HCBE: Achieving Fine-Grained Access Control in Cloud-Based PHR Systems
With the development of cloud computing, more and more users employ cloud-based personal health record (PHR) systems. The PHR is correlated with patient privacy, and thus research suggested to encrypt PHRs before outsourcing. Comparison-based encryption (CBE) was the first to realize time comparison in attribute-based access policy by means of the forward/backward derivation functions. However, the cost for encryption is linearly with the number of attributes in the access policy. To efficiently realize a fine-grained access control for PHRs in clouds, we propose a hierarchical comparison-based encryption (HCBE) scheme by incorporating an attribute hierarchy into CBE. Specifically, we construct an attribute tree, where the ancestor node is the generalization of the descendant nodes. The HCBE scheme encrypts a ciphertext with a small amount of generalized attributes at a higher level, other than lots of specific attributes at a lower level, largely improving the encryption performance. Furthermore, we encode each attribute node with the positive-negative depth-first (PNDF) coding. By virtue of the backward derivation function of the CBE scheme, the users associated with the specific attributes can decrypt the ciphertext encrypted with the generalized attributes, within the specified time. The experiment results show that the HCBE scheme has better performance in terms of the encryption cost, compared with the CBE scheme.
KeywordsPersonal health record Cloud computing Comparison-based encryption Fine-grained access control Attribute hierarchy
This work was supported in part by NSFC grants 61402161, 614721 3161272546; NSF grants CNS 149860, CNS 1461932, CNS 1460971, CNS 1439672,CNS 1301774, ECCS 1231461, ECCS 1128209, and CNS 1138963.
- 2.Guo, L., Zhang, C., Sun, J., et al.: PAAS: A privacy-preserving attribute-based authentication system for ehealth networks. In: Proceedings of IEEE ICDCS, pp. 224–233 (2012)Google Scholar
- 4.Googlehealth. https://www.google.com/health/
- 5.Healthvault. http://www.healthvault.com/
- 6.Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of ACM CCS, pp. 735–737 (2010)Google Scholar
- 7.Zhu, Y., Hu, H., Ahn, G., et al.: Comparison-based encryption for fine-grained access control in clouds. In: Proceedings of ACM CODASPY, pp. 105–116 (2012)Google Scholar
- 9.Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute based encryption. In: Proceedings of IEEE S&P, pp. 321–349 (2007)Google Scholar
- 10.Jin, J., Ahn, G.-J., Hu, H.: Patient-centric authorization framework for sharing electronic health records. In: Proceedings of ACM SACMAT, pp. 125–134 (2009)Google Scholar
- 11.Benaloh, J., Chase, M., Horvitz, E., Lauter, K.: Patient controlled encryption: ensuring privacy of electronic medical records. In: Proceedings of ACM CCSW, pp. 103–114 (2009)Google Scholar
- 13.Yao, X., Lin, Y., Liu, Q., et al.: Efficient and privacy-preserving search in multi-source personal health record clouds. In: Proceedings of IEEE ISCC (2015, accepted to appear)Google Scholar
- 15.Li, M., Yu, S., Cao, N., et al: Authorized private keyword search over encrypted data in cloud computing. In: Proceedings of IEEE ICDCS, pp. 383–392 (2011)Google Scholar
- 17.Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of ACM CCS, pp. 89–98 (2006)Google Scholar
- 20.Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of IEEE INFOCOM, pp. 534–542 (2010)Google Scholar