Secure fine grained access control for telecare medical communication system

Modern healthcare institutions are now equipped to provide telecare services because of substantial improvements in telecommunication. Numerous services are provided through the telecare system. For efficient utilization of telecare service, Personal Health Information (PHI) must be shared among various stakeholders. Due to sensitiveness of healthcare data, sharing may create a slew of security and privacy challenges. The Attribute-Based Access Control (ABAC) seems an appropriate cryptographic solution. But, a small amount of healthcare data may reveal a patient’s identity or other information. The minimum amount of PHI sharing is recommended to maintain an individual’s privacy. However, the existing ABAC does not support partial access control on PHI. They either allow access to the entire PHI or restrict it completely. To achieve this finest level of access control, if ABAC applies on each data attribute separately, it will increase computation and communication overhead. Therefore, existing ABAC protocols are unsuitable for a Telecare Medical Communication System (TMCS). The paper proposes a fine-grain access control framework for TMCS based on Multi-authority Attribute Based Access Control. It provides partial access control over PHI and assures the security and privacy of PHI. During the PHI access phase, multiple attribute authorities perform most of the computation simultaneously, increasing the present scheme’s efficiency and scalability. Further, symmetric bilinear pairing enhances its efficiency and makes it suitable for resource constraint environments. The k-out-of-n oblivious transfer protocol hides the data access pattern and maintains privacy. Security analysis proves that the present scheme is secure under the hardness of the discrete logarithm problem and the Decisional Bilinear Diffie–Hellman assumption.