Secure and efficient access of personal health record: a group-oriented ciphertext-policy attribute-based encryption

Abstract

ABSTRACTThe personal health record (PHR) service is a promising model for health data exchange. In practice, however, users’ health data need to be stored in an untrusted cloud server, which requires the design of a mechanism to achieve secure data sharing. Although the traditional attribute-based encryption (ABE) can be employed to facilitate PHR sharing with confidentiality protection, it will become powerless when confronting certain case. For instance, this happens when the health data is encrypted under (‘ophthalmologist’ AND ‘dermatologist’) AND (‘chief physician’). The ciphertext cannot be successfully decrypted in the scenario if there is no doctor who is a specialist in both dermatology and ophthalmology, Motivated by this observation, we propose a group-oriented ciphertext-policy ABE, which classifies users into different groups. Specifically, users in the same group own the same group identifier and different users can combine their attributes to complete the decryption. The decryption operation can be completed successfully when the union of their attributes satisfies the Access Control Policy (ACP) involved in the ciphertext. Additionally, we propose a concrete scheme with a constant ciphertext size, which is independent of the count of attributes in the ACP. Our security analysis shows that the proposed scheme is secure against selective chosen-plaintext attack under the decisional n-BDHE assumption.