No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
A Context-Aware Security Model for a Combination of Attribute-Based Access Control and Attribute-Based Encryption in the Healthcare Domain
Abstract
The need of a trusted environment in which only authorized users are permitted to access a system was of imperative importance since the early days of cloud computing. Even nowadays, a lot of users seem to be reluctant to store their personal data in the cloud and specifically the data related to bank accounts and the health care domain. Our goal is to enhance the access control mechanisms that can be used in the healthcare domain for enhancing the security and privacy of EHR systems. In this work, we present a context-aware security model which consists of classes and properties that can serve as background knowledge for creating and enforcing access control rules for electronic health records (EHR). We consider two different layers of authorization control based on the current context: (i) the Attribute Based Access Control (ABAC) layer which permits or denies access and/or editing rights to (encrypted) EHRs; and (ii) the Attribute Based Encryption (ABE) layer which handles the way sensitive data should be decrypted.
... Psarra et al. [22] present a CAS model that can serve as background knowledge for creating and enforcing access control rules for electronic health records (EHR) using a combination of the Attribute Based Access Control (ABAC) and Attribute Based Encryption (ABE) models. SETUCOM [27] secures context information exchange by using a hybrid encryption system adapted to IoT devices and manages trust through artificial intelligence techniques such as Bayesian networks and fuzzy logic. ...
... [29][14][16][10][22] ...
Security and privacy are hot topics when considering the Internet of Things (IoT) application scenarios. By dealing with sensitive and sometimes personal data, IoT application environments need mechanisms to protect against different threats. The traditional security mechanisms are usually static and were not designed considering the dynamism imposed by IoT environments. Those environments could have mobile and dynamic entities that can change their status at deployment time, needing novel security mechanisms to cope with their requirements. Thus a non-static approach to security provision becomes mandatory. Context-Aware Security (CAS) is a mechanism to provide dynamic security for those environments. CAS solutions can adapt the security service (e.g., authentication, authorization, access control, and privacy-preserving) provision based on the context of the environment. This work reviews the concepts around CAS and presents an extensive review of existing solutions employing CAS in their architecture. Moreover , we define a taxonomy for CAS based on the context-awareness area.
... Simple context conditions can be combined in order to form complex context conditions, using the standard AND, OR, NOT operators. A complete list of the contextual attributes, represented in a context model, is described in the work of Psarra et al. [34]. ...
... The criticality assessment of a patient's condition is made using a rule-based approach. Note, that since many of the contextual variables appearing in [34] are evaluated by experts using linguistic terms, such as 'if blood pressure is high', our approach adopts the following fuzzy inferencing process: ...
In emergency situations, different actors involved in first aid services should be authorized to retrieve information from the patient’s Electronic Health Records (EHRs). The research objectives of this work involve the development and implementation of methods to characterise emergency situations requiring extraordinary access to healthcare data. The aim is to implement such methods based on contextual information pertaining to specific patients and emergency situations and also leveraging personalisation aspects which enable the efficient access control on sensitive data during emergencies. The Attribute Based Access Control paradigm is used in order to grant access to EHRs based on contextual information. We introduce an ABAC approach using personalized context handlers, in which raw contextual information can be uplifted in order to recognize critical situations and grant access to healthcare data. Results indicate that context-aware ABAC is a very effective method for detecting critical situations that require emergency access to personal health records. In comparison to RBAC implementations of emergency access control to EHRs, the proposed ABAC implementation leverages contextual information pertaining to the specific patient and emergency situations. Contextual information increases the capability of ABAC to recognize critical situations and grant access to healthcare data.
... The selection of the appropriate contextual attributes is of critical importance for defining dynamic access control policies. In our previous work, we have defined CASM (Psarra et al., 2020a), an ontology that serves as a basis for creating ABAC policies. That ontology is used here to map the contextual attributes involved in access control policies. ...
Acute care demands fast response and procedures from the healthcare professionals involved in the emergency. The availability of electronic medical records (EMR) enables acute care teams to access patient data promptly, which is critical for proper treatment. The EMR contains sensitive data, so proper access control is a necessity. However, acute care situations entail the introduction of dynamic authorisation techniques that are able to swiftly grant access to the acute care teams during the treatment and that at the same time can revoke it as soon as the treatment is over. In this work, our contributions are threefold. First, we propose a step-by-step methodology that defines dynamic and fine-grained access control in acute care incidents. Then, we applied this methodology with the Amsterdam University Medical Center acute stroke care teams, resulting in a new model coined ’Acute Care Attribute-Based Access Control (AC-ABAC)’. AC-ABAC implements access control policies that take into account contextual attributes for dynamically sharing patient data with the appropriate healthcare professionals during the life cycle of acute care. Finally, we evaluate the performance and show the feasibility and correctness of AC-ABAC through a prototype implementation of the model and simulation of patient data requests in various scenarios. The results show that the most complex policy evaluation takes on average 194.89 ms, which is considered worthwhile when compared to the added value to the system’s security and the acute care process.
... A fuzzy context handler uses fuzzy rules that associate contextual attributes with fuzzy values and generates as output an assessment of the criticality of the incident. The related contextual attributes, which are represented in a context model, are presented in detail in [61]. Here, we extend the fuzzy context handlers by taking into consideration apart from the patient's current state her future one as well, by predicting the patient's future health status. ...
Effective access control techniques are in demand, as electronically assisted healthcare services require the patient’s sensitive health records. In emergency situations, where the patient’s well-being is jeopardized, different healthcare actors associated with emergency cases should be granted permission to access Electronic Health Records (EHRs) of patients. The research objective of our study is to develop machine learning techniques based on patients’ time sequential health metrics and integrate them with an Attribute Based Access Control (ABAC) mechanism. We propose an ABAC mechanism that can yield access to sensitive EHRs systems by applying prognostic context handlers where contextual information, is used to identify emergency conditions and permit access to medical records. Specifically, we use patients’ recent health history to predict the health metrics for the next two hours by leveraging Long Short Term Memory (LSTM) Neural Networks (NNs). These predicted health metrics values are evaluated by our personalized fuzzy context handlers, to predict the criticality of patients’ status. The developed access control method provides secure access for emergency clinicians to sensitive information and simultaneously safeguards the patient’s well-being. Integrating this predictive mechanism with personalized context handlers proved to be a robust tool to enhance the performance of the access control mechanism to modern EHRs System.
... To address the shortcomings of traditional electronic medical systems' inefficiency and scalability, certain schemes 15,16 use access control technologies to administer EHR stored in the cloud. These strategies can ensure the security of remotely stored data in cloud computing, demonstrating that giving data owners access control over their data is more vital than allowing the cloud to control data. ...
Electronic health record (EHR) allows patients to use an open channel (ie, Internet) to control, share and manage their health records among family members, healthcare providers and other third party data users. Thus, in such an environment, privacy, confidentiality, and data consistency are the major challenges. Although cloud‐based EHR addresses the aforementioned discussions, these are prone to various malicious attacks, trust management and non‐repudiation among servers. Recently, due to the property of immutability, blockchain technology has been introduced to be as an auspicious solution for achieving EHR sharing with privacy and security preservation. Motivated by the above debates, we present BFHS, a blockchain‐based fine‐grained secure EHR sharing mechanism. On BFHS, we encrypt the EHR using ciphertext‐policy attribute‐based encryption (CP‐ABE) and upload it to the interplanetary file system (IPFS) for storage, while the matching index is encrypted via proxy re‐encryption and kept in a medical consortium blockchain. In addition, we created a credit assessment mechanism and incorporated it into the smart contract. Smart contracts, proxy re‐encryption, a credit evaluation mechanism, and IPFS all work together to give patients with a trustworthy EHR sharing environment and a dynamic access control interface. The thorough comparison and experimental analysis show that the proposed BFHS has more comprehensive security features and is more practicable.
... Therefore, only a user who has a private ABE key containing attributes that satisfy policies included in a ciphertext can decrypt the cipher text and, consequently, use the SSE key for decrypting the health data encrypted with the SSE key. The framework in addition protects access to encrypted SSE keys and to the ciphertext of encrypted EHRs, using an attribute-based access control (ABAC) engine that decides who, from where and when can request encrypted health records and the ciphertexts of their SSE keys [14], [15]. This constitutes a context-aware authorization step before granting access to sensitive data. ...
Security and privacy are hot topics when considering the Internet of Things (IoT) application scenarios. By dealing with sensitive and sometimes personal data, IoT application environments need mechanisms to protect against different threats. The traditional security mechanisms are usually static and were not designed considering the dynamism imposed by IoT environments. Those environments could have mobile and dynamic entities that can change their status at deployment time, needing novel security mechanisms to cope with their requirements. Thus, a flexible approach to security provision is imperative. Context-Aware Security (CAS) provides dynamic security for IoT environments by being aware of the context. CAS solutions can adapt the security service (e.g., authentication, authorization, access control, and privacy-preserving) provision based on the context of the environment. This work reviews the concepts around CAS and presents an extensive review of existing solutions employing CAS in their architecture. Moreover, we define a taxonomy for CAS based on the context-awareness area.
Since the introduction of Bitcoin and Ethereum, blockchain introduced new ways to handle payment and dealing with financial transactions. From 2009 till now, several blockchain systems were developed. However, the main issue for each blockchain is to know where to use it and what the best use case fits with it. Transaction per second (TPS) and confirmation time (CT) give the possibility to evaluate the speed and performance of each blockchain. It demonstrates the speed of blockchain in processing any transaction and saving it to the ledger. This work reviews and presents the current status of the state-of-the-art blockchain performance.
Security controls and countermeasures have shifted from static desktop-based and corporate network environments to heterogeneous, distributed and dynamic environments (e.g., cloud and mobile computing or Internet of Things). Due to this paradigm shift, adaptive and risk-based approaches have gained significant importance. These approaches allow security managers to perform context-aware decision making, adapting controls’ deployment, configuration or use to every specific situation, depending on the current value of risk indicators or scores and on the level of risk tolerated by the organisation at any given time. This paper proposes a model to automatically adapt security controls to different risk scenarios in almost real-time (if required). This model is based on a three-layer architecture and a three-step flow (measurement-decision-adaptation), relying on a scalable policies&rules framework capable of integrating with different kinds of controls. Furthermore, the proposed model is validated and evaluated with an actual use case.
The increasing volume of personal and sensitive data being harvested by data controllers makes it increasingly necessary to use the cloud not just to store the data, but also to process them on cloud premises. However, security concerns on frequent data breaches, together with recently upgraded legal data protection requirements (like the European Union's General Data Protection Regulation), advise against outsourcing unprotected sensitive data to public clouds. To tackle this issue, this survey covers technologies that allow privacy-aware outsourcing of storage and processing of sensitive data to public clouds. Specifically and as a novelty, we review masking methods for outsourced data based on data splitting and anonymization, in addition to cryptographic methods covered in other surveys. We then compare these methods in terms of operations supported on the masked outsourced data, overhead, accuracy preservation, and impact on data management. Furthermore, we list several research projects and available products that have materialized some of the surveyed solutions. Finally, we identify outstanding research challenges.
With the popularity of Internet of Things (IoT) and cloud computing technologies, mobile healthcare (mHealth) can offer remote, accurate, and effective medical services for patients according to their personal health records (PHRs). However, data security and efficient access of the PHR should be addressed. Attribute-based encryption (ABE) is regarded as a well-received cryptographic mechanism to simultaneously realize fine-grained access control and data confidentiality in mHealth. Nevertheless, existing works are either constructed in the single-authority setting which may be a performance bottleneck, or lack of efficient user decryption. In this paper, we propose SEMAAC, a secure and efficient multi-authority access control system for IoT-enabled mHealth. In SEMAAC, there are multiple independently worked attribute authorities (AAs). A new entity could be an AA without re-building the system. To reduce the user decryption overhead, most decryption is executed in cloud server, which whereafter returns a partial decryption ciphertext (PDC). The AAs can help the user to check if the PDC is correctly computed. Additionally, a restricted user can delegate his/her key to someone to outsource the decryption and check the returned result, without exposing the plaintext PHR file. The proposed SEMAAC is proved to be adaptively secure in the standard model. The numerical analysis and extensive experiments illustrate the efficiency and advantage of our scheme.
With the development of outsourcing data services, data security has become an urgent problem that needs to be solved. Attribute-based encryption is a valid solution to data security in cloud storage. There is no existing scheme that can guarantee the privacy of access structures and achieve attribute-based encryption with keyword search and attribute revocation. In this article, we propose a new searchable and revocable multi-data owner attribute-based encryption scheme with a hidden policy in cloud storage. In the new scheme, the same access policy is used in both the keyword index and message encryption. The advantage of keyword index with access policy is that as long as a user’s attributes satisfy the access policy, the searched ciphertext can be correctly decrypted. This property improves the accuracy of the search results. The hidden policy is used in both the ciphertext and the keyword index to protect users’ privacy. The new scheme contains attribute revocation, which is suitable for the actual situation that a user’s attributes maybe changed over time. In the general bilinear group model, the security of the scheme is demonstrated, and the efficiency of the scheme is analyzed.
Context is a poorly used source of information in our computing environments. As a result, we have an impoverished understanding of what context is and how it can be used. In this paper, we provide an operational definition of context and discuss the different ways in which context can be used by context-aware applications. We also present the Context Toolkit, an architecture that supports the building of these context-aware applications. We discuss the features and abstractions in the toolkit that make the task of building applications easier. Finally, we introduce a new abstraction, a situation which we believe will provide additional support to application designers.
Personal health record (PHR) system has become an important platform for health information exchange, in which patients can effectively manage and share personal health information in cloud storage. In general, all health information will be encrypted before they are uploaded to the cloud server. However, the cloud server is unreliable and the sensitive information of users may be disclosed in this process. The general encryption algorithm cannot protect both confidentiality and privacy of the uploaded information. Attribute-based encryption (ABE) provides a solution to it. In this paper, we propose a privacy-preserving decentralized ABE scheme for secure sharing of PHR based on Lewko and Waters′s scheme, in which an anonymous secret key issuing protocol is used to hide GIDs. This protocol can make the authorities generate the correct decryption key for users without knowing their GIDs. In addition, the one-way anonymous key agreement is used to hide the attributes in the access policy. The presented scheme keeps the security of the Lewko and Waters′s scheme and removes the random oracle. Finally, we show that the security of the proposed scheme is reduced to static assumptions based on dual system encryption instead of other strong assumptions.
We present several transformations that combine a set of attribute-based encryption (ABE) schemes for simpler predicates into a new ABE scheme for more expressive composed predicates. Previous proposals for predicate compositions of this kind, the most recent one being that of Ambrona et al. at Crypto’17, can be considered static (or partially dynamic), meaning that the policy (or its structure) that specifies a composition must be fixed at the setup. Contrastingly, our transformations are dynamic and unbounded: they allow a user to specify an arbitrary and unbounded-size composition policy right into his/her own key or ciphertext. We propose transformations for three classes of composition policies, namely, the classes of any monotone span programs, any branching programs, and any deterministic finite automata. These generalized policies are defined over arbitrary predicates, hence admitting modular compositions. One application from modularity is a new kind of ABE for which policies can be “nested” over ciphertext and key policies. As another application, we achieve the first fully secure completely unbounded key-policy ABE for non-monotone span programs, in a modular and clean manner, under the q-ratio assumption. Our transformations work inside a generic framework for ABE called symbolic pair encoding, proposed by Agrawal and Chase at Eurocrypt’17. At the core of our transformations, we observe and exploit an unbounded nature of the symbolic property so as to achieve unbounded-size policy compositions.
Data sharing is a convenient and economic service supplied by cloud computing. Data contents privacy also emerges from it since the data is outsourced to some cloud servers. To protect the valuable and sensitive information, various techniques are used to enhance access control on the shared data. In these techniques, Ciphertext-policy attribute-based encryption (CP-ABE) can make it more convenient and secure. Traditional CP-ABE focuses on data confidentiality merely, while the user’s personal privacy protection is an important issue at present. CP-ABE with hidden access policy ensures data confidentiality and guarantees that user’s privacy is not revealed as well. However, most of the existing schemes are inefficient in communication overhead and computation cost. Moreover, most of those works take no consideration about authority verification or the problem of privacy leakage in authority verification phase. To tackle the problems mentioned above, a privacy preserving CP-ABE scheme with efficient authority verification is introduced in this paper. Additionally, the secret keys of it achieve constant size. Meanwhile, the proposed scheme achieves the selective security under the decisional
$n$
-BDHE problem and decisional linear assumption. The computational results confirm the merits of the presented scheme.
In recent years, the increasing popularity of cloud computing has led to a trend that data owners prefer to outsource their data to the clouds for the enjoyment of the on-demand storage and computing services. For security and privacy concerns, fine-grained access control and secure data retrieval for the outsourced data is of critical importance. Attribute-based keyword search (ABKS) scheme, as a cryptographic primitive which explores the notion of public key encryption with keyword search (PEKS) into the context of attribute-based encryption (ABE), can enable the data owner to flexibly share his data to a specified group of users satisfying the access policy and meanwhile, maintain the confidentiality and searchable properties of the sensitive data. However, in most of the previous ABKS schemes, the decryption service is not provided, and a fully trusted central authority is required, which is not practical in the scenario that the access policy is written over attributes or credentials issued across different trust domains and organizations. Moreover, the efficiency of storage and computation is also the bottleneck of implementation of ABKS scheme. In this paper, for the first time, we propose a decentralized ABKS scheme with conjunctive keyword search for the cloud storage system. Besides the multi-keyword search in the decentralized setting, our scheme outsources the undesirable costly operations of decryption to the cloud without degrading the user's privacy. Furthermore, the encryption phase is also divided into two phases, an offline pre-computation phase which is independent with the plaintext message, access policy, and keyword set, and can be performed at any time when the data owner's device is otherwise not in use, and an online encryption phase which only incurs very little computation costs. Security analysis indicates that our scheme is provably secure in the random oracle model. The asymptotic complexity comparison and simulation results also show that our scheme achieves high computation efficiency.
Attribute-Based Encryption (ABE) offers fine-grained access control policy over encrypted data, and thus applicable in cloud storage to provide authorized data privacy. However, there are some issues that should be solved before deploying ABE in practice. Firstly, as the heavy decryption cost grows with the complexity of access policy, an ABE with outsourcing decryption is preferred to relieve user's computation cost. Secondly, when user's attributes are altered, it is required for ABE supporting attribute revocation to change user's access privilege timely and effectively. Thirdly, in the case of access control policy changed by data owner, policy updating requirement must be met in designing ABE. Therefore, a practical ABE scheme is proposed which can solve aforementioned issues simultaneously. In order to support flexible number of attributes, our scheme also achieves large universe and multiple attribute authorities. The security and performance of the proposed scheme are discussed, followed by extensive experiments to demonstrate its effectiveness and practicability.
The growth in Cloud Computing and the ubiquity of Mobile devices to access Cloud services has generated a new paradigm, Mobile Cloud Computing (MCC). While the benefits of storing and accessing data in the Cloud are well documented there are concerns relating to the security of such data through data corruption, theft, exploitation or deletion. Innovative encryption schemes have been developed to address the challenges of data protection in the Cloud and having greater control over who should be accessing what data, one of which is Attribute-Based Encryption (ABE). ABE is a type of role-based access control encryption solution which allows data owners and data consumers or users to encrypt and decrypt based on their personal attributes (e.g. department, location, gender, role). A number of ABE schemes have been developed over the years but ABE in MCC has established its own paradigm driven by a) the use of mobile devices to access private data hosted in the Cloud and b) the physical limitations of the mobile device to perform complex computation in support of encryption and decryption in ABE. ABE in MCC is an evolving research field but given the breadth and strength of interest at time of writing it is timely to perform a survey. Due to the sheer volume of research, the survey has focused on one aspect of ABE - Ciphertext-Policy Attribute-Based Encryption - in line with its prominence in ABE in MCC research to date. Further, given the significant developments and interest in IoT, the survey has since been extended to assess whether the research into mobile devices has been translated to the application of attribute-based encryption in IoT where the challenges to support complex computation and data transmission are potentially more complex given the much greater heterogeneity and resource restrictions of IoT devices.
It has been argued that big data will enable efficiencies and accountability in health care.1,2 However, to date, other industries have been far more successful at obtaining value from large-scale integration and analysis of heterogeneous data sources. What these industries have figured out is that big data becomes transformative when disparate data sets can be linked at the individual person level. In contrast, big biomedical data are scattered across institutions and intentionally isolated to protect patient privacy. Both technical and social challenges to linking these data must be addressed before big biomedical data can have their full influence on health care. It is this linkage challenge that we address in this Viewpoint.
Cloud computing is one of the emerging technologies. The cloud environment is a large open distributed system.
It is important to preserve the data, as well as, privacy of users. Access Control methods ensure that authorized user’s
access the data and the system. This paper discusses various features of attribute based access control mechanism, suitable
for cloud computing environment. It leads to the design of attribute based access control mechanism for cloud computing
We propose a Multi-Authority Attribute-Based Encryption (ABE) system. In our system, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters. A party can simply act as an ABE authority by creating a public key and issuing private keys to different users that reflect their attributes. A user can encrypt data in terms of any boolean formula over attributes issued from any chosen set of authorities. Finally, our system does not require any central authority.
In constructing our system, our largest technical hurdle is to make it collusion resistant. Prior Attribute-Based Encryption systems achieved collusion resistance when the ABE system authority “tied” together different components (representing different attributes) of a user’s private key by randomizing the key. However, in our system each component will come from a potentially different authority, where we assume no coordination between such authorities. We create new techniques to tie key components together and prevent collusion attacks between users with different global identifiers.
We prove our system secure using the recent dual system encryption methodology where the security proof works by first converting the challenge ciphertext and private keys to a semi-functional form and then arguing security. We follow a recent variant of the dual system proof technique due to Lewko and Waters and build our system using bilinear groups of composite order. We prove security under similar static assumptions to the LW paper in the random oracle model.
Ciphertext-Policy Attribute-Based Encryption (CP-ABE) allows to encrypt data under an access policy, specified as a logical
combination of attributes. Such ciphertexts can be decrypted by anyone with a set of attributes that fits the policy. In this
paper, we introduce the concept of Distributed Attribute-Based Encryption (DABE), where an arbitrary number of parties can
be present to maintain attributes and their corresponding secret keys. This is in stark contrast to the classic CP-ABE schemes,
where all secret keys are distributed by one central trusted party. We provide the first construction of a DABE scheme; the
construction is very efficient, as it requires only a constant number of pairing operations during encryption and decryption.
In several distributed systems a user should only be able to access data if a user posses a certain set of credentials or attributes. Currently, the only method for enforcing such policies is to employ a trusted server to store the data and mediate access control. However, if any server storing the data is compromised, then the confidentiality of the data will be compromised. In this paper we present a system for realizing complex access control on encrypted data that we call Ciphertext-Policy Attribute-Based Encryption. By using our techniques encrypted data can be kept confidential even if the storage server is untrusted; moreover, our methods are secure against collusion attacks. Previous Attribute- Based Encryption systems used attributes to describe the encrypted data and built policies into user's keys; while in our system attributes are used to describe a user's credentials, and a party encrypting data determines a policy for who can decrypt. Thus, our methods are conceptually closer to traditional access control methods such as Role-Based Access Control (RBAC). In addition, we provide an implementation of our system and give performance measurements.
We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, ω, to decrypt a ciphertext encrypted with an identity, ω ′, if and only if the identities ω and ω ′ are close to each other as measured by the “set overlap” distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term “attribute-based encryption”.
In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.