Towards secure and flexible EHR sharing in mobile health cloud under static assumptions

Electronic health record (EHR) systems are promising in the management of individual's health. However, before widely deployed in practical applications, EHR systems have to tackle the privacy and efficiency challenges. Most of existing EHR sharing schemes suffer from severe efficiency drawbacks, resulting in inapplicability in mobile EHR system. Furthermore, the security assumptions in the previous schemes are usually based on non-static assumptions. In this paper, we propose a flexible EHR sharing scheme supporting offline encryption of EHR and outsourced decryption of EHR ciphertexts in mobile cloud computing. The proposed scheme is proven secure in the random oracle model under the static decisional bilinear Diffie-Hellman assumption. In our EHR sharing system, an EHR owner only need one multiplication in bilinear groups to generate the final EHR ciphertexts based on the offline ciphertexts computation, and an EHR user can easily decrypt the EHR cipheretext without requiring bilinear pairing operations based on the transformed ciphertexts from the EHR cloud. Our EHR sharing scheme allows access structures encoded in linear secret sharing schemes. Performance comparisons indicate that our scheme is very suitable for mobile health clouds.