Abstract
In the personal health record (PHR) system, the patient’s health records are usually outsourced to a large database, such as the cloud service provider. In order to guarantee the confidentiality of this data , achieve access control with flexibility and fine-grained property, it usually employs ciphertext-policy attribute-based encryption (CP-ABE) scheme in cloud computing. However, the outsourced data have the characteristic of multi-level hierarchy, and the general CP-ABE is inappropriate for being applied in distributed cloud service systems directly to provide the security of hierarchy structure of outsourced data. In this paper, to overcome this challenge, a PHR hierarch CP-ABE scheme with multiple authorities is presented. This protocol integrated some different access structures into a single one, which the hierarchical PHR is encrypted based on. There are multiple authorities to generate and distribute user’s private key all together. According to this mode, it enables to avoid the problem of key escrow and conform to the distributed characteristic of cloud service systems. However, it has no trusted single or central one in these authorities. Moreover, this proposed scheme resists \((N-1)\) corrupted authorities out of N authorities in the collusion attack. Based on the intractability of the standard decisional bilinear Diffie–Hellman problem, the security of this protocol is proven to be semantic secure. Finally, by comparison analysis, this protocol exhibits a better performance.
Similar content being viewed by others
References
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute based encryption. In: IEEE symposium on security and privacy—SP2007. IEEE, Berkeley, pp 321–334
Chase M (2007) Multi-authority attribute based encryption. In: Proceedings of the 4th theory of cryptography conference—TCC2007. Springer, Amsterdam, pp 515–534
Chase M, Chow SS (2009) Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM computer and communications security—CCS2009. ACM, Chicago, pp 121–130
Chu CK, Zhu WT, Han J, Liu JK, Xu J, Zhou J (2013) Security concerns in popular cloud storage services. IEEE Pervasive Comput 12:50–57
Deng H, Wu Q, Qin B, Domingo-Ferrer J, Zhang L, Liu J, Shi W (2014) Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf Sci 275:370–384
Fan CI, Huang VSM, Ruan HM (2014) Arbitrary-state attribute-based encryption with dynamic membership. IEEE Trans Comput 63:1951–1961
Gentry C, Silverberg A (2002) Hierarchical ID-based cryptography. In: Zheng Y (ed) Advances in cryptology—ASIACRYPT2011, vol 2501. Springer, Queenstown, pp 548–566
Google (2013) Google health. http://www.healthgoogle.com/
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM computer and communications security—CCS2006. ACM, Virginia, pp 89–98
Green M, Hohenberger S, Waters B (2011) Outsourcing the decryption of abe ciphertext. In: Proceedings of the 20th USENIX Security symposium, vol 49. USENIX Association Press, San Francisco, pp 1–16
He D, Kumar N, Wang H, Wang L, Choo KKR, Vinel A (2018) A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Trans Depend Secure Comput 15:633–645
He D, Zeadally S, Wu L (2018) Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst J 12:64–73
Hu VC, Kuhn DR, Ferraiolo DF (2015) Attribute-based access control. Computer 48:85–88
Jiang T, Chen X, Li J, Wong DS, Ma J, Liu JK (2014) Timer: secure and reliable cloud storage against data re-outsourcing. In: Proceedings of the 10th International conference on information security practice and experience—ISPE 2014, vol 8434. Springer, Fuzhou, pp 346–358
Lai J, Deng RH, Guan C, Weng J (2013) Attribute-based encryption with verifiable outsourced decryption. IEEE Trans Inf Forensics Secur 8:1343–1354
Lewko A, Waters B (2011) Decentralizing attribute-based encryption. In: Advances in cryptology—EUROCRYPT2011, vol 6632. Springer, Berlin, pp 568–588
Li J, Zhang Y, Chen X, Xiang Y (2018) Secure attribute-based data sharing for resource-limited users in cloud computing. Comput Secur 72:1–12
Li P, Li J, Huang Z, Gao CZ, Chen WB, Chen K (2017) Privacy-preserving outsourced classification in cloud computing. Clust Comput. https://doi.org/10.1007/s10586-017-0849-9
Li W, Xue K, Xue Y, Hong J (2016) TMACS: A robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Trans Parallel Distrib Syst 27:1484–1496
Li X, Ibrahim MH, Kumari S, Sangaiah AK, Gupta V, Choo KKR (2017) Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Comput Netw 129:429–443
Li X, Niu J, Kumari S, Wu F, Choo KKR (2018) A robust biometrics based three-factor authentication scheme for global mobility networks in smart city. Future Gener Comput Syst 83:607–618
Li X, Niu J, Kumari S, Wu F, Sangaiah AK, Choo KKR (2018) A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. J Netw Comput Appl 103:194–204
Liang K, Au MH, Liu JK, Susilo W, Wong DS, Yang G, Yu Y, Yang A (2015) A secure and eddicient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Gener Comput Syst 52:95–108
Microsoft (2007) Microsoft health vault. http://www.healthvault.com/
PublicLaw (1996) Health insurance protability and accountability act of 1996. 104th Congress
Qian H, Li J, Zhang Y, Han J (2015) Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation. Int J Inf Secur 14:487–497
Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Cramer R (ed) Advances in cryptology—EUROCRYPT2005, vol 3494. Springer, Aarhus, pp 457–473
Wan Z, Liu J, Deng RH (2012) HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans Inf Forensics Secur 7:743–754
Wang G, Liu Q, Wu J (2010) Hierarchical attribute-based encryption for fine-grained access control in cloud storage service. In: Proceedings of the 17th ACM computer and communications security–CCS2010. ACM, Chicago, pp 735–737
Wang H, Zheng Z, Wu L, He D (2016) New large-universe multi-authority ciphertext-policy abe scheme and its application in cloud storage systems. J High Speed Netw 22:153–167
Wang S, Yu J, Zhang P, Wang P (2015) A novel file hierarchy access control scheme using attribute-based encryption. Appl Mech Mater 701–702:911–918
Wang S, Zhou J, Liu JK, Yu J, Chen J, Xie W (2016) An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans Inf Forensics Secur 11:1265–1277
Zhang Y, Chen X, Li J, SWong D, Li H, You I (2017) Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing. Inf Sci 379:42–61
Zhang Y, Li J, Zheng D, Chen X, Li H (2017) Towards privacy protection and malicious behavior traceability in smart health. Pers Ubiquit Comput 21:815–830
Zhang Z, Li C, Gupta B, Niu D (2018) Efficient compressed ciphertext length scheme using multi-authority CP-ABE for hierarchical attributes. IEEE Access 6:38,273–38,284
Zhong H, Zhu W, Xu Y, Cui J (2018) Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Comput 22:243–251
Acknowledgements
This work was supported by the National Key R&D Program of China under Grant 2017YFB0802000, the Natural Science Foundation of China under Grants 61802303, 61772418, 61772194 and 61472472, the Innovation Ability Support Program in Shaanxi Province of China under Grant 2017KJXX-47, the Natural Science Basic Research Plan in Shaanxi Province of China under Grant 2016JM6033, the Hunan Provincial Natural Science Foundation of China under Grant Nos. 2018JJ3191, 2017JJ2100, and the Open Foundation of State key Laboratory of Networking and Switching Technology (Beijing University of Posts and Telecommunications) under Grants SKLNST-2016-2-11, SKLNST-2018-1-12.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Rights and permissions
About this article
Cite this article
Guo, R., Li, X., Zheng, D. et al. An attribute-based encryption scheme with multiple authorities on hierarchical personal health record in cloud. J Supercomput 76, 4884–4903 (2020). https://doi.org/10.1007/s11227-018-2644-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-018-2644-7