Paper 2016/176

Anonymous Role-Based Access Control on E-Health Records

Xingguang Zhou, Jianwei Liu, Weiran Liu, and Qianhong Wu

Abstract

Electronic Health Record (EHR) system facilitates us a lot for health record management. Privacy risk of patients' records is the dominating obstacle in the widely deployed EHRs. Role-based access control (RBAC) schemes offer an access control on EHRs according to one's role. Only the medical staff with roles satisfying the specified access policies can read EHRs. In existing schemes, attackers can link patients' identities to their doctors. Therefore, the classification of patients' diseases are leaked without actually knowing patients' EHRs. To address this problem, we present an anonymous RBAC scheme. Not only it achieves flexible access control, but also realizes privacy-preserving for individuals. Moreover, our scheme maintains the property of constant size for the encapsulated EHRs. The proposed security model with both semantic security and anonymity can be proven under decisional bilinear group assumptions. Besides, we provide an approach for EHR owners to search out their targeted EHR in the anonymous system. For better user experience, we apply "online/offline" approach to speed up data processing in our scheme. Experimental results show that the time consumption for key generation and EHR encapsulation can be done in milliseconds.

Metadata
Available format(s)
-- withdrawn --
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
anonymouselectronic health recordprivacy preservingaccess controlonlineo&#64260ine
Contact author(s)
zhouxingguang @ buaa edu cn
History
2016-05-20: withdrawn
2016-02-22: received
See all versions
Short URL
https://ia.cr/2016/176
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.