Browse > Article
http://dx.doi.org/10.3837/tiis.2018.04.024

A Coordinated Ciphertext Policy Attribute-based PHR Access Control with User Accountability  

Lin, Guofeng (Key Lab of Broadband Wireless Communication and Sensor Network Technology, Nanjing University of Posts and Telecommunications)
You, Lirong (Jiangsu Zhongtian Software Technology Limited Company)
Hu, Bing (Key Lab of Broadband Wireless Communication and Sensor Network Technology, Nanjing University of Posts and Telecommunications)
Hong, Hanshu (Key Lab of Broadband Wireless Communication and Sensor Network Technology, Nanjing University of Posts and Telecommunications)
Sun, Zhixin (Key Lab of Broadband Wireless Communication and Sensor Network Technology, Nanjing University of Posts and Telecommunications)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.12, no.4, 2018 , pp. 1832-1853 More about this Journal
Abstract
The personal health record (PHR) system is a promising application that provides precise information and customized services for health care. To flexibly protect sensitive data, attribute-based encryption has been widely applied for PHR access control. However, escrow, exposure and abuse of private keys still hinder its practical application in the PHR system. In this paper, we propose a coordinated ciphertext policy attribute-based access control with user accountability (CCP-ABAC-UA) for the PHR system. Its coordinated mechanism not only effectively prevents the escrow and exposure of private keys but also accurately detects whether key abuse is taking place and identifies the traitor. We claim that CCP-ABAC-UA is a user-side lightweight scheme. Especially for PHR receivers, no bilinear pairing computation is needed to access health records, so the practical mobile PHR system can be realized. By introducing a novel provably secure construction, we prove that it is secure against selectively chosen plaintext attacks. The analysis indicates that CCP-ABAC-UA achieves better performance in terms of security and user-side computational efficiency for a PHR system.
Keywords
Personal health record; access control; accountability; provably secure;
Citations & Related Records
연도 인용수 순위
  • Reference
1 G. Wungpornpaiboon and S. Vasupongayya, "Two-layer Ciphertext-Policy Attribute-Based Proxy Re-Encryption for Supporting PHR Delegation," in Proc. of 19th International Computer Science and Engineering Conference, pp. 1-6, November 23-26, 2015.
2 M. Li, S. Yu, Y. Zheng, K. Ren and W. Lou, "Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption," IEEE Trans. Parallel Distrib. Syst., vol. 24, no. 1, pp. 131-143, 2013.   DOI
3 M. Chase and S. S. M. Chow, "Improving privacy and security in multi-authority attribute-based encryption," in Proc. of 16th ACM Conference on Computer and Communications Security, pp. 121-130, November 9-13, 2009.
4 G. Zhang, L. Liu and Y. Liu, "An attribute-based encryption scheme secure against malicious KGC," in Proc. of 11th IEEE Conference on Trust, Security and Privacy in Computing and Communications, pp. 1376-1380, June 25-27, 2012.
5 P. P. Chandar, D. Mutkurman and M. Rathinrai, "Hierarchical attribute based proxy re-encryption access control in cloud computing," in Proc. of International Conference in Circuits, Power and Computing Technologies, pp. 1565-1570, March 20-21, 2014.
6 F. Xhafa, J. F. Wang, X. F. Chen, J. K. Liu, J. Li and P. Krause, "An Efficient PHR Service System Supporting Fuzzy Keyword Search and Fine-Grained Access Control," Soft Computing, vol. 18, no. 9, pp. 1795-1802, 2014.   DOI
7 S. S. M. Chow, "Removing escrow from identity-based encryption," in Proc. of 12th International Conference on Practice and Theory in Public Key Cryptography, pp. 256-276, March 18-20, 2009.
8 A. Roehrs, C. A. da Costa, K. S. F. de Oliveira, "Personal Health Records: A Systematic Literature Review," Journal of Medical Internet Research, vol. 19, no. 1, pp. 100-120, 2017.   DOI
9 H. L. Qian, J. G. Li, Y. C. Zhang and J. G. Han, "Privacy Preserving Personal Health Record Using Multi-Authority Attribute-Based Encryption with Revocation," International Journal of Information Security, vol. 14, no. 6, pp. 487-497, 2015.   DOI
10 T. S. Chen, C. H. Liu, C. S. Chen, J. G. Bau and T. C. Lin, "Secure Dynamic Access Control Scheme of PHR in Cloud Computing," Journal of Medical System, vol. 26, no. 6, pp. 4005-4020, 2012.
11 L. Zhang, Q. Wu, Y. Mu and J. Zhang, "Privacy-Preserving and Secure Sharing of PHR in the Cloud," Journal of Medical Systems, vol. 40, no. 12, pp. 267, 2016.   DOI
12 F. Xhafa, J. Feng and Y. Zhang, "Privacy-Aware Attribute-Based PHR Sharing with User Accountability in Cloud Computing," Journal of Supercomputing, vol. 71, no. 5, pp. 1607-1619, 2015.   DOI
13 H. Hong, D. Chen and Z. Sun, "A Practical Application of CP-ABE for Mobile PHR System: A Study on User Accountability," SpringerPlus, vol. 5, no. 1, pp. 1320, 2016.   DOI
14 B. Qin, H. Deng, Q. H. Wu, J. Domingo-Ferrer, D. Naccache and Y. Y. Zhou, "Flexible Attribute-Based Encryption Applicable to Secure E-Healthcare Records," International Journal of Information Security, vol. 14, no. 6, pp. 499-511, 2015.   DOI
15 Y. Sreenivasa. Rao, "A secure and efficient Ciphertext-Policy Attribute-Based Signcryption for Personal Health Records sharing in cloud computing," Future Generation Computer Systems, vol. 67, pp. 133-151, 2017.   DOI
16 Y. B. Miao, J. F. Ma, X. Liu, F. S. Wei, Z. Q. Liu and X. A. Wang, "m(2)-ABKS: Attribute-Based Multi-Keyword Search over Encrypted Personal Health Records in Multi-Owner Setting," Journal of Medical Systems, vol. 40, no. 11, pp. 246, 2016.   DOI
17 N. Fernandez, D. J. Copenhaver, D. K. Vawdrey, H. Kotchoubey and M. S. Stockwell, "Smartphone Use Among Postpartum Women and Implications for Personal Health Record Utilization," Clinical Pediatrics, vol. 56, no. 4, pp. 376-381, 2017.   DOI
18 K. T. Win, "A Review of Security of electronic Health Records," The HIM Journal, vol. 34, no. 1, pp. 13-18, 2005.
19 L. Lanranjo, A. L. Neves, T. Vilanueva, J. Cruz, A. Brito de Sa and C. Sakellarides, "Patient's Access to their Medical Records," Acta Medica Portuguesa, vol. 26, no. 3, pp. 265-270, 2013.
20 C. Pearce and M. Bainbridge, "A personally Controlled Electronic Health Record for Australia," Journal of the American Medical Informatics Association, vol. 21, no. 4, pp. 707-713, 2014.   DOI
21 A. Sahai and B. Waters, "Fuzzy identity-based encryption," in Proc. of 24th International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457-473, May 22-26, 2005.
22 M. Pirretti, P. Traynor, P. McDaniel and B. Waters, "Secure attribute-based systems," in Proc. of 13th ACM Conference on Computer and Communications Security, pp. 99-112, October 30-November 03, 2006.
23 M. S. Ahmad, N. E. Musa, R. Nadarajah, R. Hassan and N. E. Othman, "Comparison between android and iOS Operating System in terms of security," in Proc. of 8th International Conference on Information Technology in Asia, pp. 1-4, July 1-4, 2013.
24 J. Benthencourt, A. Sahai and B. Waters, "Ciphertext-policy attribute-based encryption," in Proc. of 3rd International Conference on Pairing-based Cryptography, pp.321-334, May 20-23, 2007.
25 J. Lai, R. H. Deng, C. Guan and J. Weng, "Attribute-based encryption with verifiable outsourcing systems," IEEE Trans. Inf. Forens. Security, vol. 8, no. 8, pp. 1343-1354, 2013.   DOI
26 M. Green, S. Hohenberger and B. Waters, "Outsourcing the decryption of ABE ciphertexts," in Proc. of 20th USENIX Security Symposium, pp. 34, August 8-12, 2011.
27 J. Hur, "Improving security and efficiency in attribute-based data sharing," IEEE Trans. Knowledge and Data Engineering, vol. 25, no. 10, pp. 2271-2282, 2013.   DOI
28 N. Attrapadung and H. Imai, "Conjunctive broadcast and attribute-based encryption," in Proc. of 3rd Int. Conference on Paring-Based Cryptography, pp. 248-265, August 12-14, 2009.
29 B. Waters, "Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization," in Proc. of 14th Int. Conference on Practice and Theory in Public Key Cryptography, pp. 53-70, March 6-9, 2011.
30 R. Canetti, H. Krawczyk and J. B. Nielsen, "Relaxing chosen-ciphertext security," in Proc. of 23rd Annual International Cryptology Conference, pp. 565-582, August 17-21, 2003.
31 V. Goyal, O. Pandey, A. Sahai and B. Waters, "Attribute-based encryption for fine-grained access control of encrypted data," in Proc. of 13th ACM Conference on Computer and Communications Security, pp. 89-98, October 30-November 3, 2006.
32 H. Yoo and K. Chung, "PHR Based Diabetes Index Service Model Using Life Behavior Analysis," Wireless Personal Communications, vol. 93, no. 1, pp. 161-174, 2017.   DOI
33 M. Bachiri, A. Idri, J. L. Fernandez-Aleman and A. Toval, "Mobile personal health records for pregnancy monitoring functionalities: Analysis and potential," Computer Methods and Programs in Biomedicine, vol. 134, pp. 121-135, 2016.   DOI