In recent years, Personal Health Record (PHR) system has attracted intensive attention due to its universal accessibility and low cost. The practical deployment of PHR system in cloud computing environments raises privacy and information security issues that should be addressed positively. Recently [Future Generation Computer Systems 52 (2015)], a Ciphertext-Policy Attribute-Based Signcryption (CP-ABSC) scheme (Liu et al. 2015) is proposed with the aim to securing PHR data stored at cloud servers, and it is claimed to provide confidentiality against chosen ciphertext attacks in selective-predicate model. Unfortunately, we show in this paper that the claim is incorrect. Besides, the CP-ABSC scheme Liu et al. (2015) cannot realize the property of public ciphertext verifiability which is an essential requirement of signcryption schemes to reduce unnecessary burden on the decryptor for decrypting invalid ciphertexts. In this paper, we propose a provable secure CP-ABSC scheme for cloud-based PHR sharing system that has ability to provide fine-grained access control, confidentiality, authenticity, signcryptor privacy and public verifiability, simultaneously. Our framework exploits expressive monotone boolean functions as signing and encryption predicates, and realizes security in the standard model. On the positive note, our construction exhibits short ciphertext size and requires less number of pairing computations compared to the existing schemes in the area.
Read full abstract