International Journal of Applied Engineering Research ISSN 0973-4562 Volume 12, Number 24 (2017) pp.

14251-14258
© Research India Publications. http://www.ripublication.com

A Security Model For Preserving Privacy of Healthcare Information

1
Isra’a Ahmed Zriqat and 2Ahmad Mousa Altamimi
1
Applied Science Private University, Department of Computer Science, Jordan.
2
Applied Science Private University, Department of Computer Science, Jordan.

2
Orcid: 0000-0003-3642-5257

Abstract requirements such as the highly dynamic nature. For example,

Collecting clinical and administrative data has been prominent
in recent years. Medical centers such as hospitals, clinics, or
other institutions employ electronic healthcare systems to
manage and control the collected data. To arrive at
satisfactory healthcare services, such data must be available to
all users in medical centers. However, this comes up with a
concern about the patient privacy and security. In this regard,
many research has proposed standards, procedures and
regulations regarding the protection of patient’s information.
Nevertheless, it is our belief that they are not adequate to
guarantee this. The current study proposed a Security Model
(SAFE) which preserves the privacy for healthcare systems. In
addition, the model handles not only on the normal situations
where the policies are applied according to the user’s roles but
also the abnormal situations where users are permitted to
override the access restrictions they are assigned as
responding to emergency or critical incidents. Moreover,
because patient’s health data could be exposed during the
transmission process to the medical server, it should be
encrypted, so if any attackers/intruder get access to the data,
the attacker cannot disclose it. To do this and motivated by the
advantages of using symmetric encryption techniques, SAFE
model utilizes the AES encryption technique to encrypt the
stored healthcare information.
Keywords: E-health records; Access control; Security
policies; encryption; AES
INTRODUCTION
During the treatment process, healthcare organizations collect
vast amounts of patients’ medical information to continuing
deliver proper health services. This presents two challenges:
providing the availability to deliver high quality of care, and
protecting the privacy to meet the requirements of enacted
regulations and rules such as the HIPAA (Health Insurance
Portability and Accountability Act of 1996). Accordingly,
many awareness security models have been proposed and
argued to be suitable for healthcare systems [1-4].
However, little works have been considered as effective
models because of two main reasons: Firstly, healthcare
systems are differentiated to other systems by a set of
in emergency situations, caregivers are permitted to override
the access restrictions assigned to them. Secondly, the using of
Electronic Health Records (EHR) where standards such as the
Health Level Seven (HL7) [5], and the Fast Healthcare
Interoperability Resources (FHIR) [6] were used to facilitate
the exchanging of clinical and administrative data [7]. These
standards enabled future large-scale healthcare systems and
made access control in healthcare systems so challenging [8].
In fact, to satisfy the security of Healthcare systems, a proper
security system should be in place. The most important steps
to create such system is to understand how healthcare works
and then figure out the requirements the system should fulfill.
Therefore, in this paper, we started by presenting the basic
structure relevant to eHealth environments and discussed their
requirements. After that a security model for eHealth systems
(SAFE) is presented to meet the healthcare security
requirements and preserve the privacy of healthcare systems.
It utilizes the standard role-based access control to store the
patient’s context information that will be used together with
the authorization policies and the patient’s medical situation
for making access control decisions.
Specifically, SAFE handles not only on the normal situations
where the policies are applied according to the user’s roles but
also the abnormal situations where users are permitted to
override the access restrictions they assigned as responding to
emergency or critical incidents. That is, in some
circumstances, when the patient is in an emergency, users are
allowed to see the necessary information even it is restricted to
them in normal cases. Moreover, because patient’s health data
could be exposed during the transmission process to the
medical server. It should be encrypted, so if any
attackers/intruder get access to the data, attacker cannot
disclose it. To do this and motivated by the advantages of
using symmetric encryption techniques, the AES encryption
technique is utilized in our model as it’s proved one of the best
technique suited for encryption healthcare information [9-14].
The paper is structured as follows. In Section 2, we review the
related work. Section 3 gives a brief overview of the basic
terminology and structures relevant to our work. Section 4
presents the architecture of SAFE model. The implementation

14251
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 12, Number 24 (2017) pp. 14251-14258
© Research India Publications. http://www.ripublication.com
of the model is then given in Section 5. And finally,
conclusions and future directions are discussed in Section 6.
RELATED WORK
E-health information systems consist of various types of
context information needed to be guarded by appropriate
security countermeasures at all times. In fact, many security
models have been proposed in the literature. This includes the
traditional mechanisms such as standard encryption techniques
or the using of Role Based Access Control (RBAC). In fact,
most of these traditional mechanisms cannot meet the access
requirements of modern healthcare environments. As a result,
the traditional mechanisms have been extended in various
ways to incorporate awareness information [4], and to provide
variety and flexible security policies [15-19].
For example, RBAC model have been extended to include
additional information that influences the access decisions.
One can consider the GEO-RBAC [20] and Location-Aware
Role-Based Access Control model (LRBAC) [21]. Here, a list
of locations is stored in the model, if the user is existed in one
of these locations, roles are activated. The association of role–
time has also been considered, for instance the Temporal
Role-Based Access Control Model (TRBAC) [22] includes
time constraints to support enabling and disabling roles. It is
important to mention here that other models considering both
location and time constraints to decide whether the access is
permitted or not. Models such as TLRBAC [23] and LOT-
RBAC [24] can be considered in this context.
On the other hand, modified versions of attribute-based
encryption [25] have been considered in [26-28] to guarantee
a proper level of security. Specifically, Z. Guan et al. [26]
proposed a novel encryption by using seven combining
encryption technique Mask-Certificate Attribute-Based
encryption (MC-ABE). In the encryption process scheme, data
are first encrypted and then masked before being stored in the
storage server. In the same vein, M. Barna et al. [25]
privileges are mapped into roles and then roles are connected
with ABE access structures. While these models are beneficial
for cutting down the maintaining cost of eHealth data and
providing the data whenever needed, fine-grained access
control is difficult to obtain.
Authors of [27-28] stated that fine-grained access control
would be managed by categorizing the users into public
domain and personal domain. Where multi-authority ABE is
utilized in public domain to improve the fine-grained security
countermeasures. However, policies updating, and key
management were the main limitations of this model.
Consequently, [28] proposed attribute group key to resolve
this problem. By employing this method, the key escrow
problem re-encryption could be solved, and the computational
overheads could also be reduced.
14252
Key management has also been considered in other works.
Recently, W. Liu et al. [29] suggested a generic framework
based on hierarchical identity-based encryption (HIBE) model
and the role-based access control (RBAC). The HIBE model
is used to encrypt patients’ data before they are sent to the
storage server. Nevertheless, this process may not provide
accurate access control requirements. For example, patients
might not able to access their own data without being
authorized by HIPAA regulations.
Ultimately, the fine-grained access control has been provided
by many models [30-31]. In [30] Adaptive Access Control
model is proposed to consider privilege overriding and
behavior. Users here can access their data even if sudden
incidents occur. Therefore, human authorizations are not
essential for users to get access to their data since they
commence their sessions through a trust model based on users,
location, time and action. Ultimately, a secure scheme for
authentication and scalable fine-grained data access control is
suggested in [31]. According to its authors, the access control
is implemented in two phases: Static authorization method and
Restricted access permissions. However, the main limitation
of these models is that there is no prevention or detection
mechanism to check user’s data access when the critical
situation occurs, which is provided by our model.
BACKGROUND MATERIAL
e-Healthcare
E-Healthcare is the integration of the internet into healthcare
where healthcare institutions exchange and share data. In an
interoperability way if guarantees effective connection among
healthcare entities (patients, doctors, hospitals and
pharmacies), care providers will be able to tackle with health
issues well [32]. EHRs are designed in a way that enables
patients to get a full access to the data which are managed and
controlled online by providers in charge. Furthermore, HER
are constructed according the necessary standards of data
collection. These standards consist of three domains: a set of
intelligent physiological sensors in a personal server whose
job is to identify vital signs, a heterogeneous network, and a
remote health care server. In EHRs, patients are called data
users, whereas doctors and pharmacists are called requesters.
As for servers, they are divided into local server or cloud
server which store, process and analyze healthcare data [33-
34]. Networks are the means in which patients and medical
staff can share data, see Fig.1.
Despite countless benefits healthcare systems have, some
security threats may emerge. These threats may include
changing information, losing important data or
misunderstanding roles [35-39].
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 12, Number 24 (2017) pp. 14251-14258
© Research India Publications. http://www.ripublication.com
Traditional Role Based Access Control Model
In a different healthcare institution, access control is required
for controlled sharing and protection of resources. Over the
past few decades, several access control models have been
proposed to specify the different access control policies. Such
as Discretionary Access Control model (DAC), Mandatory
Access Control model (MAC) and Role Based Access Control
model (RBAC). Among these models, RBAC has gained
considerable attention due to its flexibility, ease of
administration and intuitiveness. It can be viewed as a state
transition system where state changes occur by administrative
operations [40].
RBAC consist of four main entities: Users, Roles,
Permissions, and Objects. RBAC is depending on the concept
of assigning permissions to roles and roles to users.
Permissions are a set of allowed operations that can be
performed on a set of objects under access control. An object
which is defined as a resource of the system. Role is
associated with a set of permissions. Every user can activate
multiple sessions; however, every session is associated with
only one user. The operations that a user allow to be
performed in a session depend on the roles activated in that
session and the permissions associated with those roles [40].
Figure 1: The typical Architecture of EHR System
14253
Cryptography (Encryption Techniques)
C.H. Meyer [41] defined the Cryptography as “the subdivision
of cryptology in which encryption -decryption algorithms are
designed, to guarantee the security and authentication of data”.
Many encryption algorithms are used in cryptography as an
efficient, effective, and primary component for secure
transmission of information [42-43]. These algorithms may be
symmetric-key or asymmetric-key algorithms. For example,
DES, 3DES, AES, Blowfish, RC5 are symmetric key-
encryption where as Diffie-Hellman, ECC, RSA are
asymmetric-key encryption. The main choice of better
algorithm depends on the advantages and disadvantage of each
one.
In symmetric cryptography, same key (private key) is used to
execute encryption and decryption processes. The key should
be distributed between two parties that can be used to maintain
a private information link before the data being transmitted.
The symmetric key strength depends on its size. Whereas, in
asymmetric cryptography, two different keys (public and
private key) are used for encryption and decryption the data.
The public key of the sender is used to encrypt the plain text
and only the authorized user can be able to decrypt the cipher
text through using his own private key, which should be kept
secret [9, 43-44].
Current technical approaches look at encryption techniques
based on certain parameters like memory requirement, speed,
security, and energy consumption as a good mechanism. It has
been found that symmetric algorithms perform better than
asymmetric cryptosystems [45-46], due to many measurements
as proven in [10-11, 43]. Thus, we chose to employ one of the
symmetric algorithm (e.g, AES) in our model to encrypt the
patient data.
Symmetric cryptography has been widely used in the literature
to provide both authentication and confidentiality. In fact,
many researches argued that it requires less computation time
relies on the concept of diffusion and confusion [9]. Thus, the
symmetric cryptography has been adapted to secure electronic
health data [10-11, 43, 46-47]. On the other hand, asymmetric
cryptography also considered in this regard as it provides
better security than symmetric, but they are mathematically
hard, and it costs more in terms of energy consumed. Authors
such as J. Park et al., [10] showed that the symmetric-key
algorithm is faster than asymmetric-key algorithm because it
uses complex mathematical operations and requires two
separate keys each for encryption and decryption processes.
N. Aleisa [47] also showed that the speed of symmetric
algorithm for encryption/decryption makes it better than
asymmetric-key algorithm. A. Patil et al., [43] gave a detailed
study of the popular symmetric key encryption algorithms and
asymmetric key encryption algorithms. They found that the
symmetric-key algorithms run faster than asymmetric-key
algorithms. In addition, the memory requirement of symmetric
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 12, Number 24 (2017) pp. 14251-14258
© Research India Publications. http://www.ripublication.com

algorithms is less than asymmetric encryption algorithms.
Jasim et al., [11] analyzed the performance of encrypted large
database using symmetric and asymmetric key algorithms, and
concluded that the performance of encryption process using
asymmetric key algorithm is lower when compared to
symmetric algorithm.
Additional studies have been carried out to decide which
symmetric algorithm is the best suited in the healthcare means.
Thus, many algorithms such as DES, 3DES, AES, Blowfish,
RC5 are studied. However, to utilize an appropriate one, it is
necessary to know its strength and limitation. Parameters such
as: Security, Scalability (in terms of Memory Usage,
Encryption rate, computational time and Software/hardware
performance), Limitations, and Flexibility have been
considered in many studies [9-10, 13-14, 42, 44, 47]. B. S.
Varsha and P. S. Suryateja [12] discussed two critical aspects
of personal health record (PHR) management, those of
security and data access control. In their work, they compare
the performance of symmetric and asymmetric algorithms
likes DES, AES, RSA, and ECC. Among these, they found
that the AES is a strong algorithm. In AES the encryption
process is done in a specified number of rounds, which makes
the data more secure. Further, it can be used for secure
transmission of data in the encrypted format.
J. Park et al., [10] investigated some of the security algorithms
that could be worked well in uHealth systems to provide good
security level for personal data and bio signal information.
They implemented several security algorithms such as DES,
3DES, Blowfish, AES, and RC4 for their u-Health monitoring
system. They concluded that AES does not have a well-known
weakness, and it requires low memory usage than Blowfish
and RC4. Thus, they chose AES as the most appropriate
algorithm for their system. N. Aleisa [47] presented a
comparison study of well-known symmetric key encryption
standards, 3DES and AES. It was found that AES has been
designed efficiency in software and hardware means to be an
efficient technique even on small devices such as smartphones.
However, with a larger block size using a 128-bit and with
different bit keys (128, 192 and 256 bits), AES provides more
security in the long term. M. Ebrahim [42] presented a similar
study to analyze the performance based on different
parameters. Authors were observed that AES was the best
among all in terms of Security, Memory usage, Flexibility, and
Encryption performance. He also concluded that although
other algorithms were also eligible, however most of them
have a tradeoff between encryption performance and memory
usage. Furthermore, they highlighted the major weakness of
the mentioned algorithms. And found that, the AES algorithm
has no serious weakness.
Based on that studies, some authors considered AES as
unbreakable in practical use and thus adapted it in their
systems. As an example, J. Young Oh et al., [14] proposed a
novel algorithm for medical information encryption based on
AES scheme. They found AES achieves a faster execution
speed of encryption and decryption processes. Thus,
motivating by these studies and facts, the AES is used in our
model as described in Section 4.
THE SECURITY MODEL (SAFE)
SAFE model safeguards the healthcare systems. Specifically,
the suggested model is placed at the top of the server to act as
an access point for users’ requests. Because patient’s health
data could be exposed during the transmission process to the
medical server. It should be encrypted, so if any
attackers/intruder get access to the data, attacker cannot
disclose it. To do this and motivated by the advantages of
symmetric encryption techniques (presented in section 3.3),
we choose to use AES as it’s proved one of the best technique
suited for encryption healthcare information [9-14].
In SAFE, all requests for accessing information must be
approved to ensure their eligibility. The User Interface
Module (UIM) is used to define security policies. It can be
either website or a smartphone application. The policies are
identified by both patients and doctors to set patient’s privacy.
All policies identified are parsed into its own components and
then they are stored in a central security database. This is done
by using Extended-RBAC model (discussed in Section 3.2).
When a user requests data of a patient, a session is set up
between the requester and the server by the session handler
module (SHM). The session is held when a transmission
protocol is employed. It is worth mentioning that session
information is saved, so that it can be available when needed.
Auditing session manager (ASM) is responsible for all
established sessions that data will be retrieved at the user’s
request. Moreover, the requester’s security settings (username
and password) are stored among other accounts stored in the
database. User verifier Module (CAV) is responsible for
classifying and verifying the requesters account and then
giving permission or not. This process is carried out by
contacting the security database to identify the applied policies
and the requester. CAV determines whether the requested
information is critical or natural to reach the final decision;
this depends on the context-aware information. When the
patient’s situation is critical, the security settings are
automatically adapted to the good of the user.
That is, the need for user authorization is removed to handle
the required exceptional access. Consequently, caregivers are
permitted to override the access restrictions assigned to them.
Thus, an effective mechanism is needed to predict or diagnose
the patient’s situation with good accuracy. In this context,
many studies have investigated this issue [49-51]. For
example, Authors of [51] set five classifiers (e.g., Naïve
Bayes, Decision Tree, Discriminant, Random Forest, and
Support Vector Machine), the authors found that the
classification algorithms are appropriate for providing

14254
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 12, Number 24 (2017) pp. 14251-14258
© Research India Publications. http://www.ripublication.com

relatively correct answers concerning patient’s status.
Decision tree is regarded number one by evaluation measures.
Based on that, we choose the decision tree classifier to be
integrated into the SAFE model to provide an effective
forecasting mechanism that determines the patient’s medical
situation.
Ultimately, assuming the user request is granted, in this case
the requested data will be decrypted back before responding.
All the needed keys are stored safely in the security database.
The basic structure is illustrated in Fig. 2.
THE IMPLEMENTATION OF SAFE MODEL
To support the evaluation of the proposed approach, we will
provide a prototype implementation developed specifically for
the eHealth environment. It consists of three main
components: The User Interface Tool that allows end users to
design policies and directly interacts with the security
repository. The Security Repository in turn stores the policies
generated by the interface tool. And finally, the Policy
Manager that retrieves policies from the repository and
delivers them to the access control module (Users Verifier
Module) for enforcement.
Our application uses Web Services as they provide flexibility
in accessing the application through different interfaces using
heterogeneous API. In addition, web services are integrated
into the World Wide Web, and support direct interactions with
other software agents using XML-based message exchanges
via Internet-based protocols. Off course, using such standers
allows our model to be compatible with other applications.

Figure 2: The SAFE Model architecture

14255
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 12, Number 24 (2017) pp. 14251-14258
© Research India Publications. http://www.ripublication.com
The following tools have been used in the implementation of
SAFE model: JAVA 1.7, Spring Framework 4.2.3, My SQL
Database, Apache Log4J, SL4J, Hibernate 4.3.12, Apache
Maven, Apache Tomcat, HTML, CSS, JAVA Script, jQuery,
JSP, JSTL and Spring Tool Suite IDE. In fact, Java language
is the main language used to build our implementation.
However, special frameworks have also utilized such as
Spring Framework that provides a comprehensive
programming and configuration model for modern Java-based
enterprise applications. Spring Framework is a group of ready
libraries written in Java language used to provide special
features like: supporting the JDBC, JPA, JMS, Spring MVC
web application, and RESTful web service framework. It also
well tested for receiving the request and sending the results.
Regarding the database management systems, different DBMS
have been employed to store both the policies and the session
information. For example: MySQL Database to store the
policies information. Apache Log45j and SL4J libraries to
maintain the session information.
Hibernate ORM is also used as an object-relational mapping
tool for the Java programming language. It provides a
framework for mapping an object-oriented domain model to a
relational database. Ultimately, because our application is run
through the Interface, the Apache Tomcat is used as the
application Server. For drawing the tables, pictures and
interfaces we use the following technologies: HTML, CSS,
JAVA Script, and jQuery. In the other hand, the JSP and the
JSTL, are used to write the java code inside the HTML. The
name of the IDE used is Spring Tool Suite IDE, which is
enhanced version for Eclipse.
CONCLUSION
In this research, a security model (SAFE) is presented to
provide the security countermeasures for healthcare systems.
SAFE model aims to support an efficient access control
decision depending on the patient’s medical situation and the
requester’s assigned roles. In particular, SAFE grants the
user’s accessing to the patient’s context information if the
user’s roles are not restricted by the stored authorization
policies. This can be relaxed in the case of abnormal medical
situation (emergency) where the user can override all his
restrictions. To do this, the decision tree classifier is integrated
into the SAFE model to provide an effective forecasting
mechanism that determines the patient’s medical situation.
Moreover, SAFE utilizes the AES encryption technique to
assure that the patient’s context information cannot be
exposed during the transmission process to third parties.
14256
ACKNOWLEDGMENT
The authors are grateful to the Applied Science Private
University, Amman-Jordan, for the full financial support
granted to cover the publication fee of this research article.
REFERENCES
[1] Sun, L., and Wang, H.: ‘A purpose based usage access
control model for e-healthcare services’, in Editor
(Ed.)^(Eds.): ‘Book A purpose based usage access
control model for e-healthcare services’ (IEEE, 2011,
edn.), pp. 41-46.
[2] Altamimi, A.M.: ‘SecFHIR: A Security Specification
Model for Fast Healthcare Interoperability Resources’,
International Journal of Advanced Computer Science &
Applications, 2016, 1, (7), pp. 350-355.
[3] Sahama, T., Simpson, L., and Lane, B.: ‘Security and
Privacy in eHealth: Is it possible?’, in Editor
(Ed.)^(Eds.): ‘Book Security and Privacy in eHealth: Is
it possible?’ (IEEE, 2013, edn.), pp. 249-253.
[4] Leyla, N., and MacCaull, W.: ‘A Personalized Access
Control Framework for Workflow-Based Health Care
Information’, in Editor (Ed.)^(Eds.): ‘Book A
Personalized Access Control Framework for Workflow-
Based Health Care Information’ (Springer, 2011, edn.),
pp. 273-284.
[5] An, A., Health Level Seven® International. 2011.
[6] FHIR® . Available at: http://hl7.org/fhir/index.html.
2017
[7] Freitas-Lima, P., et al., The social context and the need
of information from patients with epilepsy: evaluating a
tertiary referral service. Arquivos de neuro-psiquiatria,
2015. 73(4): p. 298-303.
[8] Mondal, S., S. Sural, and V. Atluri, Security analysis of
GTRBAC and its variants using model checking.
computers & security, 2011. 30(2): p. 128-147.
[9] Kabilan, N.: ‘Scalable And Secure Sharing Of Personal
Health Record Maintenance Using Advanced
Encryption Standard (AES)’.
[10] Park, J., Lee, Y.-G., and Yoon, G.: ‘Implementation of
Security Algorithms for u-Health Monitoring System’,
Development, 2012, 2296, pp. 12468.
[11] Jasim, O.K., Abbas, S., El-Horbaty, E., and Salem, A.:
‘Efficiency of Modern Encryption Algorithms in Cloud
Computing’, International Journal of Emerging Trends
& Technology in Computer Science (IJETTCS), 2013,
2, (6), pp. 270-274.
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 12, Number 24 (2017) pp. 14251-14258
© Research India Publications. http://www.ripublication.com
[12] Varsha, B.S., and Suryateja, P.: ‘Using Advanced
Encryption Standard for Secure and Scalable Sharing of
personal Health Records in Cloud’, 2014.
[13] Cankaya, E.C., and Kywe, T. ‘A Secure Healthcare
System: From Design to Implementation’, Procedia
Computer Science, 2015, 62, pp. 203-212.
[14] Oh, J.-Y., Yang, D.-I., and Chon, K.-H.: ‘A selective
encryption algorithm based on AES for medical
information’, Healthcare informatics research, 2010,
16, (1), pp. 22-29.
[15] Garcia-Morchon, O., and Wehrle, K.: ‘Efficient and
context-aware access control for pervasive medical
sensor networks’, in Editor (Ed.)^(Eds.): ‘Book
Efficient and context-aware access control for
pervasive medical sensor networks’ (IEEE, 2010, edn.),
pp. 322-327.
[16] Gajanayake, R., Iannella, R., and Sahama, T.: ‘Privacy
oriented access control for electronic health records’,
electronic Journal of Health Informatics, 2014, 8, (2),
pp. 15.
[17] Kumar, P., and Lee, H.-J.: ‘Security issues in healthcare
applications using wireless medical sensor networks: A
survey’, Sensors, 2011, 12, (1), pp. 55-91.
[18] Saleem, S., Ullah, S., and Yoo, H.S.: ‘On the security
issues in wireless body area networks’, JDCTA, 2009,
3, (3), pp. 178-184.
[19] Santos-Pereira, C., Augusto, A.B., Cruz-Correia, R.,
and Correia, M.E.: ‘A secure RBAC mobile agent
access control model for healthcare institutions’, in
Editor (Ed.)^(Eds.): ‘Book A secure RBAC mobile
agent access control model for healthcare institutions’
(IEEE, 2013, edn.), pp. 349-354.
[20] Damiani, M.L., Bertino, E., Catania, B., and Perlasca,
P.: ‘GEO-RBAC: a spatially aware RBAC’, ACM
Transactions on Information and System Security
(TISSEC), 2007, 10, (1), pp. 2.
[21] Ray, I., Kumar, M., and Yu, L.: ‘LRBAC: a location-
aware role-based access control model’, in Editor
(Ed.)^(Eds.): ‘Book LRBAC: a location-aware role-
based access control model’(Springer, 2006, edn.), pp.
147-161
[22] Bertino, E., Bonatti, P.A., and Ferrari, E.: ‘TRBAC: A
temporal role-based access control model’, ACM
Transactions on Information and System Security
(TISSEC), 2001, 4, (3), pp. 191-233.
[23] Bertolissi, C., and Fernández, M.: ‘Time and location
based services with access control’, in Editor
(Ed.)^(Eds.): ‘Book Time and location based services
with access control’ (IEEE, 2008, edn.), pp. 1-6.
14257
[24] Chandran, S.M., and Joshi, J.B.: ‘LoT-RBAC: a
location and time-based RBAC model’, in Editor
(Ed.)^(Eds.): ‘Book LoT-RBAC: a location and time-
based RBAC model’ (Springer, 2005, edn.), pp. 361-
375.
[25] Sun, L., and Wang, H.: ‘A purpose based usage access
control model for e-healthcare services’, in Editor
(Ed.)^(Eds.): ‘Book A purpose based usage access
control model for e-healthcare services’ (IEEE, 2011,
edn.), pp. 41-46.
[26] Guan, Z., Yang, T., and Du, X.: ‘Achieving secure and
efficient data access control for cloud-integrated body
sensor networks’, International Journal of Distributed
Sensor Networks, 2015.
[27] Kumar, M.R., Fathima, M.D., and Mahendran, M.:
‘Personal Health Data Storage Protection on Cloud
Using MA-ABE’, International Journal of Computer
Applications, 2013, 75, (8).
[28] Zhu, H., Huang, R., Liu, X., and Li, H.: ‘SPEMR: A
new secure personal electronic medical record scheme
with privilege separation’, in Editor (Ed.)^(Eds.):
‘Book SPEMR: A new secure personal electronic
medical record scheme with privilege separation’
(IEEE, 2014, edn.), pp. 700-705.
[29] Liu, W., Liu, X., Liu, J., Wu, Q., Zhang, J., and Li, Y.:
‘Auditing and Revocation Enabled Role-Based Access
Control over Outsourced Private EHRs’, in Editor
(Ed.)^(Eds.): ‘Book Auditing and Revocation Enabled
Role-Based Access Control over Outsourced Private
EHRs’ (IEEE, 2015, edn.), pp. 336-341.
[30] Maw, H.A., Xiao, H., and Christianson, B.: ‘An
adaptive access control model for medical data in
wireless sensor networks’, in Editor (Ed.)^(Eds.):
‘Book An adaptive access control model for medical
data in wireless sensor networks’ (IEEE, 2013, edn.),
pp. 303-309.
[31] Kahani, N., Elgazzar, K., and Cordy, J.R.:
‘Authentication and Access Control in e-Health
Systems in the Cloud’, in Editor (Ed.)^(Eds.): ‘Book
Authentication and Access Control in e-Health Systems
in the Cloud’ (IEEE, 2016, edn.), pp. 13-23.
[32] Oh, H., Rizo, C., Enkin, M., and Jadad, A.: ‘What is
eHealth (3): a systematic review of published
definitions’, J Med Internet Res, 2005, 7, (1), pp. e.
[33] Zhang, K., Yang, K., Liang, X., Su, Z., Shen, X., and
Luo, H.H.: ‘Security and privacy for mobile healthcare
networks: from a quality of protection perspective’,
IEEE Wireless Communications, 2015, 22, (4), pp.
104-112.
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 12, Number 24 (2017) pp. 14251-14258
© Research India Publications. http://www.ripublication.com

[34] PATIL, S.S.S.a.D.: ‘Review On Security And Privacy [47] Aleisa, N.: ‘A Comparison of the 3DES and AES
For Mobile Healthcare Networks: From A Quality Of Encryption Standards’, International Journal of Security
Protection Perspective’, International Journal of and Its Applications, 2015, 9, (7), pp. 241-246.
Engineering Research-Online A Peer Reviewed
[48] Hasimoto-Beltran, R., Al-Masalha, F., and Khokhar,
International Journal 2015, 3, (6).
A.: ‘Performance evaluation of chaotic and
[35] Habib, K., Torjusen, A., and Leister, W.: ‘Security conventional encryption on portable and mobile
analysis of a patient monitoring system for the Internet platforms’: ‘Chaos-Based Cryptography’ (Springer,
of Things in eHealth’, Book Security analysis of a 2011), pp. 375-395.
patient monitoring system for the Internet of Things in
[49] Gupta, S., Kumar, D., and Sharma, A.: ‘Performance
eHealth (2015, edn.).
analysis of various data mining classification
[36] Saleem, S., Ullah, S., and Kwak, K.S.: ‘A study of techniques on healthcare data’, International journal of
IEEE 802.15. 4 security framework for wireless body computer science & Information Technology (IJCSIT),
area networks’, Sensors, 2011, 11, (2), pp. 1383-1395. 2011, 3, (4).
[37] CHELLI, K.: ‘Security Issues in Wireless Sensor [50] Jyoti Sony, Uma Ansari, Dinesh Sharma, Suita Sony
Networks: Attacks and Countermeasures’, in Editor “Predictive data mining for medical diagnosis: an
(Ed.)^(Eds.): ‘Book Security Issues in Wireless Sensor overview of heart disease prediction” International
Networks: Attacks and Countermeasures’ (2015, edn.), Journal of Computer Science and Engineering, vol. 3,
pp. 1-3. 2011.
[38] Kumar, P., and Lee, H.-J.: ‘Security issues in healthcare [51] Zriqat, I.A., Altamimi, A.M., and Azzeh, M.: ‘A
applications using wireless medical sensor networks: A Comparative Study for Predicting Heart Diseases Using
survey’, Sensors, 2011, 12, (1), pp. 55-91. Data Mining Classification Methods’, International
Journal of Computer Science and Information Security
[39] Om, S., and Talib, M.: ‘Wireless Ad-hoc Network
(IJCSIS), Vol. 14, No. 12, December 2016.
under Black-hole Attack’, International Journal of
Digital Information and Wireless Communications
(IJDIWC), 2011, 1, (3), pp. 591-596.
[40] Røstad, L.: ‘Access control in healthcare information
systems’, Norwegian University of Science and
Technology, 2008.
[41] Meyer, C.H.: ‘Cryptography-a state of the art review’,
in Editor (Ed.)^(Eds.): ‘Book Cryptography-a state of
the art review’ (1989, edn.), pp. 4/150-154/154.
[42] Ebrahim, M., Khan, S., and Khalid, U.B.: ‘Symmetric
algorithm survey: a comparative analysis’, arXiv
preprint arXiv: 1405.0398, 2014.
[43] Patil, A., and Goudar, R.: ‘A Comparative Survey of
Symmetric Encryption Techniques for Wireless
Devices’, International journal of scientific &
technology research, 2013, 2, (8).
[44] Gupta, L.: ‘Security in Low Energy Body Area
Networks for Healthcare’, Conference Proceedings,
2014.
[45] Lovelit Jose, C.M., E.Poovammmal ‘A Survey On
Privacy Preservation Of Healthcare Data Using
Cryptographic Techniques ’, International Journal of
Pharmacy & Technology, December 2016, 8, (4), pp.
22322.
[46] Kekgathetse, M.: ‘An Evaluation of Current Computing
Research Aimed at Improving Online Security:
Encryption ’, February 2015.

14258