Anonymous role-based access control on E-health records

Xingguang Zhou; Jianwei Liu; Weiran Liu; Qianhong Wu

doi:10.1145/2897845.2897871

Anonymous role-based access control on E-health records

Xingguang Zhou
, Jianwei Liu^*
, Weiran Liu
, Qianhong Wu

^*Corresponding author for this work

School of Cyber Science and Technology

Beihang University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

26 Scopus citations

Abstract

Electronic Health Record (EHR) system facilitates us a lot for health record management. Privacy risk of patients' records is the dominating obstacle in the widely deployed EHRs. Role-based access control (RBAC) schemes offer an access control on EHRs according to one's role. Only the medical staff with roles satisfying the specified access policies can read EHRs. In existing schemes, attackers can link patients' identities to their doctors. Therefore, the classification of patients' diseases are leaked without actually knowing patients' EHRs. To address this problem, we present an anonymous RBAC scheme. Not only it achieves flexible access control, but also realizes privacy-preserving for individuals. Moreover, our scheme maintains the property of constant size for the encapsulated EHRs. The proposed security models with semantic security and anonymity can be proven under decisional bilinear group assumptions. Besides, we provide an approach for EHR owners to search out their targeted EHR in the anonymous system. For better user experience, we apply "online/offline" approach to speed up data processing in our scheme. Experimental results show that the time consumption for key generation and EHR encapsulation can be done in milliseconds.

Original language	English
Title of host publication	ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security
Publisher	Association for Computing Machinery, Inc
Pages	559-570
Number of pages	12
ISBN (Electronic)	9781450342339
DOIs	https://doi.org/10.1145/2897845.2897871
State	Published - 30 May 2016
Event	11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016 - Xi'an, China Duration: 30 May 2016 → 3 Jun 2016

Publication series

Name	ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security

Conference

Conference	11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016
Country/Territory	China
City	Xi'an
Period	30/05/16 → 3/06/16

Keywords

Access control
Anonymous
E-health record
Online/offline

Access to Document

10.1145/2897845.2897871

Cite this

Zhou, X., Liu, J., Liu, W., & Wu, Q. (2016). Anonymous role-based access control on E-health records. In ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security (pp. 559-570). (ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/2897845.2897871

Zhou, Xingguang ; Liu, Jianwei ; Liu, Weiran et al. / Anonymous role-based access control on E-health records. ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2016. pp. 559-570 (ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security).

@inproceedings{6f27d977603143acbe68e727e5a20cda,

title = "Anonymous role-based access control on E-health records",

abstract = "Electronic Health Record (EHR) system facilitates us a lot for health record management. Privacy risk of patients' records is the dominating obstacle in the widely deployed EHRs. Role-based access control (RBAC) schemes offer an access control on EHRs according to one's role. Only the medical staff with roles satisfying the specified access policies can read EHRs. In existing schemes, attackers can link patients' identities to their doctors. Therefore, the classification of patients' diseases are leaked without actually knowing patients' EHRs. To address this problem, we present an anonymous RBAC scheme. Not only it achieves flexible access control, but also realizes privacy-preserving for individuals. Moreover, our scheme maintains the property of constant size for the encapsulated EHRs. The proposed security models with semantic security and anonymity can be proven under decisional bilinear group assumptions. Besides, we provide an approach for EHR owners to search out their targeted EHR in the anonymous system. For better user experience, we apply {"}online/offline{"} approach to speed up data processing in our scheme. Experimental results show that the time consumption for key generation and EHR encapsulation can be done in milliseconds.",

keywords = "Access control, Anonymous, E-health record, Online/offline",

author = "Xingguang Zhou and Jianwei Liu and Weiran Liu and Qianhong Wu",

note = "Publisher Copyright: {\textcopyright} 2016 ACM.; 11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016 ; Conference date: 30-05-2016 Through 03-06-2016",

year = "2016",

month = may,

day = "30",

doi = "10.1145/2897845.2897871",

language = "英语",

series = "ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "559--570",

booktitle = "ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security",

}

Zhou, X, Liu, J, Liu, W & Wu, Q 2016, Anonymous role-based access control on E-health records. in ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security. ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 559-570, 11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016, Xi'an, China, 30/05/16. https://doi.org/10.1145/2897845.2897871

Anonymous role-based access control on E-health records. / Zhou, Xingguang; Liu, Jianwei; Liu, Weiran et al.
ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2016. p. 559-570 (ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Anonymous role-based access control on E-health records

AU - Zhou, Xingguang

AU - Liu, Jianwei

AU - Liu, Weiran

AU - Wu, Qianhong

PY - 2016/5/30

Y1 - 2016/5/30

N2 - Electronic Health Record (EHR) system facilitates us a lot for health record management. Privacy risk of patients' records is the dominating obstacle in the widely deployed EHRs. Role-based access control (RBAC) schemes offer an access control on EHRs according to one's role. Only the medical staff with roles satisfying the specified access policies can read EHRs. In existing schemes, attackers can link patients' identities to their doctors. Therefore, the classification of patients' diseases are leaked without actually knowing patients' EHRs. To address this problem, we present an anonymous RBAC scheme. Not only it achieves flexible access control, but also realizes privacy-preserving for individuals. Moreover, our scheme maintains the property of constant size for the encapsulated EHRs. The proposed security models with semantic security and anonymity can be proven under decisional bilinear group assumptions. Besides, we provide an approach for EHR owners to search out their targeted EHR in the anonymous system. For better user experience, we apply "online/offline" approach to speed up data processing in our scheme. Experimental results show that the time consumption for key generation and EHR encapsulation can be done in milliseconds.

AB - Electronic Health Record (EHR) system facilitates us a lot for health record management. Privacy risk of patients' records is the dominating obstacle in the widely deployed EHRs. Role-based access control (RBAC) schemes offer an access control on EHRs according to one's role. Only the medical staff with roles satisfying the specified access policies can read EHRs. In existing schemes, attackers can link patients' identities to their doctors. Therefore, the classification of patients' diseases are leaked without actually knowing patients' EHRs. To address this problem, we present an anonymous RBAC scheme. Not only it achieves flexible access control, but also realizes privacy-preserving for individuals. Moreover, our scheme maintains the property of constant size for the encapsulated EHRs. The proposed security models with semantic security and anonymity can be proven under decisional bilinear group assumptions. Besides, we provide an approach for EHR owners to search out their targeted EHR in the anonymous system. For better user experience, we apply "online/offline" approach to speed up data processing in our scheme. Experimental results show that the time consumption for key generation and EHR encapsulation can be done in milliseconds.

KW - Access control

KW - Anonymous

KW - E-health record

KW - Online/offline

UR - https://www.scopus.com/pages/publications/84979658429

U2 - 10.1145/2897845.2897871

DO - 10.1145/2897845.2897871

M3 - 会议稿件

AN - SCOPUS:84979658429

T3 - ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security

SP - 559

EP - 570

BT - ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

T2 - 11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016

Y2 - 30 May 2016 through 3 June 2016

ER -

Zhou X, Liu J, Liu W, Wu Q. Anonymous role-based access control on E-health records. In ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2016. p. 559-570. (ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security). doi: 10.1145/2897845.2897871

Anonymous role-based access control on E-health records

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this