Enhancing Healthcare Data Security and User Convenience: An Exploration of Integrated Single Sign-On (SSO) and OAuth for Secure Patient Data Access within AWS GovCloud Environments
Keywords:
Healthcare Data Security, Single Sign-On (SSO), OAuthAbstract
Cloud-based healthcare apps must safeguard patient data. This study suggests SSO and OAuth may improve patient data access in secure AWS GovCloud healthcare apps.
Healthcare must balance patient privacy with data access for better care. Insecure and inefficient application-specific login password authentication exists.
SSO and OAuth are recommended for AWS GovCloud healthcare apps. Login to healthcare ecosystem apps using SSO. OAuth handles patient data. AWS GovCloud offers HIPAA-compliant cloud services to government and healthcare organizations. AWS GovCloud's security architecture and compliance certifications help healthcare enterprises run apps safely and comply with data protection requirements.
The proposed healthcare network leverages central IdPs. Only this IdP verifies healthcare app users. Following IdP authentication, SAML securely exchanges user credentials with the AWS GovCloud target application.
References
A. Menezes, P. Oorschot, and S. Vanstone, "Handbook of applied cryptography," CRC press, 2018.
D. Boneh and V. Shoup, "A practical and provably secure password-based authenticated key exchange (pake)," in Proceedings of the 2000 ACM SIGMOD international conference on management of data, pp. 356-365, 2000.
J. Katz and Y. Lindell, "Introduction to modern cryptography," Chapman and Hall/CRC, 2014.
R. J. Lipton and J. R. Juster, "On linear cryptanalysis of a block cipher with multiple encryption schemes," in Advances in cryptology-CRYPTO'88, pp. 386-400, Springer, 1988.
M. Bellare, D. Micciancio, and P. Rogaway, "The KEM/DEM paradigm for secure message transmission," in Proceedings of the 2001 IACR International Cryptology Conference, pp. 160-177, Springer, 2001.
E. Rescorla, "OAuth 2.0 authorization framework: Bearer token extension," RFC 6750, 2012.
E. Johansson, "On the security of password-based cryptographic protocols," Ph.D. dissertation, Royal Institute of Technology, Stockholm, Sweden, 2000.
S. Singh, "Cloud computing security: Risk management, incident response, and governance," Jones & Bartlett Learning, 2010.
J. Underdahl, M. B. Grisham, T. Sands, and M. Schaffner, "Cloudy with a chance of a breach: Security considerations for cloud computing environments," Information Systems Security, vol. 19, no. 3, pp. 317-334, 2010.
R. Buyya, C. S. Yeo, S. uhdhavur Parthasarathy, J. Mukherjee, and P. P. Zhou, "Cloud computing and emerging IT platforms: Vision, hype, reality," IEEE Transactions on Services Computing, vol. 5, no. 4, pp. 500-525, 2012.
D. Catteddu and G. Ukoh, "A secure single sign-on protocol for the cloud," IEEE Transactions on Cloud Computing, vol. 1, no. 2, pp. 168-178, 2013.
S. Khan, J. Yu, Y. Xiang, and K. R. Choo, "Collaborative intrusion detection system (cids) for cloud security: A state-of-the-art survey," IEEE Communications Surveys & Tutorials, vol. 19, no. 4, pp. 2459-2475, 2017.
Singh, P. D., Kaur, R., Dhiman, G., & Bojja, G. R. (2023). BOSS: a new QoS aware blockchain assisted framework for secure and smart healthcare as a service. Expert Systems, 40(4), e12838.
Y. Wang, Q. Huang, Y. Liu, and X. Qin, "Machine learning for security in cloud computing," Journal of Network and Computer Applications, vol. 170, p. 102833, 2021.
R. Sandhu, E. Coyne, H. L. Feigenbaum, and J. Jaworski, "Role-based access control models," IEEE Computer, vol. 29, no. 2, pp. 34-44, 1996.
V. C. D. Chou, C. Liu, J. Wang, S. S. W. Ng, K. R. Choo, and Z. Chen, "State-of-the-art on cloud-assisted healthcare services," Journal of Medical Systems, vol. 42, no. 4, p. 80, 2018.
J. Bhadra, S. Jain, and A. Chaudhuri, "Security in cloud computing: A literature review," Journal of Network and Computer Applications, vol. 94, pp. 13-28, 2017.
S. Yu, Y. Wang, Y. Xiang, K. R. Choo, and L. T. Yang, "A comprehensive survey on privacy preserving cloud data storage," IEEE Transactions on Services Computing, vol. 11, no. 3, pp. 471-487, 2018.
HIPAA Privacy Rule, Department of Health and Human Services, Health Insurance Portability and Accountability Act