HDACS: A Secure and Efficient Framework for Attribute-based and Temporal Access Control in Healthcare Data Systems
摘要
The growth of smart health technologies has advanced modern healthcare systems, but it has also exposed sensitive patient data to new security threats. Electronic Health Records face increasing risks from cyber attacks and insider misuse, and traditional security models often fail to provide adequate protection. This paper presents a Hospital Data Access Control System (HDACS) that integrates Ciphertext-Policy Attribute-Based Encryption (CP-ABE), Role-Based Access Control (RBAC), and Temporal Access Control (TAC) to enable context-aware and secure access to patient data. HDACS uses AES-256-GCM to encrypt records and employs CP-ABE to embed access rules directly into the ciphertext, allowing policy-driven key management. Time-based restrictions and a revocation mechanism further limit access to authorized periods and users. Performance evaluation shows substantial improvements, with HDACS achieving encryption time of 74 ms (up to 58.9% faster), decryption time of 7 ms (up to 88.3% faster), and significantly lower storage overhead (2.94 KiB, up to 83.2% reduction) than Easy-ABE, FAME, and FABEO. It also reduces key-generation time by up to 99.6% compared to slower models. Tamper-evident audit logs support compliance with HIPAA, HITECH, and GDPR, while scalability tests demonstrate stable performance under increasing computational loads. By combining temporal policies, efficient encryption, and built-in policy enforcement, HDACS provides a strong and scalable approach to protecting healthcare data in smart health environments.