A secure cloud framework to share EHRs using modified CP-ABE and the attribute bloom filter
- 73 Downloads
In recent years, the Internet of Things (IoT), cloud computing, and wireless body area networks (WBANs) have converged and become popular due to their potential to improve quality of life. This convergence has greatly promoted the industrialization of e-healthcare. With the flourishing of the e-healthcare industry, full electronic health records (EHRs) are expected to promote preventative health services as well as global health. However, the outsourcing of EHRs to third-party servers, like the cloud, involves many challenges, including securing health information and preserving privacy. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising scheme for storing and sharing information in third-party servers. This scheme enables patients and doctors to encrypt or decrypt their information using access policies defined by attributes. In this scheme, the access policy is tied with the ciphertext in the form of plaintext, which may risk leaking personal patient information. Earlier protocols only partially hide the attribute values in the access policies but leave the attribute names unprotected. To address these security issues, we propose a secure cloud framework using modified CP-ABE and an attribute Bloom filter (ABF). In modified CP-ABE, we can hide the entire attribute, including values, in the access policies. The ABFs assist in data decryption by evaluating the presence of an attribute in the access policy and pointing to its position. Security analysis and performance evaluation demonstrate the efficiency and effectiveness of the proposed framework. Finally, the proposed framework is explored to verify its feasibility.
KeywordsEHRs IoT Cloud computing CP-ABE and bloom filter
The authors are especially indebted to the Science and Engineering Research Board (SERB), Department of Science and Technology (DST), and Government of India for providing an environment where the authors could do the best work possible.
- Beimel, A. (1996). Secure schemes for secret sharing and key distribution. Ph.D. dissertation, Israel Inst. Technol. Technion, Haifa, Israel.Google Scholar
- Boneh, D., & Waters, B. (2007). Conjunctive, subset, and range queries on encrypted data. In Theory of Cryptography. Heidelberg, Germany: Springer, pp. 535–554.Google Scholar
- Helmer, A., Lipprandt, M., Frenken, T., et al. (2011). Empowering patients through personal health records: a survey of existing third-party webbased PHR products. Electronic Journal of Health Informatics, 6(3), e26.Google Scholar
- Jara, A.J., Zamora, M.A., Skarmeta, A.F.G. (2010). An architecture based on internet of things to support mobility and security in medical environments. Proceedings of 7th IEEE Consumer Communications and Networking Conference. pp: 1–5.Google Scholar
- Katz, J., Sahai, A., & Waters, B. (2008). Predicate encryption supporting disjunctions, polynomial equations, and inner products. In Advances in cryptology–EUROCRYPT 2008. Heidelberg, Germany: Springer, pp. 146–162.Google Scholar
- Lai, J., Deng, R. H., & Li, Y. (2011). Fully secure cipertext-policy hiding CPABE. In Information security practice and experience. Heidelberg, Germany: Springer, pp. 24–39.Google Scholar
- Lai, J., Deng, R. H., & Li, Y. (2012) Expressive CP-ABE with partially hidden access structures. In Proc. ASIACCS, Seoul, South Korea, pp. 18–19.Google Scholar
- Leng, C., Yu, H., Wang, J., & Huang, J. (2013). Securing personal health records in the cloud by enforcing sticky policies. Telkomnika Indonesian J Elect Eng, 11(4), 2200–2208.Google Scholar
- Li, J., Ren, K., Zhu, Z., & Wan, Z. (2009). Privacy-aware attribute-based encryption with user accountability. In Proc. Inf. Security, Pisa, Italy, pp. 347–362.Google Scholar
- Li, H., Liu, D., Alharbi, K., Zhang, S., & Lin, X. (2015a). Enabling fine-grained access control with efficient attribute revocation and policy updating in smart grid. KSII Transactions on Internet and Information Systems, 9(4), 1404–1423.Google Scholar
- Lin, H., Cao, Z., Liang, X., & Shao, J. (2008). Secure threshold multi authority attribute based encryption without a central authority. In Proc. INDOCRYPT, Kharagpur, India, pp. 426–436.Google Scholar
- Mell, P. & Grance, T. (2011). The NIST definition of cloud computing. Recommendations Nat. Inst. Standards Technol., NIST,Washington, DC, USA, Tech. Rep. 800–145.Google Scholar
- Nishide, T., Yoneyama, K., & Ohta, K. (2008). Attribute-based encryption with partially hidden encryptor-specified access structures. In Applied Cryptography and Network Security. Heidelberg, Germany: Springer, pp. 111–129.Google Scholar
- Ramu, G. & Eswara Reddy, B. (2015). Secure architecture to manage EHR’s in cloud using SSE and ABE. Springer, Health Technol. https://doi.org/10.1007/s12553-015-0116-0.
- Shin, M. S., Jeon, H. S., Ju, Y. W., Lee, B. J., & Jeong, S. P. (2015). Constructing RBAC based security model in u-healthcare service platform. The Scientific World Journal, 2015, Art. no. 937914. https://doi.org/10.1155/2015/937914.
- Wang, Zhang, B., Ren, K., Roveda, J. M., Chen, C. W., & Xu, Z. (2014). A privacy-aware cloud-assisted healthcare monitoring system via compressive sensing. In Proc. 33rd IEEE INFOCOM Conf., pp. 2130–2138.Google Scholar
- Waters, B. (2011). Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Proc. PKC, Taormina, Italy, pp. 53–70.Google Scholar
- Yu, S., Ren, K., & Lou, W. (2008). Attribute-based content distribution with hidden policy. In Proc. Secure Netw. Protocols (NPSec), Orlando, FL, USA, pp. 39–44.Google Scholar