Proximity Based Access Control for Smart-Emergency Departments*

1
Proximity Based Access Control for
Smart-Emergency Departments

• Sandeep Gupta, T. Mukherjee, K.
  Venkatasubramanian and T. Taylor
• Department of Computer Science Engineering
• Ira A. Fulton School of Engineering
• Arizona State University
• Tempe, Arizona, USA
• http//impact.asu.edu
• Mediserve Information Systems
• Tempe, Arizona, USA

Work done in collaboration with MediServe
Information Systems
2
Overview

• Motivation - Emergency Department Workflow
• Proximity Based Access Control (PBAC)
• Proximity zone design
• Positioning system
• Levels of Resource Access
• PBAC Model
• PBAC Policy Specifications
• Administrative Policies
• Access Control Policies
• Prototype Development
• Conclusions

3
Emergency Department - Background

• Emergency Departments (ED) help people
  experiencing medical emergencies which are
  life-threatening or can cause disabilities.
• Primary focus of ED is to provide patient care.
• ED procedures which minimizes distraction for
  caregivers is essential for its effectiveness.

4
Emergency Department- Problem Statement

• Patients follow well defined service paths in ED
  workflow.
• Several data systems need to be accessed, here,
  requiring unique log-in process.
• Such explicit session log-in/out process causes
  distraction for caregivers and result in
  vulnerabilities

Areas where automated access to resources
improves efficiency
Automation of mundane access related tasks can
improve ED efficiency.
5
Proximity Based Access Control (PBAC)

• Principal Idea is to automatically provide access
  to resources when a subject comes within its
  proximity.
• Challenges
• Design of proximity zone to a resource.
• Determination of proximity to a resource.
• Enforce appropriate information access policy.

PROXIMITY-BASED ACESS TO RESOURCE
6
Design of Proximity Zone
Zone 2

• Definition of proximity is essential for PBAC
• Proximity zones characteristics
• Number
• Shape (circle, square ..)
• Size (radius, length of sides.. )
• Factors influencing proximity zone
• The access control policies for the resource.
• The geometry of the area.
• The accuracy of the positioning system.
• Radio environment of the area.

Zone 1
PROXIMITY ZONES AROUND RESOURCES
7
Sample Proximity Zone Design

• The application (resource, access policy)
  mandates
• Sapp ? shape of the proximity zone
• Rapp ? parameters for the shape
• Physical Zone Design
• Based on the accuracy positioning system, we set
• Ri ? Ri ?, for every i ? Rapp
• ? is the average error in the accuracy of the
  positioning system.
• Based on the geometry of the area , we set
• Sapp ? Sgeo
• Sgeo is the new shape.

Application mandated shape and size
Actual Shape size
?
8
Determination of Proximity

• Proximity detection directly tied to accuracy of
  underlying positioning system.
• The radio environment plays an important role in
  positioning system accuracy.
• Need a system which works accurately indoors.
• Positioning system classification
• RF based
• RF and ultra-sound based
• Ultra-Wide Band based

Winner Ultra-Wide Band, because
9
Ultra-Wide Band (UWB) based positioning

• Better performance for indoor environments e.g.
  ED.
• Short signal pulse makes it less vulnerable to
  multipath-effects.
• Any interference noise is normalized over a wide
  signal band keeping the SNR high.
• UWB operated at 3-10 GHz frequency range where
  few other devices work, minimizing interference.

10
Access to Resources in PBAC

• Subjects have varying degrees of access
  privileges.
• If multiple subjects in resource proximity
• Common set of privileges should be provided.
• Should not include access to subject specific
  information.
• Subject in proximity without intent of access
  should be recognized.

11
Levels of Access

• Authentication is a means of ensuring enforcement
  of appropriate privileges.
• Three levels of authentication
• No-Auth access restricted to publicly available
  information.
• Level I single challenge/response session,
  guarantees privileges corresponding to their
  organizational domain (ED, Trauma center). All
  subjects in the domain have common set of
  privileges.
• Level II additional challenge/response session
  required, allows access to sensitive information
  (patient data).

Role Specific (Level II Auth)
Domain Specific (Level I Auth)
Public (No Auth)
12
PBAC - Model

• Access to resources provided based on
• Proximity
• Current Level of Authentication
• Privileges given to subjects using Role Based
  Access Control (RBAC) model.
• Two types of roles
• Organizational (OR) role assigned when subject
  joins the system, doctor in hospital.
• Group (GR) role assigned based on subjects
  domain of work, surgeon in ED.

13
PBAC - Model Implementation

• Each resource maintains a list of roles (resource
  roles (RR)) and associated privileges called
  Access Control List (ACL).
• Subjects Group/ Organizational roles mapped on
  to RR in ACL by resource for access.
• Context information provides information on
• Proximity
• Level of Authentication
• Others in Subjects Domain and their privileges

Group/ Org Role
Context
f
ACL
Privileges
RR
Role 1
Privileges for Role 1
Role 2
Privileges for Role 2
Privileges for Role N
Role N
14
PBAC- Policy Specifications

• Specify rules for accessing service provided by
  resource, using PBAC.
• Two types of policies
• Administrative
• Define the rules for administrative function
  within the system.
• Access Control
• Define the rules based on which access is given
  to subjects in proximity of resources.

15
Administrative Policies Specification

• Two principal policy classifications
• Assigning Roles
• OR
• GR (can be given only to subjects with OR)
• Removing Roles
• OR (cannot be removed until all associated GRs
  for a subject are removed)
• GR

Administrative Policies
Assigning Roles
Removing Roles
OR
GR
16
Access Control Policies Specification
Access Control Policies
Access to Unoccupied Resources
Access to Occupied Resources
Single Subject
Multiple Subjects
Single Subject
Multiple Subjects
Direct access
Wait for Resource to free
Random Choice
Log-in Initiate
Actual Proximity
17
Prototype

• Built a preliminary prototype for PBAC using a
  commercially available UWB-based positioning
  system from Ubisense Inc.
• Tested the accuracy of the positioning system at
  a Level-I Trauma Center ED in the Phoenix Area.
• Positioning accuracy of the system was within 2-8
  inches.
• Implemented the PBAC specifications using the
  Ubisense positioning simulator and tested it in
  different scenarios (using 3 subjects)
• Single subject accessing un-occupied resource.
• Multiple subjects accessing un-occupied resource
• Subject is proximity without intent of access
• Temporary absence of a logged-in subject.

18
Conclusions

• Improving efficiency of ED necessary to provide
  better care to patients.
• Automating resource access in ED allows
  care-givers to focus on patients.
• Proximity-based Access Control (PBAC) useful for
  this purpose.
• We presented specifications for the PBAC and
  built a prototype to test its working.