TY - JOUR
T1 - A break-glass protocol based on ciphertext-policy attribute-based encryption to access medical records in the cloud
AU - T. de Oliveira, Marcela
AU - Bakas, Alexandros
AU - Frimpong, Eugene
AU - Groot, Adrien E.D.
AU - Marquering, Henk A.
AU - Michalas, Antonis
AU - Olabarriaga, Silvia D.
PY - 2020
Y1 - 2020
N2 - In emergency care, fast and efficient treatment is vital. The availability of Electronic Medical Records (EMR) allows healthcare professionals to access a patient’s data promptly, which facilitates the decision-making process and saves time by not repeating medical procedures. Unfortunately, the complete EMR of a patient is often not available during an emergency situation to all treatment teams. Cloud services emerge as a promising solution to this problem by allowing ubiquitous access to information. However, EMR storage and sharing through clouds raise several concerns about security and privacy. To this end, we propose a protocol through which all treatment teams involved in the emergency care can securely decrypt relevant data from the patient’s EMR and add new information about the patient’s status. Furthermore, our protocol ensures that treatment teams will only access the patient’s EMR for the period during which the patient is under their care. Finally, we present a formal security analysis of our protocol and some initial experimental results.
AB - In emergency care, fast and efficient treatment is vital. The availability of Electronic Medical Records (EMR) allows healthcare professionals to access a patient’s data promptly, which facilitates the decision-making process and saves time by not repeating medical procedures. Unfortunately, the complete EMR of a patient is often not available during an emergency situation to all treatment teams. Cloud services emerge as a promising solution to this problem by allowing ubiquitous access to information. However, EMR storage and sharing through clouds raise several concerns about security and privacy. To this end, we propose a protocol through which all treatment teams involved in the emergency care can securely decrypt relevant data from the patient’s EMR and add new information about the patient’s status. Furthermore, our protocol ensures that treatment teams will only access the patient’s EMR for the period during which the patient is under their care. Finally, we present a formal security analysis of our protocol and some initial experimental results.
KW - Access control
KW - Break-glass access
KW - Ciphertext-policy attribute-based encryption
KW - e-health privacy
KW - Electronic medical records
KW - Emergency care
KW - Secure cloud storage
UR - http://www.scopus.com/inward/record.url?scp=85081620941&partnerID=8YFLogxK
U2 - 10.1007/s12243-020-00759-2
DO - 10.1007/s12243-020-00759-2
M3 - Article
AN - SCOPUS:85081620941
SN - 0003-4347
VL - 75
SP - 103
EP - 119
JO - Annales des Telecommunications/Annals of Telecommunications
JF - Annales des Telecommunications/Annals of Telecommunications
IS - 3-4
ER -