Fine-grained multi-authority access control in IoT-enabled mHealth


With the popularity of Internet of Things (IoT) and cloud computing technologies, mobile healthcare (mHealth) can offer remote, accurate, and effective medical services for patients according to their personal health records (PHRs). However, data security and efficient access of the PHR should be addressed. Attribute-based encryption (ABE) is regarded as a well-received cryptographic mechanism to simultaneously realize fine-grained access control and data confidentiality in mHealth. Nevertheless, existing works are either constructed in the single-authority setting which may be a performance bottleneck, or lack of efficient user decryption. In this paper, we propose SEMAAC, a secure and efficient multi-authority access control system for IoT-enabled mHealth. In SEMAAC, there are multiple independently worked attribute authorities (AAs). A new entity could be an AA without re-building the system. To reduce the user decryption overhead, most decryption is executed in cloud server, which whereafter returns a partial decryption ciphertext (PDC). The AAs can help the user to check if the PDC is correctly computed. Additionally, a restricted user can delegate his/her key to someone to outsource the decryption and check the returned result, without exposing the plaintext PHR file. The proposed SEMAAC is proved to be adaptively secure in the standard model. The numerical analysis and extensive experiments illustrate the efficiency and advantage of our scheme.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2


  1. 1.

    Hahn C, Kwon H, Hur J (2016) Efficient attribute-based secure data sharing with hidden policies and traceability in mobile health networks. Mob Inf Syst 2016:13

    Google Scholar 

  2. 2.

    Xu LD, He W, Li S (2014) Internet of things in industries: a survey. IEEE Trans Ind Inf 10(4):2233–2243

    Article  Google Scholar 

  3. 3.

    Wu D, Shi H, Wang H, Wang R, Fang H (2018) A feature-based learning system for internet of things applications. IEEE Internet Things J 1–1.

  4. 4.

    Xiong J, Ren J, Chen L et al (2018) Enhancing privacy and availability for data clustering in intelligent electrical service of iot. IEEE Internet Things J 1–10.

  5. 5.

    Al-Janabi S, Al-Shourbaji I, Shojafar M, Shamshirband S (2017) Survey of main challenges (security and privacy) in wireless body area networks for healthcare applications. Egyptian Inf J 18(2):113–122

    Article  Google Scholar 

  6. 6.

    Zhang Y, Deng RH, Liu X, Zheng D (2018) Blockchain based efficient and robust fair payment for outsourcing services in cloud computing. Inf Sci 462:262–277

    MathSciNet  Article  Google Scholar 

  7. 7.

    Yang YL, Liu R, Chen YL, Li T, Tang Y (2018) Normal cloud model-based algorithm for multi-attribute trusted cloud service selection. IEEE Access 7:37644–37652

    Article  Google Scholar 

  8. 8.

    Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Cramer R (ed) Advances in cryptology – EUROCRYPT 2005, Lecture Notes in Computer Science, vol 3494. Springer, Berlin, pp 457–473

  9. 9.

    Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security, CCS ’06. ACM, New York, pp 89– 98

  10. 10.

    Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE symposium on security and privacy, 2007. SP ’07, pp 321–334

  11. 11.

    Zhang Y, Chen X, Li J, Wong DS, Li H, You I (2017) Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing. Inf Sci 379:42– 61

    Article  Google Scholar 

  12. 12.

    Chase M (2007) Multi-authority attribute based encryption. In: Vadhan S (ed) Theory of cryptography. Lecture Notes in Computer Science, vol 4392. Springer, Berlin, pp 515–534

  13. 13.

    Chase M, Chow SS (2009) Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM conference on computer and communications security, CCS ’09. ACM, New York, pp 121–130

  14. 14.

    Liu Z, Cao Z, Huang Q, Wong D, Yuen T (2011) Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles. In: Atluri V, Diaz C (eds) Computer security – ESORICS 2011. Lecture Notes in Computer Science, vol 6879. Springer, Berlin, pp 278–297

  15. 15.

    Li Q, Ma J, Li R, Xiong J, Liu X (2015) Large universe decentralized key-policy attribute-based encryption. Secur Commun Netw 8(3):501–509

    Article  Google Scholar 

  16. 16.

    Li Q, Ma J, Li R, Xiong J, Liu X (2015) Provably secure unbounded multi-authority ciphertext-policy attribute-based encryption. Secur Commun Netw 8(18):4098–4109

    Article  Google Scholar 

  17. 17.

    Xue K, Xue Y, Hong J, Li W, Yue H, Wei DSL, Hong P (2017) Raac: robust and auditable access control with multiple attribute authorities for public cloud storage. IEEE Trans Inf Forensics Secur 12(4):953–967

    Article  Google Scholar 

  18. 18.

    Green M, Hohenberger S, Waters B (2011) Outsourcing the decryption of abe ciphertexts. In: Proceedings of the 20th USENIX conference on security, SEC’11. USENIX Association, Berkeley, pp 34–34

  19. 19.

    Lai J, Deng R, Guan C, Weng J (2013) Attribute-based encryption with verifiable outsourced decryption. IEEE Trans Inf Forensics Secur 8(8):1343–1354

    Article  Google Scholar 

  20. 20.

    Li J, Wang Y, Zhang Y, Han J (2017) Full verifiability for outsourced decryption in attribute based encryption. IEEE Trans Serv Comput PP(99):1–1

    Google Scholar 

  21. 21.

    Ning J, Cao Z, Dong X, Liang K, Ma H, Wei L (2018) Auditable σ -time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans Inf Forensics Secur 13(1):94– 105

    Article  Google Scholar 

  22. 22.

    Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert H (ed) Advances in cryptology – EUROCRYPT 2010. Lecture Notes in Computer Science, vol 6110. Springer, Berlin, pp 62–91

  23. 23.

    Lewko A, Waters B (2011) Decentralizing attribute-based encryption. Advances in Cryptology – EUROCRYPT 2011. Lecture Notes in Computer Science, vol 6632. In: Paterson K (ed). Springer, Berlin, pp 568–588

  24. 24.

    Zhang Y, Zheng D, Deng RH (2018) Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J 5(3):2130–2145

    Article  Google Scholar 

  25. 25.

    Li J, Huang Q, Chen X, Chow SSM, Wong DS, Xie D (2011) Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Proceedings of the 6th ACM symposium on information, computer and communications security, ASIACCS ’11. ACM, New York, pp 386–390

  26. 26.

    Qin B, Deng RH, Liu S, Ma S (2015) Attribute-based encryption with efficient verifiable outsourced decryption. IEEE Trans Inf Forensics Secur 10(7):1384–1393

    Article  Google Scholar 

  27. 27.

    Gao C, Lv S, Wei Y, Wang Z, Liu Z, Cheng X (2018) M-sse: an effective searchable symmetric encryption with enhanced security for mobile devices. IEEE Access 1–1

  28. 28.

    Wang X, Zhang Y, Zhu H, Jiang L (2018) An identity-based signcryption on lattice without trapdoor. J Univ Comput Sci 1–1

  29. 29.

    Li J, Li J, Chen X, Jia C, Lou W (2015) Identity-based encryption with outsourced revocation in cloud computing. IEEE Trans Comput 64(2):425–437

    MathSciNet  Article  MATH  Google Scholar 

  30. 30.

    Gao C, Cheng Q, He P, Susilo W, Li J (2018) Privacy-preserving naive bayes classifiers secure against the substitution-then-comparison attack. Inf Sci 444:72–88

    MathSciNet  Article  Google Scholar 

  31. 31.

    Yu Z, Gao CZ, Jing Z, Gupta BB, Cai Q (2018) A practical public key encryption scheme based on learning parity with noise. IEEE Access 6:31918–31923

    Article  Google Scholar 

  32. 32.

    Li J, Li YK, Chen X, Lee PPC, Lou W (2015) A hybrid cloud approach for secure authorized deduplication. IEEE Trans Parallel Distrib Syst 26(5):1206–1216

    Article  Google Scholar 

  33. 33.

    Yang L, Han Z, Huang Z, Ma J (2018) A remotely keyed file encryption scheme under mobile cloud computing. J Netw Comput Appl 106:90–99

    Article  Google Scholar 

  34. 34.

    Wang H, He D, Han J (2017) Vod-adac: anonymous distributed fine-grained access control protocol with verifiable outsourced decryption in public cloud. IEEE Trans Serv Comput PP(99):1–1

    Google Scholar 

  35. 35.

    Wang H, He D, Yu J, Wang Z (2018) Incentive and unconditionally anonymous identity-based public provable data possession. IEEE Trans Serv Comput.

  36. 36.

    Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: INFOCOM, 2010 Proceedings IEEE, pp 1–9

  37. 37.

    Li Q, Ma J, Li R, Liu X, Xiong J, Chen D (2016) Secure, efficient and revocable multi-authority access control system in cloud storage. Comput Secur 59:45–59

    Article  Google Scholar 

  38. 38.

    Yang Y, Liu X, Deng RH (2017) Lightweight break-glass access control system for healthcare internet-of-things. IEEE Trans Ind Inf 14(8):3610–3617

    Article  Google Scholar 

  39. 39.

    Li J, Huang X, Li J, Chen X, Xiang Y (2014) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210

    Article  Google Scholar 

  40. 40.

    Wang H, Zheng Z, Wu L, Li P (2017) New directly revocable attribute-based encryption scheme and its application in cloud storage environment. Clust Comput 20(3):2385– 2392

    Article  Google Scholar 

  41. 41.

    Li J, Chen X, Chow SS, Huang Q, Wong DS, Liu Z (2018) Multi-authority fine-grained access control with accountability and its application in cloud. J Netw Comput Appl 112:89– 96

    Article  Google Scholar 

  42. 42.

    Beimel A (1996) Secure schemes for secret sharing and key distribution. DSc dissertation

  43. 43.

    Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. Springer, Berlin, pp 53–70

    Google Scholar 

  44. 44.

    Rahulamathavan Y, Veluru S, Han J, Li F, Rajarajan M, Lu R (2016) User collusion avoidance scheme for privacy-preserving decentralized key-policy attribute-based encryption. IEEE Trans Comput 65(9):2939–2946

    MathSciNet  Article  MATH  Google Scholar 

  45. 45.

    De Caro A, Iovino V (2011) jpbc: Java pairing based cryptography. In: Proceedings of the 16th IEEE symposium on computers and communications, ISCC 2011, Kerkyra, Corfu, Greece, June 28–July 1, pp 850–855

Download references


We thank the reviewers for the helpful comments.


This research is supported by the National Natural Science Foundation of China under grant no. 61502248, 61872192, 61427801, u1405255, China Postdoctoral Science Foundation (Grant no. 2018M632350), Natural Science Foundation of Jiangsu Province (No. BK20181394) and Qing Lan Project.

Author information



Corresponding author

Correspondence to Qi Li.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Li, Q., Zhu, H., Xiong, J. et al. Fine-grained multi-authority access control in IoT-enabled mHealth. Ann. Telecommun. 74, 389–400 (2019).

Download citation


  • Mobile healthcare
  • Attribute-based encryption
  • Access control
  • Multiple authorities
  • Efficient decryption