TY - JOUR
T1 - Dependable and secure computing in medical information systems
AU - Hur, Junbeom
AU - Kang, Kyungtae
N1 - Funding Information:
This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology ( 2012R1A1A1001835 ).
PY - 2012/12/1
Y1 - 2012/12/1
N2 - Medical information systems facilitate ambulatory patient care, and increase safer and more intelligent diagnostic and therapeutic capabilities through automated interoperability among distributed medical devices. In modern medical information systems, dependability is one of the most important factors for patient safety in the presence of delayed or lost system alarm and data streams due to the intermittent medical device network connection or failure. In addition, since the medical information need to be frequently audited by many human operators as well as the automated medical devices, secure access control is another pivotal factor for patient privacy and data confidentiality against inside or outside adversaries. In this study, we propose a dependable and secure access policy enforcement scheme for disruption-tolerant medical information systems. The proposed scheme exploits the external storage node operated by the device controller, which enables reliable communications between medical devices. Fine-grained data access control is also achieved, while the key escrow problem is resolved such that any curious device controller or key generation center cannot decrypt the private medical data of patients. The proposed scheme allows the device controller to partially decrypt the encrypted medical information for the authorized receivers with their corresponding attributes without leaking any confidential information to it. Thus, computational efficiency at the medical devices is also enhanced by enabling the medical devices to delegate most laborious tasks of decryption to the device controller.
AB - Medical information systems facilitate ambulatory patient care, and increase safer and more intelligent diagnostic and therapeutic capabilities through automated interoperability among distributed medical devices. In modern medical information systems, dependability is one of the most important factors for patient safety in the presence of delayed or lost system alarm and data streams due to the intermittent medical device network connection or failure. In addition, since the medical information need to be frequently audited by many human operators as well as the automated medical devices, secure access control is another pivotal factor for patient privacy and data confidentiality against inside or outside adversaries. In this study, we propose a dependable and secure access policy enforcement scheme for disruption-tolerant medical information systems. The proposed scheme exploits the external storage node operated by the device controller, which enables reliable communications between medical devices. Fine-grained data access control is also achieved, while the key escrow problem is resolved such that any curious device controller or key generation center cannot decrypt the private medical data of patients. The proposed scheme allows the device controller to partially decrypt the encrypted medical information for the authorized receivers with their corresponding attributes without leaking any confidential information to it. Thus, computational efficiency at the medical devices is also enhanced by enabling the medical devices to delegate most laborious tasks of decryption to the device controller.
KW - Access control
KW - Medical device network
KW - Medical information system
KW - Reliability
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=84869096404&partnerID=8YFLogxK
U2 - 10.1016/j.comcom.2012.01.006
DO - 10.1016/j.comcom.2012.01.006
M3 - Article
AN - SCOPUS:84869096404
VL - 36
SP - 20
EP - 28
JO - Computer Communications
JF - Computer Communications
SN - 0140-3664
IS - 1
ER -