Black-Box Accountable Authority CP-ABE Scheme for Cloud-Assisted E-Health System

Abstract

Ciphertext-policy attribute-based encryption (CP-ABE) for the cloud-assisted E-health system can effectively serve patients and healthcare professionals to achieve fine-grained sharing of health records. However, the problem of private key abuse could pose a security threat to patient data, while most of traceable CP-ABE schemes only can implement white-box traceability, which means that the traitor tracing problem cannot be solved thoroughly. Considering that malicious users or authority may forge the decryption device without getting caught, in this article, a black-box accountable CP-ABE is provided, which can identify the owner of the faked decryption device and the malicious activity of the authority. The authority will submit the tuple related with the user to the auditor for tracing the user’s identity. To avoid users from being framed by authority, the full decryption key should be generated by the interaction between the user and the authority. Namely, the user embeds a secret value in the key, which is used to generate an auditing ciphertext by the auditor for monitoring the malicious behavior of the authority. Furthermore, the indistinguishability under chosen-plaintext attack (IND-CPA) security of the proposed scheme is proven based on the <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$q$</tex-math></inline-formula> -type assumption, and the performance analysis indicates that the proposed scheme has more secure functionalities and no significant loss of efficiency.