Title: ESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computing

Authors: Mrinmoy Barua; Xiaohui Liang; Rongxing Lu; Xuemin Shen

Addresses: Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario N2L 3G1, Canada. ' Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario N2L 3G1, Canada. ' Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario N2L 3G1, Canada. ' Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario N2L 3G1, Canada

Abstract: We consider the problem of patient self-controlled access privilege to highly sensitive Personal Health Information (PHI), where PHI is expected to be securely stored in cloud storage for uninterrupted anytime, anywhere remote access. In order to assure the privacy of PHI, we propose Efficient and Secure Patient-centric Access Control (ESPAC) scheme which allows data requesters to have different access privileges based on their roles, and then assigns different attribute sets to them. Extensive security and performance analyses demonstrate that the ESPAC scheme is able to achieve desired security requirements with acceptable communication delay.

Keywords: e-health; security; privacy; ABE; attribute-based encryption; access control; cloud computing; electronic healthcare; patient access privileges; self-controlled access privileges; highly sensitive information; personal health information.

DOI: 10.1504/IJSN.2011.043666

International Journal of Security and Networks, 2011 Vol.6 No.2/3, pp.67 - 76

Published online: 15 Nov 2011 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article