Skip to main content

Advertisement

SpringerLink
Log in

Efficient and Secure Attribute Based Access Control Architecture for Smart Healthcare

  • Mobile & Wireless Health
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The smart health medical system is expected to enhance the quality of health care services significantly. These system keeps patients related record and provides the services over the insecure public channel which may cause data security and privacy concerns in a smart health system. On the other hand, ciphertext attribute-based encryption(CP-ABE) provides possible encrypted data security. There are some security flaws in CP-ABE, where the existing access policies are in the cleartext form for accessing encrypted sensitive data. On the other hand, it supports the small attribute universe, which restricts the practical deployments of CP-ABE. Moreover, outsider adversary observed the communication, which also creates a serious threat to CP-ABE model. To overcome security and privacy risk, efficient access control have been designed and devolved for medical services. Although we also demonstrate the security analysis of Zhang et al.’s scheme, which is vulnerable to inefficient security proof and man in the middle attack. In the proposed scheme, we proposed an efficient and security preserve scheme to overcome the weaknesses of Zhang’s et al.’s system. The protocol satisfies the attribute values of the medical user with hidden access policies. It has been proved under the standard model, which ensure the security of the protocol. Moreover, performance analysis comparison shows that the proposed scheme is more efficient than the existing one.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Amin R., Islam S.H., Biswas G., Khan M.K., Obaidat M.S.: Design and analysis of an enhanced patient-server mutual authentication protocol for telecare medical information system. Journal of medical systems 39 (11): 137, 2015

    Article  PubMed  Google Scholar 

  2. Bellare M., Pointcheval D., Rogaway P.: Authenticated key exchange secure against dictionary attacks.. In: International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2000, pp 139–155

  3. Bethencourt J., Sahai A., Waters B.: Ciphertext-policy attribute-based encryption.. In: IEEE Symposium on Security and Privacy-SP’07. IEEE, 2007, pp 321–334

  4. Cui H., Deng R.H., Lai J., Yi X., Nepal S.: An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures, revisited. Computer Networks 133: 157–165, 2018

    Article  Google Scholar 

  5. Dolev D., Yao A.C.: On the security of public key protocols. IEEE Trans. Inform. Theory 29 (2): 198–208, 1983

    Article  Google Scholar 

  6. Gope P., Amin R.: A novel reference security model with the situation based access policy for accessing ephr data. J. Med. Syst. 40 (11): 242, 2016

    Article  PubMed  Google Scholar 

  7. Goyal V., Pandey O., Sahai A., Waters B.: Attribute-based encryption for fine-grained access control of encrypted data.. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. ACM, 2006, pp 89–98

  8. He D., Hu H.: Cryptanalysis of a dynamic id-based remote user authentication scheme with access control for multi-server environments. IEICE Trans. Inform. Syst. 96 (1): 138–140, 2013

    Article  Google Scholar 

  9. Jakobsson M., Pointcheval D.: Mutual authentication for low-power mobile devices.. In: International Conference on Financial Cryptography. Springer, 2001, pp 178–195

  10. Jia X., He D., Kumar N., Choo K.K.R.: Authenticated key agreement scheme for fog-driven iot healthcare system. Wireless Networks 25 (8): 4737–4750, 2019

    Article  Google Scholar 

  11. Lai J., Deng R.H., Li Y. (2012) Expressive cp-abe with partially hidden access structures

  12. Li J., Ren K., Kim K.: A2be: Accountable attribute-based encryption for abuse free access control. IACR Cryptology ePrint Archive 2009: 118, 2009

    Google Scholar 

  13. Mukhopadhyay S.C.: Wearable sensors for human activity monitoring: a review. IEEE Sensors Journal 15 (3): 1321–1330, 2014

    Article  Google Scholar 

  14. Shao M.H., Chin Y.C.: A privacy-preserving dynamic id-based remote user authentication scheme with access control for multi-server environment. IEICE Trans. Inform. Syst. 95 (1): 161–168, 2012

    Article  Google Scholar 

  15. Tran P.V.X., Yang G., Susilo W. (2016) Hidden ciphertext policy attribute-based encryption under standard assumptions

  16. Wang H., He D., Shen J., Zheng Z., Yang X., Au M.H.: Fuzzy matching and direct revocation: a new cp-abe scheme from multilinear maps. Soft Comput. 22 (7): 2267–2274, 2018

    Article  Google Scholar 

  17. Xu B., Da Xu L., Cai H., Xie C., Hu J., Bu F.: Ubiquitous data accessing method in iot-based information system for emergency medical services. IEEE Trans. Ind. Inform. 10 (2): 1578–1586, 2014

    Article  Google Scholar 

  18. Yan H., Xu L.D., Bi Z., Pang Z., Zhang J., Chen Y.: An emerging technology–wearable wireless sensor networks with applications in human health condition monitoring. Journal of Management Analytics 2 (2): 121–137, 2015

    Article  Google Scholar 

  19. Yang K., Han Q., Li H., Zheng K., Su Z., Shen X.: An efficient and fine-grained big data access control scheme with privacy-preserving policy. IEEE Internet of Things Journal 4 (2): 563–571, 2016

    Article  Google Scholar 

  20. Zhang X., Jin C., Li C., Wen Z., Shen Q., Fang Y., Wu Z.: Ciphertext-policy attribute-based encryption with user and authority accountability.. In: International Conference on Security and Privacy in Communication Systems. Springer, 2015, pp 500–518

  21. Zhang Y., Chen X., Li J., Wong D.S., Li H.: Anonymous attribute-based encryption supporting efficient decryption test.. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. ACM, 2013, pp 511–516

  22. Zhang Y., Li J., Zheng D., Chen X., Li H.: Towards privacy protection and malicious behavior traceability in smart health. Pers. Ubiquit. Comput. 21 (5): 815–830, 2017

    Article  Google Scholar 

  23. Zhang Y., Yang M., Zheng D., Lang P., Wu A., Chen C.: Efficient and secure big data storage system with leakage resilience in cloud computing. Soft Comput. 22 (23): 7763–7772, 2018

    Article  Google Scholar 

  24. Zhang Y., Zheng D., Deng R.H.: Security and privacy in smart health: Efficient policy-hiding attribute-based access control. IEEE Internet of Things Journal 5 (3): 2130–2145, 2018

    Article  Google Scholar 

  25. Zhou Y., Yang B., Mu Y.: Continuous leakage-resilient identity-based encryption without random oracles. Comput. J 61 (4): 586–600, 2018

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The LNM Institute of Information Technology, Jaipur, India

    Saurabh Rana & Dheerendra Mishra

Authors
  1. Saurabh Rana
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dheerendra Mishra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dheerendra Mishra.

Ethics declarations

Informed Consent

All the authors have agreed to this submission.

Research involving human participants and/or animals

This article does not contain any studies with human participants or animals performed by any of the authors.

Disclosure of potential conflicts of interest

All authors declare that they have no conflict of interest.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the Topical Collection on Mobile & Wireless Health

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rana, S., Mishra, D. Efficient and Secure Attribute Based Access Control Architecture for Smart Healthcare. J Med Syst 44, 97 (2020). https://doi.org/10.1007/s10916-020-01564-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-020-01564-z

Keywords

Search

Navigation