Blockchain-Based Distributed Patient-Centric Image Management System

In recent years, many researchers have focused on developing a feasible solution for storing and exchanging medical images in the field of health care. Current practices are deployed on cloud-based centralized data centers, which increase maintenance costs, require massive storage space, and raise privacy concerns about sharing information over a network. Therefore, it is important to design a framework to enable sharing and storing of big medical data efficiently within a trustless environment. In the present paper, we propose a novel proof-of-concept design for a distributed patient-centric image management (PCIM) system that is aimed to ensure safety and control of patient private data without using a centralized infrastructure. In this system, we employed an emerging Ethereum blockchain and a distributed file system technology called Inter-Planetary File System (IPFS). Then, we implemented an Ethereum smart contract called the patient-centric access control protocol to enable a distributed and trustworthy access control policy. IPFS provides the means for decentralized storage of medical images with global accessibility. We describe how the PCIM system architecture facilitates the distributed and secured patient-centric data access across multiple entities such as hospitals, patients, and image requestors. Finally, we deployed a smart contract prototype on an Ethereum testnet blockchain and evaluated the proposed framework within the Windows environment. The evaluation results demonstrated that the proposed scheme is efficient and feasible.

Download Full-text

Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering - Security and Privacy in Communication Networks ◽

10.1007/978-3-642-16161-2_6 ◽

2010 ◽

pp. 89-106 ◽

Cited By ~ 130

Author(s):

Ming Li ◽

Shucheng Yu ◽

Kui Ren ◽

Wenjing Lou

Keyword(s):

Cloud Computing ◽

Access Control ◽

Data Access ◽

Personal Health Records ◽

Personal Health ◽

Health Records ◽

Fine Grained ◽

Data Access Control ◽

Patient Centric

Download Full-text

GFFS — THE XSEDE GLOBAL FEDERATED FILE SYSTEM

Parallel Processing Letters ◽

10.1142/s0129626413400057 ◽

2013 ◽

Vol 23 (02) ◽

pp. 1340005 ◽

Cited By ~ 6

Author(s):

ANDREW GRIMSHAW ◽

MARK MORGAN ◽

AVINASH KALYANARAMAN

Keyword(s):

Access Control ◽

File System ◽

Data Access ◽

Computational Science ◽

Science And Engineering ◽

Organizational Boundaries ◽

Science Community ◽

Data Access Patterns ◽

Access Patterns ◽

Existing Data

Federated, secure, standardized, scalable, and transparent mechanism to access and share resources, particularly data resources, across organizational boundaries that does not require application modification and does not disrupt existing data access patterns has been needed for some time in the computational science community. The Global Federated File System (GFFS) addresses this need and is a foundational component of the NSF-funded eXtreme Science and Engineering Discovery Environment (XSEDE) program. The GFFS allows user applications to access (create, read, update, delete) remote resources in a location-transparent fashion. Existing applications, whether they are statically linked binaries, dynamically linked binaries, or scripts (shell, PERL, Python), can access resources anywhere in the GFFS without modification (subject to access control). In this paper we present an overview of the GFFS and its most common use cases: accessing data at an NSF center from a home or campus, accessing data on a campus machine from an NSF center, directly sharing data with a collaborator at another institution, accessing remote computing resources, and interacting with remote running jobs. We present these uses cases and how they are realized using the GFFS.

Download Full-text

Iot Secured Disjunctive XOR Two Factor Mutual Authentication for Users

Recent Advances in Computer Science and Communications ◽

10.2174/2666255813666191128160711 ◽

2019 ◽

Vol 13 ◽

Author(s):

Meenu Talwar ◽

B. Balamurugan

Keyword(s):

Access Control ◽

User Authentication ◽

Mutual Authentication ◽

Real Life ◽

Control Policy ◽

Data Access ◽

Whole Process ◽

Insider Attack ◽

Data Access Control ◽

Work Done

: The Internet of Things is one of the most adapting technology with the applications in multiple domains. Bringing together, huge number of devices and networks to access the information at one platform is called an IoT network. IoT is shifting its security priorities to consider data access control from a data-centric perspective. Recently, Muhammad et.al. has proposed a scheme of two-factor user authentication in WSN and claimed that his scheme is secured against various attacks [1]. However, we have found some pitfalls in his work and based on that, proposed a work, which is an improvement of the earlier works done by M.L. Das on access control policy. In our work, we have modified the existing algorithm by adding new computational load without disturbing the work done in the previous algorithm. The integration of our proposed work with the earlier work makes the whole process more protective from various insider attack. The proposed algorithm "Disjunctive XOR Two Factor Authentication Method " can be implemented with real life applications. The security patches implemented in the proposed algorithm, attempts to fix receptiveness of the gateway and makes the scheme more secured and adaptive. The proposed work is tested in an unsecured wireless sensor network and found to be capable of protecting from various attacks such as Bypass and Insider attacks. With addition, it also gives the flexibility, to allow user to change or update its login password within a secured environment. In our work, we have also proposed, the Mutual Authentication between the Gateway(GY-node) and Sensor Node(Sn) such that it gets protected by an inside attacker and secondly, to allow user to change/update password independently and thirdly proved that the work proposed is secured from insider and Bypass attacker.

Download Full-text

Effective and Scalable Data Access Control in Onedata Large Scale Distributed Virtual File System

Procedia Computer Science ◽

10.1016/j.procs.2017.05.054 ◽

2017 ◽

Vol 108 ◽

pp. 445-454 ◽

Cited By ~ 1

Author(s):

Michaƚ Wrzeszcz ◽

Łukasz Opioƚa ◽

Konrad Zemek ◽

Bartosz Kryza ◽

Łukasz Dutka ◽

...

Keyword(s):

Access Control ◽

Large Scale ◽

File System ◽

Data Access ◽

Data Access Control ◽

Virtual File System

Download Full-text

Image management and data access control for Multi-authority cloud storage with use of certificate less encryption

2016 IEEE International Conference on Advances in Electronics, Communication and Computer Technology (ICAECCT) ◽

10.1109/icaecct.2016.7942557 ◽

2016 ◽

Author(s):

Vitthal S. Gutte ◽

Amol N. Jadhav ◽

Pramod Mundhe

Keyword(s):

Access Control ◽

Cloud Storage ◽

Data Access ◽

Image Management ◽

Data Access Control

Download Full-text

Granular Data Access Control with a Patient-Centric Policy Update for Healthcare

Sensors ◽

10.3390/s21103556 ◽

2021 ◽

Vol 21 (10) ◽

pp. 3556

Author(s):

Fawad Khan ◽

Saad Khan ◽

Shahzaib Tahir ◽

Jawad Ahmad ◽

Hasan Tahir ◽

...

Keyword(s):

Access Control ◽

Control Mechanism ◽

Computational Cost ◽

Random Oracle Model ◽

Data Access ◽

Physiological Data ◽

Healthcare Applications ◽

Data Access Control ◽

Access Control Mechanism ◽

Patient Centric

Healthcare is a multi-actor environment that requires independent actors to have a different view of the same data, hence leading to different access rights. Ciphertext Policy-Attribute-based Encryption (CP-ABE) provides a one-to-many access control mechanism by defining an attribute’s policy over ciphertext. Although, all users satisfying the policy are given access to the same data, this limits its usage in the provision of hierarchical access control and in situations where different users/actors need to have granular access of the data. Moreover, most of the existing CP-ABE schemes either provide static access control or in certain cases the policy update is computationally intensive involving all non-revoked users to actively participate. Aiming to tackle both the challenges, this paper proposes a patient-centric multi message CP-ABE scheme with efficient policy update. Firstly, a general overview of the system architecture implementing the proposed access control mechanism is presented. Thereafter, for enforcing access control a concrete cryptographic construction is proposed and implemented/tested over the physiological data gathered from a healthcare sensor: shimmer sensor. The experiment results reveal that the proposed construction has constant computational cost in both encryption and decryption operations and generates constant size ciphertext for both the original policy and its update parameters. Moreover, the scheme is proven to be selectively secure in the random oracle model under the q-Bilinear Diffie Hellman Exponent (q-BDHE) assumption. Performance analysis of the scheme depicts promising results for practical real-world healthcare applications.

Download Full-text

Fine Grained Access Control Based on Smart Contract for Edge Computing

Electronics ◽

10.3390/electronics11010167 ◽

2022 ◽

Vol 11 (1) ◽

pp. 167

Author(s):

Yong Zhu ◽

Xiao Wu ◽

Zhihui Hu

Keyword(s):

Access Control ◽

Business Models ◽

Single Point ◽

Data Access ◽

Edge Computing ◽

Security And Privacy ◽

Control Mode ◽

Fine Grained ◽

Data Access Control ◽

Smart Contract

Traditional centralized access control faces data security and privacy problems. The core server is the main target to attack. Single point of failure risk and load bottleneck are difficult to solve effectively. And the third-party data center cannot protect data owners. Traditional distributed access control faces the problem of how to effectively solve the scalability and diversified requirements of IoT (Internet of Things) applications. SCAC (Smart Contract-based Access Control) is based on ABAC (Attributes Based Access Control) and RBAC (Role Based Access Control). It can be applied to various types of nodes in different application scenarios that attributes are used as basic decision elements and authorized by role. The research objective is to combine the efficiency of service orchestration in edge computing with the security of consensus mechanism in blockchain, making full use of smart contract programmability to explore fine grained access control mode on the basis of traditional access control paradigm. By designing SSH-based interface for edge computing and blockchain access, SCAC parameters can be found and set to adjust ACLs (Access Control List) and their policies. The blockchain-edge computing combination is powerful in causing significant transformations across several industries, paving the way for new business models and novel decentralized applications. The rationality on typical process behavior of management services and data access control be verified through CPN (Color Petri Net) tools 4.0, and then data statistics on fine grained access control, decentralized scalability, and lightweight deployment can be obtained by instance running in this study. The results show that authorization takes into account both security and efficiency with the “blockchain-edge computing” combination.

Download Full-text