dc.description.abstract |
Healthcare services produce and use a great deal of sensitive personal data. But the fact is that
this healthcare data has very high black market value. Now to easily access the healthcare data
we can think about an access control server. So if we want to make an accesss control server
for healthcare data then it has to be very secure. On the other hand, this data also needs to be
easily accessible by the patient itself and authorized care givers.
In this thesis we have studied an existing token-based access control solution which is being
applied to protect medical data in a hospital and observed its security limitations. After that
we modify that model using Multi-Authority CP-ABE, as a building block, to overcome the
security limitations. We have proposed two modified models in our paper.
Our first model relies on centralized MA-CP-ABE, which is based on composite order bilinear
group. Since it is a centralized model, there is an central authority. In my case External
IAM plays the role of Central Authority. I have used External IAM and Policy Decision Point
as my two attribute authorities. This MA-CP-ABE is computed on a composite order bilinear
group. According to the security analysis, my first model is adaptively secure. We have done
this security analysis in standard model.
Our second model relies on decentralized MA-CP-ABE, which is based on prime order bilinear
group. Since it is an decentralized scheme so there is no central authority. Here also I have used
External IAM and Policy Decision Point as my two attribute authorities. This MA-CP-ABE is
computed on a prime order bilinear group. According to the security analysis, my second model
is CPA secure. We have done this security analysis in random oracle model.
Our second model is more efficient according to the computation cost than the first model
whereas our first model is more efficient according to the communication cost than the second
model.
We have implemented the decentralized Multi-Authority CP-ABE scheme, which is the building
block of our second model, to use in modified Access Control Model. We have implemented
the code in Python and used Charm-crypto framework for the implementation. Because of using
decryption out-sourcing our final decryption time has become constant, it does not depend on
the size of the data consumer’s attribute set or on the number of attributes in access policy.
Also we have implemented a modified LSSS in our thesis which is more efficient than Charm’s
LSSS.
We have also introduced revocation property in the scheme and provided insights on how to
implement the whole access control model in this thesis. |
en_US |