Skip to main content
SpringerLink
Log in

Fine-grained access control of EHRs in cloud using CP-ABE with user revocation

  • Original Paper
  • Published:
Health and Technology Aims and scope Submit manuscript

Abstract

Cloud computing is a novel model for computing and storing. It enables elasticity, on-demand and low-cost usage of computing resources. Electronic health record (EHR) is an emerging patient-oriented paradigm for sharing of medical data. With the arrival of cloud computing, health care industries outsource their EHR to the cloud servers but, at the same time there is increased demand and concern for outsourced EHR’s security also. The major concerns in data outsourcing are the implementation of access policies and policies modification. To address these issues, the optimal solution is Ciphertext Policy Attribute Based Encryption (CP-ABE). CP-ABE allows the patients to describe their own access policies and implement those policies on their data before outsourcing into the cloud servers. But there are major limitations like key escrow and user revocation problems. In this paper, we proposed a modified CP-ABE scheme with user revocation to strengthen data outsourcing system in cloud architecture. The proposed system addresses the key-escrow and revocation problems. 1) The key-escrow problem is solved by using two-authority computation between the key generator authority and cloud server and 2) An immediate attribute modification method is used to achieve fine-grained user revocation. Security analysis and performance evaluation demonstrates that the proposed system is efficient to achieve security in outsourced EHRs in cloud servers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Li M et al. Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings,” Proceedings 6th international icst conference security and privacy in Comm. Networks (Secure Comm ‘10), pp. 89–106, 2010.

  2. Cao N et al LT Codes-based secure and reliable cloud storage service, Proceedings IEEE INFOCOM,pp. 693–701, 2012.

  3. India Personal Data (Protection) Act. http://cis-india.org/internet-governance/blog/the-personal-data-protection-bill-20132013.

  4. Sahai A et al Fuzzy identity-based encryption, ProceedingsInternational conference theory and applications of cryptographic techniques(Eurocrypt ‘05), pp. 457–473, 2005.

  5. Goyal V, et al Attribute-based encryption for fine-grained access control of encrypted data, Proceedings ACM Conference Computer and Comm. Security, pp. 89–98, 2006.

  6. Bethencourt J., et al. Ciphertext-policy attribute-based encryption, Proceedings IEEE symposium security and privacy, pp. 321–334, 2007.

  7. Ostrovsky R., et al. Attribute-based encryption with non-monotonic access structures, Proceedings ACM conference computer and comm. security, pp. 195–203, 2007.

  8. Cheung L., et al. Provably secure ciphertext policy ABE, Proceedings ACM conference computer and comm. security, pp. 456–465, 2007.

  9. Goyal V., et al. Bounded ciphertext policy attribute-based encryption, Proceedings international colloquium automata, languages and programming (ICALP), pp. 579–591, 2008.

  10. Liang X, et al. Provably secure and efficient bounded ciphertext policy attribute based encryption, Proceedings international symposium information, computer, and comm. security(ASIACCS), pp. 343–352, 2009.

  11. Chow SSM, Removing escrow from identity-based encryption,” Proceedings international conference practice and theory in public key cryptography (PKC ‘09), pp. 256–276, 2009.

  12. Jung T, et al. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Transactions on Information Forensics and Security. 2015;10(1).

  13. Boldyreva A, et al. Identity-based encryption with efficient revocation, Proceedings ACM conference computer and comm. security, pp. 417–426, 2008.

  14. Rafaeli S, et al. A survey of key management for secure group communication. ACM Comput Surv. 2003;35(3):309–29.

    Article  Google Scholar 

  15. Lewko A., et al. Revocation systems with very small private keys, Proceedings IEEE symposium security and privacy, 273–285, 2010.

  16. Golle P., et al. A Content-driven access control system, Proceedings symposium identity and trust onthe internet, pp. 26–35, 2008.

  17. Yu S., et al. Attribute based data sharing with attribute revocation, Proceedings ACM symposium. information, computer and comm. security (ASIACCS ‘10), 2010.

  18. Mandl KD, et al. Public standards and patients’ control: how to keep electronic medical RecordsAccessible but private. BMJ. 2001;322(7281):283–7.

    Article  Google Scholar 

  19. Attrapadung N et al. Conjunctive broadcast and attribute-based encryption, Proceedings international conference palo alto on pairing-based cryptography (Pairing), pp. 248–265, 2009.

  20. Ramu G et al. Secure architecture to manage EHRs in cloud using SSE and ABE, Springer, Health Technol, Doi: 10.1007/s12553-015-0116-0, 2015.

  21. The Pairing-Based Cryptography Library, http://crypto.stanford.edu/pbc/.

Download references

Acknowledgments

The authors are especially indebted to the Science and Engineering Research Board (SERB), Department of Science and Technology (DST), and the government of India for providing an environment for them to do the best work they can.

Funding

Early Career Award from SERB, Department of Science & Technology

Author information

Authors and Affiliations

  1. Department of Computer Science & Engineering, Institute of Aeronautical Engineering, Hyderabad, Telangana, 500043, India

    Gandikota Ramu, Appawala Jayanthi & L. V. Narasimha Prasad

  2. Department of Computer Science & Engineering, JNTUA College of Engineering, Kalikiri, Andhra Pradesh, India

    B. Eswara Reddy

Authors
  1. Gandikota Ramu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. Eswara Reddy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Appawala Jayanthi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. L. V. Narasimha Prasad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gandikota Ramu.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ramu, G., Reddy, B.E., Jayanthi, A. et al. Fine-grained access control of EHRs in cloud using CP-ABE with user revocation. Health Technol. 9, 487–496 (2019). https://doi.org/10.1007/s12553-019-00304-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12553-019-00304-9

Keywords

Search

Navigation