HTAC: Fine-Grained Policy-Hiding and Traceable Access Control in mHealth

As an emerging cryptographic primitive, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is suitable for the owner to share his personal health records (PHRs) in mobile healthcare systems (mHealth). Before deploying traditional CP-ABE in real mHealth applications, there are three concerns worth considering. First, the scale of pre-defined attribute universe is lack of scalability. Second, the plaintext access policy sent along with the ciphertext would leak the PHR owner’s privacy. Third, it is difficult to identify the malicious user who intentionally disclosed his (partial or modified) private key. In this paper, we present HTAC, a fine-grained policy-hiding and traceable access control scheme for mHealth. In HTAC, the attribute universe is exponentially large and unbounded. Each attribute is expressed by an attribute name and an attribute value. In the encryption phase, the value is hidden in the ciphertext and only the generic attribute name is exposed. The malicious user will be precisely identified by searching the identity linked with the suspicious private key in an identity table. We further extend HTAC by removing the identity table and assigning more explicitly responsibility for the authority and the trace center. Then the storage overhead of tracing the malicious users is constant. The security analysis and performance comparison indicate that HTAC and the extended scheme are secure and practicable for real mHealth.

[1]  Brent Waters,et al.  Practical constructions and new proof methods for large universe attribute-based encryption , 2013, CCS.

[2]  Robert H. Deng,et al.  Blockchain based efficient and robust fair payment for outsourcing services in cloud computing , 2018, Inf. Sci..

[3]  Jianping Fan,et al.  Leveraging Content Sensitiveness and User Trustworthiness to Recommend Fine-Grained Privacy Settings for Social Image Sharing , 2018, IEEE Transactions on Information Forensics and Security.

[4]  Guomin Yang,et al.  Hidden Ciphertext Policy Attribute-Based Encryption Under Standard Assumptions , 2016, IEEE Transactions on Information Forensics and Security.

[5]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[6]  Xiaohua Jia,et al.  Secure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud , 2015 .

[7]  Baocang Wang,et al.  Updatable Ciphertext-Policy Attribute-Based Encryption Scheme With Traceability and Revocability , 2019, IEEE Access.

[8]  Angelo De Caro,et al.  jPBC: Java pairing based cryptography , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[9]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[10]  Syam Kumar Pasupuleti,et al.  Traceable CP-ABE for Outsourced Big Data in Cloud Storage , 2019 .

[11]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[12]  Honghao Gao,et al.  An IoT-based task scheduling optimization scheme considering the deadline and cost-aware scientific workflow for cloud computing , 2019, EURASIP Journal on Wireless Communications and Networking.

[13]  Robert H. Deng,et al.  Security and Privacy in Smart Health: Efficient Policy-Hiding Attribute-Based Access Control , 2018, IEEE Internet of Things Journal.

[14]  Xiaolei Dong,et al.  Auditable $\sigma $ -Time Outsourced Attribute-Based Encryption for Access Control in Cloud Computing , 2018, IEEE Transactions on Information Forensics and Security.

[15]  Yucong Duan,et al.  Transformation-based processing of typed resources for multimedia sources in the IoT environment , 2019, Wireless Networks.

[16]  Rui Li,et al.  Context-Aware QoS Prediction With Neural Collaborative Filtering for Internet-of-Things Services , 2020, IEEE Internet of Things Journal.

[17]  Md Zakirul Alam Bhuiyan,et al.  An AI-Enabled Three-Party Game Framework for Guaranteed Data Privacy in Mobile Edge Crowdsensing of IoT , 2021, IEEE Transactions on Industrial Informatics.

[18]  Hao Yue,et al.  RAAC: Robust and Auditable Access Control With Multiple Attribute Authorities for Public Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.

[19]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[20]  Zhiqiang Yao,et al.  A Task-Oriented User Selection Incentive Mechanism in Edge-Aided Mobile Crowdsensing , 2019, IEEE Transactions on Network Science and Engineering.

[21]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[22]  Zhen Liu,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures , 2013, IEEE Transactions on Information Forensics and Security.

[23]  Allison Bishop,et al.  Unbounded HIBE and Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[24]  Syam Kumar Pasupuleti,et al.  Dynamic traceable CP-ABE with revocation for outsourced big data in cloud storage , 2021, Int. J. Commun. Syst..

[25]  Li Lin,et al.  ms‐PoSW: A multi‐server aided proof of shared ownership scheme for secure deduplication in cloud , 2017, Concurr. Comput. Pract. Exp..

[26]  Robert H. Deng,et al.  Expressive CP-ABE with partially hidden access structures , 2012, ASIACCS '12.

[27]  Hongbo Zhu,et al.  Robust and Scalable Data Access Control in D2D Communications , 2018, IEEE Access.

[28]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[29]  Jianfeng Ma,et al.  Secure, efficient and revocable multi-authority access control system in cloud storage , 2016, Comput. Secur..

[30]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[31]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[32]  Tao Zhang Fairness Guaranteed Rating Decomposition in Service-oriented Reputation Systems , 2018, J. Inf. Sci. Eng..

[33]  Qi Li,et al.  A Personalized Privacy Protection Framework for Mobile Crowdsensing in IIoT , 2020, IEEE Transactions on Industrial Informatics.

[34]  Xiaolei Dong,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes , 2015, IEEE Transactions on Information Forensics and Security.

[35]  Jin Li,et al.  Multi-authority fine-grained access control with accountability and its application in cloud , 2018, J. Netw. Comput. Appl..

[36]  Hongbo Zhu,et al.  Traceable Ciphertext-Policy Attribute-Based Encryption with Verifiable Outsourced Decryption in eHealth Cloud , 2018, Wirel. Commun. Mob. Comput..

[37]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[38]  Robert H. Deng,et al.  Outsourcing Service Fair Payment Based on Blockchain and Its Applications in Cloud Computing , 2018, IEEE Transactions on Services Computing.

[39]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[40]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[41]  Hongbo Zhu,et al.  Fine-grained multi-authority access control in IoT-enabled mHealth , 2019, Ann. des Télécommunications.

[42]  Jianfeng Ma,et al.  Trustworthy service composition with secure data transmission in sensor networks , 2017, World Wide Web.

[43]  Robert H. Deng,et al.  Efficient and Robust Certificateless Signature for Data Crowdsensing in Cloud-Assisted Industrial IoT , 2019, IEEE Transactions on Industrial Informatics.

[44]  Robert H. Deng,et al.  Lightweight Break-Glass Access Control System for Healthcare Internet-of-Things , 2018, IEEE Transactions on Industrial Informatics.