Fine-grained access control of EHRs in cloud using CP-ABE with user revocation

Cloud computing is a novel model for computing and storing. It enables elasticity, on-demand and low-cost usage of computing resources. Electronic health record (EHR) is an emerging patient-oriented paradigm for sharing of medical data. With the arrival of cloud computing, health care industries outsource their EHR to the cloud servers but, at the same time there is increased demand and concern for outsourced EHR’s security also. The major concerns in data outsourcing are the implementation of access policies and policies modification. To address these issues, the optimal solution is Ciphertext Policy Attribute Based Encryption (CP-ABE). CP-ABE allows the patients to describe their own access policies and implement those policies on their data before outsourcing into the cloud servers. But there are major limitations like key escrow and user revocation problems. In this paper, we proposed a modified CP-ABE scheme with user revocation to strengthen data outsourcing system in cloud architecture. The proposed system addresses the key-escrow and revocation problems. 1) The key-escrow problem is solved by using two-authority computation between the key generator authority and cloud server and 2) An immediate attribute modification method is used to achieve fine-grained user revocation. Security analysis and performance evaluation demonstrates that the proposed system is efficient to achieve security in outsourced EHRs in cloud servers.

[1]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[2]  Jessica Staddon,et al.  A content-driven access control system , 2008, IDtrust '08.

[3]  Zhenyu Yang,et al.  LT codes-based secure and reliable cloud storage service , 2012, 2012 Proceedings IEEE INFOCOM.

[4]  Sherman S. M. Chow Removing Escrow from Identity-Based Encryption , 2009, Public Key Cryptography.

[5]  Gandikota Ramu,et al.  Secure architecture to manage EHR’s in cloud using SSE and ABE , 2015, Health and Technology.

[6]  I. Kohane,et al.  Public standards and patients' control: how to keep electronic medical records accessible but private. , 2001, BMJ : British Medical Journal.

[7]  Xiang-Yang Li,et al.  Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption , 2015, IEEE Trans. Inf. Forensics Secur..

[8]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[9]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[10]  Hideki Imai,et al.  Conjunctive Broadcast and Attribute-Based Encryption , 2009, Pairing.

[11]  David Hutchison,et al.  A survey of key management for secure group communication , 2003, CSUR.

[12]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[13]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[14]  Xiaohui Liang,et al.  Provably secure and efficient bounded ciphertext policy attribute based encryption , 2009, ASIACCS '09.

[15]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[16]  Allison Bishop,et al.  Revocation Systems with Very Small Private Keys , 2010, 2010 IEEE Symposium on Security and Privacy.

[17]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[18]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[19]  Amit Sahai,et al.  Bounded Ciphertext Policy Attribute Based Encryption , 2008, ICALP.