Abstract
A new method of secure Electronic Health Record (EHR) data sharing is implemented using matrix cryptography. The EHRs are encrypted and stored in the cloud for efficient distribution to multiple end users who decrypt the corresponding encrypted data. The end users are selected based on their attributes with reference to the relevance and sensitivity of the EHRs under consideration. Thus, the proposed method is basically a matrix version of multi-channel Attribute Based Encryption (ABE) that provides fine grained access to the data and simple user revocation/invocation. The proposed technique has low computational overhead as it avoids expensive bilinear pairings approach.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-022-09666-2/MediaObjects/11277_2022_9666_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-022-09666-2/MediaObjects/11277_2022_9666_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-022-09666-2/MediaObjects/11277_2022_9666_Fig3_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-022-09666-2/MediaObjects/11277_2022_9666_Fig4_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-022-09666-2/MediaObjects/11277_2022_9666_Fig5_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-022-09666-2/MediaObjects/11277_2022_9666_Fig6_HTML.png)
Similar content being viewed by others
References
Sahi, A., Lai, D., & Li, Y. (2021). A review of the state of the art in privacy and security in the ehealth cloud. IEEE Access, 9, 104127–104141. https://doi.org/10.1109/ACCESS.2021.3098708
Sivan, R., & Zukarnain, Z. A. (2021). Security and privacy in cloud-based e-health system. Symmetry, 13(5), 742. https://doi.org/10.3390/sym13050742
Butpheng, C., Yeh, K.-H., & Xiong, H. (2020). Security and privacy in IoT-cloud-based e-health systems—a comprehensive review. Symmetry, 12(7), 1191. https://doi.org/10.3390/sym12071191
Hathaliya, J. J., & Tanwar, S. (2020). An exhaustive survey on security and privacy issues in Healthcare 4.0. Computer Communications, 153, 311–335.
Edemacu, K., Park, H. K., Jang, B., & Kim, J. W. (2019). Privacy provision in collaborative ehealth with attribute-based encryption: Survey, challenges and future directions. IEEE Access, 2019(7), 89614–89636.
Liu, X., Yang, X., Luo, Y., Wang, L., & Zhang, Q. (2020). Anonymous electronic health record sharing scheme based on decentralized hierarchical attribute-based encryption in cloud environment. IEEE, Access, 8, 200180–200193. https://doi.org/10.1109/ACCESS.2020.3035468
Hörandner, F., Ramacher, S., & Roth S. (2019). Selective end-to-end data-sharing in the cloud, information systems security. In: ICISS 2019. Lecture Notes in Computer Science 11952:139–157. https://doi.org/10.1007/s42786-020-00017-y.
Mythili, R., Venkataraman, R., & Raj, S. T. (2020). An attribute-based lightweight cloud data access control using hypergraph structure. The Journal of Supercomputing, 76, 6040–6064. https://doi.org/10.1007/s11227-019-03119-7
Li, L., Tianlong, G., Chang, L., Xu, Z., Liu, Y., & Qian, J. (2017). A ciphertext-policy attribute-based encryption based on an ordered binary decision diagram. IEEE Access. https://doi.org/10.1109/ACCESS.2017.2651904
Zhang, Q., Wang, S., Zhang, D., Wang, J., & Zhang, Y. (2019). Time and attribute based dual access control and data integrity verifiable scheme in cloud computing applications. IEEE, Access, 7, 137594–137607. https://doi.org/10.1109/ACCESS.2019.2942649
Zhang, Y., Zheng, D., & Deng, R. H. (2018). Security and privacy in smart health: Efficient policy-hiding attribute-based access control. IEEE, Internet of Things Journal, 5(3), 2130–2145. https://doi.org/10.1109/JIOT.2018.2825289
Ming, Y., & Zhang, T. (2018). Efficient privacy-preserving access control scheme in electronic health records system. Sensors, 18(10), 3520. https://doi.org/10.3390/s18103520
Yi, L., Zhang, Y., Ling, J., & Liu, Z. (2017). Secure and fine-grained access control on e-healthcare records in mobile cloud computing. Future Generation Computer Systems, 78(Part 3), 1020–1026. https://doi.org/10.1016/j.future.2016.12.027
Zeng, P., Zhang, Z., Lu, R., & Choo, K.-K.R. (2021). Efficient policy-hiding and large universe attribute-based encryption with public traceability for internet of medical things. IEEE Internet of Things Journal, 8(13), 10963–10972. https://doi.org/10.1109/JIOT.2021.3051362
Pussewalage, H. S. G., & Oleshchuk V. A. (2016). An attribute based access control scheme for secure sharing of electronic health records. In IEEE, 18th international conference on e-health networking, applications and services (Healthcom), Munich, Germany (pp. 1–6). https://doi.org/10.1109/HealthCom.2016.7749516
Ramu, G., Reddy, B. E., Jayanthi, A., & Prasad, L. V. N. (2019). Fine-grained access control of EHRs in cloud using CP-ABE with user revocation. Health and Technology, 9, 487–496. https://doi.org/10.1007/s12553-019-00304-9
Dixit, S., Joshi, K. P., & Geol Choi, S. (2019). Multi authority access control in a cloud EHR system with MA-ABE. In 2019 IEEE international conference on edge computing (EDGE), 2019 (pp 107–109). https://doi.org/10.1109/EDGE.2019.00032.
El-Sappagh, S. H., El-Masri, S., Riad, A. M., & Elmogy, M. (2012). Electronic health record data model optimized for knowledge discovery. IJCSI International Journal of Computer Science, 9(5), 329–338.
Zarezadeh, M., Ashouri-Talouki, M., & Siavashi, M. (2020). Attribute-based access control for cloud-based electronic health record (EHR) systems. The ISC International Journal of Information Security, 12(2), 129–140. https://doi.org/10.22042/isecure.2020.174338.458
Zhang, L., Hu, G., Mu, Y., & Rezaeibagha, F. (2019). Hidden ciphertext policy attribute-based encryption with fast decryption for personal health record system. IEEE, Access, 7, 33202–33213. https://doi.org/10.1109/ACCESS.2019.2902040
https://www.geeksforgeeks.org/fernet-symmetric-encryption-using-cryptography-module-in-python/
Canard, S., Phan, D. H., Pointcheval, D., & Trinh, V. C. (2018). A new technique for compacting ciphertext in multi-channel broadcast encryption and attribute-based encryption. Theoretical Computer Science, 723, 51–72. https://doi.org/10.1016/j.tcs.2018.02.036
Phan, D. H., Pointcheval, D., & Trinh, V. C. (2013). Multi-channel broadcast encryption. In K. Chen, Q. Xie, W. Qiu, N. Li, & W. G. Tzeng (Eds.), Proceedings of the ASIACCS (pp. 277–286). New York: ACM Press.
Liu, B. L., Yuan, M., Chen, G., Peng, J., Zhao, X. W., & Li, H. (2013). Improvement on a multi-channel broadcast encryption scheme. Applied Mechanics and Materials, 427–429, 2163–2169. https://doi.org/10.4028/www.scientific.net/AMM
Acharya, K. (2020). Secure and efficient public key multi-channel broadcast encryption schemes. Journal of Information Security and Applications, 51, 1–9. https://doi.org/10.1016/j.jisa.2019.102436
Shu, H., Qi, P., Huang, Y., Chen, F., Xie, D., & Sun, L. (2020). An efficient certificate less aggregate signature scheme for block chain-based medical cyber physical systems. Sensors, 20(5), 1521. https://doi.org/10.3390/s20051521
Stewart, G. W. (1980). The efficient generation of random orthogonal matrices with an application to condition estimators. SIAM, Journal on Numerical Analysis, 17(3), 403–409. https://doi.org/10.1137/0717034
Author information
Authors and Affiliations
Contributions
Sahana Raj B S: Conceptualization, Methodology, Software, Writing—original draft, Writing—review & editing. Sridhar Venugopalachar: Conceptualization, Methodology, Software, Validation, Writing—original draft, Writing—review & editing, Resources, Supervision.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix A
Appendix A
1.1 Index-Wise Orthogonal Double Set of Integer Matrices (IWODSIM)
In EEE-MCA, the key consider the prime set of integer matrices in finite field Zp as,
where, A{i}\(\in {Z}_{p}^{MxN}\) for i = 1 to R. All the elements of A{i}belongs to Zp and the size of A{i} is MxN. Where,
The condition N = M*(R + 1) is essential in generation IWODSIM’s.
The dual of A is the set B as,
where, B{j}\(\in {Z}_{p}^{NxM}\) for i = 1 to R. (All the elements of B{j} belongs to Zp and the size of B{j} is NxM).
1.2 Index-Wise Orthogonal Property
Matrices A{i}’s and B{j}’s are generated such that,
When A{i}’s and B{j} are related as in (A4), we say that they are index-wise orthogonal.
1.3 Generation of A{i}’s and B{j}’s
As a first step, generate a random integer matrix HH of size NxN in Zp as follows.
In normal algebra, the House Holder Orthogonal Matrix [A1} is obtained as,
where, V is a column vector. In the finite field Zp, division by \(\left({V}^{T}*V\right)\) is replaced by multiplication by its modular inverse with respect to p, to get HH in Zp as,
Here, V is a non-zero random integer column vector in Zp of size N*1. All operations in (A6) are carried out in Zp. In (A6), the size of the identity matrix I used is N*N and that of V is taken as N*1 so that the size of the resulting HH is (N*1) * (1*N) = N*N. Since HH is orthogonal,
HH, the orthogonal matrix generated has N rows which is same as M*(R + 1) rows as specified by A2). Now, matrix HH is partitioned row-wise into (R + 1) sub matrices, D{1}, D{2},…, D{R}, D{R + 1} each of size M*N as shown in Fig. 6a. Similarly matrix HHT is partitioned column-wise into (R + 1) sub matrices, B{1}, B{2},…, B{R} as shown in Fig. 6b.
Based on the partition and from the modular orthogonal property of HH, for i, j = 1 to R + 1,
and
From equation (A9), it can be seen that D{i}’s can be determined by knowing B{i}’s. In cryptography, this dependency has to be avoided, so that D{i} could not be deduced by knowing B{i}. To achieve this, D{i}’s for i = 1 to R, are additively randomized to get A{i}’s as,
Here, W{i} is a random matrix of size M *M in Zp, chosen by the KGC.
Now, consider the product A{i}*B{j} for i, j = 1 to R. When j = i, from (A10),
From (A8), D{i}*B{j} = IM*M and D{R + 1}*B{i} = 0 as the range of i and j are in the range 1 to R. Therefore, Equation (A11) reduces to,
On the other hand, When j ≠ i, in the light of equation (A8),
Thus, it is proved that the procedure described in this appendix generates an IWODSIM represented by,
for i, j = 1 to R.
1.4 Multiple versions for A{i}
In (A10), choosing different random matrices for W{i}, different versions of A{i}’s can be generated which satisfy (A14) for i = 1 to R. The use of different versions of A{i}for different sessions prevents Chosen Plaintext Attack (CPA).
Rights and permissions
About this article
Cite this article
Raj, B.S.S., Venugopalachar, S. Multi-data Multi-user End to End Encryption for Electronic Health Records Data Security in Cloud. Wireless Pers Commun 125, 2413–2441 (2022). https://doi.org/10.1007/s11277-022-09666-2
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-022-09666-2