Efficient Fine-Grained Access Control for Secure Personal Health Records in Cloud Computing

  • Kai He
  • Jian WengEmail author
  • Joseph K. Liu
  • Wanlei Zhou
  • Jia-Nan Liu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9955)


In this paper, we propose an efficient fine-grained access control system for secure Personal Health Records (PHRs) in cloud computing. In this system, the patients have fine-grained access control for their health records. The underlying primitive of this system is a newly designed identity-based conditional proxy re-encryption scheme with chosen-ciphertext security, which is the first of its kind that achieves the highest security level. It is also highly efficient. The public parameters size and also, the private key and ciphertext size are constant and our experimental results indicate that the computational cost does not rely on the message size.


Personal health records Cloud computing Fine-grained access control Chosen-ciphertext security 



This work was supported by National Science Foundation of China (Grant Nos. 61272413, 61133014, 61272415 and 61472165), Research Fund for the Doctoral Program of Higher Education of China (Grant No. 20134401110011), the 2016 special fund for Applied Science & Technology Development and Transformation of Major Scientific and Technological Achievements, the fund for Zhuhai City Predominant Disciplines, and the Open Project Program of the Guangdong Provincial Big Data Collaborative Innovation Center.


  1. 1.
    Canetti, R., Hohenberger, S.: Chosen-ciphertext secure proxy re-encryption. In: Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, 28–31 October 2007, pp. 185–194 (2007)Google Scholar
  2. 2.
    De Caro, A., Iovino, V.: jPBC: Java pairing based cryptography. In: Proceedings of the 16th IEEE Symposium on Computers andCommunications, ISCC 2011, Kerkyra, Corfu, Greece, 28 June – 1 July 2011, pp. 850–855 (2011)Google Scholar
  3. 3.
    Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, 9–13 November 2009, pp. 121–130 (2009)Google Scholar
  4. 4.
    Chow, S.S.M., Weng, J., Yang, Y., Deng, R.H.: Efficient unidirectional proxy re-encryption. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 316–332. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-12678-9_19 CrossRefGoogle Scholar
  5. 5.
    Chu, C.-K., Weng, J., Chow, S.S.M., Zhou, J., Deng, R.H.: Conditional proxy broadcast re-encryption. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 327–342. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-02620-1_23 CrossRefGoogle Scholar
  6. 6.
    Deng, R.H., Weng, J., Liu, S., Chen, K.: Chosen-ciphertext secure proxy re-encryption without pairings. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 1–17. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-89641-8_1 CrossRefGoogle Scholar
  7. 7.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Fernandes, D.A.B., Soares, L.F.B., Gomes, J.V.P., Freire, M.M., Inácio, P.R.M.: Security issues in cloud environments: a survey. Int. J. Inf. Sec. 13(2), 113–170 (2014)CrossRefGoogle Scholar
  9. 9.
    Gouglidis, A., Mavridis, I., Vincent, C.H.: Security policy verification for multi-domains in cloud systems. Int. J. Inf. Sec. 13(2), 97–111 (2014)CrossRefGoogle Scholar
  10. 10.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, VA, USA, 30 October – 3 November 2006, pp. 89–98 (2006)Google Scholar
  11. 11.
    Hanaoka, G., Kawai, Y., Kunihiro, N., Matsuda, T., Weng, J., Zhang, R., Zhao, Y.: Generic construction of chosen ciphertext secure proxy re-encryption. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 349–364. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-27954-6_22 CrossRefGoogle Scholar
  12. 12.
    Huang, K.-H., Chang, E.-C., Wang, S.-J.: A patient-centric access control scheme for personal health records in the cloud. In: 2013 Fourth International Conference on Networking and Distributed Computing (ICNDC), pp. 85–88, December 2013Google Scholar
  13. 13.
    Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)CrossRefGoogle Scholar
  14. 14.
    Ibraimi, L., Asim, M., Petkovic, M.: Secure management of personal health records by applying attribute-based encryption. In: 2009 6th International Workshop on Wearable Micro and Nano Technologies for Personalized Health (pHealth), pp. 71–74, June 2009Google Scholar
  15. 15.
    Isshiki, T., Nguyen, M.H., Tanaka, K.: Proxy re-encryption in a stronger security model extended from CT-RSA2012. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 277–292. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36095-4_18 CrossRefGoogle Scholar
  16. 16.
    Leng, C., Huiqun, Y., Wang, J., Huang, J.: Securing personal health records in the cloud by enforcing sticky policies. TELKOMNIKA Indonesian J. Electr. Eng. 11(4), 2200–2208 (2013)Google Scholar
  17. 17.
    Li, J., Chen, X., Li, J., Jia, C., Ma, J., Lou, W.: Fine-grained access control system based on outsourced attribute-based encryption. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 592–609. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40203-6_33 CrossRefGoogle Scholar
  18. 18.
    Li, M., Yu, S., Ren, K., Lou, W.: Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 89–106. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-16161-2_6 CrossRefGoogle Scholar
  19. 19.
    Li, M., Shucheng, Y., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)CrossRefGoogle Scholar
  20. 20.
    Liang, K., Chu, C.-K., Tan, X., Wong, D.S., Tang, C., Zhou, J.: Chosen-ciphertext secure multi-hop identity-based conditional proxy re-encryption with constant-size ciphertexts. Theor. Comput. Sci. 539, 87–105 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Liang, K., Liu, Z., Tan, X., Wong, D.S., Tang, C.: A CCA-secure identity-based conditional proxy re-encryption without random oracles. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 231–246. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-37682-5_17 CrossRefGoogle Scholar
  22. 22.
    Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 360–379. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78440-1_21 CrossRefGoogle Scholar
  23. 23.
    Matsuda, T., Nishimaki, R., Tanaka, K.: CCA proxy re-encryption without bilinear maps in the standard model. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 261–278. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13013-7_16 CrossRefGoogle Scholar
  24. 24.
    Narayan, S., Gagné, M., Safavi-Naini, R.: Privacy preserving EHR system using attribute-based infrastructure. In: Proceedings of the 2nd ACM Cloud Computing Security Workshop, CCSW 2010, Chicago, IL, USA, 8 October 2010, pp. 47–52 (2010)Google Scholar
  25. 25.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). doi: 10.1007/11426639_27 CrossRefGoogle Scholar
  26. 26.
    Shao, J., Wei, G., Ling, Y., Xie, M.: Identity-based conditional proxy re-encryption. In: Proceedings of IEEE International Conference onCommunications, ICC 2011, Kyoto, Japan, 5–9 June 2011, pp. 1–5 (2011)Google Scholar
  27. 27.
    Smith, E., Eloff, H.P.: Security in health-care information systemscurrent trends. Int. J. Med. Inform. 54(1), 39–54 (1999)CrossRefGoogle Scholar
  28. 28.
    Wang, C.-J., Xu, X.-L., Shi, D.-Y., Lin, W.-L.: An efficient cloud-based personal health records system using attribute-based encryption and anonymous multi-receiver identity-based encryption. In: 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, Guangdong, China, 8–10 November 2014, pp. 74–81 (2014)Google Scholar
  29. 29.
    Wang, S., Liang, K., Liu, J.K., Chen, J., Jianping, Y., Xie, W.: Attribute-based data sharing scheme revisited in cloud computing. IEEE Trans. Inf. Forensics Secur. 11(8), 1661–1673 (2016)CrossRefGoogle Scholar
  30. 30.
    Wang, S., Zhou, J., Liu, J.K., Jianping, Y., Chen, J., Xie, W.: An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans. Inf. Forensics Secur. 11(6), 1265–1277 (2016)CrossRefGoogle Scholar
  31. 31.
    Weng, J., Chen, M.-R., Yang, Y., Deng, R.H., Chen, K., Bao, F.: CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles. Sci. China Inf. Sci. 53(3), 593–606 (2010)MathSciNetCrossRefGoogle Scholar
  32. 32.
    Weng, J., Deng, R.H., Ding, X., Chu, C-K., Lai, J.: Conditional proxy re-encryption secure against chosen-ciphertext attack. In: Proceedings of the 2009 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2009, Sydney, Australia, 10–12 March 2009, pp. 322–332 (2009)Google Scholar
  33. 33.
    Weng, J., Yang, Y., Tang, Q., Deng, R.H., Bao, F.: Efficient conditional proxy re-encryption with chosen-ciphertext security. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 151–166. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04474-8_13 CrossRefGoogle Scholar
  34. 34.
    Weng, J., Zhao, Y., Hanaoka, G.: On the security of a bidirectional proxy re-encryption scheme from PKC 2010. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 284–295. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19379-8_18 CrossRefGoogle Scholar
  35. 35.
    Yang, K., Jia, X., Ren, K.: Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In: 8th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2013, Hangzhou, China, 08–10 May 2013, pp. 523–528 (2013)Google Scholar
  36. 36.
    Yang, Y., Lu, H., Weng, J., Zhang, Y., Sakurai, K.: Fine-grained conditional proxy re-encryption and application. In: Chow, S.S.M., Liu, J.K., Hui, L.C.K., Yiu, S.M. (eds.) ProvSec 2014. LNCS, vol. 8782, pp. 206–222. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-12475-9_15 Google Scholar
  37. 37.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control incloud computing. In: 29th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2010, San Diego, CA, USA, 15–19 March 2010, pp. 534–542 (2010)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Kai He
    • 1
    • 2
  • Jian Weng
    • 1
    • 3
    Email author
  • Joseph K. Liu
    • 2
  • Wanlei Zhou
    • 4
  • Jia-Nan Liu
    • 1
  1. 1.Department of Computer ScienceJinan UniversityGuangzhouChina
  2. 2.Faculty of Information TechnologyMonash UniversityMelbourneAustralia
  3. 3.Guangdong Provincial Big Data Collaborative Innovation CenterShenzhen UniversityShenzhenChina
  4. 4.School of Information TechnologyDeakin UniversityMelbourneAustralia

Personalised recommendations