Smart home system using blockchain technology in green lighting environment in rural areas

Currently, with the rapid development of smart home technology, the demand for establishing efficient and sustainable smart home systems in rural areas is increasing. However, in rural environments, the effective management and intelligent control of green energy face many challenges. To address these issues, this work aims to design a smart home system based on blockchain technology to achieve efficient energy management and intelligent control in a green lighting environment in rural areas. The main goals include improving the performance and safety of the system to meet the lighting needs of rural areas and promote sustainable development. The system comprises two primary components: the home gateway and cloud services. These components encompass functions like data monitoring and transmission, cloud storage, and remote control. The work also introduces the structural interaction, user node interaction, and the data security transmission scheme of the smart home system. Ultimately, the system's effectiveness is confirmed through simulation experiments. The results demonstrate that the system achieves the lowest latency when the transaction arrival rate is 40tps and the block size is 10. Additionally, the access control scheme based on the Hyperledger Fabric consortium chain can efficiently handle access requests for smart home resources and meet the practical application requirements within an appropriate range of security parameters. The main research conclusion is that the designed smart home system based on blockchain technology has achieved significant results in improving performance and security. This not only provides reliable lighting solutions for rural areas, but also provides important theoretical and practical guidance for the future development of smart home systems. The direction of future work includes further optimizing system performance, expanding the scope of application, and exploring more advanced blockchain technology applications in the field of smart homes. This will provide more possibilities and innovative directions for the development of future smart home systems.

Preventing and controlling intra-hospital spread of COVID-19 in Taiwan - Looking back and moving forward

COVID-19 has exposed major weaknesses in the healthcare settings. The surge in COVID-19 cases increases the demands of health care, endangers vulnerable patients, and threats occupational safety. In contrast to a hospital outbreak of SARS leading to a whole hospital quarantined, at least 54 hospital outbreaks following a COVID-19 surge in the community were controlled by strengthened infection prevention and control measures for preventing transmission from community to hospitals as well as within hospitals. Access control measures include establishing triage, epidemic clinics, and outdoor quarantine stations. Visitor access restriction is applied to inpatients to limit the number of visitors. Health monitoring and surveillance is applied to healthcare personnel, including self-reporting travel declaration, temperature, predefined symptoms, and test results. Isolation of the confirmed cases during the contagious period and quarantine of the close contacts during the incubation period are critical for containment. The target populations and frequency of SARS-CoV-2 PCR and rapid antigen testing depend on the level of transmission. Case investigation and contact tracing should be comprehensive to identify the close contacts to prevent further transmission. These facility-based infection prevention and control strategies help reduce hospital transmission of SARS-CoV-2 to a minimum in Taiwan.

Attribute identification based IoT fog data security control and forwarding

As Internet of Things (IoT) applications continue to proliferate, traditional cloud computing is increasingly unable to meet the low-latency demands of these applications. The IoT fog architecture solves this limitation by introducing fog servers in the fog layer that are closer to the IoT devices. However, this architecture lacks authentication mechanisms for information sources, security verification for information transmission, and reasonable allocation of fog nodes. To ensure the secure transmission of end-to-end information in the IoT fog architecture, an attribute identification based security control and forwarding method for IoT fog data (AISCF) is proposed. AISCF applies attribute signatures to the IoT fog architecture and uses software defined network (SDN) to control and forward fog layer data flows. Firstly, IoT devices add attribute identifiers to the data they send based on attribute features. The ingress switch then performs fine-grained access control on the data based on these attribute identifiers. Secondly, SDN uses attribute features as flow table matching items to achieve fine-grained control and forwarding of fog layer data flows based on attribute identifiers. Lastly, the egress switch dynamically samples data flows and verifies the attribute signatures of the sampled data packets at the controller end. Experimental validation has demonstrated that AISCF can effectively detect attacks such as data tampering and forged matching items. Moreover, AISCF imposes minimal overhead on network throughput, CPU utilization and packet forwarding latency, and has practicality in IoT fog architecture.

Decentralized access control for secure microservices cooperation with blockchain

With the rapid advancement of cloud-native computing, the microservice with high concurrency and low coupling has ushered in an unprecedented period of vigorous development. However, due to the mutability and complexity of cooperation procedures, it is difficult to realize high-efficient security management on these microservices. Traditional centralized access control has the defects of relying on a centralized cloud manager and a single point of failure. Meanwhile, decentralized mechanisms are defective by inconsistent policies defined by different participants. This paper first proposes a blockchain-based distributed access control policies and scheme, especially for microservices cooperation with dynamic access policies. We store the authorized security policies on the blockchain to solve the inconsistent policy problem while enabling individual management of personalized access policies by the providers rather than a central authority. Then we propose a graph-based decision-making scheme to achieve an efficient access control for microservices cooperation. Through the evaluations and experiments, it shows that our solution can realize effective distributed access control at an affordable cost.

Blockchain-envisioned access control for internet of things applications: a comprehensive survey and future directions

With rapid advancements in the technology, almost all the devices around are becoming smart and contribute to the Internet of Things (IoT) network. When a new IoT device is added to the network, it is important to verify the authenticity of the device before allowing it to communicate with the network. Hence, access control is a crucial security mechanism that allows only the authenticated node to become the part of the network. An access control mechanism also supports confidentiality, by establishing a session key that accomplishes secure communications in open public channels. Recently, blockchain has been implemented in access control protocols to provide a better security mechanism. The foundation of this survey article is laid on IoT, where a detailed description on IoT, its architecture and applications is provided. Further, various security challenges and issues, security attacks possible in IoT and their countermeasures are also provided. We emphasize on the blockchain technology and its evolution in IoT. A detailed description on existing consensus mechanisms and how blockchain can be used to overpower IoT vulnerabilities is highlighted. Moreover, we provide a comprehensive description on access control protocols. The protocols are classified into certificate-based, certificate-less and blockchain-based access control mechanisms for better understanding. We then elaborate on each use case like smart home, smart grid, health care and smart agriculture while describing access control mechanisms. The detailed description not only explains the implementation of the access mechanism, but also gives a wider vision on IoT applications. Next, a rigorous comparative analysis is performed to showcase the efficiency of all protocols in terms of computation and communication costs. Finally, we discuss open research issues and challenges in a blockchain-envisioned IoT network.

Towards Supporting Attribute-Based Access Control in Hyperledger Fabric Blockchain

Hyperledger Fabric (HLF) is an open-source platform for deploying enterprise-level permissioned blockchains where users from multiple organizations can participate. Preventing unauthorized access to resources in such blockchains is of critical importance. Towards addressing this requirement, HLF supports different access control models. However, support for Attribute-Based Access Control (ABAC) in the current version of HLF is not comprehensive enough to address various requirements that arise when multiple organizations interact in an enterprise setting. To address those shortcomings, in this paper, we develop and present methods for providing full ABAC functionality in Hyperledger Fabric. Performance evaluation under different network configurations using the Hyperledger Caliper benchmarking tool shows that the proposed approach is quite efficient in practice.

CoVAC: A P2P smart contract-based intelligent smart city architecture for vaccine manufacturing

With the Corona Virus Disease 2019 (COVID-19) outbreak, vaccination is an urgent need worldwide. Internet of Things (IoT) has a vital role in the smart city for vaccine manufacturing with wearable sensors. According to the advanced services in intelligent manufacturing, the fourth resolution is also changing in Industry 5.0 and utilizes high-definition connectivity sensors. Traditional manufacturing companies rely on trusted third parties, which may act as a single point of failure. Access control, big data, and scalability are also challenging issues in existing systems because of the demand response data (DRD) in advanced manufacturing. To mitigate these challenges, CoVAC: A P2P Smart Contract-based Intelligent Smart City Architecture for Vaccine Manufacturing is proposed with three layers, including connection, conversion, and intelligent cloud layer. Smart contract-based blockchain is utilized at the conversion layer for resolving access control, security, and privacy issues. Deep learning is adopted in the intelligent cloud layer for big data analysis and increasing production for vaccine manufacturing in smart city environments. A case study is carried out wherein access data are collected from the various smart plants for vaccines using smart manufacturing to validate the effectiveness of the proposed architecture. Simulation of the proposed architecture is performed on the collected advanced sensor IoT plants data to address the challenges above, offering scalable production in the vaccine manufacturing for the smart city.

A cloud-based buyer-seller watermarking protocol (CB-BSWP) using semi-trusted third party for copy deterrence and privacy preserving

Nowadays, cloud computing provides a platform infrastructure for the secure dealing of digital data, but privacy and copy control are the two important issues in it over a network. Cloud data is available to the end user and requires enormous security and privacy techniques to protect the data. Moreover, the access control mechanism with encryption-based technique protects the digital rights for participants in a transaction, but they do not protect the media from being illegally redistributed and do not restrict an authorized user to reveal their secret information this is referred to as you can access but you cannot leak. This brought out a need for controlling copy deterrence and preserving the privacy of digital media over the internet. To overlook this, we proposed a cloud-based buyer-seller watermarking protocol (CB-BSWP) with the use of a semi-trusted third party for copy deterrence and privacy-preserving in the cloud environment. The suggested scheme uses 1) a privacy homomorphism cryptosystem with Diffie-Hellman key exchange algorithm to provide an encrypted domain for the secure exchange of digital media 2) adopt robust and fair watermarking techniques to ensure high imperceptibility and robustness for the watermarked images against attacks 3) two services of cloud Infrastructure as a service (IaaS) to support virtualized computing infrastructure and Watermarking as a service (WaaS) to execute the speedy process of watermarking, this process is supported by watermarking generation and signing phase (WGSP) and watermark extraction and verifying phase reported in 4th section. 4) cloud service provider (CSP) considered as a "semi-trusted" third party to reduce the burden from the trusted third party (TTP) server and provide storage for the encrypted digital media on cloud databases, this frees content owner from not having a separate storage infrastructure. The proposed scheme encrypts the digital content by using SHA-512 algorithm with key size 512-bits to ensure that it doesn't affect computational time during the process of encryption. The suggested scheme addresses the problems of piracy tracing, anonymity, tamper resistance, non-framing, customer rights problem. The role of cloud is crucial because it reduces communication overhead, provides unlimited storage, supports the watermarking process and offers a solution for the secure distribution of end-to-end security of digital content over cloud. To check the performance of the suggested CB-BSWP protocol against common image processing attacks, we have conducted experiments in which the perceptual quality of watermarked digital media was found enhanced, resulting in a robust watermark.

FAIR Aspects of a Genomic Information Protection and Management System

To handle genomic information while supporting FAIR principles, we present GIPAMS, a modular architecture. GIPAMS provides security and privacy to manage genomic information by means of several independent services and modules that interact among them in an orchestrated way. The paper analyzes how some security and privacy aspects of the FAIRification process are covered by the GIPAMS platform.

Improvement on PDP Evaluation Performance Based on Neural Networks and SGDK-means Algorithm

With the purpose of improving the PDP (policy decision point) evaluation performance, a novel and efficient evaluation engine, namely XDNNEngine, based on neural networks and an SGDK-means (stochastic gradient descent K-means) algorithm is proposed. We divide a policy set into different clusters, distinguish different rules based on their own features and label them for the training of neural networks by using the K-means algorithm and an asynchronous SGDK-means algorithm. Then, we utilize neural networks to search for the applicable rule. A quantitative neural network is introduced to reduce a server’s computational cost. By simulating the arrival of requests, XDNNEngine is compared with the Sun PDP, XEngine and SBA-XACML. Experimental results show that 1) if the number of requests reaches 10,000, the evaluation time of XDNNEngine on the large-scale policy set with 10,000 rules is approximately 2.5 ms, and 2) in the same condition as 1), the evaluation time of XDNNEngine is reduced by 98.27%, 90.36% and 84.69%, respectively, over that of the Sun PDP, XEngine and SBA-XACML.

Usable comprehensive-factor authentication for a secure time attendance system

In information security, it is widely accepted that the more authentication factors are used, the higher the security level. However, more factors cannot guarantee usability in real usage because human and other non-technical factors are involved. This paper proposes the use of all possible authentication factors, called comprehensive-factor authentication, which can maintain the required security level and usability in real-world implementation. A case study of an implementation of a secure time attendance system that applies this approach is presented. The contribution of this paper is therefore to provide a security scheme seamlessly integrating all classical authentication factors plus a location factor into one single system in a real environment with a security and usability focus. Usability factors emerging from the study are related to a seamless process including the least number of actions required, the lowest amount of time taken, health safety during the pandemic, and data privacy compliance.

Distributed ledger technology based robust access control and real-time synchronization for consumer electronics

BACKGROUND

Consumer electronics or daily use home appliances are the basic necessity of every household. With the adoption of IoT in consumer electronics, this industry is set to rise exponentially. In recent times, the demand for consumer electronics rises amidst the pandemic due to a paradigm shift from in-office culture to work from home. Despite intelligent IoT devices, smart home configuration, and appliances at our disposal, the rudimentary client-server architecture fails to provide facilities like full access control of data and devices, transparency, secured communication, and synchronization between multiple devices, etc. to the users.

METHODS

To overcome these limitations, Blockchain technology has been adopted in recent years, however, it has its own set of limitations in its widespread implementation. Hence, we propose a methodology using the IOTA platform, a distributed ledger technology (DLT) for secured communication between consumer electronics devices and appliances.

RESULTS

The implementation provides access control, interoperability, data storage, and management with an exploratory insight towards a decentralized micro-payment use-case between Electric cars and charging stations.

On automated RBAC assessment by constructing a centralized perspective for microservice mesh

It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsistent across services, and they require proper assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). This article presents a novel approach to automated SAR to construct a centralized perspective for a microservice mesh based on their REST communication pattern. We utilize the generated views from SAR to propose an automated way to find RBAC inconsistencies.

A Cloud-Ready Architecture for Shared Medical Imaging Repository

Nowadays usage paradigms of medical imaging resources are requesting vendor-neutral archives, accessible through standard interfaces, with multi-repository support. Regional repositories shared by distinct institutions, tele-radiology as a service at cloud, teaching, and research archives are illustrative examples of this new reality. However, traditional production environments have a server archive instance per functional domain where every registered client application has access to all studies. This paper proposes an innovator ownership concept and access control mechanisms that provide a multi-repository environment and integrates well with standard protocols. A secure accounting mechanism for medical imaging repositories was designed and instantiated as an extension of a well-known open-source archive. A new web service layer was implemented to provide a vendor-neutral solution compliant with modern DICOM Web protocols for storage, search, and retrieval of medical imaging data. The concept validation was done through the integration of proposed architecture in an open-source solution. A quantitative assessment was performed for evaluating the impact of the mechanism in the usual DICOM Web operations. This article proposes a secure accounting architecture able to easily convert a standard medical imaging archive server in a multi-repository solution. The proposal validation was done through a set of tests that demonstrated its robustness and usage feasibility in a production environment. The proposed system offers new services, fundamental in a new era of cloud-based operations, with acceptable temporal costs.

A Parser to Support the Definition of Access Control Policies and Rules Using Natural Languages

As a consequence of the epidemiological transition towards non-communicable diseases, integrated care approaches are required, not solely focused on medical purposes, but also on a range of essential activities for the maintenance of the individuals' quality of life. In order to allow the exchange of information, these integrated approaches might be supported by digital platforms, which need to provide trustful environments and to guarantee the integrity of the information exchanged. Therefore, together with mechanisms such as authentication, logging or auditing, the definition of access control policies assumes a paramount importance. This article focuses on the development of a parser as a component of a platform to support the care of community-dwelling older adults, the SOCIAL platform, to allow the definition of access control policies and rules using natural languages.

A privacy protection method for health care big data management based on risk access control

With the rapid development of modern information technology, the health care industry is entering a critical stage of intelligence. Faced with the growing health care big data, information security issues are becoming more and more prominent in the management of smart health care, especially the problem of patient privacy leakage is the most serious. Therefore, strengthening the information management of intelligent health care in the era of big data is an important part of the long-term sustainable development of hospitals. This paper first identified the key indicators affecting the privacy disclosure of big data in health management, and then established the risk access control model based on the fuzzy theory, which was used for the management of big data in intelligent medical treatment, and solves the problem of inaccurate experimental results due to the lack of real data when dealing with actual problems. Finally, the model is compared with the results calculated by the fuzzy tool set in Matlab. The results verify that the model is effective in assessing the current safety risks and predicting the range of different risk factors, and the prediction accuracy can reach more than 90%.

Data Access Control and Secured Data Sharing Approach for Health Care Data in Cloud Environment

One of the vital hitches in today's world of research is ensuring the security of the Cloud. This security can be ensured by inventing new techniques that may possibly help in safeguarding and assuring the optimal status of information in the cloud. Contents that are stored in the Cloud are majorly affected by the attempts made by illegitimate sources that are trying to access it. The security level of the contents that are stored in the cloud can be guaranteed by focusing on a task that helps in both securing and verifying the data. In order to manage the security level, (SE-KAC) which is also known as Scalable and Enhanced Key-Aggregate Cryptosystem was initiated in current research method. But this method of securing and sharing secret keys cannot be used in the stage of decryption. However this problem can be resolved in proposed method since it introduces sharing of the data securely using a method called Improved Diffie Hellman Key Exchange Algorithm (IDHKE). By introducing the Improved Diffie Hellman Key Exchange Algorithm, securely sharing the secret keys to the receivers of the data has been achieved. The secret key details can be exchanged securely using this method. By this means it makes sure its affirmations. Here the key is safely generated using one random prime number, a master secret key and parameter value. Intended for the secured and consistent access control limitation, an encryption which is attribute-based is used. The proposed method thus ensures the protected data transmission with exact and trustworthy validation.

An Online Lab Examination Management System (OLEMS) to Avoid Malpractice

Examination and evaluation are two important phases of education at any level of a student's curriculum. However, these assessment processes are problematic in the sense that they encourage learners to devise ways to be dishonest. The traditional way of conducting exams is particularly conducive to dishonesty. In view of this, this letter proposes an online lab examination management system to prevent misconduct and to secure the process of lab examination.

Cerberus, an Access Control Scheme for Enforcing Least Privilege in Patient Cohort Study Platforms : A Comprehensive Access Control Scheme Applied to the GENIDA Project - Study of Genetic Forms of Intellectual Disabilities and Autism Spectrum Disorders

Cohort Study Platforms (CSP) are emerging as a key tool for collecting patient information, providing new research data, and supporting family and patient associations. However they pose new ethics and regulatory challenges since they cross the gap between patients and medical practitioners. One of the critical issues for CSP is to enforce a strict control on access privileges whilst allowing the users to take advantage of the breadth of the available data. We propose Cerberus, a new access control scheme spanning the whole life-cycle of access right management: design, implementation, deployment and maintenance, operations. Cerberus enables switching from a dual world, where CSP data can be accessed either from the users who entered it or fully de-identified, to an access-when-required world, where patients, practitioners and researchers can access focused medical data through explicit authorisation by the data owner. Efficient access control requires application-specific access rights, as well as the ability to restrict these rights when they are not used. Cerberus is implemented and evaluated in the context of the GENIDA project, an international CSP for Genetically determined Intellectual Disabilities and Autism Spectrum Disorders. As a result of this study, the software is made available for the community, and validated specifications for CSPs are given.

Security Policy and Infrastructure in the Context of a Multi-Centeric Information System Dedicated to Autism Spectrum Disorder

Autism spectrum disorders (ASD) are complex neuro-developmental disorders affecting children in their early age. The diagnosis of ASD relies on multidisciplinary investigations, in psychiatry, neurology, genetics, electrophysiology, neuro-imagery, audiology and ophthalmology. In order to support clinicians, researchers and public health decision makers, we designed an information system dedicated to ASD, called TEDIS. TEDIS was designed to manage systematic, exhaustive and continuous multi-centric patient data collection via secured Internet connections. In this paper, we present the security policy and security infrastructure we developed to protect ASD' patients' clinical data and patients' privacy. We tested our system on 359 ASD patient records in a local secured intranet environment and showed that the security system is functional, with a consistent, transparent and safe encrypting-decrypting behavior. It is ready for deployment in the nine ASD expert assessment centers in the Ile de France district.

Advanced Techniques for Deploying Reliable and Efficient Access Control: Application to E-healthcare

Nowadays, e-healthcare is a main advancement and upcoming technology in healthcare industry that contributes to setting up automated and efficient healthcare infrastructures. Unfortunately, several security aspects remain as main challenges towards secure and privacy-preserving e-healthcare systems. From the access control perspective, e-healthcare systems face several issues due to the necessity of defining (at the same time) rigorous and flexible access control solutions. This delicate and irregular balance between flexibility and robustness has an immediate impact on the compliance of the deployed access control policy. To address this issue, the paper defines a general framework to organize thinking about verifying, validating and monitoring the compliance of access control policies in the context of e-healthcare databases. We study the problem of the conformity of low level policies within relational databases and we particularly focus on the case of a medical-records management database defined in the context of a Medical Information System. We propose an advanced solution for deploying reliable and efficient access control policies. Our solution extends the traditional lifecycle of an access control policy and allows mainly managing the compliance of the policy. We refer to an example to illustrate the relevance of our proposal.

A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data

Electronic Patient Health Record (EPHR) systems may facilitate a patient not only to share his/her health records securely with healthcare professional but also to control his/her health privacy, in a convenient and easy way even in case of emergency. In order to fulfill these requirements, it is greatly desirable to have the access control mechanism which can efficiently handle every circumstance without negotiating security. However, the existing access control mechanisms used in healthcare to regulate and restrict the disclosure of patient data are often bypassed in case of emergencies. In this article, we propose a way to securely share EPHR data under any situation including break-the-glass (BtG) without compromising its security. In this regard, we design a reference security model, which consists of a multi-level data flow hierarchy, and an efficient access control framework based on the conventional Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) policies.

Realizing IoT service's policy privacy over publish/subscribe-based middleware

The publish/subscribe paradigm makes IoT service collaborations more scalable and flexible, due to the space, time and control decoupling of event producers and consumers. Thus, the paradigm can be used to establish large-scale IoT service communication infrastructures such as Supervisory Control and Data Acquisition systems. However, preserving IoT service’s policy privacy is difficult in this paradigm, because a classical publisher has little control of its own event after being published; and a subscriber has to accept all the events from the subscribed event type with no choice. Few existing publish/subscribe middleware have built-in mechanisms to address the above issues. In this paper, we present a novel access control framework, which is capable of preserving IoT service’s policy privacy. In particular, we adopt the publish/subscribe paradigm as the IoT service communication infrastructure to facilitate the protection of IoT services policy privacy. The key idea in our policy-privacy solution is using a two-layer cooperating method to match bi-directional privacy control requirements: (a) data layer for protecting IoT events; and (b) application layer for preserving the privacy of service policy. Furthermore, the anonymous-set-based principle is adopted to realize the functionalities of the framework, including policy embedding and policy encoding as well as policy matching. Our security analysis shows that the policy privacy framework is Chosen-Plaintext Attack secure. We extend the open source Apache ActiveMQ broker by building into a policy-based authorization mechanism to enforce the privacy policy. The performance evaluation results indicate that our approach is scalable with reasonable overheads.

Fine-grained Database Field Search Using Attribute-Based Encryption for E-Healthcare Clouds

An effectively designed e-healthcare system can significantly enhance the quality of access and experience of healthcare users, including facilitating medical and healthcare providers in ensuring a smooth delivery of services. Ensuring the security of patients' electronic health records (EHRs) in the e-healthcare system is an active research area. EHRs may be outsourced to a third-party, such as a community healthcare cloud service provider for storage due to cost-saving measures. Generally, encrypting the EHRs when they are stored in the system (i.e. data-at-rest) or prior to outsourcing the data is used to ensure data confidentiality. Searchable encryption (SE) scheme is a promising technique that can ensure the protection of private information without compromising on performance. In this paper, we propose a novel framework for controlling access to EHRs stored in semi-trusted cloud servers (e.g. a private cloud or a community cloud). To achieve fine-grained access control for EHRs, we leverage the ciphertext-policy attribute-based encryption (CP-ABE) technique to encrypt tables published by hospitals, including patients' EHRs, and the table is stored in the database with the primary key being the patient's unique identity. Our framework can enable different users with different privileges to search on different database fields. Differ from previous attempts to secure outsourcing of data, we emphasize the control of the searches of the fields within the database. We demonstrate the utility of the scheme by evaluating the scheme using datasets from the University of California, Irvine.

Access Scheme for Controlling Mobile Agents and its Application to Share Medical Information

This study is showing the advantage of mobile agents to conquer heterogeneous system environments and contribute to a virtual integrated sharing system. Mobile agents will collect medical information from each medical institution as a method to achieve the medical purpose of data sharing. Besides, this research also provides an access control and key management mechanism by adopting Public key cryptography and Lagrange interpolation. The safety analysis of the system is based on a network attacker's perspective. The achievement of this study tries to improve the medical quality, prevent wasting medical resources and make medical resources access to appropriate configuration.

Distributed clinical data sharing via dynamic access-control policy transformation

BACKGROUND

Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements.

OBJECTIVES

This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises.

METHODS

We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds.

RESULTS

We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues.

CONCLUSIONS

In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario.

Evaluation of an Enhanced Role-Based Access Control model to manage information access in collaborative processes for a statewide clinical education program

BACKGROUND

Managing information access in collaborative processes is a critical requirement to team-based biomedical research, clinical education, and patient care. We have previously developed a computation model, Enhanced Role-Based Access Control (EnhancedRBAC), and applied it to coordinate information access in the combined context of team collaboration and workflow for the New York State HIV Clinical Education Initiative (CEI) program. We report in this paper an evaluation study to assess the effectiveness of the EnhancedRBAC model for information access management in collaborative processes when applied to CEI.

METHODS

We designed a cross-sectional study and performed two sets of measurement: (1) degree of agreement between EnhancedRBAC and a control system CEIAdmin based on 9152 study cases, and (2) effectiveness of EnhancedRBAC in terms of sensitivity, specificity, and accuracy based on a gold-standard with 512 sample cases developed by a human expert panel. We applied stratified random sampling, partial factorial design, and blocked randomization to ensure a representative case sample and a high-quality gold-standard.

RESULTS

With the kappa statistics of four comparisons in the range of 0.80-0.89, EnhancedRBAC has demonstrated a high level of agreement with CEIAdmin. When evaluated against the gold-standard, EnhancedRBAC has achieved sensitivities in the range of 97-100%, specificities at the level of 100%, and accuracies in the range of 98-100%.

CONCLUSIONS

The initial results have shown that the EnhancedRBAC model can be effectively used to manage information access in the combined context of team collaboration and workflow for coordination of clinical education programs. Future research is required to perform longitudinal evaluation studies and to assess the effectiveness of EnhancedRBAC in other applications.