Wu, Q., Qin, B.: Hierarchical identity-based broadcast encryption. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 242–257. Springer, Cham (2014). doi:10.​1007/​978-3-319-08344-5_​16
24.
Zurück zum Zitat Qin, B., Liu, S.: Leakage-resilient chosen-ciphertext secure public-key encryption from hash proof system and one-time lossy filter. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 381–400. Springer, Heidelberg (2013). doi:10.1007/978-3-642-42045-0_20 CrossRef Qin, B., Liu, S.: Leakage-resilient chosen-ciphertext secure public-key encryption from hash proof system and one-time lossy filter. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 381–400. Springer, Heidelberg (2013). doi:10.​1007/​978-3-642-42045-0_​20 CrossRef
26.
Zurück zum Zitat Fehr, S., Hofheinz, D., Kiltz, E., Wee, H.: Encryption schemes secure against chosen-ciphertext selective opening attacks. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 381–402. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13190-5_20 CrossRef Fehr, S., Hofheinz, D., Kiltz, E., Wee, H.: Encryption schemes secure against chosen-ciphertext selective opening attacks. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 381–402. Springer, Heidelberg (2010). doi:10.​1007/​978-3-642-13190-5_​20 CrossRef
27.
Zurück zum Zitat Hemenway, B., Libert, B., Ostrovsky, R., Vergnaud, D.: Lossy encryption: constructions from general assumptions and efficient selective opening chosen ciphertext security. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 70–88. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25385-0_4 CrossRef Hemenway, B., Libert, B., Ostrovsky, R., Vergnaud, D.: Lossy encryption: constructions from general assumptions and efficient selective opening chosen ciphertext security. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 70–88. Springer, Heidelberg (2011). doi:10.​1007/​978-3-642-25385-0_​4 CrossRef
28.
29.
Zurück zum Zitat Bellare, M., Waters, B., Yilek, S.: Identity-based encryption secure against selective opening attack. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 235–252. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19571-6_15 CrossRef Bellare, M., Waters, B., Yilek, S.: Identity-based encryption secure against selective opening attack. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 235–252. Springer, Heidelberg (2011). doi:10.​1007/​978-3-642-19571-6_​15 CrossRef
30.
Zurück zum Zitat Lai, J., Deng, R.H., Liu, S., Weng, J., Zhao, Y.: Identity-based encryption secure against selective opening chosen-ciphertext attack. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 77–92. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55220-5_5 CrossRef Lai, J., Deng, R.H., Liu, S., Weng, J., Zhao, Y.: Identity-based encryption secure against selective opening chosen-ciphertext attack. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 77–92. Springer, Heidelberg (2014). doi:10.​1007/​978-3-642-55220-5_​5 CrossRef
31.
Zurück zum Zitat Chen, Y., Zhang, Z., Lin, D., Cao, Z.: Generalized (identity-based) hash proof system and its applications. Secur. Commun. Netw. 9(12), 1698–1716 (2016)CrossRef Chen, Y., Zhang, Z., Lin, D., Cao, Z.: Generalized (identity-based) hash proof system and its applications. Secur. Commun. Netw. 9(12), 1698–1716 (2016)CrossRef
32.
Zurück zum Zitat Gentry, C.: Practical identity-based encryption without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006). doi:10.1007/11761679_27 CrossRef Gentry, C.: Practical identity-based encryption without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006). doi:10.​1007/​11761679_​27 CrossRef
33.
34.
Zurück zum Zitat Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable encryption. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 90–104. Springer, Heidelberg (1997). doi:10.1007/BFb0052229 CrossRef Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable encryption. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 90–104. Springer, Heidelberg (1997). doi:10.​1007/​BFb0052229 CrossRef
35.
Zurück zum Zitat Du, X., Xiao, Y., Guizani, M., Chen, H.H.: An effective key management scheme for heterogeneous sensor networks. Ad Hoc Netw. 5(1), 24–34 (2007)CrossRef Du, X., Xiao, Y., Guizani, M., Chen, H.H.: An effective key management scheme for heterogeneous sensor networks. Ad Hoc Netw. 5(1), 24–34 (2007)CrossRef
36.
Zurück zum Zitat Du, X., Guizani, M., Xiao, Y., Chen, H.H.: A routing-driven elliptic curve cryptography based key management scheme for heterogeneous sensor networks. IEEE Trans. Wireless Commun. 2(5), 1223–1229 (2011) Du, X., Guizani, M., Xiao, Y., Chen, H.H.: A routing-driven elliptic curve cryptography based key management scheme for heterogeneous sensor networks. IEEE Trans. Wireless Commun. 2(5), 1223–1229 (2011)
Metadaten
Titel
Secure Role-Based Access Control over Outsourced EMRs Against Unwanted Leakage
verfasst von
Xingguang Zhou
Jie Chen
Zongyang Zhang
Jianwei Liu
Qianhong Wu
Copyright-Jahr
2017
DOI
https://doi.org/10.1007/978-3-319-69471-9_30