Skip to main content
SpringerLink
Log in

Secure fine grained access control for telecare medical communication system

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Modern healthcare institutions are now equipped to provide telecare services because of substantial improvements in telecommunication. Numerous services are provided through the telecare system. For efficient utilization of telecare service, Personal Health Information (PHI) must be shared among various stakeholders. Due to sensitiveness of healthcare data, sharing may create a slew of security and privacy challenges. The Attribute-Based Access Control (ABAC) seems an appropriate cryptographic solution. But, a small amount of healthcare data may reveal a patient’s identity or other information. The minimum amount of PHI sharing is recommended to maintain an individual’s privacy. However, the existing ABAC does not support partial access control on PHI. They either allow access to the entire PHI or restrict it completely. To achieve this finest level of access control, if ABAC applies on each data attribute separately, it will increase computation and communication overhead. Therefore, existing ABAC protocols are unsuitable for a Telecare Medical Communication System (TMCS). The paper proposes a fine-grain access control framework for TMCS based on Multi-authority Attribute Based Access Control. It provides partial access control over PHI and assures the security and privacy of PHI. During the PHI access phase, multiple attribute authorities perform most of the computation simultaneously, increasing the present scheme’s efficiency and scalability. Further, symmetric bilinear pairing enhances its efficiency and makes it suitable for resource constraint environments. The k-out-of-n oblivious transfer protocol hides the data access pattern and maintains privacy. Security analysis proves that the present scheme is secure under the hardness of the discrete logarithm problem and the Decisional Bilinear Diffie–Hellman assumption.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Gunal, M. M., & Karatas, M. (2019). Industry 4.0, digitisation in manufacturing, and simulation: A review of the literature. Simulation for Industry 4.0: Past, Present, and Future. https://doi.org/10.1007/978-3-030-04137-3_2

  2. Karatas, M., Eriskin, L., Deveci, M., Pamucar, D., & Garg, H. (2022). Big data for healthcare industry 4.0: Applications, challenges and future perspectives. Expert Systems with Applications, 200, 116912.

  3. Eriskin, L., Karatas, M., & Zheng, Y.-J. (2022). A robust multi-objective model for healthcare resource management and location planning during pandemics. Annals of Operations Research. https://doi.org/10.1007/s10479-022-04760-x

  4. Karatas, M., Erişkin, L., & Bozkaya, E. (2022). Transportation and location planning during epidemics/pandemics: Emerging problems and solution approaches. IEEE Transactions on Intelligent Transportation Systems, 23(12), 25139–25156.

    Article  Google Scholar 

  5. Health information privacy. https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html. Accessed March, 2023

  6. Jayasri, T., Manasa Manvitha, M., Shalima, S., & Anil, J. (2022). Maintenance of personal health record system with cipher text policy attribute-based encryption and quick decryption. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 13(03), 1131–1138.

    Google Scholar 

  7. Hamsanandhini, S., Eswaran, M., & Varanambika, V. (2022). Health record maintenance using cloud computing and multi authority attribute based encryption. In 2022 International conference on computer communication and informatics (ICCCI) (pp. 01–08). IEEE.

  8. Singh, A., & Chatterjee, K. (2017). Cloud security issues and challenges: A survey. Journal of Network and Computer Applications, 79, 88–115.

    Article  Google Scholar 

  9. Singh, A., & Chatterjee, K. (2019). Security and privacy issues of electronic healthcare system: A survey. Journal of Information and Optimization Sciences, 40(8), 1709–1729.

    Article  Google Scholar 

  10. Singh, A., & Chatterjee, K. (2021). Securing smart healthcare system with edge computing. Computers and Security, 108, 102353.

    Article  Google Scholar 

  11. Kundalwal, M. K., Singh, A., & Chatterjee, K. (2018). A privacy framework in cloud computing for healthcare data. In 2018 International conference on advances in computing, communication control and networking (ICACCCN) (pp. 58–63). IEEE.

  12. Singh, A., & Chatterjee, K. (2020). An adaptive mutual trust based access control model for electronic healthcare system. Journal of Ambient Intelligence and Humanized Computing, 11, 2117–2136.

    Article  Google Scholar 

  13. Singh, A., & Chatterjee, K. (2017). A mutual trust based access control framework for securing electronic healthcare system. In 2017 14th IEEE India council international conference (INDICON), (pp. 1–6). IEEE.

  14. Singh, A., & Chatterjee, K. (2019). Rtbac: A new approach for securing electronic healthcare system. In 2019 International conference on computing, power and communication technologies (GUCON) (pp. 269–273). IEEE.

  15. Singh, A., & Chatterjee, K. (2019). Trust based access control model for securing electronic healthcare system. Journal of Ambient Intelligence and Humanized Computing, 10, 4547–4565.

    Article  Google Scholar 

  16. Singh, A., Chandra, U., Kumar, S., & Chatterjee, K. (2019). A secure access control model for e-health cloud. In TENCON 2019-2019 IEEE Region 10 conference (TENCON) (pp. 2329–2334). IEEE.

  17. Singh, A., & Chatterjee, K. (2019). Itrust: Identity and trust based access control model for healthcare system security. Multimedia Tools and Applications, 78(19), 28309–28330.

    Article  Google Scholar 

  18. Chaudhary, R. R. K., & Chatterjee, K. (2020). An efficient lightweight cryptographic technique for iot based e-healthcare system. In 2020 7th International conference on signal processing and integrated networks (SPIN) (pp. 991–995). IEEE.

  19. Kundalwal, M. K., Chatterjee, K., & Singh, A. (2019). An improved privacy preservation technique in health-cloud. ICT Express, 5(3), 167–172.

    Article  Google Scholar 

  20. Li, M., Shucheng, Yu., Zheng, Y., Ren, K., & Lou, W. (2012). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems, 24(1), 131–143.

    Article  Google Scholar 

  21. Son, S., Lee, J., Kim, M., Yu, S., Das, A. K., & Park, Y. (2020). Design of secure authentication protocol for cloud-assisted telecare medical information system using blockchain. IEEE Access, 8, 192177–192191.

    Article  Google Scholar 

  22. Radhakrishnan, N., & Karuppiah, M. (2019). An efficient and secure remote user mutual authentication scheme using smart cards for telecare medical information systems. Informatics in Medicine Unlocked, 16, 100092.

    Article  Google Scholar 

  23. Singh, A., & Chatterjee, K. (2017). A multi-dimensional trust and reputation calculation model for cloud computing environments. In 2017 ISEA Asia security and privacy (ISEASP) (pp. 1–8).

  24. Park, J. S., Sandhu, R., & Ahn, G.-J. (2001). Role-based access control on the web. ACM Transactions on Information and System Security (TISSEC), 4(1), 37–71.

    Article  Google Scholar 

  25. Kumar, A., Tripathi, S., & Jaiswal, P. (2015). Design of efficient id-based group key agreement protocol suited for pay-tv application. In 2015 International conference on advances in computing, communications and informatics (ICACCI) (pp. 1940–1944). IEEE.

  26. Kumar, A., & Tripathi, S. (2016). Anonymous id-based group key agreement protocol without pairing. International Journal of Network Security, 18(2), 263–273.

    Google Scholar 

  27. Benaloh, J., Chase, M., Horvitz, E., & Lauter, K. (2009). Patient controlled encryption: Ensuring privacy of electronic medical records. In Proceedings of the 2009 ACM workshop on Cloud computing security (pp. 103–114).

  28. Dong, C., Russello, G., & Dulay, N. (2011). Shared and searchable encrypted data for untrusted servers. Journal of Computer Security, 19(3), 367–397.

    Article  Google Scholar 

  29. Gritti, C., Refik Molva, M., Susilo, W., & Plantard, T. (2018). Device identification and personal data attestation in networks. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 9(4), 1–25.

    Google Scholar 

  30. Liu, Y., Changqiao, X., Zhan, Y., Liu, Z., Guan, J., & Zhang, H. (2017). Incentive mechanism for computation offloading using edge computing: A stackelberg game approach. Computer Networks, 129, 399–409.

    Article  Google Scholar 

  31. Raghavendra, S., Meghana, K., Doddabasappa, P. A., Geeta, C. M., Buyya, R., Venugopal, K. R., Iyengar, S. S., & Patnaik, L. M. (2016). Index generation and secure multi-user access control over an encrypted cloud data. Procedia Computer Science, 89, 293–300.

    Article  Google Scholar 

  32. Gokuldev, S., & Leelavathi, S. (2013). Hasbe: A hierarchical attribute-based solution for flexible and scalable access control by separate encryption/decryption in cloud computing. International Journal of Engineering Science and Innovative Technology (IJESIT), 2(3), 139–145.

  33. Liu, Y., Quan, W., Wang, T., & Wang, Yu. (2018). Delay-constrained utility maximization for video ads push in mobile opportunistic d2d networks. IEEE Internet of Things Journal, 5(5), 4088–4099.

    Article  Google Scholar 

  34. Kotenko, I. V., Saenko, I., & Branitskiy, A. (2018). Applying big data processing and machine learning methods for mobile internet of things security monitoring. Journal of Internet Services and Information Security, 8(3), 54–63.

    Google Scholar 

  35. Tanwar, S., Parekh, K., & Evans, R. (2020). Blockchain-based electronic healthcare record system for healthcare 4.0 applications. Journal of Information Security and Applications, 50, 102407.

    Article  Google Scholar 

  36. Mitra, B., Sural, S., Vaidya, J., & Atluri, V. (2017). Migrating from rbac to temporal rbac. IET Information Security, 11(5), 294–300.

    Article  Google Scholar 

  37. Alam, Q., Malik, S. U., Akhunzada, A., Raymond Choo, K.-K., Tabbasum, S., & Alam, M. (2016). A cross tenant access control (ctac) model for cloud computing: formal specification and verification. IEEE Transactions on Information Forensics and Security, 12(6), 1259–1268.

    Article  Google Scholar 

  38. Goyal, V., Pandey, O., Sahai, A, & Waters, B. (2006). Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on computer and communications security (pp. 89–980).

  39. Kumar, A., & Verma, R. (2020). Attribute-based authenticated group key transfer protocol without pairing. Wireless Personal Communications, 113(4), 1791–1805.

    Article  Google Scholar 

  40. Shi, Y., Zheng, Q., Liu, J., & Han, Z. (2015). Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation. Information Sciences, 295, 221–231.

    Article  Google Scholar 

  41. Gupta, M., Awaysheh, F. M., Benson, J., Alazab, M., Patwa, F., & Sandhu, R. (2020). An attribute-based access control for cloud enabled industrial smart vehicles. IEEE Transactions on Industrial Informatics, 17(6), 4288–4297.

    Article  Google Scholar 

  42. Li, L., Tianlong, G., Chang, L., Zhoubo, X., Liu, Y., & Qian, J. (2017). A ciphertext-policy attribute-based encryption based on an ordered binary decision diagram. IEEE Access, 5, 1137–1145.

    Article  Google Scholar 

  43. Liu, Z., & Wong, D. S. (2016). Practical attribute-based encryption: Traitor tracing, revocation and large universe. The Computer Journal, 59(7), 983–1004.

    Article  Google Scholar 

  44. Rana, S., & Mishra, D. (2020). Efficient and secure attribute based access control architecture for smart healthcare. Journal of Medical Systems, 44, 1–11.

    Article  Google Scholar 

  45. Liu, J. K., Yuen, T. H., Zhang, P., & Liang, K. (2018). Time-based direct revocable ciphertext-policy attribute-based encryption with short revocation list. In Applied cryptography and network security: 16th international conference, ACNS 2018, Leuven, Belgium, July 2–4, proceedings 16 (pp. 516–534). Springer.

  46. Esposito, C., Santis, A. D., Tortora, G., Chang, H., & Raymond Choo, K.-K. (2018). Blockchain: A panacea for healthcare cloud-based data security and privacy? IEEE Cloud Computing, 5(1), 31–37.

    Article  Google Scholar 

  47. Oecd. (2020). Opportunities and challenges of blockchain technologies in health care. https://www.oecd.org/finance/opportunities-and-challenges-of-blockchain-technologies-in-health-care.pdf. Accessed on 29, March 2023.

  48. Di Pietro, R., Salleras, X, Signorini, M., Waisbard, E. (2018). A blockchain-based trust system for the internet of things. In Proceedings of the 23nd ACM on symposium on access control models and technologies (pp. 77–83).

  49. Chen, Z., Weidong, X., Wang, B., & Hua, Yu. (2021). A blockchain-based preserving and sharing system for medical data privacy. Future Generation Computer Systems, 124, 338–350.

    Article  Google Scholar 

  50. Lee, T.-F., Li, H.-Z., & Hsieh, Y.-P. (2021). A blockchain-based medical data preservation scheme for telecare medical information systems. International Journal of Information Security, 20, 589–601.

    Article  Google Scholar 

  51. Mamo, N., Martin, G. M., Desira, M., Ellul, B., & Ebejer, J.-P. (2020). Dwarna: A blockchain solution for dynamic consent in biobanking. European Journal of Human Genetics, 28(5), 609–626.

    Article  Google Scholar 

  52. The European parliament and the council of the European union. general data protection regulation (gdpr)-article 17-right to erasure (’right to be forgotten’). 2018. https://gdpr.eu/article-17-right-to-be-forgotten/. Accessed on March 2023

  53. Ali, Z., Ghani, A., Khan, I., Ashraf Chaudhry, S., Hafizul Islam, S. K., & Giri, D. (2020). A robust authentication and access control protocol for securing wireless healthcare sensor networks. Journal of Information Security and Applications, 52, 102502.

    Article  Google Scholar 

  54. Dharminder, D., Mishra, D., & Li, X. (2020). Construction of rsa-based authentication scheme in authorized access to healthcare services: Authorized access to healthcare services. Journal of Medical Systems, 44, 1–9.

    Article  Google Scholar 

  55. Gupta, B. B., Prajapati, V., Nedjah, N., Vijayakumar, P., Abd El-Latif, A. A., & Chang, X. (2021). Machine learning and smart card based two-factor authentication scheme for preserving anonymity in telecare medical information system (tmis). Neural Computing and Applications, 1–26.

  56. Ahamad, S. S., Al-Shehri, M., & Keshta, I. (2022). A secure and resilient scheme for telecare medical information systems with threat modeling and formal verification. IEEE Access, 10, 120227–120244.

    Article  Google Scholar 

  57. Xiao, L., Xie, S., Han, D., Liang, W., Guo, J., & Chou, W.-K. (2021). A lightweight authentication scheme for telecare medical information system. Connection Science, 33(3), 769–785.

    Article  Google Scholar 

  58. Kumar, C. M., Amin, R., & Brindha, M. (2023). Cryptanalysis of secure ecc-based three factor mutual authentication protocol for telecare medical information system. Cyber Security and Applications, 1, 100013.

    Article  Google Scholar 

  59. Servos, D., & Osborn, S. L. (2017). Current research and open problems in attribute-based access control. ACM Computing Surveys (CSUR), 49(4), 1–45.

    Article  Google Scholar 

  60. Pool, J., Akhlaghpour, S., Fatehi, F., & Gray, L. C. (2022). Data privacy concerns and use of telehealth in the aged care context: An integrative review and research agenda. International Journal of Medical Informatics, 104707.

  61. Kumar, P., Alphonse, P. J. A., et al. (2018). Attribute based encryption in cloud computing: A survey, gap analysis, and future directions. Journal of Network and Computer Applications, 108, 37–52.

    Article  Google Scholar 

  62. Namasudra, S., Devi, D., Choudhary, S., Patan, R., & Kallam, S. (2018). Security, privacy, trust, and anonymity. In Advances of DNA computing in cryptography (pp. 138–150). Chapman and Hall/CRC.

  63. Namasudra, S. (2020). Fast and secure data accessing by using dna computing for the cloud environment. IEEE Transactions on Services Computing, 15(4), 2289–2300.

    Article  Google Scholar 

  64. Yan, Z., Li, X., Kantola, R. (2017). Heterogeneous data access control based on trust and reputation in mobile cloud computing. In Advances in mobile cloud computing and big data in the 5G era (pp. 65–113).

  65. Chatterjee, K. (2017). An efficient biometric based remote user authentication technique for multi-server environment. Wireless Personal Communications, 97, 4729–4745.

    Article  Google Scholar 

  66. Behera, P. K., & Khilar, P. M. (2017). A novel trust based access control model for cloud environment. In Proceedings of the international conference on signal, networks, computing, and systems: ICSNCS 2016, (Vol. 1, pp. 285–295). Springer.

  67. Au, M. H., Hon Yuen, T., Liu, J. K., Susilo, W., Huang, X., Xiang, Y., & Jiang, Z. L. (2017). A general framework for secure sharing of personal health records in cloud system. Journal of Computer and System Sciences, 90, 46–62.

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology Patna, Patna, Bihar, 800005, India

    Amitesh Kumar Pandit & Kakali Chatterjee

  2. School of Computer Engineering, KIIT Deemed to be University, Bhubaneswar, Odisha, 751024, India

    Ashish Singh

Authors
  1. Amitesh Kumar Pandit
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kakali Chatterjee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ashish Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashish Singh.

Ethics declarations

Conflicts of interest

There is no Conflict of Interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Pandit, A.K., Chatterjee, K. & Singh, A. Secure fine grained access control for telecare medical communication system. Telecommun Syst 84, 1–21 (2023). https://doi.org/10.1007/s11235-023-01033-1

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-023-01033-1

Keywords

Search

Navigation