Dynamic access policy in cloud-based personal health record (PHR) systems

Abstract

With the development of cloud computing, an increasing number of users are using cloud-based personal health record (PHR) systems. The PHR is closely tied to patient privacy, and thus existing studies suggest encrypting PHRs before outsourcing. Comparison-based encryption (CBE) was the first to implement time comparison in an attribute-based access policy by means of the forward and backward derivation functions. However, CBE cannot be directly applied to cloud-based PHR environments for the following reasons: First, the cost of encryption grows linearly with the number of attributes in the access policy. Second, policy updating incurs high communication and computation costs for the data owner. To efficiently implement a dynamic access policy for PHRs in clouds, we first propose a hierarchical comparison-based encryption (HCBE) scheme that incorporates an attribute hierarchy into CBE. The HCBE scheme encrypts a ciphertext with a small number of generalized attributes at a higher level rather than many specific attributes at a lower level, greatly improving the encryption performance. Using the HCBE scheme as a foundation, we then develop a dynamic policy updating (DPU) scheme by utilizing the proxy re-encryption (PRE) technique. The DPU scheme can avoid the transmission of ciphertexts and minimize the computation overhead on the data owner by delegating the policy updating operations to the cloud. Extensive experiments have been conducted using a synthetic data set to verify the efficiency of our proposed schemes.