Permission Based Access Control for Healthcare Systems

  • Shaswata SahaEmail author
  • Sarmistha Neogy
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1240)


The objective of this work is to present a secure and privacy-protected environment to manage Personal Health Record (PHR) data stored in distant cloud. The work aims at providing a cloud-based data storage solution that ensures maximum visibility but not at the cost of data privacy. It presents a technique by which users can read and update data stored in cloud storage depending on whether they are allowed to access that data. For this, data encryption has been used on the data to be stored in the cloud. This has been combined with a permission-based access control mechanism. Experiments show that the access-control mechanism works successfully and that data is accessible to only those who are permitted to access it. The work also passes state-of-the-art security attacks.


Access control Cloud storage Personal health record Hash function Encryption 


  1. 1.
    Armbrust, M., et al.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)CrossRefGoogle Scholar
  2. 2.
    Yang, Z., Zhong, S., Wright, R.N.: Privacy-preserving queries on encrypted data. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS. LNCS, vol. 4189, pp. 479–495. Springer, Heidelberg (2006). Scholar
  3. 3.
    Yang Y., Zhang, Y.: A generic scheme for secure data sharing in cloud. In: Proceedings of the 40th International Conference on Parallel Processing Workshops, pp. 145–153, Washington DC (2011)Google Scholar
  4. 4.
    Samanthula, B.K., Howser, G., Elmehdwi, Y., Madria, S.: An efficient and secure data sharing framework using homomorphic encryption in the cloud. In: Proceedings of the 1st International Workshop on Cloud Intelligence, Cloud-I 2012, Istanbul (2012)Google Scholar
  5. 5.
    Basu, S., et al.: Fusion: managing healthcare records at cloud scale. IEEE Comput. 45(11), 42–49 (2012)CrossRefGoogle Scholar
  6. 6.
    Sengupta, J.: Design of attribute based user authorization model for e-healthcare. Masters in Distributed and Mobile Computing Thesis, Jadavpur University, Kolkata, India (2017)Google Scholar
  7. 7.
    Mandal, S.: Design of secure storage and access for cloud based data. Masters in Distributed and Mobile Computing Thesis, Jadavpur University, Kolkata, India (2019)Google Scholar
  8. 8.
    Gasarch, W.: A survey on private information retrieval. Bull. EATCS 82, 72–107 (2004)MathSciNetzbMATHGoogle Scholar
  9. 9.
    Mitra, G., Barua, S., Chattopadhyay, S., Sen, S., Neogy, S.: Accessing data in healthcare application. In: Thampi, S., Madria, S., Wang, G., Rawat, D., Alcaraz Calero, J. (eds.) Security in Computing and Communications. SSCC 2018. CCIS, vol. 969. Springer, Singapore (2019). Scholar
  10. 10.
    Kasgar, A.K., Agrawal, J., Sahu, S.: New modified 256-bit MD5 algorithm with SHA compression function. Int. J. Comput. Appl. 42(12), 47–51 (2012)Google Scholar
  11. 11.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Liu, C-H., et al.: Secure PHR Access Control Scheme for Healthcare Application Clouds. In: Proceedings of the 2013 42nd International Conference on Parallel Processing, pp. 1067–1076, Lyon (2013)Google Scholar
  13. 13.
    Saha, S., Das, R., Datta, S., Neogy, S.: A cloud security framework for a data centric WSN application. In: ACM Digital Library Proceedings of the 17th International Conference on Distributed Computing and Networking, Article No. 39 (2016)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Jadavpur UniversityKolkataIndia

Personalised recommendations