HCBE: Achieving Fine-Grained Access Control in Cloud-Based PHR Systems

  • Xuhui Liu
  • Qin LiuEmail author
  • Tao Peng
  • Jie Wu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9530)


With the development of cloud computing, more and more users employ cloud-based personal health record (PHR) systems. The PHR is correlated with patient privacy, and thus research suggested to encrypt PHRs before outsourcing. Comparison-based encryption (CBE) was the first to realize time comparison in attribute-based access policy by means of the forward/backward derivation functions. However, the cost for encryption is linearly with the number of attributes in the access policy. To efficiently realize a fine-grained access control for PHRs in clouds, we propose a hierarchical comparison-based encryption (HCBE) scheme by incorporating an attribute hierarchy into CBE. Specifically, we construct an attribute tree, where the ancestor node is the generalization of the descendant nodes. The HCBE scheme encrypts a ciphertext with a small amount of generalized attributes at a higher level, other than lots of specific attributes at a lower level, largely improving the encryption performance. Furthermore, we encode each attribute node with the positive-negative depth-first (PNDF) coding. By virtue of the backward derivation function of the CBE scheme, the users associated with the specific attributes can decrypt the ciphertext encrypted with the generalized attributes, within the specified time. The experiment results show that the HCBE scheme has better performance in terms of the encryption cost, compared with the CBE scheme.


Personal health record Cloud computing Comparison-based encryption Fine-grained access control Attribute hierarchy 



This work was supported in part by NSFC grants 61402161, 614721 3161272546; NSF grants CNS 149860, CNS 1461932, CNS 1460971, CNS 1439672,CNS 1301774, ECCS 1231461, ECCS 1128209, and CNS 1138963.


  1. 1.
    Tang, P., Ash, J., Bates, D., et al.: Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption. J. Am. Med. Inf. Assoc. 13(2), 121–126 (2006)CrossRefGoogle Scholar
  2. 2.
    Guo, L., Zhang, C., Sun, J., et al.: PAAS: A privacy-preserving attribute-based authentication system for ehealth networks. In: Proceedings of IEEE ICDCS, pp. 224–233 (2012)Google Scholar
  3. 3.
    Armbrust, M., Fox, A., Griffith, R., et al.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)CrossRefGoogle Scholar
  4. 4.
  5. 5.
  6. 6.
    Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of ACM CCS, pp. 735–737 (2010)Google Scholar
  7. 7.
    Zhu, Y., Hu, H., Ahn, G., et al.: Comparison-based encryption for fine-grained access control in clouds. In: Proceedings of ACM CODASPY, pp. 105–116 (2012)Google Scholar
  8. 8.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  9. 9.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute based encryption. In: Proceedings of IEEE S&P, pp. 321–349 (2007)Google Scholar
  10. 10.
    Jin, J., Ahn, G.-J., Hu, H.: Patient-centric authorization framework for sharing electronic health records. In: Proceedings of ACM SACMAT, pp. 125–134 (2009)Google Scholar
  11. 11.
    Benaloh, J., Chase, M., Horvitz, E., Lauter, K.: Patient controlled encryption: ensuring privacy of electronic medical records. In: Proceedings of ACM CCSW, pp. 103–114 (2009)Google Scholar
  12. 12.
    Li, M., Yu, S., Ren, K., Lou, W.: Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 89–106. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  13. 13.
    Yao, X., Lin, Y., Liu, Q., et al.: Efficient and privacy-preserving search in multi-source personal health record clouds. In: Proceedings of IEEE ISCC (2015, accepted to appear)Google Scholar
  14. 14.
    Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  15. 15.
    Li, M., Yu, S., Cao, N., et al: Authorized private keyword search over encrypted data in cloud computing. In: Proceedings of IEEE ICDCS, pp. 383–392 (2011)Google Scholar
  16. 16.
    Okamoto, T., Takashima, K.: Hierarchical predicate encryption for inner-products. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 214–231. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  17. 17.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of ACM CCS, pp. 89–98 (2006)Google Scholar
  18. 18.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  19. 19.
    Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 568–588. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  20. 20.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of IEEE INFOCOM, pp. 534–542 (2010)Google Scholar
  21. 21.
    Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 360–379. Springer, Heidelberg (2008) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.College of Computer Science and Electronic EngineeringHunan UniversityChangshaPeople’s Republic of China
  2. 2.School of Information Science and EngineeringCentral South UniversityChangshaPeople’s Republic of China
  3. 3.Department of Computer and Information SciencesTemple UniversityPhiladelphiaUSA

Personalised recommendations