A4: An Authentication, Authorization and Access Control Scheme for Electronic Health Records using Attribute-based Encryption Algorithm

• Main Authors: Shih, Wei-Yao, 施惟堯
• Other Authors: Huang, Yu-Lun
• Format: Others
• Language: en_US
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/9222vz

碩士 === 國立交通大學 === 電機工程學系 === 104 === As the rapid development of cloud computing technologies, health records are stored in a cloud system for information sharing and ease access. The electronic health record system running on a cloud needs to preserve the confidentiality and integrity of the health records. Nevertheless, in the current design, a patient can only share his/her health records with a doctor in a single hospital. Therefore, the doctor who needs to refer to the patient's health records in other hospitals may fail to access the records crossing hospitals, and similar examinations need to be reconducted. In this thesis, we propose an Auth, Auz and Access control scheme using Attribute-based encryption (called A4) to secure the confidentiality of the electronic health records transmitted over the Internet. A4 leverages ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) algorithm to encrypt and decrypt the health records stored in the cloud. A4 is composed of seven phases including "Init", "Reg", "Appoint", "EHRReqI", "EHRReqII", "Condult" and "Diagnosis" phases. The seven phases is to fulfill the health record requests in different scenarios. A4 allows a doctor to access the medical data crossing the hospitals when the doctor has to refer to a patient's health records in a different hospital for better diagnosis. $A^4$ also provides the functionality that allows a doctor to consult with other doctors specializing in different ontologies. By using BAN logic, we demonstrate the $A^4$ is secure enough to fulfill the fundamental security requirements, such as parties authentication and message freshness, etc. We also prove that $A_4$ can resist common attacks, including Replay Attack, Man-in-the-middle Attack, Eavesdropping Attack and DDOS Attack.