Toward privacy-preserving emergency access in EHR systems with data auditing

Widespread adoption of health information sharing is claimed to improve healthcare quality at reduced cost due to the ability for providers to share healthcare information rapidly, reliably, and securely. During emergency access, however, such sharing may affect patient privacy adversely and steps must be taken to ensure privacy is preserved. Australia and the US have taken different approaches toward health information sharing. The Australian approach broadly uses a push model where a summary record is extracted from local health records, and pushed into a centralized system accessed by providers. Under the US approach, providers during emergency access generally pull health records from a centralized system that typically replicates local health records. On the other hand, the centralized repository most likely will be a third party cloud provider that offers on demand availability of high quality and cost effective services. These features make cloud computing a perfect infrastructure for EHR systems. The fact that medical data are handled and managed by a third party cloud provider, however, requires additional security mechanisms, i.e. auditing, to preserve data confidentiality, integrity, and privacy. This thesis contrasts the Australian and US approaches to information sharing during emergency access, focusing on patient privacy preservation. It develops a generalized approach to enhance patient privacy during emergency access using push and pull approaches. It presents an auditing service implementation over a multi-cloud data repository. It finally shows preliminary results from a proof-of-concept EHR system

A Study on Sanctuary and Seclusion Issues in Internet-of-Things

Internet-of-Things (IoT) are everywhere in our daily life. They are used in our homes, in hospitals, deployed outside to control and report the changes in environment, prevent fires, and many more beneficial functionality. However, all those benefits can come of huge risks of seclusion loss and sanctuary issues. To secure the IoT devices, many research works have been con-ducted to countermeasure those problems and find a better way to eliminate those risks, or at least minimize their effects on the user�s seclusion and sanctuary requirements. The study consists of four segments. The first segment will explore the most relevant limitations of IoT devices and their solutions. The second one will present the classification of IoT attacks. The next segment will focus on the mechanisms and architectures for authentication and access control. The last segment will analyze the sanctuary issues in different layers

Toward Effective Access Control Using Attributes and Pseudoroles

Sharing of information is fundamental to modern computing environments across many application domains. Such information sharing, however, raises security and privacy concerns that require effective access control to prevent unauthorized access and ensure compliance with various laws and regulations. Current approaches such as Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC) and their variants are inadequate. Although it provides simple administration of access control and user revocation and permission review, RBAC demands complex initial role engineering and makes access control static. ABAC, on the other hand, simplifies initial security setup and enables flexible access control, but increases the complexity of managing privileges, user revocation and user permissions review. These limitations of RBAC and ABAC have thus motivated research into the development of newer models that use attributes and policies while preserving RBAC\u27s advantages. This dissertation explores the role of attributes---characteristics of entities in the system---in achieving effective access control. The first contribution of this dissertation is the design and development of a secure access system using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). The second contribution is the design and validation of a two-step access control approach, the BiLayer Access Control (BLAC) model. The first layer in BLAC checks whether subjects making access requests have the right BLAC pseudoroles---a pseudorole is a predefined subset of a subject\u27s static attributes. If requesting subjects hold the right pseudoroles, the second layer checks rule(s) within associated BLAC policies for further constraints on access. BLAC thus makes use of attributes effectively while preserving RBAC\u27s advantages. The dissertation\u27s third contribution is the design and definition of an evaluation framework for time complexity analysis, and uses this framework to compare BLAC model with RBAC and ABAC. The fourth contribution is the design and construction of a generic access control threat model, and applying it to assess the effectiveness of BLAC, RBAC and ABAC in mitigating insider threats

IoMT Malware Detection Approaches: Analysis and Research Challenges

The advancement in Information and Communications Technology (ICT) has changed the entire paradigm of computing. Because of such advancement, we have new types of computing and communication environments, for example, Internet of Things (IoT) that is a collection of smart IoT devices. The Internet of Medical Things (IoMT) is a specific type of IoT communication environment which deals with communication through the smart healthcare (medical) devices. Though IoT communication environment facilitates and supports our day-to-day activities, but at the same time it has also certain drawbacks as it suffers from several security and privacy issues, such as replay, man-in-the-middle, impersonation, privileged-insider, remote hijacking, password guessing and denial of service (DoS) attacks, and malware attacks. Among these attacks, the attacks which are performed through the malware botnet (i.e., Mirai) are the malignant attacks. The existence of malware botnets leads to attacks on confidentiality, integrity, authenticity and availability of the data and other resources of the system. In presence of such attacks, the sensitive data of IoT communication may be disclosed, altered or even may not be available to the authorized users. Therefore, it becomes essential to protect the IoT/IoMT environment from malware attacks. In this review paper, we first perform the study of various types of malware attacks, and their symptoms. We also discuss some architectures of IoT environment along with their applications. Next, a taxonomy of security protocols in IoT environment is provided. Moreover, we conduct a comparative study on various existing schemes for malware detection and prevention in IoT environment. Finally, some future research challenges and directions of malware detection in IoT/IoMT environment are highlighted

Mobile cloud healthcare systems using the concept of point–of–care

Recent years have witnessed a rapid growth in delivering/accessing healthcare services on mobile devices. An example of a health practice/application that is benefiting from the mobile evolution is m–health, which is aimed at providing health services to mobile devices on the move. However, mobile devices have restricted computational and storage capacity, and run on batteries that have limited power. These limitations render m–health unable to run the demanding tasks that may be required for accessing/providing health services. The mobile cloud has recently been proposed as a solution for dealing with some of the limitations of mobile devices, such as low storage and computing capacity. However, introducing this solution into the m–health field is not straightforward, as the integration of this technology has specific limitations, such as disconnection issues and concerns over privacy and security. This thesis presents research work investigating the ability to introduce mobile cloud computing technology into the health field (e.g., m–health) to increase the chances of survival in cases of emergencies. This work focuses on providing help to people in emergencies by allowing them to seek/access help via mobile devices reliably and confidently, as well as the ability to build a communication platform between people who require help and professionals who are trusted and qualified to provide it. The concept of point–of–care has been used here, which means providing as much medical support to the public as possible where and when it is needed. This thesis proposes a mobile cloud middleware solution that enhances connectivity aspects by allowing users to create/join a mobile ad–hoc network (MANET) to seek help in the case of emergencies. On the other side, the cloud can reach users who do not have a direct link to the cloud or an Internet connection. The most important advantage of combining a MANET and a mobile cloud is that management tasks such as IP allocation and split/merge operations are shifted to the cloud, which means resources are saved on the mobile side. In addition, two mobile cloud services were designed which have the aim of interacting with users to facilitate help to be provided swiftly in the case of emergencies. The system was deployed and tested on Amazon EC2 cloud and Android–based mobile devices. Experimental results and the reference architecture show that the proposed middleware is feasible and meets pre–defined requirements, such as enhancing the robustness and reliability of the system