Abstract
Cloud computing is a novel model for computing and storing. It enables elasticity, on-demand and low-cost usage of computing resources. Electronic health record (EHR) is an emerging patient-oriented paradigm for sharing of medical data. With the arrival of cloud computing, health care industries outsource their EHR to the cloud servers but, at the same time there is increased demand and concern for outsourced EHR’s security also. The major concerns in data outsourcing are the implementation of access policies and policies modification. To address these issues, the optimal solution is Ciphertext Policy Attribute Based Encryption (CP-ABE). CP-ABE allows the patients to describe their own access policies and implement those policies on their data before outsourcing into the cloud servers. But there are major limitations like key escrow and user revocation problems. In this paper, we proposed a modified CP-ABE scheme with user revocation to strengthen data outsourcing system in cloud architecture. The proposed system addresses the key-escrow and revocation problems. 1) The key-escrow problem is solved by using two-authority computation between the key generator authority and cloud server and 2) An immediate attribute modification method is used to achieve fine-grained user revocation. Security analysis and performance evaluation demonstrates that the proposed system is efficient to achieve security in outsourced EHRs in cloud servers.
Similar content being viewed by others
References
Li M et al. Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings,” Proceedings 6th international icst conference security and privacy in Comm. Networks (Secure Comm ‘10), pp. 89–106, 2010.
Cao N et al LT Codes-based secure and reliable cloud storage service, Proceedings IEEE INFOCOM,pp. 693–701, 2012.
India Personal Data (Protection) Act. http://cis-india.org/internet-governance/blog/the-personal-data-protection-bill-20132013.
Sahai A et al Fuzzy identity-based encryption, ProceedingsInternational conference theory and applications of cryptographic techniques(Eurocrypt ‘05), pp. 457–473, 2005.
Goyal V, et al Attribute-based encryption for fine-grained access control of encrypted data, Proceedings ACM Conference Computer and Comm. Security, pp. 89–98, 2006.
Bethencourt J., et al. Ciphertext-policy attribute-based encryption, Proceedings IEEE symposium security and privacy, pp. 321–334, 2007.
Ostrovsky R., et al. Attribute-based encryption with non-monotonic access structures, Proceedings ACM conference computer and comm. security, pp. 195–203, 2007.
Cheung L., et al. Provably secure ciphertext policy ABE, Proceedings ACM conference computer and comm. security, pp. 456–465, 2007.
Goyal V., et al. Bounded ciphertext policy attribute-based encryption, Proceedings international colloquium automata, languages and programming (ICALP), pp. 579–591, 2008.
Liang X, et al. Provably secure and efficient bounded ciphertext policy attribute based encryption, Proceedings international symposium information, computer, and comm. security(ASIACCS), pp. 343–352, 2009.
Chow SSM, Removing escrow from identity-based encryption,” Proceedings international conference practice and theory in public key cryptography (PKC ‘09), pp. 256–276, 2009.
Jung T, et al. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Transactions on Information Forensics and Security. 2015;10(1).
Boldyreva A, et al. Identity-based encryption with efficient revocation, Proceedings ACM conference computer and comm. security, pp. 417–426, 2008.
Rafaeli S, et al. A survey of key management for secure group communication. ACM Comput Surv. 2003;35(3):309–29.
Lewko A., et al. Revocation systems with very small private keys, Proceedings IEEE symposium security and privacy, 273–285, 2010.
Golle P., et al. A Content-driven access control system, Proceedings symposium identity and trust onthe internet, pp. 26–35, 2008.
Yu S., et al. Attribute based data sharing with attribute revocation, Proceedings ACM symposium. information, computer and comm. security (ASIACCS ‘10), 2010.
Mandl KD, et al. Public standards and patients’ control: how to keep electronic medical RecordsAccessible but private. BMJ. 2001;322(7281):283–7.
Attrapadung N et al. Conjunctive broadcast and attribute-based encryption, Proceedings international conference palo alto on pairing-based cryptography (Pairing), pp. 248–265, 2009.
Ramu G et al. Secure architecture to manage EHRs in cloud using SSE and ABE, Springer, Health Technol, Doi: 10.1007/s12553-015-0116-0, 2015.
The Pairing-Based Cryptography Library, http://crypto.stanford.edu/pbc/.
Acknowledgments
The authors are especially indebted to the Science and Engineering Research Board (SERB), Department of Science and Technology (DST), and the government of India for providing an environment for them to do the best work they can.
Funding
Early Career Award from SERB, Department of Science & Technology
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ramu, G., Reddy, B.E., Jayanthi, A. et al. Fine-grained access control of EHRs in cloud using CP-ABE with user revocation. Health Technol. 9, 487–496 (2019). https://doi.org/10.1007/s12553-019-00304-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12553-019-00304-9