Secure Updatable Storage Access Control System for EHRs in the Cloud

被引:5
作者
Wang, Jingwei [1 ,2 ]
Yin, Xinchun [3 ,4 ]
Ning, Jianting [1 ]
Xu, Shengmin [1 ]
Xu, Guowen [5 ]
Huang, Xinyi [6 ]
机构
[1] Fujian Normal Univ, Fuzhou 350007, Peoples R China
[2] Yangzhou Univ, Sch Informat Engn, Yangzhou 225127, Peoples R China
[3] Yangzhou Univ, Guangling Coll, Yangzhou 225128, Peoples R China
[4] Guangdong Prov Key Lab Informat Secur Technol, Guangzhou 510275, Peoples R China
[5] Univ Elect Sci & Technol China, Sch Comp Sci & Engn, Chengdu 611731, Peoples R China
[6] Hong Kong Univ Sci & Technol, Thrust Artificial Intelligence, Informat Hub, Guangzhou 999077, Peoples R China
基金
中国国家自然科学基金;
关键词
Index Terms-Electronic health record; dynamic access control; outsourced decryption; updatable storage; attribute-based encryption; conjunctive normal form; ENCRYPTION; FRAMEWORK; EFFICIENT; SENSOR;
D O I
10.1109/TSC.2022.3232230
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
With an increasing number of IoT devices being deployed in healthcare, massive amounts of electronic health records (EHRs) are generated and shared in the cloud. To preserve data privacy, one promising data-sharing tool named attribute-based encryption (ABE) has been widely employed. However, it is a challenge to achieve flexible data sharing without loss of confidentiality when authorized users are dynamic. Another challenge is how to guarantee fleet data access time when resource-limited devices are used. In this article, a dynamic access policy ABE (DAP-ABE) system for EHRs in the cloud is proposed. The cloud server can update the access policy without sensitive information, while decryption keys of authorized users do not need to be updated. Authorized users enjoy approximately 0.07 ms data access by outsourcing the majority of the decryption overhead to the cloud server. Furthermore, a verification procedure is embedded in DAP-ABE to check the identities of patients in the data sharing stage, which ensures that no malicious user can upload invalid EHRs. Extensive experiments demonstrate the feasibility and efficiency of the DAP-ABE system.
引用
收藏
页码:2939 / 2953
页数:15
相关论文
共 45 条
[1]   FAME: Fast Attribute-based Message Encryption [J].
Agrawal, Shashank ;
Chase, Melissa .
CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2017, :665-682
[2]   Charm: a framework for rapidly prototyping cryptosystems [J].
Akinyele, Joseph A. ;
Garman, Christina ;
Miers, Ian ;
Pagano, Matthew W. ;
Rushanan, Michael ;
Green, Matthew ;
Rubin, Aviel D. .
JOURNAL OF CRYPTOGRAPHIC ENGINEERING, 2013, 3 (02) :111-128
[3]   Efficient Homomorphic Encryption with Key Rotation and Security Update [J].
Aono, Yoshinori ;
Hayashi, Takuya ;
Le Trieu Phong ;
Wang, Lihua .
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2018, E101A (01) :39-50
[4]  
Ateniese G., 2006, ACM Transactions on Information and Systems Security, V9, P1, DOI 10.1145/1127345.1127346
[5]   Chaotic Searchable Encryption for Mobile Cloud Storage [J].
Awad, Abir ;
Matthews, Adrian ;
Qiao, Yuansong ;
Lee, Brian .
IEEE TRANSACTIONS ON CLOUD COMPUTING, 2018, 6 (02) :440-452
[6]   Ciphertext-policy attribute-based encryption [J].
Bethencourt, John ;
Sahai, Amit ;
Waters, Brent .
2007 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2007, :321-+
[7]   Audit-Free Cloud Storage via Deniable Attribute-Based Encryption [J].
Chi, Po-Wen ;
Lei, Chin-Laung .
IEEE TRANSACTIONS ON CLOUD COMPUTING, 2018, 6 (02) :414-427
[8]   An Attribute-Based Framework for Secure Communications in Vehicular Ad Hoc Networks [J].
Cui, Hui ;
Deng, Robert H. ;
Wang, Guilin .
IEEE-ACM TRANSACTIONS ON NETWORKING, 2019, 27 (02) :721-733
[9]   Implementation and Evaluation of a Lattice-Based Key-Policy ABE Scheme [J].
Dai, Wei ;
Doroz, Yarkin ;
Polyakov, Yuriy ;
Rohloff, Kurt ;
Sajjadpour, Hadi ;
Savas, Erkay ;
Sunar, Berk .
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2018, 13 (05) :1169-1184
[10]   Policy-Based Broadcast Access Authorization for Flexible Data Sharing in Clouds [J].
Deng, Hua ;
Zhang, Jixin ;
Qin, Zheng ;
Wu, Qianhong ;
Yin, Hui ;
Castiglione, Aniello .
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2022, 19 (05) :3024-3037