Abstract
With high flexibility and accessibility of data outsourcing environment such as cloud computing environment, several healthcare providers implement electronic personal health records (PHRs) to enable individual patients to manage their own health data in such resilient and scalable environment. However, PHRs contain highly sensitive information of which the security and privacy issues are the critical concern. Besides, PHRs owners should be capable to flexibly and securely define their own access policy for their outsourced data. In addition to the basic authentication feature, existing commercial cloud platforms usually provide symmetric or public key encryption as an optional feature to support data confidentiality for their tenants. However, such traditional encryption schemes are not suitable for data outsourcing environment because of high key management overhead of symmetric encryption and high maintenance cost for handling multiple copies of ciphertext for public key encryption solution. In this paper, we design and develop a secure and fine-grained access control scheme with lightweight access policy update for outsourced PHRs. Our proposed scheme is based on the ciphertext policy attribute-based encryption (CP-ABE) and proxy re-encryption (PRE). In addition, we introduce a policy versioning technique to support the full traceability of policy changes. Finally, we conducted the performance evaluation to demonstrate the efficiency of the proposed scheme.
Highlights
In an outsourced data sharing environment such as cloud storage system, the outsourced server must be available all the time to provide unlimited access to shared data and the services
Many companies and individuals prefer to store their valuable data in outsourced servers such as cloud storage due to cost saving and efficient resource management provided by cloud providers
The UpdateKeyGen algorithm is computed to update access policy. Even though this scheme is efficient for ciphertext update caused from policy update, the cost of the update key computation consisting of transforming the linear secret sharing scheme (LSSS) matrix and mapping function, and comparing an old policy and a new policy at data owner side is high if there are a high number of attributes contained in the policy
Summary
In an outsourced data sharing environment such as cloud storage system, the outsourced server must be available all the time to provide unlimited access to shared data and the services. One of them is the decoupling of abstract attributes from actual keys It reduces communication overhead and provides a fine-grained data access control. CP-ABE introduces expensive overheads including ciphertext re-encryption, key re-generation, and key re-distribution when there is attribute revocation or policy update. We figure out the way to efficiently update CP-ABE access policies without re-encryption process done at the data owner side. With our cryptographic construction and introduced PRE method, when the policy is updated, the re-encryption process is offloaded to the proxy while the data owner deals with small computation. The cost for both data owner side and proxy side is optimized based on two-step encryption.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
