Traceable Ciphertext-Policy Attribute-Based Encryption with Verifiable Outsourced Decryption in eHealth Cloud

In cloud-assisted electronic health care (eHealth) systems, a patient can enforce access control on his/her personal health information (PHI) in a cryptographic way by employing ciphertext-policy attribute-based encryption (CP-ABE) mechanism. There are two features worthy of consideration in real eHealth applications. On the one hand, although the outsourced decryption technique can significantly reduce the decryption cost of a physician, the correctness of the returned result should be guaranteed. On the other hand, the malicious physician who leaks the private key intentionally should be caught. Existing systems mostly aim to provide only one of the above properties. In this work, we present a verifiable and traceable CP-ABE scheme (VTCP-ABE) in eHealth cloud, which simultaneously supports the properties of verifiable outsourced decryption and white-box traceability without compromising the physician’s identity privacy. An authorized physician can obtain an ElGamal-type partial decrypted ciphertext (PDC) element of original ciphertext from the eHealth cloud decryption server (CDS) and then verify the correctness of returned PDC. Moreover, the illegal behaviour of malicious physician can be precisely (white-box) traced. We further exploit a delegation method to help the resource-limited physician authorize someone else to interact with the CDS. The formal security proof and extensive simulations illustrate that our VTCP-ABE scheme is secure, efficient, and practical.

[1]  Vipul Goyal,et al.  Reducing Trust in the PKG in Identity Based Cryptosystems , 2007, CRYPTO.

[2]  李琦 Provably secure unbounded multi-authority ciphertext-policy attribute-based encryption , 2015 .

[3]  Weixin Xie,et al.  Attribute-Based Data Sharing Scheme Revisited in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[4]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[5]  Wei Li,et al.  TMACS: A Robust and Verifiable Threshold Multi-Authority Access Control System in Public Cloud Storage , 2016, IEEE Transactions on Parallel and Distributed Systems.

[6]  Jianfeng Ma,et al.  Secure, efficient and revocable multi-authority access control system in cloud storage , 2016, Comput. Secur..

[7]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[8]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[9]  Zhen Liu,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures , 2013, IEEE Transactions on Information Forensics and Security.

[10]  Xiaolei Dong,et al.  CryptCloud$^+$+: Secure and Expressive Data Access Control for Cloud Storage , 2018, IEEE Transactions on Services Computing.

[11]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[12]  Jin Li,et al.  Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing , 2017, Inf. Sci..

[13]  G. Ravi,et al.  Attribute Based Encryption With Verifiable Outsourced Decryption , 2014 .

[14]  Rui Zhang,et al.  A Blockchain based Access Control System for Cloud Storage , 2019 .

[15]  Xiaolei Dong,et al.  Auditable $\sigma $ -Time Outsourced Attribute-Based Encryption for Access Control in Cloud Computing , 2018, IEEE Transactions on Information Forensics and Security.

[16]  Jianfeng Ma,et al.  Large universe decentralized key-policy attribute-based encryption , 2015, Secur. Commun. Networks.

[17]  Robert H. Deng,et al.  Attribute-Based Encryption With Efficient Verifiable Outsourced Decryption , 2015, IEEE Transactions on Information Forensics and Security.

[18]  Zhenfu Cao,et al.  Accountable Ciphertext-Policy Attribute-Based Encryption Scheme Supporting Public Verifiability and Nonrepudiation , 2016, ProvSec.

[19]  Brent Waters,et al.  Efficient Statically-Secure Large-Universe Multi-Authority Attribute-Based Encryption , 2015, Financial Cryptography.

[20]  Hao Yue,et al.  RAAC: Robust and Auditable Access Control With Multiple Attribute Authorities for Public Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.

[21]  Tsz Hon Yuen,et al.  k-Times Attribute-Based Anonymous Access Control for Cloud Computing , 2015, IEEE Trans. Computers.

[22]  Xiaolei Dong,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes , 2015, IEEE Transactions on Information Forensics and Security.

[23]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[24]  Hyunsoo Kwon,et al.  Efficient Attribute-Based Secure Data Sharing with Hidden Policies and Traceability in Mobile Health Networks , 2016, Mob. Inf. Syst..

[25]  R.T.Subhalakshmi,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption , 2016 .

[26]  Xiaolei Dong,et al.  Traceable CP-ABE with Short Ciphertexts: How to Catch People Selling Decryption Devices on eBay Efficiently , 2016, ESORICS.

[27]  Fuchun Guo,et al.  CP-ABE With Constant-Size Keys for Lightweight Devices , 2014, IEEE Transactions on Information Forensics and Security.

[28]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.