Secure and Privacy preserving Biometric based User Authentication with Data Access Control System in the Healthcare Environment

In recent years, there has been a tremendous growth worldwide in healthcare information systems to provide personalized services smartly. A digital health documentary EHR (Electronic health record) is utilized to keep users sensitive medical or personal data records, which allows medical professionals to access a patient's information in an insecure environment. Thus, providing security and privacy to e-health information is of utmost importance as private sensitive or safety critical data of the users is transmitted over a wireless channel. Motivated by this fact, in this work, we have developed a biometric based lightweight user authentication system that provides users personalized services securely, safely and efficiently. In the proposed authentication, a lightweight data access control process has been described so that only legal users can access the data as per their capability. Further, to maintain user privacy, instead of a user's global identifier, his temporary local identifier is used for communication whereas the system is designed in such a way that in case of emergency, if required, the user global identifier can be recovered. Finally, formal and informal security verification results and performance evaluation comparison demonstrates that the proposed authentication scheme is secure enough to be used in a healthcare environment.