A PHR system with policy-based fine-grained access control and revocation mechanism

Debnath, Mitu Kumar (2015) A PHR system with policy-based fine-grained access control and revocation mechanism. Masters thesis, Memorial University of Newfoundland.

[img] [English] PDF - Accepted Version
Available under License - The author retains copyright ownership and moral rights in this thesis. Neither the thesis nor substantial extracts from it may be printed or otherwise reproduced without the author's permission.

Download (3MB)


Collaborative sharing of information is becoming much more needed technique to achieve complex goals in today's fast-paced tech-dominant world. Personal Health Record (PHR) system has become a popular research area for sharing patients informa- tion very quickly among health professionals. PHR systems store and process sensitive information, which should have proper security mechanisms to protect patients' private data. Thus, access control mechanisms of the PHR should be well-defined. Secondly, PHRs should be stored in encrypted form. Cryptographic schemes offering a more suitable solution for enforcing access policies based on user attributes are needed for this purpose. Attribute-based encryption can resolve these problems, we propose a patient-centric framework that protects PHRs against untrusted service providers and malicious users. In this framework, we have used Ciphertext Policy Attribute Based Encryption scheme as an efficient cryptographic technique, enhancing security and privacy of the system, as well as enabling access revocation. Patients can encrypt their PHRs and store them on untrusted storage servers. They also maintain full control over access to their PHR data by assigning attribute-based access control to selected data users, and revoking unauthorized users instantly. In order to evaluate our system, we implemented CP-ABE library and web services as part of our framework. We also developed an android application based on the framework that allows users to register into the system, encrypt their PHR data and upload to the server, and at the same time authorized users can download PHR data and decrypt it. Finally, we present experimental results and performance analysis. It shows that the deployment of the proposed system would be practical and can be applied into practice.

Item Type: Thesis (Masters)
URI: http://research.library.mun.ca/id/eprint/11920
Item ID: 11920
Additional Information: Includes bibliographical references (pages 67-71).
Keywords: Personal Health Records, Fine-Grained Access Control, Attribute-Based Encryption, Attribute Revocation, Patient-centric Data Privacy
Department(s): Science, Faculty of > Computer Science
Date: October 2015
Date Type: Submission
Library of Congress Subject Heading: Medical records--Access control-Code words; Medical records--Data processing; Data encryption (Computer science)

Actions (login required)

View Item View Item


Downloads per month over the past year

View more statistics