Privacy-preserving multi-factor authentication and role-based access control scheme for the E-healthcare system

Abstract

E-healthcare assists medical specialists in remotely collecting patient health data and providing remote health diagnoses. The roles are distributed among the system's users, contrasted between admin to data entry within certain rules and policies. Role-based access control (RBAC) is a technique of advanced access control that restricts key operations of users (addition, deletion and modification) access based on a user's role within a healthcare system. This paper proposes a privacy-preserving using RBAC and smart multi-factor authentication for the healthcare system to overcome the limitation flaw in previous schemes such as security risk tolerance, scalability and dynamism. This work relies on low-complexity cryptographic hash functions and symmetric operations to authenticate users while using an asymmetric cryptosystem based on the Schnorr digital signature lightweight operation to authenticate the administrator to provide multi-factor authentication. The administrator represents the system's core, and any his information leak could attack the entire system and its components. The proposed scheme conducted two thorough formal security proofs for the proposed work based on informal analysis and the Scyther tool. Furthermore, comparisons with other schemes reveal that the proposed scheme provides greater security features, and resisting attacks than the others while also being efficient in computing and communication costs.