Journal of Medical Systems

, 40:258 | Cite as

An Efficient Searchable Encryption Against Keyword Guessing Attacks for Sharable Electronic Medical Records in Cloud-based System

  • Yilun Wu
  • Xicheng Lu
  • Jinshu Su
  • Peixin Chen
Systems-Level Quality Improvement
Part of the following topical collections:
  1. Security and Privacy in e-healthcare


Preserving the privacy of electronic medical records (EMRs) is extremely important especially when medical systems adopt cloud services to store patients’ electronic medical records. Considering both the privacy and the utilization of EMRs, some medical systems apply searchable encryption to encrypt EMRs and enable authorized users to search over these encrypted records. Since individuals would like to share their EMRs with multiple persons, how to design an efficient searchable encryption for sharable EMRs is still a very challenge work. In this paper, we propose a cost-efficient secure channel free searchable encryption (SCF-PEKS) scheme for sharable EMRs. Comparing with existing SCF-PEKS solutions, our scheme reduces the storage overhead and achieves better computation performance. Moreover, our scheme can guard against keyword guessing attack, which is neglected by most of the existing schemes. Finally, we implement both our scheme and a latest medical-based scheme to evaluate the performance. The evaluation results show that our scheme performs much better performance than the latest one for sharable EMRs.


Electronic medical record Searchable encryption Cloud storage Secure channels Privacy Security 


  1. 1.
    Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., and et al., A view of cloud computing. Communications of the ACM 53(4):50–58, 2010.CrossRefGoogle Scholar
  2. 2.
    Li, M., and et al, Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings, Security and Privacy in Communication Networks, pp. 89–106. Springer , Berlin Heidelberg (2010)Google Scholar
  3. 3.
    He, D., Chen, J., Hu, J., He, D., Chen, J., and Hu, J., An id-based client authentication with key agreement protocol for mobile clientserver environment on ecc with provable security. Information Fusion 13(3): 223–230, 2012.CrossRefGoogle Scholar
  4. 4.
    Mishra, D., A study on id-based authentication schemes for telecare medical information system. Computer Science 24(6):621–625, 2013.Google Scholar
  5. 5.
    Chaturvedi, A., Mishra, D., and Mukhopadhyay, S., Improved biometric-based three-factor remote user authentication scheme with key agreement using smart card. Information systems security, pp. 63–77. Springer , Berlin Heidelberg (2013)Google Scholar
  6. 6.
    Mishra, D., Das, A. K., and Mukhopadhyay, S., A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications 41(18):8129–8143, 2014.CrossRefGoogle Scholar
  7. 7.
    Khan, M. K., Chaturvedi, A., Mishra, D., and Kumari, S., On the security enhancement of integrated electronic patient records information systems. Computer Science and Information Systems 12(2):857–872, 2015.CrossRefGoogle Scholar
  8. 8.
    Xhafa, F., Li, J., Zhao, G., Li, J., Chen, X., and Wong, D. S., Designing cloud-based electronic health record system with attribute-based encryption. Multimedia Tools and Applications 74(10):3441–3458, 2014.CrossRefGoogle Scholar
  9. 9.
    Sun, W., Lou, W., Hou, Y. T., and Li, H., Privacy-preserving keyword search over encrypted data in cloud computing. In: Secure Cloud Computing, pp. 189–212. Springer, New York (2014)Google Scholar
  10. 10.
    Boneh, D., Crescenzo, G. D., Ostrovsky, R., and Persiano, G., Public key encryption with keyword search. In: EUROCRYPT 2004, pp. 506–522 (2004)Google Scholar
  11. 11.
    Park, D. J., Kim, K., and Lee, P. J., Public key encryption with conjunctive field keyword search. In: Information security applications, pp. 73–86. Springer, Berlin Heidelberg (2004)Google Scholar
  12. 12.
    Hwang, Y. H., and Lee, P. J., Public key encryption with conjunctive keyword search and its extension to a multi-user system. In: Pairing-Based CryptographyPairing, pp. 2–22. Springer, Berlin Heidelberg (2007)Google Scholar
  13. 13.
    Dong, C., Russello, G., and Dulay, N., Shared and searchable encrypted data for untrusted servers. J. Comput. Secur. 19(3):367–397, 2011.CrossRefGoogle Scholar
  14. 14.
    Benaloh, J., Chase, M., Horvitz, E., and Lauter, K., Patient controlled encryption: Ensuring privacy of electronic medical records. In ACM cloud computing security workshop. ACM,103–114, 2009.Google Scholar
  15. 15.
    Liu, Z., Weng, J., Li, J., Yang, J., Fu, C., and Jia, C., Cloud-based electronic health record system supporting fuzzy keyword search. Soft. Comput. 20(8):1–13, 2015.Google Scholar
  16. 16.
    Baek, J., Safavi-Naini, R., and Susilo, W., Public key encryption with keyword search revisited. In: ICCSA 2008, LNCS 5072, pp. 1249–1259 (2008)Google Scholar
  17. 17.
    Rhee, H. S., Park, J. H., Susilo, W., and Lee, D. H., Improved searchable public key encryption with designated tester. In: ASIACCS 2009, ACM, pp. 376–379 (2009)Google Scholar
  18. 18.
    Rhee, H. S., Park, J. H., Susilo, W., and Dong, H. L., Trapdoor security in a searchable public-key encryption scheme with a designated tester. J. Syst. Softw. 83(5):763–771, 2010.CrossRefGoogle Scholar
  19. 19.
    Gu, C., Zhu, Y., and Pan, H., Efficient public key encryption with keyword search schemes from pairings. Information security and cryptology, pp. 372–383. Springer, Berlin Heidelberg (2007)Google Scholar
  20. 20.
    Fang, L. M., Susilo, W., Ge, C. P., and Wang, J. D., A secure channel free public key encryption with keyword search scheme without random oracle. In: CANS 2009, LNCS 5888, pp. 248–258 (2009)Google Scholar
  21. 21.
    Fang, L. M., Susilo, W., Ge, C. P., and Wang, J. D., Public key encryption with keyword search secure against keyword guessing attacks without random oracle. Inf. Sci. 238(7):221–241, 2013.CrossRefGoogle Scholar
  22. 22.
    Guo, L., and Yau, W. C., Efficient secure-channel free public key encryption with keyword search for EMRs in Cloud Storage. J. Med. Syst. 39(2):1–11, 2015.CrossRefGoogle Scholar
  23. 23.
    Bao, F., Deng, R. H., and Zhu, H., Variations of diffie-hellman problem. In Information and Communications Security. Springer Berlin Heidelberg,301–312, 2003.Google Scholar
  24. 24.

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  1. 1.College of ComputerNational University of Defense TechnologyChangshaPeople’s Republic of China
  2. 2.National Key Laboratory for Parallel and Distributed ProcessingNational University of Defense TechnologyChangshaPeople’s Republic of China

Personalised recommendations