Skip to main content
SpringerLink
Log in

Privacy-Preserving and Secure Sharing of PHR in the Cloud

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

As a new summarized record of an individual’s medical data and information, Personal Health Record (PHR) can be accessible online. The owner can control fully his/her PHR files to be shared with different users such as doctors, clinic agents, and friends. However, in an open network environment like in the Cloud, these sensitive privacy information may be gotten by those unauthorized parties and users. In this paper, we consider how to achieve PHR data confidentiality and provide fine-grained access control of PHR files in the public Cloud based on Attribute Based Encryption(ABE). Differing from previous works, we also consider the privacy preserving of the receivers since the attributes of the receivers relate to their identity or medical information, which would make some sensitive data exposed to third services. Anonymous ABE(AABE) not only enforces the security of PHR of the owners but also preserves the privacy of the receivers. But a normal AABE with a single private key generation(PKG) center may not match a PHR system in the hierarchical architecture. Therefore, we discuss not only the construction of the PHR sharing system base on AABE but also how to construct the PHR sharing system based on the hierarchical AABE. The proposed schemes(especially based on hierarchical AABE) have many advantages over the available such as short public keys, constant-size private keys, which overcome the weaknesses in the existing works. In the standard model, the introduced schemes achieve compact security in the prime order groups.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Sun, J., and Fang, Y., Cross-domain data sharing in distributed electronic health record systems. IEEE Transactions on Parallel and Distributed System 21(6):754–764, 2009.

    Google Scholar 

  2. Liu, C., Lin, F., Chiang, D., et al: Secure PHR access control scheme for healthcare application clouds. In: Proceeding of 42nd International Conference on Parallel Processing, pp. 1067–1076. IEEE Computer Society Washington (2013)

  3. Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W., Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed System 24(1): 131–143, 2013.

    Article  Google Scholar 

  4. Tang, P., Ash, J., Bates, D., et al, Personal health records: Definitions, Benefits, and strategies for overcoming barriers to adoption. Journal of the American Medical Informatics Association 13(2):121–126, 2006.

  5. Sahai, A., and Waters, B., Fuzzy identity-based encryption, Advances in cryptology-EUROCRYPT 2005, pp. 457–473. Berlin: Springer-Verlag, 2005.

  6. Goyal, V., Pandey, O., Sahai, A., Waters, B., Attribute-based encryption for fine-grained access control of encrypted data, pp. 89–98: ACM CCS, ACM press, 2006.

  7. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of Symposium on Security and Privacy, pp. 321–334. IEEE press (2007)

  8. Narayan, S., Gagne, M., Safavi-Naini, R.: Privacy preserving EHR system using attribute-based infrastructure. In: Proceedings ACM Cloud Computing Security Workshop (CCSW’10), pp. 47–52. ACM press (2010)

  9. Liang, X., Lu, R., Lin, X., Shen, X.S.: Patient self-controllable access policy on phi in Ehealthcare systems. In: Proceedings Advances in Health Informatics Conference (AHIC 10), pp. 1–5 (2010)

  10. Akinyele, J.A., Lehmann, C.U., Green, M.D., Pagano, M.W., Peterson, Z.N.J., Rubin, A.D.: Self-Protecting Electronic Medical Records Using Attribute-Based Encryption, Cryptology ePrint Archive, Report 2010/565, http://eprint.iacr.org/ (2010)

  11. Gondkar, D.A., and Kadam, V.S.: Attribute Based Encryption for Securing Personal Health Record on Cloud, 2nd IEEE International Conference on Devices, Circuits and Systems (ICDCS), pp. 1–5, IEEE press (2014). Ibraimi, L., Asim, M., Petkovic, M., Secure management of personal health records by applying attribute-based encryption, In: Proceeding of the pHealth’09, IEEE, pp. 71–74 (2009)

  12. Sangeetha, D., Vijayakumar, V., Thirunavukkarasu, V., Ramesh, A.: Enhanced security of PHR system in cloud using prioritized level based encryption. In: Proceeding SNDS, CCIS 420, pp. 57–69. Springer-Verlag, Berlin (2014)

  13. Xhafa, F., Feng, J., Zhang, Y., Chen, X., Li, J., Privacy-aware attribute-based PHR sharing with user accountability in cloud computing. Journal of Supercomputing 71:1607–1619, 2015.

    Article  Google Scholar 

  14. Boneh, D., and Franklin, M.: Identity-based encryption from the weil pairing. In: Proceedings of Advance in Cryptology-CRYPTO, LNCS 2139, pp. 213–229. Springer-Verlag, Berlin (2001)

  15. Boneh, D., Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Proceedings of Advances in Cryptology-Eurocrypt, LNCS 3027, pp. 506–522. Springer-Verlag, Berlin (2004)

  16. Abdalla, M., Bellare, M., Catalano, D.: Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions. In: Proceedings of Advances in Cryptology-CRYPTO, LNCS 3621, pp. 205–222. Springer-Verlag, Berlin (2005)

  17. Kapadia, A., Tsang, P.P., Smith, S.W.: Attribute-based publishing with hidden credentials and hidden policies. In: Proceedings of IEEE Symposium of Network and Distributed System Security, pp. 179–192. IEEE press (2007)

  18. Yu, S., Ren, K., Lou, W.: Attribute-based content distribution with hidden policy. Proceedings of IEEE Workshop on Secure Network Protocols, pp. 39–44. IEEE press (2008)

  19. Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden encryptor-specified access structures. In: ACNS, LNCS 5037, pp. 111–129. Springer-Verlag, Berlin (2008)

  20. Li, J., Ren, K., Zhu, B., Wan, Z.: Privacy-aware attribute-based encryption with user accountability. In: ISC 2009, LNCS 5735, Vol. 347–362. Springer-Verlag, Berlin (2009)

  21. Chaudhari, P., Lal Das, M., Mathuria, A.: On anonymous attribute based encryption. In: ICISS 2015, LNCS 9478, pp. 378–392. Springer-Verlag, Berlin (2015)

  22. Zhang, Y., Chen, X., Li, J., Wong, D.S., Li, H.: Anonymous attribute-based encryption supporting efficient decryption test. In: Proceedings of the ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 511–516 (2013)

  23. Gentry, C., and Silverberg, A.: Hierarchical ID-Based cryptography. In: Proceedings of Advances in Cryptology-ASIACRYPT, LNCS 2501, pp. 548–566. Springer-Verlag, Berlin (2002)

  24. Boneh, D., and Boyen, X.: Efficient selective-ID secure identity based encryption without random oracles. In: Proceedings of Advances in Cryptology-EUROCRYPT, LNCS 3027, pp. 223–238. Springer-Verlag, Berlin (2004)

  25. Boneh, D., Boyen, X., Shacham, H.: Short group signature. In: Proceedings of Advances in Cryptology-CRYPT, LNCS 3152, pp. 41–55. Springer-Verlag, Berlin (2004)

  26. Lee, J.H.P., Anonymous HIBE: Compact construction over prime-order groups. IEEE Transactions on Information Theory 59(4):2531–2541, 2013.

    Article  Google Scholar 

  27. Xie, Y., Wen, H., Wu, B., Jiang, Y., Meng, J.: A modified hierarchical attribute-based encryption access control method for mobile cloud computing. IEEE Transactions on Cloud Computing, doi:10.1109/TCC.2015.2513388, will apper (2016)

  28. Abdalla, M., Catalano, D., Fiore, D.: Verifiable random functions from identity-based key encapsulation. In: Proceedings of Advances in Cryptology-Eurocrypt, LNCS 5479, pp. 554–571. Springer-Verlag, Berlin (2009)

  29. Boyen, X., and Waters, B.: Anonymous hierarchical identity-based encryption (without random oracles). In: Proceedings of Advances in Cryptology-CRYPTO 06, LNCS 5677, pp. 290–317. Springer-Verlag, Berlin (2006)

  30. Liu, X., Liu, Q., Peng, T., Wu, J.: HCBE achieving fine-grained access control in cloud-based PHR systems. In: Proceedings of ICA3PP 2015, Part III, LNCS 9530, pp. 562–576. Springer-Verlag, Berlin (2015)

  31. He, D., Zeadally, S., Kumar, N., Lee, J., Anonymous authentication for wireless body area networks with provable security. IEEE Systems Journal PP(99):1–12, 2016. doi:10.1109/JSYST.2016.2544805.

    Google Scholar 

  32. He, D., Zeadally, S., Wu, L., Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Systems Journal PP(99):1–10, 2015. doi:10.1109/JSYST.2015.2428620.

    Article  Google Scholar 

  33. He, D., Kumar, N., Shen, H., Lee, J., One-to-many authentication for access control in mobile pay-TV systems. Science China-Information Sciences 59(5):1–14, 2016.

    Article  Google Scholar 

  34. Li, F., and Wu, W., Pairing-based cryptography. Beijing, China: Science Press, 2014.

    Google Scholar 

Download references

Acknowledgments

This work was supported partly by the Nature Science Foundation of China under Grant (61472307, 61402112, 61100165, 61100231) and Natural Science Basic Research Plan in Shaanxi Province of China(Program NO. 2016JM6004).

Author information

Authors and Affiliations

  1. School of Mathematics and Statistics, Xidian University, Xi’an, 710121, China

    Leyou Zhang & Jingxia Zhang

  2. School of Automation, Xi’an University of Posts and Telecommunication, Xi’an, 710121, China

    Qing Wu

  3. School of Computer Science and Software Engineering, University of Wollongong, Wollongong, NSW, 2522, Australia

    Yi Mu

Authors
  1. Leyou Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qing Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yi Mu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jingxia Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Leyou Zhang.

Additional information

This article is part of the Topical Collection on Security and Privacy in e-healthcare

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, L., Wu, Q., Mu, Y. et al. Privacy-Preserving and Secure Sharing of PHR in the Cloud. J Med Syst 40, 267 (2016). https://doi.org/10.1007/s10916-016-0595-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-016-0595-1

Keywords

Search

Navigation