skip to main content
10.1145/1940941.1940960acmotherconferencesArticle/Chapter ViewAbstractPublication PagesinfoseccdConference Proceedingsconference-collections
research-article

Cryptography based access control in healthcare web systems

Published: 01 October 2010 Publication History

Abstract

Access control is the capacity of a particular subject (user, process) to permit or deny the use of a specific object (data, file). Access control mechanisms can be used in managing physical resources and logical resources. Cryptography access control in a healthcare Web system provides logical control for sharing resources and access rights subject to object. However, designing access control for healthcare information systems is difficult due to the culture of the healthcare, the rapid changing, and the tasks performed. This work examined existing access control models, providing a broad presentation for cryptographic algorithms including cryptography access control-based systems. In the last part, a new model is presented based on integrating cryptography access control with role access control and hierarchy using Suite B (NSA recommendation). The model is based on the using entity (which could be a local medical center or hospital), while the security level between entities are distributed and based on PKI.

References

[1]
Tan, J. (Ed.) 2005 E-healthcare information systems: An introduction for students and professionals. Hoboken, NJ: Jossey-Bass is part of Wiely.
[2]
Xukai, Z., Dai, Y.-S., & Pan, Y. 2008. Trust and security in collaborative computing. Hackensack, NJ: World Scientific Publishing.
[3]
Beaver, K., & Herold, R. 2004. The practical guide to HIPAA privacy and security compliance. City, ST: Auerbach Publications, A CRC Press Company.
[4]
Nsa.gov. 2005. Fact sheet NSA Suite B cryptography. Retrieved June 15, 2009, from http://www.nsa.gov/ia/industry/crypto_suite_b.cfm
[5]
Apshankar, K. 2009. Web Services Solution for HIPAA Compliance Using J2EE-based Web Services. Retrieved from webservicesarchitect.com/: http://www.webservicesarchitect.com/
[6]
PublicLaw104-191. 1996. Health Insurance Portability And Accountability Act Of 1996.
[7]
Cheng, v. n., & Hung, P. c. 2008. An overview of the HIPAA-compliant privacy access control model. In J. Tan, Healthcare information systems and informatics research and practices. ershey, PA: Information Science Publishing (an imprint of IGI Global).
[8]
Laroia, A. 2009. Leveraging Web services to connect the healthcare enterprise. Available online from http://www.ebizq.net/topics/Web_services/features/1546.html?page=5
[9]
Zou, X. 2009. Research. Retrieved June 15, 2009, from http://www.cs.iupui.edu/~xkzou/xkzou.html
[10]
Ferraiolo, D. F., Kuhn, D. R., &amp; Chandramouli, R. 2007. Role-based access control (2<sup>nd</sup> ed.). Norwood, MA 02062 USA: Artech House.
[11]
PC Magazine. 2009. Mandatory access control. Retrieved June 15, 2009, from http://www.pcmag.com/encyclopedia
[12]
Kayem, A. V. 2008. Adaptive cryptography access control for dynamic data sharing environments, Ph.D. Thesis. Queen's University, Canada.
[13]
Hu, V. C., Ferraiolo, D. F., &amp; Kuhn, D. R. 2006. Assessment of access control systems. National Institute of Standards and Technology, Interagency Report 7316.
[14]
Al-hamdani, W. 2009. Chapter XI: Cryptography for Information Security. In G. N. Jatinder, &amp; S. K. Sharma, Handbook of Research on Information Security and Assurance (pp. 122--138). Hershey &middot;· New York.
[15]
Federal Information. 2001. Announcing the advanced encryption standard (AES). Processing Standards Publication 197. NIST.
[16]
RSA.com. 2008. What is RSA? Retrieved June 15, 2009, from http://www.rsa.com/
[17]
RSA.com. 2007. What is Diffie-Hellman? Retrieved June 15, 2009, from http://www.rsa.com/
[18]
SearchSecurity.com. 2008. DSS definition. Retrieved June 15, 2009, from http://searchsecurity.techtarget.com/sDefinition/
[19]
Toorani, M., &amp; Beheshti Shirazi, A. 2008. LPKI - a lightweight public key infrastructure for the mobile environments. ICCS 2008 11th IEEE Singapore International Conference on Communication Systems. Singapore: IEEE.
[20]
Nsa.gov. 2005. Fact sheet NSA Suite B cryptography. Retrieved June 15, 2009, from http://www.nsa.gov/ia/industry/crypto_suite_b.cfm
[21]
Wilikens, M., Feriti, S., &amp; Masera, M. 2002. A context-related authorization and access control method based on RBAC: A case study for healthcare domain. SACMAT 2002: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (pp. 117--124). ACM.
[22]
Hu, J. &amp; Weaver, A. C. 2004. Dynamic, context-aware access control for distributed healthcare applications. Available online from http://www.cs.virginia.edu/papers/p1-hu-dynamic.pdf
[23]
Jih, W-r., Cheng, S-y., Jane, Y-j. H., &amp; Tsai, T.-M. 2008. Context-aware access control in pervasive healthcare. Available online from http://agents./~jih/publication/mam05.pdf
[24]
Al Kukhun, D., &amp; Sedes, F. 2008. Adaptive solutions for access control within pervasive healthcare systems. Lecture Notes in Computer Science, 5120, 42--53. Berlin/Heidelberg: Springer.
[25]
Yarmand, M., &amp; Sartipi, K. &amp;. 2008. Behavior-based access control for distributed healthcare environment. CBMS '08 21st IEEE International Symposium on Computer-Based Medical Systems (pp. 126--131). Jyvaskyla: IEEE.
[26]
Georgiadis, C. K., Mavridis, I. K., &amp; Pangalos, G. I. 2002 Programming a view-based active access-control system for healthcare environments. Health Informatics Journal, 8(4). PP: 191--198.
[27]
Tzelepi, S. K., Koukopoulos, D., &amp; Pangalos, G. 2001. A flexible content and context-based access control model for multimedia medical image database systems. MM&amp;Sec '01: Proceedings of the 2001 Workshop on Multimedia and Security: New Challenges (pp. 52--55). ACM.
[28]
Jin, J., Ahn, G.-J., Hu, H., Covington, M. J., &amp; Zhang, X. 2009. Patient-centric authorization framework for sharing electronic health records. SACMAT 2009, June 3--5, (pp. 125--134). Stresa, Italy: ACM.
[29]
Røstad, L. 2008. Access control in healthcare information systems.: Norwegian University of Science and Technology.
[30]
di Vimercati, S. D., Foresti, S., Jajodia, S., Paraboschi, S., &amp; Samarati, P. 2007. Data outsourcing architecture combining cryptography and access control. ACM Workshop on Computer Security Architecture. Fairfax, Virginia, USA: ACM.
[31]
Stewart, J. M. 2005. CISSP: Certified information systems security professional (3<sup>rd</sup> ed.). Hoboken, NJ: Sybex.
[32]
Harrington, A., &amp; Jensen, C. D. 2003. Cryptography access control in a distributed file system. Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (pp. 158--165). Como, Italy
[33]
Kohl, J., &amp; Neuman, C. 1993. The Kerberos network authentication service (V5). Request for Comments: 1510.
[34]
ISO. 1993. Open systems interconnection---The directory: Authentication framework. Number X.509 in ITU--T. Authentication framework. Number X.509 in ITU--T 1993. Authentication framework. Number X.509 in ITU--T.
[35]
Saltzer, J. H., Reed, D. P., &amp; Clark, D. D. 1981. End-to-end arguments in system design: Second international conference on distributed computing systems. ACM Transactions in Computer Systems, 2(4), 277--288.
[36]
Rosenblum, M., &amp; Ousterhout, J. K. (1992). Implementation of a log-structured file system. ACM Transactions on Computer Systems, 10(1), 26--52.
[37]
Thyregod, S. 2006. Key management in cryptography access control. M.Sc. thesis from Technical University of Denmark.
[38]
Harrington, A. 2001. Cryptography access control for a network file system. Master's thesis, Trinity College, Dublin.
[39]
IEEE. 2009. IEEE P1619.3#8482;/D6 draft standard for key management infrastructure for cryptography protection of stored data.
[40]
Kayem, A. V. 2008. Adaptive cryptography access control for dynamic data sharing environments, Ph.D. Thesis. Queen's University, Canada.
[41]
Hassen, R. H., Bouabaallah, A., Bettahar, H., &amp; Challal, Y. 2007. Key management for content access control in a hierarchy. Computer Networks, (51), 3197--3219.
[42]
Yu, W., Sun, Y., &amp; Liu, R. 2007. Optimizing the rekeying cost for contributory group key agreement schemes. IEEE Transactions on Dependable and Secure Computing, 4(3), 228--242.
[43]
Chothia, T., Duggan, D., &amp; Vitek, J. 2004. Type-based distributed access control. Retrieved June 15, 2009, from http://www.cs.purdue.edu/homes/jv/pubs/csfw03.pdf
[44]
Dacs.dss.ca. (2009). Distributed system software. Retrieved June 1, 2009, from http://dacs.dss.ca/exec-overview.html
[45]
Idmanagement.gov. (2009). Federal public key infrastructure. Available online from http://www.idmanagement.gov/fpkisc/drilldown_sc.cfm?action=hcwg
[46]
Raina, K. (2003). PKI security solutions for the enterprise: Solving HIPAA, E-Paper Act, and other compliance issues. Danvers, MA 01923: Wiley Publishing.

Cited By

View all
  • (2024)Decision Model to Design Trust-Focused and Blockchain-Based Health Data Management ApplicationsBlockchains10.3390/blockchains20200052:2(79-106)Online publication date: 9-Apr-2024
  • (2024)Exploring the advent of Medical 4.0: A bibliometric analysis systematic review and technology adoption insightsInformatics and Health10.1016/j.infoh.2023.10.0011:1(16-28)Online publication date: Mar-2024
  • (2022)Patient-Controlled Mechanism Using Pseudonymization Technique for Ensuring the Security and Privacy of Electronic Health RecordsInternational Journal of Reliable and Quality E-Healthcare10.4018/IJRQEH.29707611:1(1-15)Online publication date: 1-Jan-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
InfoSecCD '10: 2010 Information Security Curriculum Development Conference
October 2010
187 pages
ISBN:9781450302029
DOI:10.1145/1940941
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • KSU - CISE: KSU Center for InfoSec Education
  • ISSA: The Metro Atlanta Information Systems Security Association

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. access control
  2. cryptography
  3. cryptography access control
  4. information assurance
  5. information security
  6. public key infrastructure (PKI)
  7. role-based access control

Qualifiers

  • Research-article

Conference

InfoSecCD '10
Sponsor:
  • KSU - CISE
  • ISSA

Acceptance Rates

Overall Acceptance Rate 18 of 23 submissions, 78%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)34
  • Downloads (Last 6 weeks)8
Reflects downloads up to 12 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Decision Model to Design Trust-Focused and Blockchain-Based Health Data Management ApplicationsBlockchains10.3390/blockchains20200052:2(79-106)Online publication date: 9-Apr-2024
  • (2024)Exploring the advent of Medical 4.0: A bibliometric analysis systematic review and technology adoption insightsInformatics and Health10.1016/j.infoh.2023.10.0011:1(16-28)Online publication date: Mar-2024
  • (2022)Patient-Controlled Mechanism Using Pseudonymization Technique for Ensuring the Security and Privacy of Electronic Health RecordsInternational Journal of Reliable and Quality E-Healthcare10.4018/IJRQEH.29707611:1(1-15)Online publication date: 1-Jan-2022
  • (2022)Blockchain-Enabled Electronic Health Records for Healthcare 4.0International Journal of E-Health and Medical Communications10.4018/IJEHMC.30943813:4(1-13)Online publication date: 11-Aug-2022
  • (2022)Security Issues and Solutions for Healthcare InformaticsFederated Learning for IoT Applications10.1007/978-3-030-85559-8_12(185-198)Online publication date: 1-Jan-2022
  • (2014)Secure E-Learning and CryptographyCases on Professional Distance Education Degree Programs and Practices10.4018/978-1-4666-4486-1.ch012(331-369)Online publication date: 2014
  • (2014)A Survey of Access Control Models in Wireless Sensor NetworksJournal of Sensor and Actuator Networks10.3390/jsan30201503:2(150-180)Online publication date: 20-Jun-2014
  • (2014)Access control for cloud-based eHealth social networkingSecurity and Communication Networks10.1002/sec.7597:3(574-587)Online publication date: 1-Mar-2014
  • (2011)Elliptic curve for data protectionProceedings of the 2011 Information Security Curriculum Development Conference10.1145/2047456.2047457(1-14)Online publication date: 30-Sep-2011

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media