Privacy-Preserving and Secure Sharing of PHR in the Cloud

As a new summarized record of an individual’s medical data and information, Personal Health Record (PHR) can be accessible online. The owner can control fully his/her PHR files to be shared with different users such as doctors, clinic agents, and friends. However, in an open network environment like in the Cloud, these sensitive privacy information may be gotten by those unauthorized parties and users. In this paper, we consider how to achieve PHR data confidentiality and provide fine-grained access control of PHR files in the public Cloud based on Attribute Based Encryption(ABE). Differing from previous works, we also consider the privacy preserving of the receivers since the attributes of the receivers relate to their identity or medical information, which would make some sensitive data exposed to third services. Anonymous ABE(AABE) not only enforces the security of PHR of the owners but also preserves the privacy of the receivers. But a normal AABE with a single private key generation(PKG) center may not match a PHR system in the hierarchical architecture. Therefore, we discuss not only the construction of the PHR sharing system base on AABE but also how to construct the PHR sharing system based on the hierarchical AABE. The proposed schemes(especially based on hierarchical AABE) have many advantages over the available such as short public keys, constant-size private keys, which overcome the weaknesses in the existing works. In the standard model, the introduced schemes achieve compact security in the prime order groups.

[1]  Wenjing Lou,et al.  Attribute-based content distribution with hidden policy , 2008, 2008 4th Workshop on Secure Network Protocols.

[2]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[3]  Sangeetha Dhamodaran,et al.  Enhanced Security of PHR System in Cloud Using Prioritized Level Based Encryption , 2014, SNDS.

[4]  Attila A. Yavuz,et al.  Lattice-Based Public Key Encryption with Keyword Search , 2017, IACR Cryptol. ePrint Arch..

[5]  Anish Mathuria,et al.  On Anonymous Attribute Based Encryption , 2015, ICISS.

[6]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[7]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[8]  Tanja Lange,et al.  Pairing-Based Cryptography , 2005, Handbook of Elliptic and Hyperelliptic Curve Cryptography.

[9]  Sherali Zeadally,et al.  Anonymous Authentication for Wireless Body Area Networks With Provable Security , 2017, IEEE Systems Journal.

[10]  Milan Petkovic,et al.  Secure management of personal health records by applying attribute-based encryption , 2009, Proceedings of the 6th International Workshop on Wearable, Micro, and Nano Technologies for Personalized Health.

[11]  Reihaneh Safavi-Naini,et al.  Privacy preserving EHR system using attribute-based infrastructure , 2010, CCSW '10.

[12]  David W. Bates,et al.  White Paper: Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption , 2006, J. Am. Medical Informatics Assoc..

[13]  Yuguang Fang,et al.  Cross-Domain Data Sharing in Distributed Electronic Health Record Systems , 2010, IEEE Transactions on Parallel and Distributed Systems.

[14]  Dario Fiore,et al.  Verifiable Random Functions from Identity-Based Key Encapsulation , 2009, EUROCRYPT.

[15]  Debiao He,et al.  One-to-many authentication for access control in mobile pay-TV systems , 2016, Science China Information Sciences.

[16]  Ninghui Li,et al.  Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security , 2013, ASIACCS 2013.

[17]  Juyul Lee,et al.  Asymptotically optimal policies for hard-deadline scheduling over fading channels , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[18]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[19]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[20]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[21]  Sean W. Smith,et al.  Attribute-Based Publishing with Hidden Credentials and Hidden Policies , 2007, NDSS.

[22]  Dong Hoon Lee,et al.  Anonymous HIBE: Compact Construction Over Prime-Order Groups , 2013, IEEE Trans. Inf. Theory.

[23]  Jin Li,et al.  Privacy-Aware Attribute-Based Encryption with User Accountability , 2009, ISC.

[24]  V. S. Kadam,et al.  Attribute based encryption for securing personal health record on cloud , 2014, 2014 2nd International Conference on Devices, Circuits and Systems (ICDCS).

[25]  M. Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2008, Journal of Cryptology.

[26]  Sherali Zeadally,et al.  Certificateless Public Auditing Scheme for Cloud-Assisted Wireless Body Area Networks , 2018, IEEE Systems Journal.

[27]  Han-Yu Lin,et al.  Secure PHR Access Control Scheme for Healthcare Application Clouds , 2013, 2013 42nd International Conference on Parallel Processing.

[28]  Xiaohu You,et al.  Impact of RF mismatches on the performance of massive MIMO systems with ZF precoding , 2016, Science China Information Sciences.

[29]  Jin Li,et al.  Anonymous attribute-based encryption supporting efficient decryption test , 2013, ASIA CCS '13.

[30]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[31]  Jie Wu,et al.  HCBE: Achieving Fine-Grained Access Control in Cloud-Based PHR Systems , 2015, ICA3PP.

[32]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[33]  Fatos Xhafa,et al.  Privacy-aware attribute-based PHR sharing with user accountability in cloud computing , 2014, The Journal of Supercomputing.

[34]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[35]  R.T.Subhalakshmi,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption , 2016 .

[36]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[37]  Matthew Green,et al.  Self-Protecting Electronic Medical Records Using Attribute-Based Encryption , 2010, IACR Cryptol. ePrint Arch..