International Journal of Information Security

, Volume 14, Issue 6, pp 499–511 | Cite as

Flexible attribute-based encryption applicable to secure e-healthcare records

  • Bo Qin
  • Hua Deng
  • Qianhong Wu
  • Josep Domingo-Ferrer
  • David Naccache
  • Yunya Zhou
Special Issue Paper


In e-healthcare record systems (EHRS), attribute-based encryption (ABE) appears as a natural way to achieve fine-grained access control on health records. Some proposals exploit key-policy ABE (KP-ABE) to protect privacy in such a way that all users are associated with specific access policies and only the ciphertexts matching the users’ access policies can be decrypted. An issue with KP-ABE is that it requires an a priori formulation of access policies during key generation, which is not always practicable in EHRS because the policies to access health records are sometimes determined after key generation. In this paper, we revisit KP-ABE and propose a dynamic ABE paradigm, referred to as access policy redefinable ABE (APR-ABE). To address the above issue, APR-ABE allows users to redefine their access policies and delegate keys for the redefined ones; hence, a priori precise policies are no longer mandatory. We construct an APR-ABE scheme with short ciphertexts and prove its full security in the standard model under several static assumptions.


E-healthcare records Privacy Access control Attribute-based encryption 



We thank the anonymous reviewers for their valuable suggestions. The following funding sources are gratefully acknowledged: China National Key Basic Research Program (973 Program, Project 2012CB315905), Natural Science Foundation of China (Projects 61370190, 61173154, 61272501, 61402029, 61202465 and 61472429), Beijing Natural Science Foundation (Projects 4132056 and 4122041), Fundamental Research Funds for the Central Universities of China, Research Funds of Renmin University (No. 14XNLF02), European Commission (Projects FP7 “DwB”, FP7 “Inter-Trust” and H2020 “CLARUS”) and Spanish Govt. (Project TIN2011-27076-C03-01), Govt. of Catalonia (ICREA Acadèmia Prize to the fourth author).


  1. 1.
    Attrapadung, N., Libert, B., De Panafieu, E.: Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts. PKC 2011. LNCS 6571, pp. 90–108. Springer (2011)Google Scholar
  2. 2.
    Beimel, A.: Secure Schemes for Secret Sharing and Key Distribution. Ph.D. thesis, Israel Institute of Technology, Technion, Haifa, Israel (1996)Google Scholar
  3. 3.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In IEEE Symposium on Security and Privacy, 2007, pp. 321–334. IEEE Press (2007)Google Scholar
  4. 4.
    Boneh, D., Boyen, X., Goh, E.: Hierarchical Identity Based Encryption with Constant Size Ciphertex. EUROCRYPT 2005. LNCS 3493, pp. 440-456. Springer (2005)Google Scholar
  5. 5.
    Boneh, D., Goh E., Nissim, K.: Evaluating 2-DNF Formulas on Ciphertexts. TCC 2005. LNCS 3378, pp. 325–341. Springer (2005)Google Scholar
  6. 6.
    Boneh, D., Nikolaenko, V., Segev G.: Attribute-Based Encryption for Arithmetic Circuits. Cryptology ePrint Archive, Report 2013/669. (2013)
  7. 7.
    Deng, H., Wu, Q., Qin, B., Domingo-Ferrer, J., Zhang, L., Liu, J., Shi, W.: Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf. Sci. 275, 370–384 (2014)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Deng, H., Wu, Q., Qin, B., Mao, J., Liu, X., Zhang, L., Shi, W.: Who is Touching my Cloud. ESORICS 2014, LNCS 8712, pp. 362–379. Springer (2014)Google Scholar
  9. 9.
    Goyal, V., Jain, A., Pandey, O., Sahai, A.: Bounded Ciphertext Policy Attribute Based Encryption. ICALP 2008. LNCS 5126, pp. 579–591. Springer (2008)Google Scholar
  10. 10.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data. ACM CCS 2006, pp. 89–98. ACM Press (2006)Google Scholar
  11. 11.
    Hohenberger, S., Waters, B.: Attribute-Based Encryption with Fast Decryption. PKC 2013. LNCS 7778, pp. 162–179. Springer (2013)Google Scholar
  12. 12.
    Hur, J.: Fine-grained data access control for distributed sensor networks. Wirel. Netw. 17(5), 1235–1249 (2011)CrossRefGoogle Scholar
  13. 13.
    Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption. EUROCRYPT 2010. LNCS 6110, pp. 62–91. Springer (2010)Google Scholar
  14. 14.
    Lewko, A., Waters, B.: New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts. TCC 2010. LNCS 5978, pp. 455–479. Springer (2010)Google Scholar
  15. 15.
    Lewko, A., Waters, B.: Unbounded HIBE and Attribute-Based Encryption. EUROCRYPT 2011. LNCS 6632, pp. 547–567. Springer (2011)Google Scholar
  16. 16.
    Li, J., Wang, Q., Wang, C., Ren, K.: Enhancing Attribute-Based Encryption with Attribute Hierarchy. ChinaCom 2009, pp. 1–5. IEEE Press (2009)Google Scholar
  17. 17.
    Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)CrossRefGoogle Scholar
  18. 18.
    Liang, X., Barua, M., Lu, R., Lin, X., Shen, X.S.: HealthShare: achieving secure and privacy-preserving health information sharing through health social networks. Comput. Commun. 35(15), 1910–1920 (2012)CrossRefGoogle Scholar
  19. 19.
    Liu, W., Liu, J., Wu, Q., Qin, B., Zhou, Y.: Practical Direct Chosen Ciphertext Secure Key-Policy Attribute-Based Encryption with Public Ciphertext Test. ESORICS 2014, LNCS 8713, pp. 91–108. Springer (2014)Google Scholar
  20. 20.
    Rouselakis, Y., Waters, B.: Practical Constructions and New Proof Methods for Large Universe Attribute-based Encryption. ACM CCS 2013, pp. 463–474. ACM Press (2013)Google Scholar
  21. 21.
    Sahai, A., Waters, B.: Fuzzy Identity-Based Encryption. EUROCRYPT 2005. LNCS 3494, pp. 457–473. Springer (2005)Google Scholar
  22. 22.
    Wang, Y., Wu, Q., Wong, D.S., Qin, B., Chow, S.S.M., Liu, Z., Tan., X.: Securely Outsourcing Exponentiations with Single Untrusted Program for Cloud Storage. ESORICS 2014, LNCS 8712, pp. 326–343. Springer (2014)Google Scholar
  23. 23.
    Waters, B.: Dual System Encryption: Realizing Fully Secure IBE and HIBE Under Simple Assumptions. CRYPTO 2009. LNCS 5677, pp. 619–636. Springer (2009)Google Scholar
  24. 24.
    Waters, B.: Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization. PKC 2011. LNCS 6571, pp. 53–70. Springer (2011)Google Scholar
  25. 25.
    Wan, Z., Liu, J., Deng, R.H.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012)CrossRefGoogle Scholar
  26. 26.
    Yu, S., Ren, K., Lou, W.: FDAC: toward fine-grained distributed data access control in wireless sensor networks. IEEE Trans. Parallel Distrib. Syst. 22(4), 673–686 (2011)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Bo Qin
    • 1
  • Hua Deng
    • 2
  • Qianhong Wu
    • 3
  • Josep Domingo-Ferrer
    • 4
  • David Naccache
    • 5
  • Yunya Zhou
    • 3
  1. 1.Key Laboratory of Data Engineering and Knowledge Engineering, Ministry of Education, School of InformationRenmin University of ChinaBeijingChina
  2. 2.School of ComputerWuhan UniversityWuhanChina
  3. 3.School of Electronic and Information EngineeringBeihang UniversityBeijingChina
  4. 4.Department of Computer Engineering and Mathematics, UNESCO Chair in Data PrivacyUniversitat Rovira i VirgiliTarragonaCatalonia
  5. 5.Département d’informatiqueÉcole normale supérieureParis Cedex 05France

Personalised recommendations