KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Coordinated Ciphertext Policy Attribute-based PHR Access Control with User Accountability

  • Lin, Guofeng (Key Lab of Broadband Wireless Communication and Sensor Network Technology, Nanjing University of Posts and Telecommunications) ;
  • You, Lirong (Jiangsu Zhongtian Software Technology Limited Company) ;
  • Hu, Bing (Key Lab of Broadband Wireless Communication and Sensor Network Technology, Nanjing University of Posts and Telecommunications) ;
  • Hong, Hanshu (Key Lab of Broadband Wireless Communication and Sensor Network Technology, Nanjing University of Posts and Telecommunications) ;
  • Sun, Zhixin (Key Lab of Broadband Wireless Communication and Sensor Network Technology, Nanjing University of Posts and Telecommunications)
  • Received : 2017.03.21
  • Accepted : 2017.11.15
  • Published : 2018.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

The personal health record (PHR) system is a promising application that provides precise information and customized services for health care. To flexibly protect sensitive data, attribute-based encryption has been widely applied for PHR access control. However, escrow, exposure and abuse of private keys still hinder its practical application in the PHR system. In this paper, we propose a coordinated ciphertext policy attribute-based access control with user accountability (CCP-ABAC-UA) for the PHR system. Its coordinated mechanism not only effectively prevents the escrow and exposure of private keys but also accurately detects whether key abuse is taking place and identifies the traitor. We claim that CCP-ABAC-UA is a user-side lightweight scheme. Especially for PHR receivers, no bilinear pairing computation is needed to access health records, so the practical mobile PHR system can be realized. By introducing a novel provably secure construction, we prove that it is secure against selectively chosen plaintext attacks. The analysis indicates that CCP-ABAC-UA achieves better performance in terms of security and user-side computational efficiency for a PHR system.

Keywords

References

  1. L. Lanranjo, A. L. Neves, T. Vilanueva, J. Cruz, A. Brito de Sa and C. Sakellarides, "Patient's Access to their Medical Records," Acta Medica Portuguesa, vol. 26, no. 3, pp. 265-270, 2013.
  2. C. Pearce and M. Bainbridge, "A personally Controlled Electronic Health Record for Australia," Journal of the American Medical Informatics Association, vol. 21, no. 4, pp. 707-713, 2014. https://doi.org/10.1136/amiajnl-2013-002068
  3. K. T. Win, "A Review of Security of electronic Health Records," The HIM Journal, vol. 34, no. 1, pp. 13-18, 2005.
  4. A. Sahai and B. Waters, "Fuzzy identity-based encryption," in Proc. of 24th International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457-473, May 22-26, 2005.
  5. M. Pirretti, P. Traynor, P. McDaniel and B. Waters, "Secure attribute-based systems," in Proc. of 13th ACM Conference on Computer and Communications Security, pp. 99-112, October 30-November 03, 2006.
  6. J. Benthencourt, A. Sahai and B. Waters, "Ciphertext-policy attribute-based encryption," in Proc. of 3rd International Conference on Pairing-based Cryptography, pp.321-334, May 20-23, 2007.
  7. J. Lai, R. H. Deng, C. Guan and J. Weng, "Attribute-based encryption with verifiable outsourcing systems," IEEE Trans. Inf. Forens. Security, vol. 8, no. 8, pp. 1343-1354, 2013. https://doi.org/10.1109/TIFS.2013.2271848
  8. M. Green, S. Hohenberger and B. Waters, "Outsourcing the decryption of ABE ciphertexts," in Proc. of 20th USENIX Security Symposium, pp. 34, August 8-12, 2011.
  9. M. S. Ahmad, N. E. Musa, R. Nadarajah, R. Hassan and N. E. Othman, "Comparison between android and iOS Operating System in terms of security," in Proc. of 8th International Conference on Information Technology in Asia, pp. 1-4, July 1-4, 2013.
  10. J. Hur, "Improving security and efficiency in attribute-based data sharing," IEEE Trans. Knowledge and Data Engineering, vol. 25, no. 10, pp. 2271-2282, 2013. https://doi.org/10.1109/TKDE.2011.78
  11. N. Attrapadung and H. Imai, "Conjunctive broadcast and attribute-based encryption," in Proc. of 3rd Int. Conference on Paring-Based Cryptography, pp. 248-265, August 12-14, 2009.
  12. B. Waters, "Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization," in Proc. of 14th Int. Conference on Practice and Theory in Public Key Cryptography, pp. 53-70, March 6-9, 2011.
  13. R. Canetti, H. Krawczyk and J. B. Nielsen, "Relaxing chosen-ciphertext security," in Proc. of 23rd Annual International Cryptology Conference, pp. 565-582, August 17-21, 2003.
  14. V. Goyal, O. Pandey, A. Sahai and B. Waters, "Attribute-based encryption for fine-grained access control of encrypted data," in Proc. of 13th ACM Conference on Computer and Communications Security, pp. 89-98, October 30-November 3, 2006.
  15. G. Wungpornpaiboon and S. Vasupongayya, "Two-layer Ciphertext-Policy Attribute-Based Proxy Re-Encryption for Supporting PHR Delegation," in Proc. of 19th International Computer Science and Engineering Conference, pp. 1-6, November 23-26, 2015.
  16. M. Li, S. Yu, Y. Zheng, K. Ren and W. Lou, "Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption," IEEE Trans. Parallel Distrib. Syst., vol. 24, no. 1, pp. 131-143, 2013. https://doi.org/10.1109/TPDS.2012.97
  17. M. Chase and S. S. M. Chow, "Improving privacy and security in multi-authority attribute-based encryption," in Proc. of 16th ACM Conference on Computer and Communications Security, pp. 121-130, November 9-13, 2009.
  18. G. Zhang, L. Liu and Y. Liu, "An attribute-based encryption scheme secure against malicious KGC," in Proc. of 11th IEEE Conference on Trust, Security and Privacy in Computing and Communications, pp. 1376-1380, June 25-27, 2012.
  19. P. P. Chandar, D. Mutkurman and M. Rathinrai, "Hierarchical attribute based proxy re-encryption access control in cloud computing," in Proc. of International Conference in Circuits, Power and Computing Technologies, pp. 1565-1570, March 20-21, 2014.
  20. F. Xhafa, J. F. Wang, X. F. Chen, J. K. Liu, J. Li and P. Krause, "An Efficient PHR Service System Supporting Fuzzy Keyword Search and Fine-Grained Access Control," Soft Computing, vol. 18, no. 9, pp. 1795-1802, 2014. https://doi.org/10.1007/s00500-013-1202-8
  21. S. S. M. Chow, "Removing escrow from identity-based encryption," in Proc. of 12th International Conference on Practice and Theory in Public Key Cryptography, pp. 256-276, March 18-20, 2009.
  22. A. Roehrs, C. A. da Costa, K. S. F. de Oliveira, "Personal Health Records: A Systematic Literature Review," Journal of Medical Internet Research, vol. 19, no. 1, pp. 100-120, 2017. https://doi.org/10.2196/jmir.6898
  23. T. S. Chen, C. H. Liu, C. S. Chen, J. G. Bau and T. C. Lin, "Secure Dynamic Access Control Scheme of PHR in Cloud Computing," Journal of Medical System, vol. 26, no. 6, pp. 4005-4020, 2012.
  24. H. L. Qian, J. G. Li, Y. C. Zhang and J. G. Han, "Privacy Preserving Personal Health Record Using Multi-Authority Attribute-Based Encryption with Revocation," International Journal of Information Security, vol. 14, no. 6, pp. 487-497, 2015. https://doi.org/10.1007/s10207-014-0270-9
  25. F. Xhafa, J. Feng and Y. Zhang, "Privacy-Aware Attribute-Based PHR Sharing with User Accountability in Cloud Computing," Journal of Supercomputing, vol. 71, no. 5, pp. 1607-1619, 2015. https://doi.org/10.1007/s11227-014-1253-3
  26. H. Hong, D. Chen and Z. Sun, "A Practical Application of CP-ABE for Mobile PHR System: A Study on User Accountability," SpringerPlus, vol. 5, no. 1, pp. 1320, 2016. https://doi.org/10.1186/s40064-016-3002-y
  27. B. Qin, H. Deng, Q. H. Wu, J. Domingo-Ferrer, D. Naccache and Y. Y. Zhou, "Flexible Attribute-Based Encryption Applicable to Secure E-Healthcare Records," International Journal of Information Security, vol. 14, no. 6, pp. 499-511, 2015. https://doi.org/10.1007/s10207-014-0272-7
  28. L. Zhang, Q. Wu, Y. Mu and J. Zhang, "Privacy-Preserving and Secure Sharing of PHR in the Cloud," Journal of Medical Systems, vol. 40, no. 12, pp. 267, 2016. https://doi.org/10.1007/s10916-016-0595-1
  29. Y. Sreenivasa. Rao, "A secure and efficient Ciphertext-Policy Attribute-Based Signcryption for Personal Health Records sharing in cloud computing," Future Generation Computer Systems, vol. 67, pp. 133-151, 2017. https://doi.org/10.1016/j.future.2016.07.019
  30. Y. B. Miao, J. F. Ma, X. Liu, F. S. Wei, Z. Q. Liu and X. A. Wang, "m(2)-ABKS: Attribute-Based Multi-Keyword Search over Encrypted Personal Health Records in Multi-Owner Setting," Journal of Medical Systems, vol. 40, no. 11, pp. 246, 2016. https://doi.org/10.1007/s10916-016-0617-z
  31. N. Fernandez, D. J. Copenhaver, D. K. Vawdrey, H. Kotchoubey and M. S. Stockwell, "Smartphone Use Among Postpartum Women and Implications for Personal Health Record Utilization," Clinical Pediatrics, vol. 56, no. 4, pp. 376-381, 2017. https://doi.org/10.1177/0009922816673438
  32. M. Bachiri, A. Idri, J. L. Fernandez-Aleman and A. Toval, "Mobile personal health records for pregnancy monitoring functionalities: Analysis and potential," Computer Methods and Programs in Biomedicine, vol. 134, pp. 121-135, 2016. https://doi.org/10.1016/j.cmpb.2016.06.008
  33. H. Yoo and K. Chung, "PHR Based Diabetes Index Service Model Using Life Behavior Analysis," Wireless Personal Communications, vol. 93, no. 1, pp. 161-174, 2017. https://doi.org/10.1007/s11277-016-3715-9

Cited by

  1. F2P-ABS: A Fast and Secure Attribute-Based Signature for Mobile Platforms vol.2019, pp.None, 2018, https://doi.org/10.1155/2019/5380710