A threshold traceable delegation authorization scheme for data sharing in healthcare

Abstract

In the field of smart healthcare, sharing of electronic data records (EHRs) has become popularity. As cloud computing develops, storing data in the cloud and setting access policies has become a common approach for EHRs data sharing. However, considering the collaborative nature of the diagnosis in healthcare, it is crucial to enhance flexible access control of shared EHRs data using delegation authorization. At the same time, the process of authorization must be achieved under controlled as well as traceable conditions. Attribute-based access control (ABAC) is one solution to address fine-grained access control, but the lack of management of the delegation process in existing solutions makes it difficult to apply ABAC directly in combination with delegation authorization. In this paper, we propose a threshold traceable delegation authorization (TTDA) scheme for EHRs data sharing. By using TTDA scheme, data owner who with limited resources can delegate multiple authorized users to complete authorization operation with a threshold-based manner. In TTDA scheme, we use accountability threshold signatures to help data owner traces the users who execute the authorization. We prove the security of TTDA scheme under the IND-CPA security model. Finally, we conduct sufficient realistic experiments, and the experimental outcomes prove the practicability of TTDA scheme.