Fine-grained access control of EHRs in cloud using CP-ABE with user revocation

  • Gandikota RamuEmail author
  • B. Eswara Reddy
  • Appawala Jayanthi
  • L. V. Narasimha Prasad
Original Paper


Cloud computing is a novel model for computing and storing. It enables elasticity, on-demand and low-cost usage of computing resources. Electronic health record (EHR) is an emerging patient-oriented paradigm for sharing of medical data. With the arrival of cloud computing, health care industries outsource their EHR to the cloud servers but, at the same time there is increased demand and concern for outsourced EHR’s security also. The major concerns in data outsourcing are the implementation of access policies and policies modification. To address these issues, the optimal solution is Ciphertext Policy Attribute Based Encryption (CP-ABE). CP-ABE allows the patients to describe their own access policies and implement those policies on their data before outsourcing into the cloud servers. But there are major limitations like key escrow and user revocation problems. In this paper, we proposed a modified CP-ABE scheme with user revocation to strengthen data outsourcing system in cloud architecture. The proposed system addresses the key-escrow and revocation problems. 1) The key-escrow problem is solved by using two-authority computation between the key generator authority and cloud server and 2) An immediate attribute modification method is used to achieve fine-grained user revocation. Security analysis and performance evaluation demonstrates that the proposed system is efficient to achieve security in outsourced EHRs in cloud servers.


E-health Privacy and security Cloud EHRs And CP-ABE 



The authors are especially indebted to the Science and Engineering Research Board (SERB), Department of Science and Technology (DST), and the government of India for providing an environment for them to do the best work they can.


Early Career Award from SERB, Department of Science & Technology

Compliance with ethical standards

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.


  1. 1.
    Li M et al. Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings,” Proceedings 6th international icst conference security and privacy in Comm. Networks (Secure Comm ‘10), pp. 89–106, 2010.Google Scholar
  2. 2.
    Cao N et al LT Codes-based secure and reliable cloud storage service, Proceedings IEEE INFOCOM,pp. 693–701, 2012.Google Scholar
  3. 3.
  4. 4.
    Sahai A et al Fuzzy identity-based encryption, ProceedingsInternational conference theory and applications of cryptographic techniques(Eurocrypt ‘05), pp. 457–473, 2005.Google Scholar
  5. 5.
    Goyal V, et al Attribute-based encryption for fine-grained access control of encrypted data, Proceedings ACM Conference Computer and Comm. Security, pp. 89–98, 2006.Google Scholar
  6. 6.
    Bethencourt J., et al. Ciphertext-policy attribute-based encryption, Proceedings IEEE symposium security and privacy, pp. 321–334, 2007.Google Scholar
  7. 7.
    Ostrovsky R., et al. Attribute-based encryption with non-monotonic access structures, Proceedings ACM conference computer and comm. security, pp. 195–203, 2007.Google Scholar
  8. 8.
    Cheung L., et al. Provably secure ciphertext policy ABE, Proceedings ACM conference computer and comm. security, pp. 456–465, 2007.Google Scholar
  9. 9.
    Goyal V., et al. Bounded ciphertext policy attribute-based encryption, Proceedings international colloquium automata, languages and programming (ICALP), pp. 579–591, 2008.Google Scholar
  10. 10.
    Liang X, et al. Provably secure and efficient bounded ciphertext policy attribute based encryption, Proceedings international symposium information, computer, and comm. security(ASIACCS), pp. 343–352, 2009.Google Scholar
  11. 11.
    Chow SSM, Removing escrow from identity-based encryption,” Proceedings international conference practice and theory in public key cryptography (PKC ‘09), pp. 256–276, 2009.Google Scholar
  12. 12.
    Jung T, et al. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Transactions on Information Forensics and Security. 2015;10(1).Google Scholar
  13. 13.
    Boldyreva A, et al. Identity-based encryption with efficient revocation, Proceedings ACM conference computer and comm. security, pp. 417–426, 2008.Google Scholar
  14. 14.
    Rafaeli S, et al. A survey of key management for secure group communication. ACM Comput Surv. 2003;35(3):309–29.CrossRefGoogle Scholar
  15. 15.
    Lewko A., et al. Revocation systems with very small private keys, Proceedings IEEE symposium security and privacy, 273–285, 2010.Google Scholar
  16. 16.
    Golle P., et al. A Content-driven access control system, Proceedings symposium identity and trust onthe internet, pp. 26–35, 2008.Google Scholar
  17. 17.
    Yu S., et al. Attribute based data sharing with attribute revocation, Proceedings ACM symposium. information, computer and comm. security (ASIACCS ‘10), 2010.Google Scholar
  18. 18.
    Mandl KD, et al. Public standards and patients’ control: how to keep electronic medical RecordsAccessible but private. BMJ. 2001;322(7281):283–7.CrossRefGoogle Scholar
  19. 19.
    Attrapadung N et al. Conjunctive broadcast and attribute-based encryption, Proceedings international conference palo alto on pairing-based cryptography (Pairing), pp. 248–265, 2009.Google Scholar
  20. 20.
    Ramu G et al. Secure architecture to manage EHRs in cloud using SSE and ABE, Springer, Health Technol, Doi: 10.1007/s12553-015-0116-0, 2015.Google Scholar
  21. 21.
    The Pairing-Based Cryptography Library,

Copyright information

© IUPESM and Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer Science & EngineeringInstitute of Aeronautical EngineeringHyderabadIndia
  2. 2.Department of Computer Science & EngineeringJNTUA College of EngineeringKalikiriIndia

Personalised recommendations