Seminar: A PHR System With Policy-Based Fine-Grained Access Control And Revocation Mechanism
Mitu Kumar Debnath
Co-supervisors: Dr. Saeed Samet & Dr. K. Vidyasankar
A PHR System With Policy-Based Fine-Grained Access Control And Revocation Mechanism
Department of Computer Science
Thursday, October 22, 2015, 2:00 pm, Room EN 2022
Collaborative sharing of information is becoming much more needed technique to achieve complex goals in today’s fast-paced tech-dominant world. Personal HealthRecord (PHR) system has become a popular research area for sharing patients information very quickly among health professionals. PHR systems store and process sensitive information, which should have proper security mechanisms to protect patients’ private data. Thus, access control mechanisms of the PHR should be well-defined. Secondly, PHRs should be stored in encrypted form. Cryptographic schemes offering a more suitable solution for enforcing access policies based on user attributes are needed for this purpose. Attribute-based encryption can resolve these problems, we propose a patient-centric framework that protects PHRs against untrusted service providers and malicious users. In this framework, we have used Ciphertext Policy Attribute Based Encryption scheme as an efficient cryptographic technique, enhancing security and privacy of the system, as well as enabling access revocation. Patients can encrypt their PHRs and store them on untrusted storage servers. They also maintain full control over access to their PHR data by assigning attribute-based access control to selected data users, and revoking unauthorized users instantly. In order to evaluate our system, we implemented CP-ABE library and web services as part of our framework. We also developed an android application based on the framework that allows users to register into the system, encrypt their PHR data and upload to the server, and at the same time authorized users can download PHR data and decrypt it. Finally, we present experimental results and performance analysis. It shows that the deployment of the proposed system would be practical and can be applied into practice.