The Journal of Supercomputing

, Volume 71, Issue 5, pp 1607–1619 | Cite as

Privacy-aware attribute-based PHR sharing with user accountability in cloud computing

  • Fatos Xhafa
  • Jianglang Feng
  • Yinghui Zhang
  • Xiaofeng Chen
  • Jin Li


As an emerging patient-centric model of health information exchange, personal health record (PHR) is often outsourced to be stored at a third party. The value of PHR data is its long-term cumulative record relevant with personal health which can be significant in the future when faced with disease occurrences. As a promising public key primitive, attribute-based encryption (ABE) has been used to design PHR sharing systems. However, the existing solutions fail to achieve several important security objectives, that is, no need for a single authority to issue private keys to all PHR users, user access privacy protection, and user accountability. In this paper, we propose a multi-authority ciphertext-policy ABE scheme with user accountability and apply it to design an attribute-based PHR sharing system. In the proposed solution, the access policy is hidden and hence user access privacy is protected. In particular, the global identity of a misbehaving PHR user who leaked the decryption key to other unauthorized users can be traced, and thus the trust assumptions on both the authorities and the PHR users are reduced. Extensive analysis shows that the proposed scheme is provably secure and efficient.


Personal health record Cloud computing Multi-authority Anonymity Accountability 



We are grateful to the anonymous referees for their invaluable suggestions. This work is supported by the National Natural Science Foundation of China (Nos. 61272455, 61100224 and 61272037), and the Natural Science Foundation of Shaanxi Province (No. 2013JZ020). The work of Fatos Xhafa is supported by Project COMMAS (Computational Models and Methods for Massive Structured Data), TIN2013-46181-C2-1-R.


  1. 1.
    Kaelber DC, Jha AK, Johnston D, Middleton B, Bates DW (2008) A research agenda for personal health records (phrs). J Am Med Inform Assoc 15(6):729–736CrossRefGoogle Scholar
  2. 2.
    Ibraimi L, Asim M, Petkovic M (2009) Secure management of personal health records by applying attribute-based encryption. In: Proceeding of the pHealth’09, IEEE, pp 71–74Google Scholar
  3. 3.
    Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: Proceeding of the SP’07, IEEE, pp 321–334Google Scholar
  4. 4.
    Akinyele JA, Pagano MW, Green MD, Lehmann CU, Peterson ZN, Rubin AD (2011) Securing electronic medical records using attribute-based encryption on mobile devices. In: Proceeding of the SPSM’11, ACM, pp 75–86Google Scholar
  5. 5.
    Li M, Yu S, Zheng Y, Ren K, Lou W (2013) Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans Parallel Distrib Syst 24(1):131–143CrossRefGoogle Scholar
  6. 6.
    Chase M (2007) Multi-authority attribute based encryption. In: Proceeding of the TCC’07, LNCS, vol 4392. Springer, New York, pp 515–534Google Scholar
  7. 7.
    Lu R, Lin X, Shen X (2013) Spoc: a secure and privacy-preserving opportunistic computing framework for mobile-healthcare emergency. IEEE Trans Parallel Distrib Syst 24(3):614–624CrossRefGoogle Scholar
  8. 8.
    Chen TS, Liu CH, Chen TL, Chen CS, Bau JG, Lin TC (2012) Secure dynamic access control scheme of phr in cloud computing. J Med Syst 36(6):4005–4020CrossRefGoogle Scholar
  9. 9.
    Zhang R, Liu L (2010) Security models and requirements for healthcare application clouds. In: Proceeding of the CLOUD’10, IEEE, pp 268–275Google Scholar
  10. 10.
    Sun J, Fang Y (2010) Cross-domain data sharing in distributed electronic health record systems. IEEE Trans Parallel Distrib Syst 21(6):754–764CrossRefMathSciNetGoogle Scholar
  11. 11.
    Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Proceeding of the EUROCRYPT’05, LNCS, vol 3494. Springer, New York, pp 557–557Google Scholar
  12. 12.
    Li J, Chen X, Li J, Jia C, Ma J, Lou W (2013) Fine-grained access control based on outsourced attribute-based encryption. In: Proceeding of the European symposium on research in computer security (ESORICS). LNCS, vol 3184, pp 592–609Google Scholar
  13. 13.
    Li J, Kim K (2010) Hidden attribute-based signatures without anonymity revocation. Inform Sci 180(9):1681–1689CrossRefMATHMathSciNetGoogle Scholar
  14. 14.
    Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceeding of the CCS’06, ACM, pp 89–98Google Scholar
  15. 15.
    Kapadia A, Tsang PP, Smith SW (2007) Attribute-based publishing with hidden credentials and hidden policies. In: Proceeding of the NDSS’07, The Internet Society, pp 179–192Google Scholar
  16. 16.
    Nishide T, Yoneyama K, Ohta K (2008) Abe with partially hidden encryptor-specified access structure. In: Proceeding of the ACNS’08, LNCS, vol 5037. Springer, New York, pp 111–129Google Scholar
  17. 17.
    Zhang Y, Chen X, Li J, Wong DS, Li H (2013) Anonymous attribute-based encryption supporting efficient decryption test. In: Proceeding of the ASIACCS’13, ACM, New York, pp 511–516Google Scholar
  18. 18.
    Yu S, Ren K, Lou W, Li J (2009) Defending against key abuse attacks in kp-abe enabled broadcast systems. In: Proceeding of the Securecomm’09, Springer, New York, pp 311–329Google Scholar
  19. 19.
    Li J, Ren K, Zhu B, Wan Z (2009) Privacy-aware attribute-based encryption with user accountability. In: Proceeding of the ISC’09. Springer, LNCS, vol 5735, pp 347–362Google Scholar
  20. 20.
    Li J, Zhao G, Chen X, Xie D, Rong C, Li W, Tang L, Tang Y (2010) Fine-grained data access control systems with user accountability in cloud computing. In: Proceeding of the CloudCom’10, IEEE, pp 89–96Google Scholar
  21. 21.
    Li J, Huang Q, Chen X, Chow SSM, Wong DS, Xie D (2011) Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Proceeding of the ASIACCS’11, ACM, pp 386–390Google Scholar
  22. 22.
    Yu S, Wang C, Ren K, Lou W (2010) Attribute based data sharing with attribute revocation. In: Proceeding of the ASIACCS’10, ACM, New York, pp 261–270Google Scholar
  23. 23.
    Boyen X, Waters B (2006) Anonymous hierarchical identity-based encryption (without random oracles). In: Proceeding of the CRYPTO’06, Springer, LNCS, vol 4117, pp 290–307Google Scholar
  24. 24.
    Chase M, Chow SS (2009) Improving privacy and security in multi-authority attribute-based encryption. In: Proceeding of the CCS’09, ACM, New York, pp 121–130Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Fatos Xhafa
    • 1
  • Jianglang Feng
    • 2
  • Yinghui Zhang
    • 3
    • 4
  • Xiaofeng Chen
    • 5
  • Jin Li
    • 6
  1. 1.Department de Llenguatges i Sistemes InformaticsUniversitat Politécnica de CataunyaBarcelonaSpain
  2. 2.Department of Mathematics, College of Management ScienceChengdu University of TechnologyChengduPeople’s Republic of China
  3. 3.National Engineering Laboratory for Wireless SecurityXi’an University of Posts and TelecommunicationsXi’anPeople’s Republic of China
  4. 4.State Key Laboratory of Information SecurityInstitute of Information Engineering, Chinese Academy of SciencesBeijingPeople’s Republic of China
  5. 5.State Key Laboratory of Integrated Service Networks (ISN)Xidian UniversityXi’anPeople’s Republic of China
  6. 6.School of Computer Science and Educational SoftwareGuangzhou UniversityGuangzhouPeople’s Republic of China

Personalised recommendations