Secure Fine-grained Attribute-based Access Control with Hidden Policy for Electronic Health Record System

Electronic health record system (EHRs) has become an important part of medical system, which has more meaningful benefits compared with paper-based records. However, how to conduct secure fine-grained access control remains challenging. Although ciphertext-policy attribute-based encryption (CP-ABE) is a promising candidate for solving the above challenges. It is still not suitable for EHRs when considering privacy preserving. The access policy is uploaded to cloud in plaintext form, which may leak sensitive personal privacy. In this paper, we present a secure fine-grained attribute-based access control with hidden policy for electronic health record system. In the proposed scheme, a novel attribute name randomization scheme is designed to randomize each entity’s attribute names. Therefore, each entity’s attribute name set is different and unreadable. In addition, we utilize garbled bloom filter (GBF) to hide necessary values which are used to help decrypt ciphertext. At the same time, only user has corresponding secret keys can he reveal the hidden values. Moreover, security and performance analysis demonstrate that our scheme is secure and privacy-preserving with low overhead.

[1]  Astrid M. van Ginneken,et al.  The computerized patient record: balancing effort and benefit , 2002, Int. J. Medical Informatics.

[2]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[3]  Jian Shen,et al.  A Novel Security Scheme Based on Instant Encrypted Transmission for Internet of Things , 2018, Secur. Commun. Networks.

[4]  Arshdeep Bahga,et al.  A Cloud-based Approach for Interoperable Electronic Health Records (EHRs) , 2013, IEEE Journal of Biomedical and Health Informatics.

[5]  D. Bates,et al.  Electronic health record use and the quality of ambulatory care in the United States. , 2007, Archives of internal medicine.

[6]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[7]  Wei Li,et al.  TMACS: A Robust and Verifiable Threshold Multi-Authority Access Control System in Public Cloud Storage , 2016, IEEE Transactions on Parallel and Distributed Systems.

[8]  Changyu Dong,et al.  When private set intersection meets big data: an efficient and scalable protocol , 2013, CCS.

[9]  Zhiwei Zhang,et al.  Hierarchical Access Control with Scalable Data Sharing in Cloud Storage , 2019 .

[10]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[11]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[12]  Jian Shen,et al.  User Collusion Avoidance CP-ABE With Efficient Attribute Revocation for Cloud Storage , 2018, IEEE Systems Journal.

[13]  Weixin Xie,et al.  An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[14]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[15]  Kaija Saranto,et al.  Definition, structure, content, use and impacts of electronic health records: A review of the research literature , 2008, Int. J. Medical Informatics.

[16]  Robert H. Deng,et al.  Fully Secure Cipertext-Policy Hiding CP-ABE , 2011, ISPEC.

[17]  Jin Li,et al.  Privacy-Aware Attribute-Based Encryption with User Accountability , 2009, ISC.

[18]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[19]  Fuchun Guo,et al.  CP-ABE With Constant-Size Keys for Lightweight Devices , 2014, IEEE Transactions on Information Forensics and Security.

[20]  Xiaohua Jia,et al.  Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage , 2014, IEEE Transactions on Parallel and Distributed Systems.

[21]  David W. Bates,et al.  White Paper: Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption , 2006, J. Am. Medical Informatics Assoc..

[22]  Qiang Zhao,et al.  Security access control policy of information system under multi-domain mode , 2018, Int. J. Internet Protoc. Technol..

[23]  Kaiping Xue,et al.  Combining Data Owner-Side and Cloud-Side Access Control for Encrypted Cloud Storage , 2018, IEEE Transactions on Information Forensics and Security.

[24]  Changji Wang,et al.  An IND-CCA2 Secure Key-Policy Attribute Based Key Encapsulation Scheme , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[25]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[26]  Jian Shen,et al.  Secure Access Control of E-Health System with Attribute-Based Encryption , 2016, Intell. Autom. Soft Comput..

[27]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[28]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.