A secure cloud framework to share EHRs using modified CP-ABE and the attribute bloom filter

In recent years, the Internet of Things (IoT), cloud computing, and wireless body area networks (WBANs) have converged and become popular due to their potential to improve quality of life. This convergence has greatly promoted the industrialization of e-healthcare. With the flourishing of the e-healthcare industry, full electronic health records (EHRs) are expected to promote preventative health services as well as global health. However, the outsourcing of EHRs to third-party servers, like the cloud, involves many challenges, including securing health information and preserving privacy. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising scheme for storing and sharing information in third-party servers. This scheme enables patients and doctors to encrypt or decrypt their information using access policies defined by attributes. In this scheme, the access policy is tied with the ciphertext in the form of plaintext, which may risk leaking personal patient information. Earlier protocols only partially hide the attribute values in the access policies but leave the attribute names unprotected. To address these security issues, we propose a secure cloud framework using modified CP-ABE and an attribute Bloom filter (ABF). In modified CP-ABE, we can hide the entire attribute, including values, in the access policies. The ABFs assist in data decryption by evaluating the presence of an attribute in the access policy and pointing to its position. Security analysis and performance evaluation demonstrate the efficiency and effectiveness of the proposed framework. Finally, the proposed framework is explored to verify its feasibility.

[1]  Thomas Tolxdorff,et al.  DICOM Image Communication in Globus-Based Medical Grids , 2008, IEEE Transactions on Information Technology in Biomedicine.

[2]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[3]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[4]  Jianfeng Ma,et al.  Secure, efficient and revocable multi-authority access control system in cloud storage , 2016, Comput. Secur..

[5]  Antonio F. Gómez-Skarmeta,et al.  An Architecture Based on Internet of Things to Support Mobility and Security in Medical Environments , 2010, 2010 7th IEEE Consumer Communications and Networking Conference.

[6]  Axel Helmer,et al.  Empowering Patients through Personal Health Records: A Survey of Existing Third-Party Web-Based PHR Products , 2011 .

[7]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[8]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[9]  Wei Xiang,et al.  Big data-driven optimization for mobile networks toward 5G , 2016, IEEE Network.

[10]  Xiaohui Liang,et al.  Secure Threshold Multi Authority Attribute Based Encryption without a Central Authority , 2008, INDOCRYPT.

[11]  Huiqun Yu,et al.  Securing Personal Health Records in the Cloud by Enforcing Sticky Policies , 2013 .

[12]  Soufiene Djahel,et al.  Toward energy-efficient and trustworthy eHealth monitoring system , 2015, China Communications.

[13]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[14]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[15]  Zhen Liu,et al.  Time-Domain Attribute-Based Access Control for Cloud-Based Video Content Sharing: A Cryptographic Approach , 2016, IEEE Transactions on Multimedia.

[16]  Seon-Phil Jeong,et al.  Constructing RBAC Based Security Model in u-Healthcare Service Platform , 2015, TheScientificWorldJournal.

[17]  Bharat K. Bhargava,et al.  SDSS-MAC: Secure data sharing scheme in multi-authority cloud storage systems , 2016, Comput. Secur..

[18]  Xiaodong Lin,et al.  Enabling Fine-grained Access Control with Efficient Attribute Revocation and Policy Updating in Smart Grid , 2015, KSII Trans. Internet Inf. Syst..

[19]  Eunjeong Park,et al.  A Service-Oriented Medical Framework for Fast and Adaptive Information Delivery in Mobile Environment , 2009, IEEE Transactions on Information Technology in Biomedicine.

[20]  Robert H. Deng,et al.  Fully Secure Cipertext-Policy Hiding CP-ABE , 2011, ISPEC.

[21]  Jin Li,et al.  Privacy-Aware Attribute-Based Encryption with User Accountability , 2009, ISC.

[22]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[23]  Robert H. Deng,et al.  Expressive CP-ABE with partially hidden access structures , 2012, ASIACCS '12.

[24]  Akshata Patil,et al.  Expressive, Efficient and Revocable Data Access Control for Multi-Authority Cloud Storage , 2016 .

[25]  Yuguang Fang,et al.  CAM: Cloud-Assisted Privacy Preserving Mobile Health Monitoring , 2013, IEEE Transactions on Information Forensics and Security.

[26]  Laurence T. Yang,et al.  Shared Authority Based Privacy-Preserving Authentication Protocol in Cloud Computing , 2015, IEEE Transactions on Parallel and Distributed Systems.

[27]  Xiaohua Jia,et al.  Secure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud , 2015 .

[28]  Junbeom Hur,et al.  Attribute-Based Secure Data Sharing with Hidden Policies in Smart Grid , 2013, IEEE Transactions on Parallel and Distributed Systems.

[29]  Zhou Su,et al.  Big data in mobile social networks: a QoE-oriented framework , 2016, IEEE Network.

[30]  Yi Yang,et al.  Enabling Fine-Grained Multi-Keyword Search Supporting Classified Sub-Dictionaries over Encrypted Cloud Data , 2016, IEEE Transactions on Dependable and Secure Computing.

[31]  Cong Wang,et al.  A privacy-aware cloud-assisted healthcare monitoring system via compressive sensing , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[32]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[33]  Mikhail J. Atallah,et al.  Attribute-Based Access Control with Hidden Policies and Hidden Credentials , 2006, IEEE Transactions on Computers.

[34]  Joseph K. Liu,et al.  Toward efficient and privacy-preserving computing in big data era , 2014, IEEE Network.

[35]  Hongwei Li,et al.  Engineering searchable encryption of mobile cloud networks: when QoE meets QoP , 2015, IEEE Wireless Communications.

[36]  Zhangdui Zhong,et al.  Challenges on wireless heterogeneous networks for mobile cloud computing , 2013, IEEE Wireless Communications.

[37]  Wenjing Lou,et al.  Attribute-based content distribution with hidden policy , 2008, 2008 4th Workshop on Secure Network Protocols.

[38]  R.T.Subhalakshmi,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption , 2016 .

[39]  Gandikota Ramu,et al.  Secure architecture to manage EHR’s in cloud using SSE and ABE , 2015, Health and Technology.

[40]  Xiaohua Jia,et al.  Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage , 2014, IEEE Transactions on Parallel and Distributed Systems.