Skip to main content
Springer Nature Link
Log in

A Fine-Grained Access Control Scheme for Electronic Health Records Based on Roles and Attributes

  • Conference paper
  • First Online:
Ubiquitous Security (UbiSec 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1557))

Included in the following conference series:

Abstract

The electronic medical cloud system has shown its potential to improve the quality of medical care and personal life. At present, there are mainly two forms of access control to electronic medical cloud systems: role-based access control (RBAC) and attribute-based access control (ABAC). But RBAC cannot achieve fine-grained access control, and ABAC cannot achieve the role of RBAC to manage resource functions. This paper proposes a patient-centric access control model that combines RBAC and ABAC in response to this problem. We use the Linear Secret Sharing Scheme (LSSS) access control structure to implement attribute-based access control, and the Casbin access control framework to implement role-based access control. The patient first uses the ciphertext strategy attribute-based encryption algorithm (CP-ABE) on the client to encrypt the electronic health record (EHR), then the patient stores the encrypted EHR data in the cloud. When a data user wants to access patient EHR data, the cloud will determine whether the user role or user attribute meets the access request. After the request is passed, the user can obtain the ciphertext and the plaintext after two decryption steps. Finally, we conduct an extensive safety analysis and performance evaluation, which confirmed the effectiveness and efficiency of our program.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Guo, H., Li, W., Nejad, M., Shen, C.C.: Access control for electronic health records with hybrid blockchain-edge architecture. In: 2019 IEEE International Conference on Blockchain (Blockchain), pp. 44–51. IEEE (2019)

    Google Scholar 

  2. Zhang, S., Mao, X., Choo, K.K.R., Peng, T., Wang, G.: A trajectory privacy-preserving scheme based on a dual-K mechanism for continuous location-based services. Inf. Sci. 527, 406–419 (2020)

    Article  Google Scholar 

  3. Yi, X., Miao, Y., Bertino, E., Willemson, J.: Multiparty privacy protection for electronic health records. In: 2013 IEEE Global Communications Conference (GLOBECOM), pp. 2730–2735. IEEE (2013)

    Google Scholar 

  4. Yuan, L., Zhang, S., Zhu, G., Alinani, K.: Privacy-preserving mechanism for mixed data clustering with local differential privacy. Concurr. Comput. Pract. Exp. (to be published). https://doi.org/10.1002/cpe.6503

  5. Abbas, A., Bilal, K., Zhang, L., Khan, S.U.: A cloud based health insurance plan recommendation system: a user centered approach. Futur. Gener. Comput. Syst. 43, 99–109 (2015)

    Article  Google Scholar 

  6. Zhang, S., Li, X., Tan, Z., Peng, T., Wang, G.: A caching and spatial K-anonymity driven privacy enhancement scheme in continuous location-based services. Futur. Gener. Comput. Syst. 94, 40–50 (2019)

    Article  Google Scholar 

  7. Xie, M., Ruan, Y., Hong, H., Shao, J.: A CP-ABE scheme based on multi-authority in hybrid clouds for mobile devices. Futur. Gener. Comput. Syst. 121, 114–122 (2021)

    Article  Google Scholar 

  8. Chen, E., Zhu, Y., Zhu, G., Liang, K., Feng, R.: How to implement secure cloud file sharing using optimized attribute-based access control with small policy matrix and minimized cumulative errors. Comput. Secur. 107, 1–20 (2021)

    Article  Google Scholar 

  9. Ezhilarasan, E., Dinakaran, M.: Privacy preserving and data transpiration in multiple cloud using secure and robust data access management algorithm. Microprocess. Microsyst. 82, 1–8 (2021)

    Article  Google Scholar 

  10. Zhang, W., Lin, Y., Wu, J., Zhou, T.: Inference attack-resistant e-healthcare cloud system with fine-grained access control. IEEE Trans. Serv. Comput. 14(1), 167–178 (2018)

    Article  Google Scholar 

  11. Ali, M., Abbas, A., Khan, M.U.S., Khan, S.U.: SeSPHR: a methodology for secure sharing of personal health records in the cloud. IEEE Trans. Cloud Comput. 9(1), 347–359 (2018)

    Article  Google Scholar 

  12. Sandor, V.K.A., Lin, Y., Li, X., Lin, F., Zhang, S.: Efficient decentralized multi-authority attribute based encryption for mobile cloud data storage. J. Netw. Comput. Appl. 129, 25–36 (2019)

    Article  Google Scholar 

  13. Bouchaala, M., Ghazel, C., Saidane, L.A.: TRAK-CPABE: a novel traceable, revocable and accountable ciphertext-policy attribute-based encryption scheme in cloud computing. J. Inf. Secur. Appl. 61, 1–13 (2021)

    Google Scholar 

  14. Islam, M.S., Kuzu, M., Kantarcioglu, M.: Inference attack against encrypted range queries on outsourced databases. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY), pp. 235–246. ACM (2014)

    Google Scholar 

  15. Guo, L., Zhang, C., Sun, J., Fang, Y.: A privacy-preserving attribute-based authentication system for mobile health networks. IEEE Trans. Mob. Comput. 13(9), 1927–1941 (2013)

    Article  Google Scholar 

  16. Keshta, I., Odeh, A.: Security and privacy of electronic health records: concerns and challenges. Egyptian Inform. J. 22(2), 177–183 (2021)

    Article  Google Scholar 

  17. Kanwal, T., Anjum, A., Malik, S.U., Khan, A., Khan, M.A.: Privacy preservation of electronic health records with adversarial attacks identification in hybrid cloud. Comput. Stand. Interfaces 78, 1–16 (2021)

    Article  Google Scholar 

  18. Qin, X., Huang, Y., Yang, Z., Li, X.: A Blockchain-based access control scheme with multiple attribute authorities for secure cloud data sharing. J. Syst. Architect. 112, 1–11 (2020)

    Google Scholar 

  19. Hong, H., Sun, Z.: A flexible attribute based data access management scheme for sensor-cloud system. J. Syst. Architect. 119, 1–9 (2021)

    Article  Google Scholar 

  20. Unal, D., Al-Ali, A., Catak, F.O., Hammoudeh, M.: A secure and efficient Internet of Things cloud encryption scheme with forensics investigation compatibility based on identity-based encryption. Futur. Gener. Comput. Syst. 125, 433–445 (2021)

    Article  Google Scholar 

  21. Ayfaa, B., Apa, C.: LMAAS-IoT: lightweight multi-factor authentication and authorization scheme for real-time data access in IoT cloud-based environment. J. Netw. Comput. Appl. 192, 1–20 (2021)

    Google Scholar 

  22. Karati, A., Amin, R., Mohit, P., Sureshkumar, V., Biswas, G.P.: Design of a secure file storage and access protocol for cloud-enabled Internet of Things environment. Comput. Electr. Eng. 94, 1–15 (2021)

    Article  Google Scholar 

  23. Hozhabr, M., Asghari, P., Javadi, H.H.S.: Dynamic secure multi-keyword ranked search over encrypted cloud data. J. Inf. Secur. Appl. 61, 1–12 (2021)

    Google Scholar 

  24. Najafi, A., Bayat, M., Javadi, H.H.S.: Fair multi-owner search over encrypted data with forward and backward privacy in cloud-assisted Internet of Things. Futur. Gener. Comput. Syst. 124, 285–294 (2021)

    Article  Google Scholar 

  25. Saravanan, N., Umamakeswari, A.: Lattice based access control for protecting user data in cloud environments with hybrid security. Comput. Secur. 100, 1–9 (2020)

    Google Scholar 

  26. Khan, R., Tao, X., Anjum, A., Kanwal, T., Maple, C.: \(\theta \)-sensitive k-anonymity: an anonymization model for IoT based electronic health records. Electronics 9(5), 716–740 (2020)

    Article  Google Scholar 

  27. Sabitha, S., Rajasree, M.S.: Access control based privacy preserving secure data sharing with hidden access policies in cloud. J. Syst. Architect. 75, 50–58 (2017)

    Article  Google Scholar 

  28. Rafique, A., Van Landuyt, D., Beni, E.H., Lagaisse, B., Joosen, W.: CryptDICE: distributed data protection system for secure cloud data storage and computation. Inf. Syst. 96, 1–23 (2021)

    Article  Google Scholar 

  29. Chen, M., Qian, Y., Chen, J., Hwang, K., Mao, S., Hu, L.: Privacy protection and intrusion avoidance for cloudlet-based medical data sharing. IEEE Trans. Cloud Comput. 8(4), 1274–1283 (2016)

    Article  Google Scholar 

  30. Kanwal, T., et al.: A robust privacy preserving approach for electronic health records using multiple dataset with multiple sensitive attributes. Comput. Secur. 105, 1–21 (2021)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported in part by the National Natural Science Foundation of China under Grant number 62172159, the Hunan Provincial Education Department of China under Grant number 21A0318, the Research project on Teaching Reform of Ordinary Colleges and Universities in Hunan Province under Grant Number HNJG-2021-0651, and the Research Project of Degree and Postgraduate Education Reform of Hunan University of Science and Technology under Grant Number G71922.

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, 411201, China

    Shaobo Zhang, Shuo Yang, Gengming Zhu, Jiyong Zhang & Desheng Xiang

  2. Hunan Key Laboratory of Service Computing and New Software Service Technology, Xiangtan, 411201, China

    Shaobo Zhang, Shuo Yang, Gengming Zhu, Jiyong Zhang & Desheng Xiang

  3. College of Computer, National University of Defense Technology, Changsha, 410073, China

    Shaobo Zhang

  4. School of Information Engineering, Hunan University of Science and Engineering, Yongzhou, 425199, China

    Entao Luo

Authors
  1. Shaobo Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shuo Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gengming Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Entao Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jiyong Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Desheng Xiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shaobo Zhang .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. University of Queensland, Brisbane, QLD, Australia

    Ryan K. L. Ko

  4. Hunan University, Changsha, China

    Yang Xu

  5. University of Trento, Trento, Italy

    Bruno Crispo

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, S., Yang, S., Zhu, G., Luo, E., Zhang, J., Xiang, D. (2022). A Fine-Grained Access Control Scheme for Electronic Health Records Based on Roles and Attributes. In: Wang, G., Choo, KK.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds) Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science, vol 1557. Springer, Singapore. https://doi.org/10.1007/978-981-19-0468-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-0468-4_3

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-0467-7

  • Online ISBN: 978-981-19-0468-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics