Proximity Based Access Control for Smart- Emergency Departments * Sandeep Gupta*, T. Mukherjee*, K. Venkatasubramanian* and T. Taylor + *Department of Computer Science & Engineering Ira A. Fulton School of Engineering Arizona State University Tempe, Arizona, USA +Mediserve Information Systems Tempe, Arizona, USA *Work done in collaboration with MediServe Information Systems

Overview Motivation - Emergency Department Workflow Proximity Based Access Control (PBAC) Proximity zone design Positioning system Levels of Resource Access PBAC Model PBAC Policy Specifications Administrative Policies Access Control Policies Prototype Development Conclusions

Emergency Department - Background Emergency Departments (ED) help people experiencing medical emergencies which are life- threatening or can cause disabilities. Primary focus of ED is to provide patient care. ED procedures which minimizes distraction for caregivers is essential for its effectiveness.

Emergency Department- Problem Statement Patients follow well defined service paths in ED workflow. Several data systems need to be accessed, here, requiring unique log-in process. Such explicit session log-in/out process causes distraction for caregivers and result in vulnerabilities Patient Logged Triage Area Immediate Surgery Needs In-Patient care ED Treatment Area Waiting Area Admitted to Hospital Transfer to Another Facility Discharged Home Left Without Treatment IN Triage in Room out Areas where automated access to resources improves efficiency Automation of mundane access related tasks can improve ED efficiency.

Proximity Based Access Control (PBAC) Principal Idea is to automatically provide access to resources when a subject comes within its proximity. Challenges Design of proximity zone to a resource. Determination of proximity to a resource. Enforce appropriate information access policy. PROXIMITY-BASED ACESS TO RESOURCE

Design of Proximity Zone Definition of proximity is essential for PBAC Proximity zones characteristics: Number Shape (circle, square..) Size (radius, length of sides.. ) Factors influencing proximity zone: The access control policies for the resource. The geometry of the area. The accuracy of the positioning system. Radio environment of the area. PROXIMITY ZONES AROUND RESOURCES Zone 1 Zone 2

Sample Proximity Zone Design The application (resource, access policy) mandates S app  shape of the proximity zone R app  parameters for the shape Physical Zone Design: Based on the accuracy positioning system, we set R i  R i + Δ, for every i  R app Δ is the average error in the accuracy of the positioning system. Based on the geometry of the area, we set S app  S geo ’ S geo ’ is the new shape. Application mandated shape and size Actual Shape & size Δ

Determination of Proximity Proximity detection directly tied to accuracy of underlying positioning system. The radio environment plays an important role in positioning system accuracy. Need a system which works accurately indoors. Positioning system classification: RF based RF and ultra-sound based Ultra-Wide Band based Winner: Ultra-Wide Band, because…

Ultra-Wide Band (UWB) based positioning Better performance for indoor environments e.g. ED. Short signal pulse makes it less vulnerable to multipath-effects. Any interference noise is normalized over a wide signal band keeping the SNR high. UWB operated at 3-10 GHz frequency range where few other devices work, minimizing interference.

Access to Resources in PBAC Subjects have varying degrees of access privileges. If multiple subjects in resource proximity: Common set of privileges should be provided. Should not include access to subject specific information. Subject in proximity without intent of access should be recognized.

Levels of Access Authentication is a means of ensuring enforcement of appropriate privileges. Three levels of authentication: No-Auth: access restricted to publicly available information. Level – I: single challenge/response session, guarantees privileges corresponding to their organizational domain (ED, Trauma center). All subjects in the domain have common set of privileges. Level – II: additional challenge/response session required, allows access to sensitive information (patient data). Role Specific (Level II Auth) Public (No Auth) Domain Specific (Level I Auth)

PBAC - Model Access to resources provided based on: Proximity Current Level of Authentication Privileges given to subjects using Role Based Access Control (RBAC) model. Two types of roles: Organizational (OR): role assigned when subject joins the system, doctor in hospital. Group (GR): role assigned based on subject’s domain of work, surgeon in ED.

PBAC - Model Implementation Each resource maintains a list of roles (resource roles (RR)) and associated privileges called Access Control List (ACL). Subjects’ Group/ Organizational roles mapped on to RR in ACL by resource for access. Context information provides information on: Proximity Level of Authentication Others in Subject’s Domain and their privileges Group/ Org Role Role 1 Role 2 Role N Privileges for Role 1 Privileges for Role 2 Privileges for Role N f Context RR Privileges ACL

PBAC- Policy Specifications Specify rules for accessing service provided by resource, using PBAC. Two types of policies: Administrative Define the rules for administrative function within the system. Access Control Define the rules based on which access is given to subjects in proximity of resources.

Administrative Policies Specification Two principal policy classifications: Assigning Roles OR GR (can be given only to subjects with OR) Removing Roles OR (cannot be removed until all associated GRs for a subject are removed) GR Administrative Policies Assigning Roles Removing Roles ORGR

Access Control Policies Specification Access Control Policies Access to Unoccupied Resources Access to Occupied Resources Single Subject Multiple Subjects Random Choice Actual Proximity Log-in Initiate Single Subject Multiple Subjects Wait for Resource to free Direct access

Prototype Built a preliminary prototype for PBAC using a commercially available UWB-based positioning system from Ubisense Inc. Tested the accuracy of the positioning system at a Level-I Trauma Center ED in the Phoenix Area. Positioning accuracy of the system was within 2-8 inches. Implemented the PBAC specifications using the Ubisense™ positioning simulator and tested it in different scenarios (using 3 subjects): Single subject accessing un-occupied resource. Multiple subjects accessing un-occupied resource Subject is proximity without intent of access Temporary absence of a logged-in subject.

Conclusions Improving efficiency of ED necessary to provide better care to patients. Automating resource access in ED allows care-givers to focus on patients. Proximity-based Access Control (PBAC) useful for this purpose. We presented specifications for the PBAC and built a prototype to test its working.