基于匿名角色的电子健康记录访问控制

Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security Pub Date : 2016-05-30 DOI:10.1145/2897845.2897871

Xingguang Zhou, Jianwei Liu, Weiran Liu, Qianhong Wu

{"title":"基于匿名角色的电子健康记录访问控制","authors":"Xingguang Zhou, Jianwei Liu, Weiran Liu, Qianhong Wu","doi":"10.1145/2897845.2897871","DOIUrl":null,"url":null,"abstract":"Electronic Health Record (EHR) system facilitates us a lot for health record management. Privacy risk of patients' records is the dominating obstacle in the widely deployed EHRs. Role-based access control (RBAC) schemes offer an access control on EHRs according to one's role. Only the medical staff with roles satisfying the specified access policies can read EHRs. In existing schemes, attackers can link patients' identities to their doctors. Therefore, the classification of patients' diseases are leaked without actually knowing patients' EHRs. To address this problem, we present an anonymous RBAC scheme. Not only it achieves flexible access control, but also realizes privacy-preserving for individuals. Moreover, our scheme maintains the property of constant size for the encapsulated EHRs. The proposed security models with semantic security and anonymity can be proven under decisional bilinear group assumptions. Besides, we provide an approach for EHR owners to search out their targeted EHR in the anonymous system. For better user experience, we apply \"online/offline\" approach to speed up data processing in our scheme. Experimental results show that the time consumption for key generation and EHR encapsulation can be done in milliseconds.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"80 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Anonymous Role-Based Access Control on E-Health Records\",\"authors\":\"Xingguang Zhou, Jianwei Liu, Weiran Liu, Qianhong Wu\",\"doi\":\"10.1145/2897845.2897871\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Electronic Health Record (EHR) system facilitates us a lot for health record management. Privacy risk of patients' records is the dominating obstacle in the widely deployed EHRs. Role-based access control (RBAC) schemes offer an access control on EHRs according to one's role. Only the medical staff with roles satisfying the specified access policies can read EHRs. In existing schemes, attackers can link patients' identities to their doctors. Therefore, the classification of patients' diseases are leaked without actually knowing patients' EHRs. To address this problem, we present an anonymous RBAC scheme. Not only it achieves flexible access control, but also realizes privacy-preserving for individuals. Moreover, our scheme maintains the property of constant size for the encapsulated EHRs. The proposed security models with semantic security and anonymity can be proven under decisional bilinear group assumptions. Besides, we provide an approach for EHR owners to search out their targeted EHR in the anonymous system. For better user experience, we apply \\\"online/offline\\\" approach to speed up data processing in our scheme. Experimental results show that the time consumption for key generation and EHR encapsulation can be done in milliseconds.\",\"PeriodicalId\":166633,\"journal\":{\"name\":\"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security\",\"volume\":\"80 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-05-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2897845.2897871\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2897845.2897871","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

电子健康档案(EHR)系统为我们的健康档案管理提供了很多便利。病历隐私风险是电子病历广泛应用的主要障碍。基于角色的访问控制(role -based access control, RBAC)方案根据个人的角色对电子病历进行访问控制。只有角色满足指定访问策略的医务人员才能读取电子病历。在现有的方案中，攻击者可以将病人的身份与他们的医生联系起来。因此，在不了解患者电子病历的情况下，患者的疾病分类就被泄露了。为了解决这个问题，我们提出了一个匿名RBAC方案。它不仅实现了灵活的访问控制，而且实现了对个人隐私的保护。此外，我们的方案保持了封装的电子病历的大小不变的特性。在决策双线性群假设下证明了所提出的具有语义安全性和匿名性的安全模型。此外，我们还提供了一种在匿名系统中查找目标电子病历的方法。为了更好的用户体验，我们在方案中采用了“在线/离线”的方式来加快数据处理速度。实验结果表明，密钥生成和EHR封装的时间消耗可以达到毫秒级。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Anonymous Role-Based Access Control on E-Health Records

Electronic Health Record (EHR) system facilitates us a lot for health record management. Privacy risk of patients' records is the dominating obstacle in the widely deployed EHRs. Role-based access control (RBAC) schemes offer an access control on EHRs according to one's role. Only the medical staff with roles satisfying the specified access policies can read EHRs. In existing schemes, attackers can link patients' identities to their doctors. Therefore, the classification of patients' diseases are leaked without actually knowing patients' EHRs. To address this problem, we present an anonymous RBAC scheme. Not only it achieves flexible access control, but also realizes privacy-preserving for individuals. Moreover, our scheme maintains the property of constant size for the encapsulated EHRs. The proposed security models with semantic security and anonymity can be proven under decisional bilinear group assumptions. Besides, we provide an approach for EHR owners to search out their targeted EHR in the anonymous system. For better user experience, we apply "online/offline" approach to speed up data processing in our scheme. Experimental results show that the time consumption for key generation and EHR encapsulation can be done in milliseconds.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

自引率

0.00%

发文量