Ciphertext-policy attribute-based encryption supporting policy-hiding and cloud auditing in smart health

Abstract

Smart Health, with its flexibility and efficiency, has been widely deployed, especially during the COVID-19 pandemic. However, privacy protection mechanisms for Smart Health are not yet well established and still present a number of security issues. Ciphertext-Policy Attribute-Based Encryption (CP-ABE), is identified as the furthest potential approach for constructing privacy-preserving Smart Health. However, traditional CP-ABE is facing some new challenges. On the one hand, access policy is not encrypted, and the identity information of the user could be exposed. On the other hand, Smart Health Records (SHRs) are outsourced to the Cloud Service Providers (CSP) and may be at risk of being tampered with. In this article, we have built a CP-ABE solution (PHCA) that supports policy-hiding and cloud auditing to ensure privacy security for smart health, in which the decryption cost is constant. To ensure data integrity, we securely introduce an effective third-party auditor. In addition, we design and implement safe and effective outsourcing decryption algorithms, which significantly low the decryption costs for users. Performance comparisons and security analysis demonstrate that our solutions function effectively.