Peng Li,Dehua Zhou,Haobin Ma,Junzuo Lai

DOI: https://doi.org/10.1016/j.sysarc.2023.103033

IF: 5.836

2023-11-27

Journal of Systems Architecture

Abstract:With the rapid development of the healthcare industry, many Electronic Health Records (EHRs) have emerged in different healthcare centers. However, lots of personal medical data are stored directly in plaintext at a single healthcare center, which makes it suffer from the single point of failure and brings many security and privacy issues such as privacy information leakage or tampering. The combination of blockchain and attributed-based cryptography can effectively solve the above problems. Therefore, in order to enable flexible fine-grained access control and efficient data retrieval while achieving privacy protection, we employ the ciphertext-policy attributed-based encryption (CP-ABE) and ciphertext-policy attribute-based searchable encryption (CP-ABSE) to propose a hidden policy attribute-based access control scheme. In addition, we combine consortium blockchain and smart contract to provide secure and reliable search and outsourcing decryption. Finally, through the security analysis and experimental results, we demonstrate that our scheme is secure and efficient.

computer science, software engineering, hardware & architecture

Hassan Mansur Hussien,Sharifah Md Yasin,Nur Izura Udzir,Mohd Izuan Hafez Ninggal

DOI: https://doi.org/10.3390/s21072462

2021-04-02

Abstract:Blockchain technology provides a tremendous opportunity to transform current personal health record (PHR) systems into a decentralised network infrastructure. However, such technology possesses some drawbacks, such as issues in privacy and storage capacity. Given its transparency and decentralised features, medical data are visible to everyone on the network and are inappropriate for certain medical applications. By contrast, storing vast medical data, such as patient medical history, laboratory tests, X-rays, and MRIs, significantly affect the repository storage of blockchain. This study bridges the gap between PHRs and blockchain technology by offloading the vast medical data into the InterPlanetary File System (IPFS) storage and establishing an enforced cryptographic authorisation and access control scheme for outsourced encrypted medical data. The access control scheme is constructed on the basis of the new lightweight cryptographic concept named smart contract-based attribute-based searchable encryption (SC-ABSE). This newly cryptographic primitive is developed by extending ciphertext-policy attribute-based encryption (CP-ABE) and searchable symmetric encryption (SSE) and by leveraging the technology of smart contracts to achieve the following: (1) efficient and secure fine-grained access control of outsourced encrypted data, (2) confidentiality of data by eliminating trusted private key generators, and (3) multikeyword searchable mechanism. Based on decisional bilinear Diffie-Hellman hardness assumptions (DBDH) and discrete logarithm (DL) problems, the rigorous security indistinguishability analysis indicates that SC-ABSE is secure against the chosen-keyword attack (CKA) and keyword secrecy (KS) in the standard model. In addition, user collusion attacks are prevented, and the tamper-proof resistance of data is ensured. Furthermore, security validation is verified by simulating a formal verification scenario using Automated Validation of Internet Security Protocols and Applications (AVISPA), thereby unveiling that SC-ABSE is resistant to man-in-the-middle (MIM) and replay attacks. The experimental analysis utilised real-world datasets to demonstrate the efficiency and utility of SC-ABSE in terms of computation overhead, storage cost and communication overhead. The proposed scheme is also designed and developed to evaluate throughput and latency transactions using a standard benchmark tool known as Caliper. Lastly, simulation results show that SC-ABSE has high throughput and low latency, with an ultimate increase in network life compared with traditional healthcare systems.

Yuan Shen,Wei Song,Changsheng Zhao,Zhiyong Peng

DOI: https://doi.org/10.1109/trustcom56396.2022.00037

2022-01-01

Abstract:With the development of cloud computing, patients can obtain efficient and high-quality medical services by uploading their eHealth data to the cloud for sharing among medical personnel. Because eHealth data contain lots of sensitive information, they are always encrypted before uploading to protect patients’ privacy. Ciphertext-policy attribute-based encryption (CP-ABE) is a commonly used cryptographic primitive since it achieves fine-grained and one-to-many access control on the encrypted data. However, encrypted eHealth data may become an obstacle for some healthcare scenarios, especially the emergency rescue scenes. In addition, the one-to-many access manner makes the traditional CP-ABE mechanism hard to track the identity of a traitor who sells the decryption privilege to others. In this paper, we propose an Emergency Access Control and Traceable (EmACT) attribute-based encryption scheme to address these issues. In addition, EmACT outsources the heavy bilinear computations of the decryption to the cloud, which means that EmACT is adaptable to the resource-constrained health-monitoring devices. The proposed scheme’s security is formally proven, and the experimental results demonstrate that EmACT is efficient and practicable.

WANG Meng-yu,YIN Xin-chun,NING Jian-ting

DOI: https://doi.org/10.11896/jsjkx.210800001

2022-01-01

Computer Science

Abstract:In the traditional ciphertext-policy attribute-based encryption (CP-ABE) scheme,the access policy exists together with the ciphertext.This may leak the privacy of the data owner and bring potential security risks to the data owner in medicalscena-rios Therefore,solutions supporting access policy hiding have been proposed.However,most solutions need to generate redundant ciphertexts or key components in the process of implementing the decryption test,which increases the computing overhead of data owners and the storage overhead of data users.At the same time,malicious users may be motivated by its own interest to reveal their decryption keys.In order to solve the problems above,a lightweight medical data sharing scheme with access policy hiding and key tracking is proposed.Firstly,part of the master key is stored in the Enclave in advance by using software guard extensions(SGX) technology,so that the test results can be calculated accurately and quickly,and the generation of redundant ciphertexts and key components are avoided.Then,verifiable outsourcing technology is employed to reduce user's computing overhead,ensuring the correctness and completeness of decryption result.Finally,key tracking is realized by embedding the identity identifier in the decryption key of the data user.Performance analysis shows that the proposed scheme has certain advantages in terms of function and computing.The security analysis proves that the proposed scheme is secure under the selected plaintext attack.

Yinghui Zhang,Xuanni Wei,Jin Cao,Jianting Ning,Zuobin Ying,Dong Zheng

DOI: https://doi.org/10.1016/j.jksuci.2022.08.015

2022-01-01

Abstract:With the rapid development of edge computing technologies, smart healthcare significantly improves people’s lives by collecting and analyzing health data in real time. However, security and privacy issues impede the wide deployment of smart healthcare systems (SHS). Most of existing solutions still have drawbacks with respect to computation efficiency and users’ privacy. In this paper, a blockchain-enabled attribute-based access control scheme with hidden policies is proposed for SHS. The scheme introduces multiple authorities to avoid single point failure. Especially, the mode of online-offline encryption relieves users’ online computation burden by transferring computation tasks to the idle time of users, and policy hiding protects users’ sensitive information. Furthermore, fair payments are realized based on blockchain and smart contracts to support the outsourcing of decryption between users and mobile edge computing servers. Finally, the proposed scheme is proven secure in the random oracle model, and experimental results show that it is computationally efficient and hence can be used in the edge computing environment.

Shu Wu,Aiqing Zhang,Ya Gao,Xiaojuan Xie

DOI: https://doi.org/10.1016/j.csi.2024.103833

IF: 3.721

2024-01-21

Computer Standards & Interfaces

Abstract:Personal health records (PHR) offer significant benefit for patients, such as reducing medical cost and improving the quality of medical care. Majority of the current schemes lack provisions for tracking and revoking malicious doctors. The explicit access policies are prone to leaking patient private information. What's more, owning to the uneven distribution of medical supplies, shocking computational overhead during decryption is a burden that can't be ignored for busy medical workers. This paper proposed a patient-centric medical service matching scheme that supports policy hiding, attribute matching, fine-grained access control, and user dynamic management. The scheme uses ciphertext policy-based attribute encryption (CP-ABE) to achieve fine-grained access control and supports policy hiding. It utilizes white-box tracking technology and binary tree structure to achieve malicious doctor tracking. Revocation information is ciphertext to achieve dynamic management of doctors. From the experimental results, it can be concluded that our protocol achieves both patient-centric security and performance advantages.

computer science, software engineering, hardware & architecture

Leyou Zhang,Tianshuai Zhang,Qing Wu,Yi Mu,Fatemeh Rezaeibagha

DOI: https://doi.org/10.1109/jiot.2021.3137240

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Personal health records (PHRs) are located in a patient-centered electronic health system in which users can store and share medical information. However, PHRs have recently been plagued by security issues, such as the leakage of personal health information, illegal access to patient data, and data tampering. Recent security developments, such as introducing an access control policy with attribute-based encryption (ABE) or utilizing blockchain, have only been partially successful in solving these issues. Ongoing challenges to PHR sharing include single points of failure, node cheating attacks, and fair keyword search issues. In this article, we tackle these challenges by introducing a distributed PHR-sharing scheme based on blockchain and ciphertext policy ABE (CP-ABE), which allows for fast and efficient encryption and decryption. Blockchain maintains the integrity and the tracing source of the data while also recording all operations on the data in the form of transactions. In addition, the blockchain nodes act as attribute authorities to construct the CP-ABE cryptosystem. The tracing of malicious blockchain nodes is realized by tracing cryptography algorithms. Furthermore, the fair retrieval of ciphertext is achieved by employing smart contracts. To overcome the limited storage capacity of blockchain, we adopt both the on-chain and off-chain storage modes in our new system. Security analysis indicates that our new scheme remains intact when threatened by an indistinguishable chosen plaintext attack (IND-CPA) and an indistinguishable chosen keywords attack (IND-CKA). As such, we conclude that our proposed approach is feasible and efficient.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhishuo Zhang,Wei Zhang,Hanxiang Zhuang,Yu Sun,Zhiguang Qin

DOI: https://doi.org/10.1007/978-3-030-78621-2_52

2021-01-01

Abstract:With the rapid advancements of Internet of Things (IoT) technologies, wearable devices assisted cloud-based smart health (s-health) has become the promising solution to improve the quality and convenience of healthcare. However, the privacy preserving and data security has not been perfectly addressed. In past few years, ciphertext-policy attribute-based encryption (CP-ABE) proposed as a flexible and powerful cryptographic primitive to realize one-to-many encryption and fine-grained access control has been regarded as a promising solution to the security problem in cloud. But in traditional CP-ABE, the attribute values in access policy are presented in cleartext. This will easily divulge the privacy of the data owners (patients). So in this paper, we propose a efficient partially policy-hidden CP-ABE scheme (PPH-CP-ABE), which can effectively hide the attribute values in ciphertext to protect the sensitive information in access policy. Our access policy in our PPH-CP-ABE scheme can supports both AND and OR gates which is based on the Linear Secret Sharing Scheme (LSSS). And our PPH-CP-ABE scheme is more efficient and lightweight than the other CP-ABE schemes with hidden policies. Furthermore, we give a rigorous security proof and analysis to state that our scheme is selectively indistinguishable secure under chosen plaintext attacks (selectively IND-CPA secure) and resistant to the off-line dictionary attacks. Through comparison with the state-of-art schemes from the perspective of functionality and efficiency, it is easily to observe that our scheme is more practical, secure and efficient in the real s-health scenarios.

Jianfei Sun,Hu Xiong,Ximeng Liu,Yinghui Zhang,Xuyun Nie,Robert H. Deng

DOI: https://doi.org/10.1109/JIOT.2020.2974257

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:With the booming of Internet of Things (IoT), smart health (s-health) is becoming an emerging and attractive paradigm. It can provide an accurate prediction of various diseases and improve the quality of healthcare. Nevertheless, data security and user privacy concerns still remain issues to be addressed. As a high potential and prospective solution to secure IoT-oriented s-health applications, ciphertext policy attribute-based encryption (CP-ABE) schemes raise challenges, such as heavy overhead and attribute privacy of the end users. To resolve these drawbacks, an optimized vector transformation approach is first proposed to efficiently transform the access policy and user attribute set into respective vectors of shorter length while other approaches result in redundant and longer vectors. Our transformation approach can greatly relieve the costly overheard of key generation, encryption, and decryption phases. Then, based on the transformation approach and the offline/online computation technology, we propose a lightweight policy-hiding CP-ABE scheme for the IoT-oriented s-health application. With our proposed scheme, data users in the s-health system can perform lightweight encryption and decryption without leaking any sensitive privacy about the attributes of the user. Finally, the formal security analysis, the theoretic performance evaluation and experiment results indicate that the solution is secure and efficient.

Ye Lu,Tao Feng,Chunyan Liu,Wenbo Zhang

DOI: https://doi.org/10.32604/cmc.2023.046106

2024-01-01

Abstract:The Access control scheme is an effective method to protect user data privacy. The access control scheme based on blockchain and ciphertext policy attribute encryption (CP–ABE) can solve the problems of single—point of failure and lack of trust in the centralized system. However, it also brings new problems to the health information in the cloud storage environment, such as attribute leakage, low consensus efficiency, complex permission updates, and so on. This paper proposes an access control scheme with fine-grained attribute revocation, keyword search, and traceability of the attribute private key distribution process. Blockchain technology tracks the authorization of attribute private keys. The credit scoring method improves the Raft protocol in consensus efficiency. Besides, the interplanetary file system (IPFS) addresses the capacity deficit of blockchain. Under the premise of hiding policy, the research proposes a fine-grained access control method based on users, user attributes, and file structure. It optimizes the data-sharing mode. At the same time, Proxy Re-Encryption (PRE) technology is used to update the access rights. The proposed scheme proved to be secure. Comparative analysis and experimental results show that the proposed scheme has higher efficiency and more functions. It can meet the needs of medical institutions.

computer science, information systems,materials science, multidisciplinary

Jingwei Liu,Yue Fan,Rong Sun,Lei Liu,Celimuge Wu,Shahid Mumtaz

DOI: https://doi.org/10.1109/jiot.2023.3287636

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Due to the massive applications of Internet of Things (IoT) and the prevalence of wearable devices, e-healthcare systems are widely deployed in medical institutions. As a significant carrier of medical data, electronic medical record (EMR) is convenient to be stored and retrieved, which greatly simplifies the experience of medical treatment and cuts down the trivial work of paramedics. However, EMRs usually include much sensitive information such as patients’ identification numbers or home addresses that may be easily captured by unauthorized doctors and cloud servers. Based on this concern, e-healthcare systems can make use of attribute-based encryption (ABE) to protect private information while achieving fine-grained access control of encrypted EMRs. Whereas, most ABE schemes do not support both policy hiding and keyword search. To address the above issues, we propose an inner product searchable encryption scheme with multi-keyword search (MK-IPSE) based on blockchain to provide full privacy preservation and efficient ciphertext retrieval for EMRs. Inner product encryption (IPE) can not only specify access permissions such that only users with matched attributes can get the target files, but also support access policy hiding. Besides, the proposed scheme combines searchable encryption (SE) and federated blockchain (FB) to implement efficient and stable multi-keyword search. Compared with the existing schemes, MK-IPSE shows better performance on computation and storage. Additionally, security analysis demonstrates that our scheme can resist IND-CKA and collusion attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hongjian Yin,Yiming Zhao,Lei Zhang,Baojun Qiao,Wenbo Chen,Huaqing Wang

DOI: https://doi.org/10.1016/j.sysarc.2024.103081

IF: 5.836

2024-03-01

Journal of Systems Architecture

Abstract:In this paper, we address the secure sharing of sensitive healthcare data in blockchain-based healthcare. As a form of sensitive information, healthcare data is often encrypted before being uploaded to cloud servers. Extensive research has been conducted on Attribute-Based Searchable Encryption (ABSE) to achieve fine-grained searchability of encrypted sensitive healthcare data. However, the existing ABSE schemes rely on a single authoritative center for managing the master key, resulting in a single point of failure. Additionally, there has been limited research focusing on the privacy concerns of user identity during the key generation process. To tackle these challenges, we propose a novel decentralized ciphertext-policy attribute-based encryption (DCP-ABSE) scheme. In this scheme, the master key is jointly managed by all attribute nodes on the blockchain. This ensures the smooth operation of the system even if some nodes are compromised. In addition, the user’s private key fragments are generated through interactions with all attribute nodes, in this process, the user’s identity information is not disclosed to attribute nodes. In addition, we prove that the proposed scheme is secure against chosen keyword attacks and chosen plaintext attacks under the Decisional Bilinear Diffie–Hellman assumption. The performance evaluation shows that the proposed scheme has high efficiency.

computer science, software engineering, hardware & architecture

Xiyu Liang,Yali Liu,Jianting Ning

DOI: https://doi.org/10.1109/JBHI.2024.3391218

Abstract:IoT and 5G-enabled smart healthcare allows medical practitioners to diagnose patients from any location via electronic health records (EHRs) by wireless body area network (WBAN) devices. Privacy, including the medical practitioner's identity and the patient's EHR, can easily be leaked from hospitals or cloud servers, and secret keys used to access EHRs must be revoked after diagnosis. In response to the challenges associated with user authentication and secret key revocation, this paper proposes an access control scheme with privacy-preserving authentication and flexible revocation for smart healthcare using attribute-based encryption (ABE), named PAFR-ABE, which provides access control to prevent malicious users from decrypting EHRs. Meanwhile, PAFR-ABE ensures privacy-preserving authentication for users during secret key generation, which safeguards users' identities and prevents unauthorized requests for secret keys. In addition, PAFR-ABE achieves flexible revocation and recovery of secret keys, which eliminates the need to update secret keys for unrevoked users. Security analysis indicates that PAFR-ABE meets the security requirements of an access control scheme for smart healthcare, especially in terms of forward security and backward security. Performance analysis shows that PAFR-ABE is efficient in the key generation and revocation algorithms compared with typical access control schemes.

Hao Guo,Wanxin Li,Mark Nejad,Chien-Chung Shen

DOI: https://doi.org/10.1109/TNSM.2022.3186006

2023-05-31

Abstract:This paper presents a hybrid blockchain-edge architecture for managing Electronic Health Records (EHRs) with attribute-based cryptographic mechanisms. The architecture introduces a novel attribute-based signature aggregation (ABSA) scheme and multi-authority attribute-based encryption (MA-ABE) integrated with Paillier homomorphic encryption (HE) to protect patients' anonymity and safeguard their EHRs. All the EHR activities and access control events are recorded permanently as blockchain transactions. We develop the ABSA module on Hyperledger Ursa cryptography library, MA-ABE module on OpenABE toolset, and blockchain network on Hyperledger Fabric. We measure the execution time of ABSA's signing and verification functions, MA-ABE with different access policies and homomorphic encryption schemes, and compare the results with other existing blockchain-based EHR systems. We validate the access activities and authentication events recorded in blockchain transactions and evaluate the transaction throughput and latency using Hyperledger Caliper. The results show that the performance meets real-world scenarios' requirements while safeguarding EHR and is robust against unauthorized retrievals.

Cryptography and Security

Xinyin Xiang,Xingwen Zhao

DOI: https://doi.org/10.1016/j.sysarc.2022.102417

IF: 5.836

2022-03-01

Journal of Systems Architecture

Abstract:The Internet of Things (IoT) is becoming increasingly popular for transmitting massive data in a network. With a limited supply of IoT devices, utilizing cloud storage is considered to be an optimal way of processing data. Although cloud computing provides an efficient means of data storage and secure sharing in resource-limited devices, it is still a challenge to enable end users to publish search queries and implement fine-grained access control over a ciphertext at the same time. Blockchain-assisted searchable attribute-based encryption (SABE) can achieve data confidentiality and fine-grained access control. In our work, we present blockchain-assisted SABE for e-health systems. Our framework not only combines the advantages of attribute-based encryption (ABE) and blockchain technology but also supports hidden policies. A rigorous security proof shows that our scheme can achieve the known security under a chosen keyword attack. An experiment indicates that the proposal is suitable for e-health systems.

computer science, software engineering, hardware & architecture

Chen Yan,Fuyuan Hu,Jing Chen,Weizhong Lu,Hongjie Wu,Luping Wang

DOI: https://doi.org/10.1109/ICDMW60847.2023.00096

2023-12-04

Abstract:In the field of smart healthcare, data security and privacy protection are of paramount importance. However, within this context, we are confronted with a crucial question: how can we enable multiple users to simultaneously access online data while safeguarding their privacy? To address this issue, this paper introduces a blockchain-based attribute-based searchable encryption scheme, along with the HBC (Healthcare Blockchain Cipher) encryption algorithm. This scheme enables multiple users to simultaneously access online data while safeguarding their privacy through encrypted search functionality. Furthermore, we integrates tamper-resistant blockchain technology into the system, to address the potential threats to data integrity and correctness when storing data on semi-trusted cloud servers. Additionally, we consider use attribute encryption for access control, to prevent malicious attackers from obtaining sensitive information through access patterns. The scheme also supports attribute revocation to prevent unauthorized access by former system users. Lastly, we provide detailed security and efficiency analysis, the results show that our scheme are security and efficiency.

Medicine,Computer Science

Wei Zhang,Yi Wu,Hu Xiong,Zhiguang Qin

DOI: https://doi.org/10.3837/tiis.2021.01.017

2021-01-01

KSII Transactions on Internet and Information Systems

Abstract:In the system of ciphertext policy attribute-based encryption (CP-ABE), only when the attributes of data user meets the access structure established by the encrypter, the data user can perform decryption operation. So CP-ABE has been widely used in personal health record system (PHR). However, the problem of key abuse consists in the CP-ABE system. The semi-trusted authority or the authorized user to access the system may disclose the key because of personal interests, resulting in illegal users accessing the system. Consequently, aiming at two kinds of existing key abuse problems: (1) semi-trusted authority redistributes keys to unauthorized users, (2) authorized users disclose keys to unauthorized users, we put forward a CP-ABE scheme that has authority accountability, user traceability and supports arbitrary monotonous access structures. Specifically, we employ an auditor to make a fair ruling on the malicious behavior of users. Besides, to solve the problem of user leaving from the system, we use an indirect revocation method based on trust tree to implement user revocation. Compared with other existing schemes, we found that our solution achieved user revocation at an acceptable time cost. In addition, our scheme is proved to be fully secure in the standard model.

Ali Shahzad,Wenyu Chen,Momina Shaheen,Yin Zhang,Faizan Ahmad

DOI: https://doi.org/10.1371/journal.pone.0307039

IF: 3.7

2024-09-23

PLoS ONE

Abstract:In modern healthcare, providers increasingly use cloud services to store and share electronic medical records. However, traditional cloud hosting, which depends on intermediaries, poses risks to privacy and security, including inadequate control over access, data auditing, and tracking data origins. Additionally, current schemes face significant limitations such as scalability concerns, high computational overhead, practical implementation challenges, and issues with interoperability and data standardization. Unauthorized data access by cloud providers further exacerbates these concerns. Blockchain technology, known for its secure and decentralized nature, offers a solution by enabling secure data auditing in sharing systems. This research integrates blockchain into healthcare for efficient record management. We proposed a blockchain-based method for secure EHR management and integrated Ciphertext-Policy Attribute-Based Encryption (CP-ABE) for fine-grained access control. The proposed algorithm combines blockchain and smart contracts with a cloud-based healthcare Service Management System (SMS) to ensure secure and accessible EHRs. Smart contracts automate key management, encryption, and decryption processes, enhancing data security and integrity. The blockchain ledger authenticates data transactions, while the cloud provides scalability. The SMS manages access requests, enhancing resource allocation and response times. A dual authentication system confirms patient keys before granting data access, with failed attempts leading to access revocation and incident logging. Our analyses show that this algorithm significantly improves the security and efficiency of health data exchanges. By combining blockchain's decentralized structure with the cloud's scalability, this approach significantly improves EHR security protocols in modern healthcare setting.

Haobin Ma,Dehua Zhou,Peng Li,Xiaoming Wang

DOI: https://doi.org/10.3390/s23094384

IF: 3.9

2023-04-28

Sensors

Abstract:As medical data become increasingly important in healthcare, it is crucial to have proper access control mechanisms, ensuring that sensitive data are only accessible to authorized users while maintaining privacy and security. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is an attractive access control solution that can offer effective, fine-grained and secure medical data sharing, but it has two major drawbacks: Firstly, decryption is computationally expensive for resource-limited data users, especially when the access policy has many attributes, limiting its use in large-scale data-sharing scenarios. Secondly, existing schemes are based on data users’ attributes, which can potentially reveal sensitive information about the users, especially in healthcare data sharing, where strong privacy and security are essential. To address these issues, we designed an improved CP-ABE scheme that provides efficient and verifiable outsourced access control with fully hidden policy named EVOAC-HP. In this paper, we utilize the attribute bloom filter to achieve policy hiding without revealing user privacy. For the purpose of alleviating the decryption burden for data users, we also adopt the technique of outsourced decryption to outsource the heavy computation overhead to the cloud service provider (CSP) with strong computing and storage capabilities, while the transformed ciphertext results can be verified by the data user. Finally, with rigorous security and reliable performance analysis, we demonstrate that EVOAC-HP is both practical and effective with robust privacy protection.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xiaohui Yang,Wenjie Li,Kai Fan

DOI: https://doi.org/10.1007/s12083-022-01387-4

2022-09-25

Abstract:With the development of digital healthcare, sharing electronic medical record data has become an indispensable part of improving medical conditions. Aiming at the centralized power caused by the single attribute authority in current CP-ABE schemes and the problem that cloud servers are curious and even malicious, we design a revocable CP-ABE EHR sharing scheme with multiple authorities (MA-RABE) in blockchain. In this solution, a group of authorities complete user attribute distribution, key generation and user management through secret sharing and transactions. Besides, we innovatively implemented a distributed one-way anonymous key agreement so that other participants cannot obtain useful information from the fully hidden policy embedded in the ciphertext. Taking into account the computational overhead of a large number of bilinear operations in the decryption process, the solution also supports the cloud server to pre-decrypt the ciphertext, and the data user only needs to perform exponentiation operation once to obtain the plaintext from the pre-decryption result. Theoretical analysis and performance evaluation show that the scheme has reliable security and lower user revocation and ciphertext update overhead.

computer science, information systems,telecommunications