DABEHR: Decentralized Attribute-Based Electronic Health Record System with Constant-Size Storage Complexity

Under the trend of cloud computing, Internet users tend to outsource their electronic personal data to remote cloud to enjoy efficient data storage and processing services. In recent years, Electronic Health Record (EHR) system has been designed to provide cost-effective health-care data management for patients, doctors, and other professional bodies. How to guarantee the security and privacy of personal health data while the record is stored, accessed and shared in open network that has gain widely attention in both academic and industrial communities. Attribute-Based Encryption (ABE), nowadays, is one of the promising techniques to secure personal health record. However, the access expressiveness, storage cost and privacy concern incurred by the usage of EHR systems still cannot be fully tackled by leveraging the existing ABE technologies. In this paper, we, for the first time, propose a novel decentralized key-policy ABE scheme for circuits. Based on the scheme, we build up an EHR system that allows access policy to be extreme expressive, and ciphertext to be maintained in constant level, so that doctors and other professionals can gain access to health record conveniently. Besides, our system supports white-box traceability so that malicious professionals (e.g., the one “selling” the access rights of health record) can be traced and identified. Furthermore, we present the formal security (in the selective-set model) and efficiency analysis for our system.

[1]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[2]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[3]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[4]  Fuchun Guo,et al.  Privacy-Preserving and Regular Language Search Over Encrypted Cloud Data , 2016, IEEE Transactions on Information Forensics and Security.

[5]  Chunhua Su,et al.  Efficient Multi-Function Data Sharing and Searching Mechanism for Cloud-Based Encrypted Data , 2016, AsiaCCS.

[6]  Joseph K. Liu,et al.  A DFA-Based Functional Proxy Re-Encryption Scheme for Secure Public Cloud Data Sharing , 2014, IEEE Transactions on Information Forensics and Security.

[7]  Weixin Xie,et al.  Attribute-Based Data Sharing Scheme Revisited in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[8]  S. Katzenbeisser,et al.  ON MULTI-AUTHORITY CIPHERTEXT-POLICY ATTRIBUTE-BASED ENCRYPTION , 2009 .

[9]  Willy Susilo,et al.  A Ciphertext-Policy Attribute-Based Proxy Re-encryption with Chosen-Ciphertext Security , 2013, 2013 5th International Conference on Intelligent Networking and Collaborative Systems.

[10]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[11]  Tsz Hon Yuen,et al.  Fully Secure Multi-authority Ciphertext-Policy Attribute-Based Encryption without Random Oracles , 2011, ESORICS.

[12]  Ting Wang,et al.  A Cloud-Based Access Control Scheme with User Revocation and Attribute Update , 2016, ACISP.

[13]  Willy Susilo,et al.  Searchable Attribute-Based Mechanism With Efficient Data Sharing for Secure Cloud Storage , 2015, IEEE Transactions on Information Forensics and Security.

[14]  Atsuko Miyaji,et al.  A ciphertext-policy attribute-based encryption scheme with constant ciphertext length , 2009, Int. J. Appl. Cryptogr..

[15]  Zhen Liu,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures , 2013, IEEE Transactions on Information Forensics and Security.

[16]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[17]  Matthew Green,et al.  Securing electronic medical records using attribute-based encryption on mobile devices , 2011, SPSM '11.

[18]  Jie Wu,et al.  Dynamic access policy in cloud-based personal health record (PHR) systems , 2017, Inf. Sci..

[19]  Nuttapong Attrapadung,et al.  Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts , 2011, Public Key Cryptography.

[20]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[21]  Brent Waters,et al.  Attribute-Based Encryption for Circuits from Multilinear Maps , 2012, CRYPTO.

[22]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[23]  Yi Mu,et al.  Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption , 2012, IEEE Trans. Parallel Distributed Syst..

[24]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[25]  Jin Li,et al.  Rekeying for Encrypted Deduplication Storage , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[26]  Vinod Vaikuntanathan,et al.  Attribute-based encryption for circuits , 2013, STOC '13.

[27]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[28]  Peng Jiang,et al.  Secure-channel free keyword search with authorization in manager-centric databases , 2017, Comput. Secur..

[29]  R. Manjula,et al.  Attribute Based Encryption with Fine-grained Access Provision in Cloud Computing , 2016, ICIA.

[30]  Changji Wang,et al.  An Efficient Key-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length , 2013 .

[31]  Xiaolei Dong,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes , 2015, IEEE Transactions on Information Forensics and Security.

[32]  Jianfeng Ma,et al.  Fine-Grained Access Control System Based on Outsourced Attribute-Based Encryption , 2013, ESORICS.

[33]  Milan Petkovic,et al.  Secure management of personal health records by applying attribute-based encryption , 2009, Proceedings of the 6th International Workshop on Wearable, Micro, and Nano Technologies for Personalized Health.

[34]  Mohit Singh,et al.  Approximating Minimum Bounded Degree Spanning Trees to within One of Optimal , 2015, J. ACM.

[35]  Fuchun Guo,et al.  Centralized keyword search on encrypted data for cloud applications , 2016, Secur. Commun. Networks.

[36]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[37]  Joseph K. Liu,et al.  Extended Proxy-Assisted Approach: Achieving Revocable Fine-Grained Encryption of Cloud Data , 2015, ESORICS.