Secure Management of Personal Health Records by Applying Attribute-Based Encryption

The confidentiality of personal health records is a major problem when patients use commercial Web-based systems to store their health data. Traditional access control mechanisms, such as Role-Based Access Control, have several limitations with respect to enforcing access control policies and ensuring data confidentiality. In particular, the data has to be stored on a central server locked by the access control mechanism, and the data owner loses control on the data from the moment when the data is sent to the requester. Therefore, these mechanisms do not fulfil the requirements of data outsourcing scenarios where the third party storing the data should not have access to the plain data, and it is not trusted to enforce access control policies. In this paper, we describe a new approach which enables secure storage and controlled sharing of patient’s health records in the aforementioned scenarios. A new variant of a ciphertext-policy attribute-based encryption scheme is proposed to enforce patient/organizational access control policies such that everyone can download the encrypted data but only authorized users from the social domain (e.g. family, friends, or fellow patients) or authorized users from the professional\ud domain (e.g. doctors or nurses) are allowed to decrypt it

Cryptographic Role-Based Access Control, Reconsidered

A significant shortcoming of traditional access control mechanisms is their heavy reliance on reference monitors. Being single points of failure, monitors need to run in protected mode and have permanent online presence in order to handle all access requests. Cryptographic access control offers an alternative solution that provides better scalability and deployability. It relies on security guarantees of the underlying cryptographic primitives and the appropriate key distribution/management in the system. In order to rigorously study security guarantees that a cryptographic access control system can achieve, providing formal security definitions for the system is of great importance, since the security guarantee of the underlying cryptographic primitives cannot be directly translated into those of the system. In this paper, we follow the line of the existing studies on the cryptographic enforcement of Role-Based Access Control (RBAC). Inspired by the study focusing on the relation between the existing security definitions for such systems, we identify two types of attacks not described in the existing works. Therefore, we propose two new security definitions with the goal of appropriately modeling cryptographic enforcement of Role-Based Access Control policies and studying the relation between our new definitions and the existing ones. In addition, we show that the cost of supporting dynamic policy updates is inherently expensive by presenting two lower bounds for such systems that guarantee correctness and secure access

Privacy Enhanced Access Control by Means of Policy Blinding

Traditional techniques of enforcing an access control policy\ud rely on an honest reference monitor to enforce the policy. However, for\ud applications where the resources are sensitive, the access control policy\ud might also be sensitive. As a result, an honest-but-curious reference monitor would glean some interesting information from the requests that it\ud processes. For example if a requestor in a role psychiatrist is granted access to a document, the patient associated with that document probably\ud has a psychiatric problem. The patient would consider this sensitive in-\ud formation, and she might prefer the honest-but-curious reference monitor\ud to remain oblivious of her mental problem.\ud We present a high level framework for querying and enforcing a role\ud based access control policy that identifies where sensitive information\ud might be disclosed. We then propose a construction which enforces a\ud role based access control policy cryptographically, in such a way that the\ud reference monitor learns as little as possible about the policy. (The reference monitor only learns something from repeated queries). We prove\ud the security of our scheme showing that it works in theory, but that it\ud has a practical drawback. However, the practical drawback is common\ud to all cryptographically enforced access policy schemes. We identify several approaches to mitigate the drawback and conclude by arguing that\ud there is an underlying fundamental problem that cannot be solved. We\ud also show why attribute based encryption techniques do not not solve the\ud problem of enforcing policy by an honest but curious reference monitor

Balancing patient control and practical access policy for electronic health records via blockchain technology

Electronic health records (EHRs) have revolutionized the health information technology domain, as patient data can be easily stored and accessed within and among medical institutions. However, in working towards nationwide patient engagement and interoperability goals, recent literature adopts a very patient-centric model---patients own their universal, holistic medical records and control exactly who can access their health data. I contend that this approach is largely impractical for healthcare workflows, where many separate providers require access to health records for care delivery. My work investigates the potential of a blockchain network to balance patient control and provider accessibility with a two-fold approach. First, I conduct a survey investigation to identify patient concerns and determine the level of control patients would like over their health information. Second, I implement a blockchain network prototype to address the spectrum of patient control preferences and automate practical access policy. There are conflicting demands amongst patients and providers for EHR access---privacy versus flexibility. Yet, I find blockchain technology, when manipulated to model access states, automate an organizational role-based access scheme, and provide an immutable history of behavior in the network, to be a very plausible solution for balancing patient desires and provider needs. My approach is, to my knowledge, the first example of blockchain\u27s use for less patient-centric, nudge theory-based EHR access control, an idea that could align access control interests as academics, the government, and the healthcare industry make strides towards interoperable, universal patient records

ROLE BASED SECURED ACCESS OF DATA IN CLOUDS

In mobile wireless sensor network, coverage and energyCloud computing is a type of internet-based computing that provides shared computer processing resources and data to computers and other devices on demand. It is a model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources e.g., computer networks, servers, storage, applications and services, which can be rapidly provisioned and released with minimal management effort. Attribute-based access control defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. The policies can use any type of attributes such as user attributes, resource attributes, object and environment attributes etc. This model supports Boolean logic, in which rules contain "if-then" statements about who is making the request, the resource and the action. The main problem in attribute–based access control is not having user-centric approach for authorization rules. In ABAC model role hierarchy and object hierarchy is not achieved and restriction in level of expressiveness in access control rules.Secured role-based access control allows managing authorization based on rule-based approach where rules are under the control of data owner and provides enriched role-based expressiveness including role and object hierarchies. Data user without the knowledge of data owner cannot use the cloud server where privilege is provided to data user by data owner. Access control computations are delegated to the cloud service provider, being this not only unable to access the data, but also unable to release it to unauthorized parties. A identity-based proxy re-encryption scheme has been used in order to provide a comprehensive and feasible solution for data centric-approach. Semantic web technologies have been exposed for the representation and evaluation of the authorization model

Towards Practical Access Control and Usage Control on the Cloud using Trusted Hardware

Cloud-based platforms have become the principle way to store, share, and synchronize files online. For individuals and organizations alike, cloud storage not only provides resource scalability and on-demand access at a low cost, but also eliminates the necessity of provisioning and maintaining complex hardware installations. Unfortunately, because cloud-based platforms are frequent victims of data breaches and unauthorized disclosures, data protection obliges both access control and usage control to manage user authorization and regulate future data use. Encryption can ensure data security against unauthorized parties, but complicates file sharing which now requires distributing keys to authorized users, and a mechanism that prevents revoked users from accessing or modifying sensitive content. Further, as user data is stored and processed on remote ma- chines, usage control in a distributed setting requires incorporating the local environmental context at policy evaluation, as well as tamper-proof and non-bypassable enforcement. Existing cryptographic solutions either require server-side coordination, offer limited flexibility in data sharing, or incur significant re-encryption overheads on user revocation. This combination of issues are ill-suited within large-scale distributed environments where there are a large number of users, dynamic changes in user membership and access privileges, and resources are shared across organizational domains. Thus, developing a robust security and privacy solution for the cloud requires: fine-grained access control to associate the largest set of users and resources with variable granularity, scalable administration costs when managing policies and access rights, and cross-domain policy enforcement. To address the above challenges, this dissertation proposes a practical security solution that relies solely on commodity trusted hardware to ensure confidentiality and integrity throughout the data lifecycle. The aim is to maintain complete user ownership against external hackers and malicious service providers, without losing the scalability or availability benefits of cloud storage. Furthermore, we develop a principled approach that is: (i) portable across storage platforms without requiring any server-side support or modifications, (ii) flexible in allowing users to selectively share their data using fine-grained access control, and (iii) performant by imposing modest overheads on standard user workloads. Essentially, our system must be client-side, provide end-to-end data protection and secure sharing, without significant degradation in performance or user experience. We introduce NeXUS, a privacy-preserving filesystem that enables cryptographic protection and secure file sharing on existing network-based storage services. NeXUS protects the confidentiality and integrity of file content, as well as file and directory names, while mitigating against rollback attacks of the filesystem hierarchy. We also introduce Joplin, a secure access control and usage control system that provides practical attribute-based sharing with decentralized policy administration, including efficient revocation, multi-domain policies, secure user delegation, and mandatory audit logging. Both systems leverage trusted hardware to prevent the leakage of sensitive material such as encryption keys and access control policies; they are completely client-side, easy to install and use, and can be readily deployed across remote storage platforms without requiring any server-side changes or trusted intermediary. We developed prototypes for NeXUS and Joplin, and evaluated their respective overheads in isolation and within a real-world environment. Results show that both prototypes introduce modest overheads on interactive workloads, and achieve portability across storage platforms, including Dropbox and AFS. Together, NeXUS and Joplin demonstrate that a client-side solution employing trusted hardware such as Intel SGX can effectively protect remotely stored data on existing file sharing services

Mobile security with location-aware role-based access control

This paper describes how location-aware Role-Based Access Control (RBAC) can be implemented on top of the Geographically eXtensible Access Control Markup Language (GeoXACML). It furthermore sketches how spatial separation of duty constraints (both static and dynamic) can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC can be used to implement location dependent access control and also other security enhancing solutions on mobile devices, like location dependent device locking, firewall, intrusion prevention or payment anti-fraud systems

R-PEKS: RBAC Enabled PEKS for Secure Access of Cloud Data

In the recent past, few works have been done by combining attribute-based access control with multi-user PEKS, i.e., public key encryption with keyword search. Such attribute enabled searchable encryption is most suitable for applications where the changing of privileges is done once in a while. However, to date, no efficient and secure scheme is available in the literature that is suitable for these applications where changing privileges are done frequently. In this paper our contributions are twofold. Firstly, we propose a new PEKS scheme for string search, which, unlike the previous constructions, is free from bi-linear mapping and is efficient by 97% compared to PEKS for string search proposed by Ray et.al in TrustCom 2017. Secondly, we introduce role based access control (RBAC) to multi-user PEKS, where an arbitrary group of users can search and access the encrypted files depending upon roles. We termed this integrated scheme as R-PEKS. The efficiency of R-PEKS over the PEKS scheme is up to 90%. We provide formal security proofs for the different components of R-PEKS and validate these schemes using a commercial dataset