TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems

Cloud-assisted e-healthcare systems significantly facilitate the patients to outsource their personal health information (PHI) for medical treatment of high quality and efficiency. Unfortunately, a series of unaddressed security and privacy issues dramatically impede its practicability and popularity. In e-healthcare systems, it is expected that only the primary physicians responsible for the patients treatment can not only access the PHI content but verify the real identity of the patient. Secondary physicians participating in medical consultation and/or research tasks, however, are only permitted to view or use the content of the protected PHI, while unauthorized entities cannot obtain anything. Existing work mainly focuses on patients conditional identity privacy by exploiting group signatures, which are very computationally costly. In this paper, we propose a white-box traceable and revocable multi-authority attribute-based encryption named TR-MABE to efficiently achieve multilevel privacy preservation without introducing additional special signatures. It can efficiently prevent secondary physicians from knowing the patients identity. Also, it can efficiently track the physicians who leak secret keys used to protect patients identity and PHI. Finally, formal security proof and extensive simulations demonstrate the effectiveness and practicability of our proposed TR-MABE in e-healthcare cloud computing systems.

[1]  Jun Zhou,et al.  PSMPA: Patient Self-Controllable and Multi-Level Privacy-Preserving Cooperative Authentication in Distributedm-Healthcare Cloud Computing System , 2015, IEEE Transactions on Parallel and Distributed Systems.

[2]  Feike W. Dillema,et al.  Rendezvous-based access control for medical records in the pre-hospital environment , 2007, HealthNet '07.

[3]  Stuart E. Schechter,et al.  Anonymous Authentication of Membership in Dynamic Groups , 1999, Financial Cryptography.

[4]  Yunhao Liu,et al.  Pseudo Trust: Zero-Knowledge Authentication in Anonymous P2Ps , 2008, IEEE Transactions on Parallel and Distributed Systems.

[5]  Cong Wang,et al.  Privacy-Preserving Query over Encrypted Graph-Structured Data in Cloud Computing , 2011, 2011 31st International Conference on Distributed Computing Systems.

[6]  Xiaolei Dong,et al.  Securing m-healthcare social networks: challenges, countermeasures and future directions , 2013, IEEE Wireless Communications.

[7]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[8]  Zhen Liu,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures , 2013, IEEE Transactions on Information Forensics and Security.

[9]  Azzedine Boukerche,et al.  A secure mobile healthcare system using trust-based multicast scheme , 2009, IEEE Journal on Selected Areas in Communications.

[10]  2015 IEEE Conference on Computer Communications, INFOCOM 2015, Kowloon, Hong Kong, April 26 - May 1, 2015 , 2015, IEEE Conference on Computer Communications.

[11]  Dario Salvi,et al.  A new solution for a heart failure monitoring system based on wearable and information technologies , 2006, International Workshop on Wearable and Implantable Body Sensor Networks (BSN'06).

[12]  Xiaohui Liang,et al.  Short Group Signature Without Random Oracles , 2007, ICICS.

[13]  Daniel Slamanig,et al.  Anonymity and Application Privacy in Context of Mobile Computing in eHealth , 2008, Mobile Response.

[14]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[15]  Xiaohui Liang,et al.  A Secure Handshake Scheme with Symptoms-Matching for mHealthcare Social Network , 2011, Mob. Networks Appl..

[16]  Jelena V. Misic,et al.  Implementation of security policy for clinical information systems over wireless sensor networks , 2007, Ad Hoc Networks.

[17]  Brent Waters,et al.  Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption , 2012, IACR Cryptol. ePrint Arch..

[18]  Ilias Iakovidis,et al.  Towards personal health record: current situation, obstacles and trends in implementation of electronic healthcare record in Europe , 1998, Int. J. Medical Informatics.

[19]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[20]  Yuguang Fang,et al.  Cross-Domain Data Sharing in Distributed Electronic Health Record Systems , 2010, IEEE Transactions on Parallel and Distributed Systems.

[21]  Thomas Neubauer,et al.  A Secure e-Health Architecture based on the Appliance of Pseudonymization , 2008, J. Softw..

[22]  Yuguang Fang,et al.  HCPP: Cryptography Based Secure EHR System for Patient Privacy and Emergency Healthcare , 2011, 2011 31st International Conference on Distributed Computing Systems.

[23]  Tsz Hon Yuen,et al.  Fully Secure Multi-authority Ciphertext-Policy Attribute-Based Encryption without Random Oracles , 2011, ESORICS.

[24]  Xiaodong Lin,et al.  Sage: a strong privacy-preserving scheme against global eavesdropping for ehealth systems , 2009, IEEE Journal on Selected Areas in Communications.

[25]  Wenjing Lou,et al.  FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks , 2009, IEEE INFOCOM 2009.