Efficient Fine-Grained Data Sharing Mechanism for Electronic Medical Record Systems with Mobile Devices

Sharing digital medical records on public cloud storage via mobile devices facilitates patients (doctors) to get (offer) medical treatment of high quality and efficiency. However, challenges such as data privacy protection, flexible data sharing, efficient authority delegation, computation efficiency optimization, are remaining toward achieving practical fine-grained access control in the Electronic Medical Record (EMR) system. In this work, we propose an innovative access control model and a fine-grained data sharing mechanism for EMR, which simultaneously achieves the above-mentioned features and is suitable for resource-constrained mobile devices. In the model, complex computation is outsourced to public cloud servers, leaving almost no complex computation for the private key generator (PKG), sender and receiver. Additionally, the communication cost of the PKG and users is optimized. Moreover, we develop an extensible library called <inline-formula><tex-math notation="LaTeX">$\mathsf {libabe}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">libabe</mml:mi></mml:math><inline-graphic xlink:href="ma-ieq1-2844814.gif"/></alternatives></inline-formula> that is compatible with Android devices, and the access control mechanism is actually deployed on realistic environment, including public cloud servers, a laptop and an inexpensive mobile phone with constrained resources. The experimental results indicate that the mechanism is efficient, practical and economical.

[1]  Jason Crampton,et al.  A Framework for the Cryptographic Enforcement of Information Flow Policies , 2017, SACMAT.

[2]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[3]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[4]  Xinyi Huang,et al.  Cryptographic Hierarchical Access Control for Dynamic Structures , 2016, IEEE Transactions on Information Forensics and Security.

[5]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[6]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[7]  Hui Ma,et al.  Verifiable and Exculpable Outsourced Attribute-Based Encryption for Access Control in Cloud Computing , 2017, IEEE Transactions on Dependable and Secure Computing.

[8]  Susan Hohenberger,et al.  Key-Private Proxy Re-encryption , 2009, CT-RSA.

[9]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[10]  Fatiha Mrabti,et al.  Efficient secure and privacy preserving data access control scheme for multi-authority personal health record systems in cloud computing , 2016, 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[11]  Jin Li,et al.  Hierarchical and Shared Access Control , 2016, IEEE Transactions on Information Forensics and Security.

[12]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[13]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[14]  Zhong Chen,et al.  Ciphertext Policy Attribute-Based Proxy Re-encryption , 2010, ICICS.

[15]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[16]  Alfredo De Santis,et al.  Key Indistinguishability versus Strong Key Indistinguishability for Hierarchical Key Assignment Schemes , 2016, IEEE Transactions on Dependable and Secure Computing.

[17]  Rui Zhang,et al.  Fine-grained access control system based on fully outsourced attribute-based encryption , 2017, J. Syst. Softw..

[18]  Brent Waters,et al.  Practical constructions and new proof methods for large universe attribute-based encryption , 2013, CCS.

[19]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[20]  Yunlei Zhao,et al.  Generic Construction of Chosen Ciphertext Secure Proxy Re-Encryption , 2012, CT-RSA.

[21]  Anna Lysyanskaya,et al.  How to Securely Outsource Cryptographic Computations , 2005, TCC.

[22]  Jin Li,et al.  Outsourcing Encryption of Attribute-Based Encryption with MapReduce , 2012, ICICS.

[23]  Jin Li,et al.  Securely Outsourcing Attribute-Based Encryption with Checkability , 2014, IEEE Transactions on Parallel and Distributed Systems.

[24]  Jason Crampton,et al.  Access Control in Publicly Verifiable Outsourced Computation , 2015, IACR Cryptol. ePrint Arch..

[25]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[26]  Jianfeng Ma,et al.  New Algorithms for Secure Outsourcing of Modular Exponentiations , 2012, IEEE Transactions on Parallel and Distributed Systems.

[27]  Victor Shoup,et al.  A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[28]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[29]  Xiaolei Dong,et al.  TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[30]  Jason Crampton,et al.  Tree-Based Cryptographic Access Control , 2017, ESORICS.

[31]  Xiaodong Lin,et al.  Fine-grained data sharing in cloud computing for mobile devices , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[32]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[33]  Xiaohui Liang,et al.  Attribute based proxy re-encryption with delegating capabilities , 2009, ASIACCS '09.

[34]  Brent Waters,et al.  Online/Offline Attribute-Based Encryption , 2014, IACR Cryptol. ePrint Arch..

[35]  AtenieseGiuseppe,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006 .