Blockchain-Backed Searchable Proxy Signcryption for Cloud Personal Health Records

Abstract

Patient-centered data management and sharing of personal health records (PHRs) are difficult to be realized as data is controlled by doctors/hospitals. In addition, security and privacy, oppressive costs, search and tracing unreliability, and complicated access authorization caused by traditional encryption severely hinder the widespread adoption of PHRs. To overcome these challenges, we propose a blockchain-backed data sharing framework for PHRs, where the blockchain achieves reliable search and tracing. Furthermore, we design a hybrid <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">b</b> lock <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">c</b> hain-backed <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">s</b> earchable <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">p</b> roxy <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">s</b> ign <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">c</b> ryption scheme, named <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">BC-SPSC</b> . Specifically, an identity-based proxy signature (IBPS) is utilized to perform the authorization from patients to doctors to achieve authentic patient-centricity, therefore the blockchain can relate data with associated patients and doctors during data tracing. Moreover, BC-SPSC supports two search modes. The first mode adopts attribute-based encryption with keyword-based search (SABE), where all legitimate users can implement searches, but only users whose attributes satisfy the access structure can successfully decrypt. By contrast, the second mode utilizes attribute-based searchable encryption (ABSE) to accomplish fine-grained authorization in both search and data access/decryption, that is, who can search is also constrained by data owners. Adequate performance comparisons and simulation experiments indicate significant advantages of the BC-SPSC scheme in storage and computation overheads.