Modern healthcare system collects health information from health assisted gadgets of different sources and stores them in the cloud storage servers as an electronic record called the patients health records (PHR) and ensures the availability whenever and wherever needed. An important issue in this centralized cloud storage is the loss of privacy and security of sensitive PHR. Existing and the most recent solutions on privacy and security provisioning are purely based on role-based access control (RBAC). However, these RBAC schemes suffer from role explosion due to the increasing number of different roles. Furthermore, managing all those roles in order to provide proper access permissions can become a complex problem. Dynamic segregation of duty relations reduces the number of potential permissions that can be made available to a user by placing constraints on the users by assigning a set of roles. In order to address the above stated problem, this paper proposes a hybrid framework called MediTrust. The proposed MediTrust combines two schemes namely RBAC and attribute-based encryption (ABE) and works on semantic database, ensuring the accessibility of patient data for different access controls. The patient data are encrypted at the provider side before outsourcing it to the cloud server and then it is decrypted again at the user end after being downloaded from the cloud server. The general information of the patient collected as PHR is stored in a separate cloud server, and the medical reports are stored separately in yet another cloud server. A second-step security control is provided using CAPTCHA which is mainly used as a security check to ensure that only human users can log in to the MediTrust. A third-step security control is also provided in which one key is shared to user’s registered mobile number and another key is shared to user’s e-mail id. In MediTrust, combination of these two keys is required to decrypt the PHR. Further, ABE polices and access control security mechanisms for privacy preservation have been validated on PHR using Amazon AWS EC2 CA. Performance evaluation results show that the proposed MediTrust is better than existing work in terms of time complexity and computational overhead.
This is a preview of subscription content, log in to check access.
Buy single article
Instant access to the full article PDF.
Price includes VAT for USA
Subscribe to journal
Immediate online access to all issues from 2019. Subscription will auto renew annually.
This is the net price. Taxes to be calculated in checkout.
Aiswarya R, Divya R, Sangeetha D, Vaidehi V (2013) Harnessing healthcare data security in cloud. ICRTIT
Logeswari G, Sangeetha D, Vaidehi V (2014) A cost effective clustering based anonymization approach for storing PHR’s in cloud. In: International Conference on Recent Trends in Information Technology
Sweeney L (2002) k-Anonymity: a model for protecting privacy. Int J Uncertain Fuzziness Knowl Based Syst 10(5):557–570
Terrovitis M, Mamoulis N, Kalnis P (2008) Privacy-preserving anonymization of set-valued data. In: Proc. International Conference on Very Large Data Bases (VLDB), pp 115–125
Wong RC-W, Fu AW-C, Wang K, Pei J (2007) Minimality attack in privacy preserving data publishing. In: Proc. International Conference on Very Large Data Bases (VLDB), pp 543–554
Guide to ABAC definition and consideration. https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp.800-162.pdf
Xhafa F, Qassem T, Moore P (2014) Collaboration through patient data access and sharing in the cloud. In: IEEE Journal of Selected Topics in Signal Processing, vol 4, no. 7
Chen R, Mu Y, Yang G, Guo F, Wang X (2016) Dual-server public-key encryption with keyword search for secure cloud storage. IEEE Trans 4
Cui B, Liu Z, Wang L (2016) Key-aggregate searchable encryption (KASE) for group data sharing via cloud storage. IEEE Trans Comput 65(8)
Zhou J, Cao Z, Dong X, Lin X (2015) Privacy-preserving protocol for cloud-assisted e-healthcare systems. IEEE J Sel Top Signal Process 9(7)
Salih RM, Lilien LT (2015) Protecting users’ privacy in healthcare cloud computing with APB-TTP
Ming Li, Shucheng Yu, Member, IEEE, Yao Zheng, Kui Ren, and Wenjing Lou (2013) Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption. IEEE 2013
Vijayapriya M, Malathi (2013) On demand security for personal health record in cloud computing using encryption and decryption cryptography. Volume 3, Issue 9
Zhou J, Cao Z, Dong X, Lin X (2015) PPDM: a privacy-preserving protocol for cloud-assisted e-healthcare systems. IEEE
Liu X, Zhang Y, Wang B, Yan J (2013) Mona: secure multi-owner data sharing for dynamic groups in the cloud. IEEE Trans Parallel Distrib Syst 24(6):1182–1191
Li M, Yu S, Ren K, Lou W (2010) Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Proc. Sixth Int’l ICST Conf. Security and Privacy in Comm. Networks (Secure Comm’10)
Sahai, Waters B (2015) Fuzzy identity-based encryption in Proc. Eurocrypt 457–473
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute based encryption. In: Proc. IEEE Symp. Security Privacy, pp 321–334
Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Proc. ACM Conference on Computing, Communication and Security, pp 195–203
Cheung L, Newport C (2007) Provably secure ciphertext policy ABE. In: Proc. ACM Conference on computing, Communication Security, pp 456–465
Goyal V, Jain A, Pandey O, Sahai A (2008) Bounded ciphertext policy attribute-based encryption. In: Proc. ICALP, pp 579–591
Liang X, Cao Z, Lin H, Xing D (2009) Provably secure and efficient bounded cipher text policy attribute based encryption. In Proc. ASIACCs, pp 343–352
Chase M (2007) Multi-authority attribute based encryption. In: Proc. TCC, LNCS 4329, pp 515–534
Goyal BV, Kumar V (2008) Identity-based encryption with efficient revocation. In Proc. of ACM Conference on Computing, Communication and Security, pp 9–112
Chen N, Gerla M, Huang D, Hong X (2010) Secure, selective group broadcast in vehicular networks using dynamic attribute based encryption. In: Proc. Ad Hoc Network Workshop, pp 1–8
Pirretti M, Traynor P, McDaniel P, Waters B (2006) Secure attribute based systems. In: Proc. ACM Conference on Computing, Communication, and Security, pp 417–426
Funding was provided by Nvidia (Hardware Grant).
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Tembhare, A., Sibi Chakkaravarthy, S., Sangeetha, D. et al. Role-based policy to maintain privacy of patient health records in cloud. J Supercomput 75, 5866–5881 (2019). https://doi.org/10.1007/s11227-019-02887-6
- Attribute-based encryption
- Role-based access control
- Access control
- Privacy preservation