Fine-grained access control of EHRs in cloud using CP-ABE with user revocation
- 23 Downloads
Cloud computing is a novel model for computing and storing. It enables elasticity, on-demand and low-cost usage of computing resources. Electronic health record (EHR) is an emerging patient-oriented paradigm for sharing of medical data. With the arrival of cloud computing, health care industries outsource their EHR to the cloud servers but, at the same time there is increased demand and concern for outsourced EHR’s security also. The major concerns in data outsourcing are the implementation of access policies and policies modification. To address these issues, the optimal solution is Ciphertext Policy Attribute Based Encryption (CP-ABE). CP-ABE allows the patients to describe their own access policies and implement those policies on their data before outsourcing into the cloud servers. But there are major limitations like key escrow and user revocation problems. In this paper, we proposed a modified CP-ABE scheme with user revocation to strengthen data outsourcing system in cloud architecture. The proposed system addresses the key-escrow and revocation problems. 1) The key-escrow problem is solved by using two-authority computation between the key generator authority and cloud server and 2) An immediate attribute modification method is used to achieve fine-grained user revocation. Security analysis and performance evaluation demonstrates that the proposed system is efficient to achieve security in outsourced EHRs in cloud servers.
KeywordsE-health Privacy and security Cloud EHRs And CP-ABE
The authors are especially indebted to the Science and Engineering Research Board (SERB), Department of Science and Technology (DST), and the government of India for providing an environment for them to do the best work they can.
Early Career Award from SERB, Department of Science & Technology
Compliance with ethical standards
Conflict of interest
The authors declare that they have no conflict of interest.
This article does not contain any studies with human participants or animals performed by any of the authors.
- 1.Li M et al. Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings,” Proceedings 6th international icst conference security and privacy in Comm. Networks (Secure Comm ‘10), pp. 89–106, 2010.Google Scholar
- 2.Cao N et al LT Codes-based secure and reliable cloud storage service, Proceedings IEEE INFOCOM,pp. 693–701, 2012.Google Scholar
- 3.India Personal Data (Protection) Act. http://cis-india.org/internet-governance/blog/the-personal-data-protection-bill-20132013.
- 4.Sahai A et al Fuzzy identity-based encryption, ProceedingsInternational conference theory and applications of cryptographic techniques(Eurocrypt ‘05), pp. 457–473, 2005.Google Scholar
- 5.Goyal V, et al Attribute-based encryption for fine-grained access control of encrypted data, Proceedings ACM Conference Computer and Comm. Security, pp. 89–98, 2006.Google Scholar
- 6.Bethencourt J., et al. Ciphertext-policy attribute-based encryption, Proceedings IEEE symposium security and privacy, pp. 321–334, 2007.Google Scholar
- 7.Ostrovsky R., et al. Attribute-based encryption with non-monotonic access structures, Proceedings ACM conference computer and comm. security, pp. 195–203, 2007.Google Scholar
- 8.Cheung L., et al. Provably secure ciphertext policy ABE, Proceedings ACM conference computer and comm. security, pp. 456–465, 2007.Google Scholar
- 9.Goyal V., et al. Bounded ciphertext policy attribute-based encryption, Proceedings international colloquium automata, languages and programming (ICALP), pp. 579–591, 2008.Google Scholar
- 10.Liang X, et al. Provably secure and efficient bounded ciphertext policy attribute based encryption, Proceedings international symposium information, computer, and comm. security(ASIACCS), pp. 343–352, 2009.Google Scholar
- 11.Chow SSM, Removing escrow from identity-based encryption,” Proceedings international conference practice and theory in public key cryptography (PKC ‘09), pp. 256–276, 2009.Google Scholar
- 12.Jung T, et al. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Transactions on Information Forensics and Security. 2015;10(1).Google Scholar
- 13.Boldyreva A, et al. Identity-based encryption with efficient revocation, Proceedings ACM conference computer and comm. security, pp. 417–426, 2008.Google Scholar
- 15.Lewko A., et al. Revocation systems with very small private keys, Proceedings IEEE symposium security and privacy, 273–285, 2010.Google Scholar
- 16.Golle P., et al. A Content-driven access control system, Proceedings symposium identity and trust onthe internet, pp. 26–35, 2008.Google Scholar
- 17.Yu S., et al. Attribute based data sharing with attribute revocation, Proceedings ACM symposium. information, computer and comm. security (ASIACCS ‘10), 2010.Google Scholar
- 19.Attrapadung N et al. Conjunctive broadcast and attribute-based encryption, Proceedings international conference palo alto on pairing-based cryptography (Pairing), pp. 248–265, 2009.Google Scholar
- 20.Ramu G et al. Secure architecture to manage EHRs in cloud using SSE and ABE, Springer, Health Technol, Doi: 10.1007/s12553-015-0116-0, 2015.Google Scholar
- 21.The Pairing-Based Cryptography Library, http://crypto.stanford.edu/pbc/.