Advertisement

Fine-Grained Access Control in mHealth with Hidden Policy and Traceability

  • Qi LiEmail author
  • Yinghui Zhang
  • Tao Zhang
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 303)

Abstract

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a well-received cryptographic primitive to securely share personal health records (PHRs) in mobile healthcare (mHealth). Nevertheless, traditional CP-ABE can not be directly deployed in mHealth. First, the attribute universe scale is bounded to the system security parameter and lack of scalability. Second, the sensitive data is encrypted, but the access policy is in the plaintext form. Last but not least, it is difficult to catch the malicious user who intentionally leaks his access privilege since that the same attributes mean the same access privilege. In this paper, we propose HTAC, a fine-grained access control scheme with partially hidden policy and white-box traceability. In HTAC, the system attribute universe is larger universe without any redundant restriction. Each attribute is described by an attribute name and an attribute value. The attribute value is embedded in the PHR ciphertext and the plaintext attribute name is clear in the access policy. Moreover, the malicious user who illegally leaks his (partial or modified) private key could be precisely traced. The security analysis and performance comparison demonstrate that HTAC is secure and practical for mHealth applications.

Keywords

CP-ABE Partially hidden policy Traceability Large universe Adaptive security 

Notes

Acknowledgment

This research is sponsored by The National Natural Science Foundation of China under grant No. 61602365, No. 61502248, and the Key Research and Development Program of Shaanxi [2019KW-053]. Yinghui Zhang is supported by New Star Team of Xi’an University of Posts and Telecommunications [2016-02]. We thank the anonymous reviewers for invaluable comments.

References

  1. 1.
    Beimel, A.: Secure schemes for secret sharing and key distribution. DSc dissertation (1996)Google Scholar
  2. 2.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334, May 2007.  https://doi.org/10.1109/SP.2007.11
  3. 3.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_4CrossRefGoogle Scholar
  4. 4.
    Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-70936-7_28CrossRefGoogle Scholar
  5. 5.
    Cheung, L., Newport, C.: Provably secure ciphertext policy ABE. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, New York, NY, USA, pp. 456–465. ACM (2007).  https://doi.org/10.1145/1315245.1315302
  6. 6.
    Lai, J., Deng, R.H., Li, Y.: Expressive CP-ABE with partially hidden access structures. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2012, New York, NY, USA, pp. 18–19. ACM (2012).  https://doi.org/10.1145/2414456.2414465
  7. 7.
    Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_4CrossRefGoogle Scholar
  8. 8.
    Lewko, A., Waters, B.: Unbounded HIBE and attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 547–567. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20465-4_30CrossRefGoogle Scholar
  9. 9.
    Li, J., Chen, X., Chow, S.S., Huang, Q., Wong, D.S., Liu, Z.: Multi-authority fine-grained access control with accountability and its application in cloud. J. Netw. Comput. Appl. 112, 89–96 (2018).  https://doi.org/10.1016/j.jnca.2018.03.006. http://www.sciencedirect.com/science/article/pii/S1084804518300870CrossRefGoogle Scholar
  10. 10.
    Li, Q., Ma, J., Li, R., Liu, X., Xiong, J., Chen, D.: Secure, efficient and revocable multi-authority access control system in cloud storage. Comput. Secur. 59, 45–59 (2016).  https://doi.org/10.1016/j.cose.2016.02.002. http://www.sciencedirect.com/science/article/pii/S0167404816300050CrossRefGoogle Scholar
  11. 11.
    Li, Q., Zhu, H., Xiong, J., Mo, R., Wang, H.: Fine-grained multi-authority access control in IoT-enabled mhealth. Ann. Telecommun. 4, 1–12 (2019)Google Scholar
  12. 12.
    Liu, Z., Cao, Z., Wong, D.S.: White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures. IEEE Trans. Inf. Forensics Secur. 8(1), 76–88 (2013).  https://doi.org/10.1109/TIFS.2012.2223683CrossRefGoogle Scholar
  13. 13.
    Ning, J., Cao, Z., Dong, X., Liang, K., Ma, H., Wei, L.: Auditable \(sigma\)-time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 13(1), 94–105 (2018).  https://doi.org/10.1109/TIFS.2017.2738601CrossRefGoogle Scholar
  14. 14.
    Ning, J., Dong, X., Cao, Z., Wei, L., Lin, X.: White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans. Inf. Forensics Secur. 10(6), 1274–1288 (2015).  https://doi.org/10.1109/TIFS.2015.2405905CrossRefGoogle Scholar
  15. 15.
    Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden encryptor-specified access structures. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 111–129. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68914-0_7CrossRefGoogle Scholar
  16. 16.
    Phuong, T.V.X., Yang, G., Susilo, W.: Hidden ciphertext policy attribute-based encryption under standard assumptions. IEEE Trans. Inf. Forensics Secur. 11(1), 35–45 (2016).  https://doi.org/10.1109/TIFS.2015.2475723CrossRefGoogle Scholar
  17. 17.
    Qi, L., Zhu, H., Ying, Z., Tao, Z.: Traceable ciphertext-policy attribute-based encryption with verifiable outsourced decryption in ehealth cloud. Wirel. Commun. Mob. Comput. 2018, 1–12 (2018)Google Scholar
  18. 18.
    Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, New York, NY, USA, pp. 463–474. ACM (2013).  https://doi.org/10.1145/2508859.2516672
  19. 19.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_27CrossRefGoogle Scholar
  20. 20.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19379-8_4CrossRefGoogle Scholar
  21. 21.
    Xue, K., Xue, Y., Hong, J., Li, W., Yue, H., Wei, D.S.L., Hong, P.: RAAC: robust and auditable access control with multiple attribute authorities for public cloud storage. IEEE Trans. Inf. Forensics Secur. 12(4), 953–967 (2017).  https://doi.org/10.1109/TIFS.2016.2647222CrossRefGoogle Scholar
  22. 22.
    Yang, K., Jia, X., Ren, K.: Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Trans. Parallel Distrib. Syst. 26(12), 3461–3470 (2015).  https://doi.org/10.1109/TPDS.2014.2380373CrossRefGoogle Scholar
  23. 23.
    Yang, Y., Liu, X., Deng, R.H.: Lightweight break-glass access control system for healthcare internet-of-things. IEEE Trans. Ind. Inform. 14, 3610–3617 (2017).  https://doi.org/10.1109/TII.2017.2751640CrossRefGoogle Scholar
  24. 24.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE INFOCOM 2010 Proceedings, pp. 1–9, March 2010.  https://doi.org/10.1109/INFCOM.2010.5462174
  25. 25.
    Zhang, L., Hu, G., Mu, Y., Rezaeibagha, F.: Hidden ciphertext policy attribute-based encryption with fast decryption for personal health record system. IEEE Access 7, 33202–33213 (2019).  https://doi.org/10.1109/ACCESS.2019.2902040CrossRefGoogle Scholar
  26. 26.
    Zhang, Y., Zheng, D., Deng, R.H.: Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J. 5(3), 2130–2145 (2018)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  1. 1.School of Computer ScienceNanjing University of Posts and TelecommunicationsNanjingChina
  2. 2.Jiangsu Key laboratory of Big Data Security and Intelligent ProcessingNanjing University of Posts and TelecommunicationsNanjingChina
  3. 3.National Engineering Laboratory for Wireless SecurityXi’an University of Posts and TelecommunicationsXi’anChina
  4. 4.School of Computer Science and TechnologyXidian UniversityXi’anChina

Personalised recommendations