263 research outputs found
Toward Effective Access Control Using Attributes and Pseudoroles
Sharing of information is fundamental to modern computing environments across many application domains. Such information sharing, however, raises security and privacy concerns that require effective access control to prevent unauthorized access and ensure compliance with various laws and regulations. Current approaches such as Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC) and their variants are inadequate. Although it provides simple administration of access control and user revocation and permission review, RBAC demands complex initial role engineering and makes access control static. ABAC, on the other hand, simplifies initial security setup and enables flexible access control, but increases the complexity of managing privileges, user revocation and user permissions review. These limitations of RBAC and ABAC have thus motivated research into the development of newer models that use attributes and policies while preserving RBAC\u27s advantages.
This dissertation explores the role of attributes---characteristics of entities in the system---in achieving effective access control. The first contribution of this dissertation is the design and development of a secure access system using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). The second contribution is the design and validation of a two-step access control approach, the BiLayer Access Control (BLAC) model. The first layer in BLAC checks whether subjects making access requests have the right BLAC pseudoroles---a pseudorole is a predefined subset of a subject\u27s static attributes. If requesting subjects hold the right pseudoroles, the second layer checks rule(s) within associated BLAC policies for further constraints on access. BLAC thus makes use of attributes effectively while preserving RBAC\u27s advantages. The dissertation\u27s third contribution is the design and definition of an evaluation framework for time complexity analysis, and uses this framework to compare BLAC model with RBAC and ABAC. The fourth contribution is the design and construction of a generic access control threat model, and applying it to assess the effectiveness of BLAC, RBAC and ABAC in mitigating insider threats
An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health
Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent—considered as a privacy rule in sensitive scenarios—has not been fully addressed.This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.This work was partially founded by the Spanish Ministry of Science and Innovation under the project TEC2010-20572-C02-01 (CONSEQUENCE) and by the State of Madrid (Spain) under the contract number S2009/TIC-1650 (e-Madrid). Moreover, the authors would like to thank to the anonymous referees for comments and recommendations for the paper improvement
Contributions to the privacy provisioning for federated identity management platforms
Identity information, personal data and user’s profiles are key assets for organizations
and companies by becoming the use of identity management (IdM) infrastructures a prerequisite
for most companies, since IdM systems allow them to perform their business
transactions by sharing information and customizing services for several purposes in more
efficient and effective ways.
Due to the importance of the identity management paradigm, a lot of work has been done
so far resulting in a set of standards and specifications. According to them, under the
umbrella of the IdM paradigm a person’s digital identity can be shared, linked and reused
across different domains by allowing users simple session management, etc. In this way,
users’ information is widely collected and distributed to offer new added value services
and to enhance availability. Whereas these new services have a positive impact on users’
life, they also bring privacy problems.
To manage users’ personal data, while protecting their privacy, IdM systems are the ideal
target where to deploy privacy solutions, since they handle users’ attribute exchange.
Nevertheless, current IdM models and specifications do not sufficiently address comprehensive
privacy mechanisms or guidelines, which enable users to better control over the
use, divulging and revocation of their online identities. These are essential aspects, specially
in sensitive environments where incorrect and unsecured management of user’s data
may lead to attacks, privacy breaches, identity misuse or frauds.
Nowadays there are several approaches to IdM that have benefits and shortcomings, from
the privacy perspective.
In this thesis, the main goal is contributing to the privacy provisioning for federated
identity management platforms. And for this purpose, we propose a generic architecture
that extends current federation IdM systems. We have mainly focused our contributions
on health care environments, given their particularly sensitive nature. The two main
pillars of the proposed architecture, are the introduction of a selective privacy-enhanced
user profile management model and flexibility in revocation consent by incorporating an
event-based hybrid IdM approach, which enables to replace time constraints and explicit
revocation by activating and deactivating authorization rights according to events. The
combination of both models enables to deal with both online and offline scenarios, as well
as to empower the user role, by letting her to bring together identity information from
different sources.
Regarding user’s consent revocation, we propose an implicit revocation consent mechanism
based on events, that empowers a new concept, the sleepyhead credentials, which
is issued only once and would be used any time. Moreover, we integrate this concept
in IdM systems supporting a delegation protocol and we contribute with the definition
of mathematical model to determine event arrivals to the IdM system and how they are
managed to the corresponding entities, as well as its integration with the most widely
deployed specification, i.e., Security Assertion Markup Language (SAML).
In regard to user profile management, we define a privacy-awareness user profile management
model to provide efficient selective information disclosure. With this contribution a
service provider would be able to accesses the specific personal information without being
able to inspect any other details and keeping user control of her data by controlling
who can access. The structure that we consider for the user profile storage is based on
extensions of Merkle trees allowing for hash combining that would minimize the need of
individual verification of elements along a path. An algorithm for sorting the tree as we
envision frequently accessed attributes to be closer to the root (minimizing the access’
time) is also provided.
Formal validation of the above mentioned ideas has been carried out through simulations
and the development of prototypes. Besides, dissemination activities were performed in
projects, journals and conferences.Programa Oficial de Doctorado en Ingeniería TelemáticaPresidente: María Celeste Campo Vázquez.- Secretario: María Francisca Hinarejos Campos.- Vocal: Óscar Esparza Martí
Tutorial: Identity Management Systems and Secured Access Control
Identity Management has been a serious problem since the establishment of the Internet. Yet little progress has been made toward an acceptable solution. Early Identity Management Systems (IdMS) were designed to control access to resources and match capabilities with people in well-defined situations, Today’s computing environment involves a variety of user and machine centric forms of digital identities and fuzzy organizational boundaries. With the advent of inter-organizational systems, social networks, e-commerce, m-commerce, service oriented computing, and automated agents, the characteristics of IdMS face a large number of technical and social challenges. The first part of the tutorial describes the history and conceptualization of IdMS, current trends and proposed paradigms, identity lifecycle, implementation challenges and social issues. The second part addresses standards, industry initia-tives, and vendor solutions. We conclude that there is disconnect between the need for a universal, seamless, trans-parent IdMS and current proposed standards and vendor solutions
Recommended from our members
Privacy as the Price of Drug Access
In response to the recent increase in FDA-approved specialty drugs and escalating specialty drug prices, drug companies now offer patient support programs (“PSPs”) for eligible patients prescribed a particular pharmaceutical drug. Such programs encompass both financial assistance for the purchase of a specialty drug and behavioral services, including nursing support and injection training, intended to improve drug adherence. Although ostensibly gratuitous, these programs have a steep and underappreciated cost: disclosure of protected health information. In effect, patient support programs compel patients to trade protected health information for drug access. This Article provides the first in-depth examination of the legal and ethical concerns associated with patient support programs. Enrollment in a drug company’s patient support program furnishes the company with linked patient- and prescriber-identifying information for each enrollee, data which may enable drug companies to target marketing to patients and healthcare providers with an otherwise unattainable degree of precision. Moreover, once a drug company acquires an enrollee’s protected health information pursuant to a valid Health Insurance Portability and Accountability Act (HIPAA) authorization, a drug company faces few limits on downstream uses of those data. This Article illuminates a possible role for patient support program-mediated data collection in two unlawful drug company practices: (1) kickback schemes in coordination with foundations that cover pharmaceutical drug copays, and (2) “product hopping” to a new brand-name drug formulation after patent expiration of an older formulation. The current regime for health data privacy in the United States lacks adequate safeguards to prevent drug companies from exploiting patient support program-derived data to the detriment of patients. The Article ends by proposing practical modifications to the HIPAA Privacy Rule to modernize HIPAA’s protections vis-à-vis health data transferred from covered entities to noncovered entities such as drug companies
FHIRChain: Applying Blockchain to Securely and Scalably Share Clinical Data
Secure and scalable data sharing is essential for collaborative clinical
decision making. Conventional clinical data efforts are often siloed, however,
which creates barriers to efficient information exchange and impedes effective
treatment decision made for patients. This paper provides four contributions to
the study of applying blockchain technology to clinical data sharing in the
context of technical requirements defined in the "Shared Nationwide
Interoperability Roadmap" from the Office of the National Coordinator for
Health Information Technology (ONC). First, we analyze the ONC requirements and
their implications for blockchain-based systems. Second, we present FHIRChain,
which is a blockchain-based architecture designed to meet ONC requirements by
encapsulating the HL7 Fast Healthcare Interoperability Resources (FHIR)
standard for shared clinical data. Third, we demonstrate a FHIRChain-based
decentralized app using digital health identities to authenticate participants
in a case study of collaborative decision making for remote cancer care.
Fourth, we highlight key lessons learned from our case study
Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme
Telecare Medicine Information Systems (TMIS) provides flexible and convenient e-health care. However the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.’s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.’s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.’s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes
Sdhcare: Secured Distributed Healthcare System
In the healthcare sector, the move towards Electronic Health Records (EHR) systems has been accelerating in parallel with the increased adoption of IoT and smart devices. This is driven by the anticipated advantages for patients and healthcare providers. The integration of EHR and IoT makes it highly heterogeneous in terms of devices, network standards, platforms, types of data, connectivity, etc. Additionally, it introduces security, patient and data privacy, and trust challenges. To address such challenges, this thesis proposes an architecture that combines biometric-based blockchain technology with the EHR system. More specifically, this thesis describes a mechanism that uses a patient’s fingerprint for recovery of patient’s access control on their EHRs securely without compromising their privacy and identity. A secure distributed healthcare system (SDHCARE) is proposed to uniquely identify patients, enable them to control access to, and ensure recoverable access to their EHRs that are exchanged and synchronized between distributed healthcare providers. The system takes into account the security and privacy requirements of Health Insurance Portability and Accountability Act (HIPAA) compliance, and it overcomes the challenges of using secret keys as a patient’s identity to control access to EHRs. The system used distributed architecture with two layers being local to each healthcare provider that is a member of SDHCARE, and two layers shared across all members of SDCHARE system. SDHCARE system was prototyped and implemented in order to validate its functional requirements, security requirements, and to evaluate its performance. The results indicated successful fulfillment of design requirements without significant overhead on the performance as required by healthcare environment
- …