Abstract
With the increasing growth of the Electronic healthcare system (EHS), the security of the EHS is an essential requirement because different types of users (patient, doctor, nurse, etc.) are accessing these systems for various purposes like treatment, research, drug analysis, etc. In the EHS, two major security challenges arise. First one is the selection of an access control mechanism without any prior information about the healthcare users. The second one is how much amount of data will be shared by the healthcare services and practitioner. Hence, a suitable access control technique is essential which not only provides the static access but also dynamically control the views of the requested data, so that the information will be shared in a controlled manner. In the healthcare system, trust can be viewed as an important judgment parameter for controlling the access of different stakeholders as it is an open system with different types of users. The main aim of the work is to control the access view so that only authorized user can access the information in a controlled manner. It also improves adaptivity of the access control model by integration of dynamic trust degree of communicating parties. To fulfill the above-discussed security requirements, in this paper, we have proposed an access control model, which is based on the trust degree of the healthcare user and service, named as mutual trust. The assessment of user and service trust degree is based on the beta distribution technique. A rule set has been developed based on this mutual trust degree to control the data access view, which is dynamically changed with the communicating parties trust level. The detail implementation of the proposed model shows that the accuracy and efficiency of the model are better as compared to other models.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Afshar M, Samet S, Hu T (2018) An attribute based access control framework for healthcare system. In: Journal of physics: conference series, vol 933. IOP Publishing, pp 012020
Al-Ghamdi M, Al-Ghamdi M, Gutub A (2018) Security enhancement of shares generation process for multimedia counting-based secret-sharing technique. Multimedia Tools Appl. https://doi.org/10.1007/s11042-018-6977-2
Al-Otaibi NA, Gutub AA (2014) 2-leyer security system for hiding sensitive text data on personal computers. Lect Notes Inf Theory 2(2):151–157
Al-Qurashi A, Gutub A (2018) Reliable secret key generation for counting-based secret sharing. J Comput Sci Comput Math 8(4):87–101
Alanazi N, Alanizy A, Baghoza N, Al Ghamdi M, Gutub A (2018) 3-layer pc text security via combining compression, aes cryptography 2lsb image steganography. J Res Eng Appl Sci 3(4):118–124
Alassaf N, Alkazemi B, Gutub A (2017) Applicable light-weight cryptography to secure medical data in iot systems. J Res Eng Appl Sci 2(2):50–58
Alassaf N, Gutub A, Parah SA, Al Ghamdi M (2018) Enhancing speed of simon: a light-weight-cryptographic algorithm for iot applications. Multimedia Tools and Applications. https://doi.org/10.1007/s11042-018-6801-z
Aljuaid N, Gutub A, Khan E (2018) Enhancing pc data security via combining rsa cryptography and video based steganography. J Inf Secur Cybercrimes Res 1:8–18
Almazrooie M, Samsudin A, Gutub AA-A, Salleh MS, Omar MA, Hassan SA (2018) Integrity verification for digital holy quran verses using cryptographic hash function and compression. J King Saud Univ Comput Inf Sci. https://doi.org/10.1016/j.jksuci.2018.02.006
Alsaidi A, Al-lehaibi K, Alzahrani H, AlGhamdi M, Gutub A (2018) Compression multi-level crypto stego security of texts utilizing colored email forwarding. J Comput Sci Comput Math 8(3):33–42
Ardagna CA, Cremonini M, di Vimercati SDC, Samarati P (2008) Privacy-enhanced location-based access control. Handbook of Database Security. Springer, New York, pp 531–552
Ashtiani M, Azgomi MA (2016) Trust modeling based on a combination of fuzzy analytic hierarchy process and fuzzy vikor. Soft Comput 20(1):399–421
Banyal R, Jain V, Jain P (2014) Dynamic trust based access control framework for securing multi-cloud environment. In: Proceedings of the 2014 International conference on information and communication technology for competitive strategies. ACM, New York. https://doi.org/10.1145/2677855.2677884
Behera PK, Khilar PM (2017) A novel trust based access control model for cloud environment. In: Lobiyal DK, Mohapatra DP, Nagar A, Sahoo MN (eds) Proceedings of the international conference on signal, networks, computing, and systems. Springer, New Delhi, pp 285–295
Bhattasali T, Chaki R, Chaki N, Saeed K (2018) An adaptation of context and trust aware workflow oriented access control for remote healthcare. Int J Softw Eng Knowl Eng 28(06):781–810
Blobel B (2004) Authorisation and access control for electronic health record systems. Int J Med Inf 73(3):251–257
Boukerche A, Li X (2005) An agent-based trust and reputation management scheme for wireless sensor networks. In: Global telecommunications conference. GLOBECOM’05. IEEE, vol 3. IEEE, pp 1857–1861
Carbo J, Molina JM, Davila J (2003) Trust management through fuzzy reputation. Int J Cooperative Inf Syst 12(01):135–155
Carter M (2000) Integrated electronic health records and patient privacy: possible benefits but real dangers. Med J Austr 172(1):28–30
Chakraborty S, Ray I (2006) Trustbac: integrating trust relationships into the rbac model for access control in open systems. In: Proceedings of the eleventh ACM symposium on Access control models and technologies. ACM, New York, pp 49–58
Chin T (2001) Security breach: hacker gets medical records. Am Med News 44:18–19
Daman R, Tripathi MM, Mishra SK (2016) Security issues in cloud computing for healthcare. In: Computing for sustainable global development (INDIACom), 3rd International Conference on. IEEE, pp 1231–1236
Deshpande S, Ingle R (2018) Evidence based trust estimation model for cloud computing services. Int J Netw Secur 20(2):291–303
Dong-Huynha T, Jennings N, Shadbolt N (2004) Fire: an integrated trust and reputation model for open multi-agent systems. In: 16th European Conference on Artificial Intelligence, pp 18–22
Duan J, Gao D, Foh CH, Zhang H (2013) Tc-bac: a trust and centrality degree based access control model in wireless sensor networks. Ad Hoc Netw 11(8):2675–2692
Fan W-J, Yang S-L, Perros H, Pei J (2015) A multi-dimensional trust-aware cloud service selection mechanism based on evidential reasoning approach. Int J Autom Comput 12(2):208–219
Fang W, Zhang C, Shi Z, Zhao Q, Shan L (2016) Btres: beta-based trust and reputation evaluation system for wireless sensor networks. J Netw Comput Appl 59:88–94
Gutub A, Al-Juaid N, Khan E (2017) Counting-based secret sharing technique for multimedia applications. Multimedia Tools Appl. https://doi.org/10.1007/s11042-017-5293-6
Gutub A, Aljuaid N (2018) Multi-bits stego-system for hiding text in multimedia images based on user security priority. J Comput Hardw Eng 1:1–8
Hang C-W, Singh MP (2010) Trust-based recommendation based on graph similarity. In: Proceedings of the 13th international workshop on trust in agent societies (TRUST). Toronto, pp 1–11
Hu H, Lu R, Zhang Z (2017) Tpsq: Trust-based platoon service query via vehicular communications. Peer Peer Netw Appl 10(1):262–277
Hu J, Weaver AC (2004) A dynamic, context-aware security infrastructure for distributed healthcare applications. In: Proceedings of the first workshop on pervasive privacy security, privacy, and trust. Citeseer, pp 1–8
Iltaf N, Hussain M, Kamran F (2009) A mathematical approach towards trust based security in pervasive computing environment. In: International conference on information security and assurance. Springer, New York, pp 702–711. https://doi.org/10.1007/978-3-642-02617-1_71
Jiang L, Xu J, Zhang K, Zhang H (2012) A new evidential trust model for open distributed systems. Expert Syst Appl 39(3):3772–3782
Jøsang A, Ismail R (2002) The beta reputation system. In: Proceedings of the 15th bled electronic commerce conference, vol 5, pp 2502–2511
Kazem AAP, Pedram H, Abolhassani H (2015) Bnqm: a bayesian network based qos model for grid service composition. Expert Syst Appl 42(20):6828–6843
Kim S, Kim H (2016) A new metric of absolute percentage error for intermittent demand forecasts. Int J Forecast 32(3):669–679
Li W, Zhu X (2014) Recommendation-based trust management in body area networks for mobile healthcare. In: 2014 IEEE 11th International conference on mobile ad hoc and sensor systems, pp 515–516. https://doi.org/10.1109/MASS.2014.85
Lin G, Wang D, Bie Y, Lei M (2014) Mtbac: a mutual trust based access control model in cloud computing. China Commun 11(4):154–162
Liu Y, Zhang Y, Ling J, Liu Z (2018) Secure and fine-grained access control on e-healthcare records in mobile cloud computing. Future Gener Comput Syst 78:1020–1026
Manuel P (2015) A trust model of cloud computing based on quality of service. Ann Oper Res 233(1):281–292
Mui L, Mohtashemi M, Halberstadt A (2002) A computational model of trust and reputation. In: Proceedings of the 35th annual Hawaii International Conference on System Sciences. IEEE, pp 2431–2439. https://doi.org/10.1109/HICSS.2002.994181
Narayanan HAJ, Güneş MH (2011) Ensuring access control in cloud provisioned healthcare systems. In: Consumer Communications and Networking Conference (CCNC), 2011 IEEE. IEEE, pp 247–251. https://doi.org/10.1109/CCNC.2011.5766466
Noor TH, Sheng QZ, Yao L, Dustdar S, Ngu AH (2016) Cloudarmor: supporting reputation-based trust management for cloud services. IEEE Trans Parallel Distrib Syst 27(2):367–380
Sabater J, Sierra C (2001) Regret: a reputation model for gregarious societies. Fourth worksh Decept Fraud Trust Agent Soc 70:61–69
Schwartmann D (2004) An attributable role-based access control for healthcare. In: International conference on computational science. Springer, New York, pp 1148–1155. https://doi.org/10.1007/978-3-540-25944-2_149
Singh A, Chatterjee K (2018) Trust based access control model for securing electronic healthcare system. J Ambient Intell Humaniz Comput. https://doi.org/10.1007/s12652-018-1138-z
Singh S, Sidhu J (2017) Compliance-based multi-dimensional trust evaluation system for determining trustworthiness of cloud service providers. Future Gener Comput Syst 67:109–132
Sullivan B (2002) Release of organ donor data prompts changes. Computer World
Teacy W, Patel J, Jennings NR, Luck M (2005) Coping with inaccurate reputation sources: experimental analysis of a probabilistic trust model. In: Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems. ACM, New York, pp 997–1004
Tofallis C (2015) A better measure of relative prediction accuracy for model selection and model estimation. J Oper Res Soc 66(8):1352–1362
Wang G, Wu J (2011) Multi-dimensional evidence-based trust management with multi-trusted paths. Future Gener Comput Syst 27(5):529–538
Wang J, Sun H-J (2009) A new evidential trust model for open communities. Comput Stand Interfac 31(5):994–1001
Wang Y, Cahill V, Gray E, Harris C, Liao L (2006) Bayesian network based trust management. In: Autonomic and trusted computing. Springer, New York, pp 246–257. https://doi.org/10.1007/11839569_24
Wang Y, Vassileva J (2003) Bayesian network-based trust model. In: Web Intelligence. WI 2003. Proceedings. IEEE/WIC international conference on. IEEE, pp 372–378
Willmott CJ, Matsuura K (2005) Advantages of the mean absolute error (mae) over the root mean square error (rmse) in assessing average model performance. Clim Res 30(1):79–82
Xia H, Jia Z, Ju L, Zhu Y (2011) Trust management model for mobile ad hoc network based on analytic hierarchy process and fuzzy theory. IET Wirel Sens Syst 1(4):248–266
Yan S-R, Zheng X-L, Wang Y, Song WW, Zhang W-Y (2015) A graph-based comprehensive reputation model: Exploiting the social context of opinions to enhance trust in social commerce. Inf Sci 318:51–72
Yan Z, Li X, Wang M, Vasilakos AV (2017) Flexible data access control based on trust and reputation in cloud computing. IEEE Trans Cloud Comput 5(3):485–498
Yarmand MH, Sartipi K, Down DG (2013) Behavior-based access control for distributed healthcare systems. J Comput Secur 21(1):1–39
Yu B, Singh MP (2001) Towards a probabilistic model of distributed reputation management. In: Proceedings of the fourth workshop on deception, fraud and trust in agent societies. Montreal, pp 125–137
Yu B, Singh MP (2002a) Distributed reputation management for electronic commerce. Comput Intell 18(4):535–549
Yu B, Singh MP (2002b) An evidential model of distributed reputation management. In: Proceedings of the first international joint conference on autonomous agents and multiagent systems: part 1. ACM, New York, pp 294–301. https://doi.org/10.1145/544741.544809
Yüksel B, Küpçü A, Özkasap Ö (2017) Research issues for privacy and security of electronic health services. Future Gener Comput Syst 68:1–13
Zhang R, Liu L, Xue R (2014) Role-based and time-bound access and management of ehr data. Secur Commun Netw 7(6):994–1015
Zhao B, Xiao C, Zhang Y, Zhai P, Wang Z (2018) Assessment of recommendation trust for access control in open networks. Cluster Comput. https://doi.org/10.1007/s10586-017-1338-x
Acknowledgements
This publication is an outcome of the R&D work undertaken project under the Visvesvaraya PhD Scheme of Ministry of Electronics & Information Technology, Government of India, being implemented by Digital India Corporation.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Singh, A., Chatterjee, K. An adaptive mutual trust based access control model for electronic healthcare system. J Ambient Intell Human Comput 11, 2117–2136 (2020). https://doi.org/10.1007/s12652-019-01240-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-019-01240-2