Cryptology ePrint Archive: Report 2016/176

Anonymous Role-Based Access Control on E-Health Records

Xingguang Zhou and Jianwei Liu and Weiran Liu and Qianhong Wu

Abstract: Electronic Health Record (EHR) system facilitates us a lot for health record management. Privacy risk of patients' records is the dominating obstacle in the widely deployed EHRs. Role-based access control (RBAC) schemes offer an access control on EHRs according to one's role. Only the medical staff with roles satisfying the specified access policies can read EHRs. In existing schemes, attackers can link patients' identities to their doctors. Therefore, the classification of patients' diseases are leaked without actually knowing patients' EHRs. To address this problem, we present an anonymous RBAC scheme. Not only it achieves flexible access control, but also realizes privacy-preserving for individuals. Moreover, our scheme maintains the property of constant size for the encapsulated EHRs. The proposed security model with both semantic security and anonymity can be proven under decisional bilinear group assumptions. Besides, we provide an approach for EHR owners to search out their targeted EHR in the anonymous system. For better user experience, we apply “online/offline" approach to speed up data processing in our scheme. Experimental results show that the time consumption for key generation and EHR encapsulation can be done in milliseconds.

Category / Keywords: implementation / anonymous; electronic health record; privacy preserving; access control; online/offline

Date: received 21 Feb 2016, last revised 23 Feb 2016, withdrawn 19 May 2016

Contact author: zhouxingguang at buaa edu cn

Available format(s): (-- withdrawn --)

Version: 20160520:045903 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]