Abstract
With the development of cloud computing, more and more users employ cloud-based personal health record (PHR) systems. The PHR is correlated with patient privacy, and thus research suggested to encrypt PHRs before outsourcing. Comparison-based encryption (CBE) was the first to realize time comparison in attribute-based access policy by means of the forward/backward derivation functions. However, the cost for encryption is linearly with the number of attributes in the access policy. To efficiently realize a fine-grained access control for PHRs in clouds, we propose a hierarchical comparison-based encryption (HCBE) scheme by incorporating an attribute hierarchy into CBE. Specifically, we construct an attribute tree, where the ancestor node is the generalization of the descendant nodes. The HCBE scheme encrypts a ciphertext with a small amount of generalized attributes at a higher level, other than lots of specific attributes at a lower level, largely improving the encryption performance. Furthermore, we encode each attribute node with the positive-negative depth-first (PNDF) coding. By virtue of the backward derivation function of the CBE scheme, the users associated with the specific attributes can decrypt the ciphertext encrypted with the generalized attributes, within the specified time. The experiment results show that the HCBE scheme has better performance in terms of the encryption cost, compared with the CBE scheme.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Let \(s_{1}, s_{2}\) be two secret large primes. We have \(n=sn'=s_{1}s_{2}p'q'|lcm(p+1,q+1)\), where \(n'=p'q'|n\), \(s=s_{1}s_{2}\), \(p=2p's_{1}-1\), and \(q=2q's_{2}-1\).
- 2.
Let S and \(S'\) denote the set of attributes in \(\widehat{\mathcal {L}}\) and \(\widehat{\mathcal {L}}'\), respectively. \(\widehat{\mathcal {L}}' \preceq \widehat{\mathcal {L}}\) iff \(S' \subseteq S\), and for each attribute \(A_{k}[t_a, t_b, Pcode_k, Ncode_k] \in \widehat{\mathcal {L}}\) and \(A_{l}[t_i, t_j, Pcode_l, Ncode_l] \in \widehat{\mathcal {L}}'\), \(t_{a} \le t_{i}\), \(t_{b} \ge t_{j}\), \(Pcode_{k} \ge Pcode_{l}\), and \(Ncode_{k} \ge Ncode_{l}\).
References
Tang, P., Ash, J., Bates, D., et al.: Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption. J. Am. Med. Inf. Assoc. 13(2), 121–126 (2006)
Guo, L., Zhang, C., Sun, J., et al.: PAAS: A privacy-preserving attribute-based authentication system for ehealth networks. In: Proceedings of IEEE ICDCS, pp. 224–233 (2012)
Armbrust, M., Fox, A., Griffith, R., et al.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)
Googlehealth. https://www.google.com/health/
Healthvault. http://www.healthvault.com/
Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of ACM CCS, pp. 735–737 (2010)
Zhu, Y., Hu, H., Ahn, G., et al.: Comparison-based encryption for fine-grained access control in clouds. In: Proceedings of ACM CODASPY, pp. 105–116 (2012)
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute based encryption. In: Proceedings of IEEE S&P, pp. 321–349 (2007)
Jin, J., Ahn, G.-J., Hu, H.: Patient-centric authorization framework for sharing electronic health records. In: Proceedings of ACM SACMAT, pp. 125–134 (2009)
Benaloh, J., Chase, M., Horvitz, E., Lauter, K.: Patient controlled encryption: ensuring privacy of electronic medical records. In: Proceedings of ACM CCSW, pp. 103–114 (2009)
Li, M., Yu, S., Ren, K., Lou, W.: Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 89–106. Springer, Heidelberg (2010)
Yao, X., Lin, Y., Liu, Q., et al.: Efficient and privacy-preserving search in multi-source personal health record clouds. In: Proceedings of IEEE ISCC (2015, accepted to appear)
Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011)
Li, M., Yu, S., Cao, N., et al: Authorized private keyword search over encrypted data in cloud computing. In: Proceedings of IEEE ICDCS, pp. 383–392 (2011)
Okamoto, T., Takashima, K.: Hierarchical predicate encryption for inner-products. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 214–231. Springer, Heidelberg (2009)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of ACM CCS, pp. 89–98 (2006)
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011)
Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 568–588. Springer, Heidelberg (2011)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of IEEE INFOCOM, pp. 534–542 (2010)
Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 360–379. Springer, Heidelberg (2008)
Acknowledgments
This work was supported in part by NSFC grants 61402161, 614721 3161272546; NSF grants CNS 149860, CNS 1461932, CNS 1460971, CNS 1439672,CNS 1301774, ECCS 1231461, ECCS 1128209, and CNS 1138963.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Liu, X., Liu, Q., Peng, T., Wu, J. (2015). HCBE: Achieving Fine-Grained Access Control in Cloud-Based PHR Systems. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9530. Springer, Cham. https://doi.org/10.1007/978-3-319-27137-8_41
Download citation
DOI: https://doi.org/10.1007/978-3-319-27137-8_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27136-1
Online ISBN: 978-3-319-27137-8
eBook Packages: Computer ScienceComputer Science (R0)