Abstract
In recent years, the Internet of Things (IoT), cloud computing, and wireless body area networks (WBANs) have converged and become popular due to their potential to improve quality of life. This convergence has greatly promoted the industrialization of e-healthcare. With the flourishing of the e-healthcare industry, full electronic health records (EHRs) are expected to promote preventative health services as well as global health. However, the outsourcing of EHRs to third-party servers, like the cloud, involves many challenges, including securing health information and preserving privacy. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising scheme for storing and sharing information in third-party servers. This scheme enables patients and doctors to encrypt or decrypt their information using access policies defined by attributes. In this scheme, the access policy is tied with the ciphertext in the form of plaintext, which may risk leaking personal patient information. Earlier protocols only partially hide the attribute values in the access policies but leave the attribute names unprotected. To address these security issues, we propose a secure cloud framework using modified CP-ABE and an attribute Bloom filter (ABF). In modified CP-ABE, we can hide the entire attribute, including values, in the access policies. The ABFs assist in data decryption by evaluating the presence of an attribute in the access policy and pointing to its position. Security analysis and performance evaluation demonstrate the efficiency and effectiveness of the proposed framework. Finally, the proposed framework is explored to verify its feasibility.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Beimel, A. (1996). Secure schemes for secret sharing and key distribution. Ph.D. dissertation, Israel Inst. Technol. Technion, Haifa, Israel.
Boneh, D., & Waters, B. (2007). Conjunctive, subset, and range queries on encrypted data. In Theory of Cryptography. Heidelberg, Germany: Springer, pp. 535–554.
Frikken, K., Atallah, M., & Li, J. (2006). Attribute-based access control with hidden policies and hidden credentials. IEEE Transactions on Computers, 55(10), 1259–1270.
Helmer, A., Lipprandt, M., Frenken, T., et al. (2011). Empowering patients through personal health records: a survey of existing third-party webbased PHR products. Electronic Journal of Health Informatics, 6(3), e26.
Hur, J. (2013). Attribute-based secure data sharing with hidden policies in smart grid. IEEE Transactions on Parallel and Distributed Systems, 24(11), 2171–2180.
Jara, A.J., Zamora, M.A., Skarmeta, A.F.G. (2010). An architecture based on internet of things to support mobility and security in medical environments. Proceedings of 7th IEEE Consumer Communications and Networking Conference. pp: 1–5.
Jiang, R., Wu, X., & Bhargava, B. (2016). SDSS-MAC: Secure data sharing scheme in multi-authority cloud storage systems. Computers & Security, 62, 193–212. https://doi.org/10.1016/j.cose.2016.07.007.
Katz, J., Sahai, A., & Waters, B. (2008). Predicate encryption supporting disjunctions, polynomial equations, and inner products. In Advances in cryptology–EUROCRYPT 2008. Heidelberg, Germany: Springer, pp. 146–162.
Lai, J., Deng, R. H., & Li, Y. (2011). Fully secure cipertext-policy hiding CPABE. In Information security practice and experience. Heidelberg, Germany: Springer, pp. 24–39.
Lai, J., Deng, R. H., & Li, Y. (2012) Expressive CP-ABE with partially hidden access structures. In Proc. ASIACCS, Seoul, South Korea, pp. 18–19.
Lei, L., Zhong, Z., Zheng, K., Chen, J., & Meng, H. (2013). Challenges on wireless heterogeneous networks for mobile cloud computing. IEEE Wireless Communications, 20(3), 34–44.
Leng, C., Yu, H., Wang, J., & Huang, J. (2013). Securing personal health records in the cloud by enforcing sticky policies. Telkomnika Indonesian J Elect Eng, 11(4), 2200–2208.
Li, J., Ren, K., Zhu, Z., & Wan, Z. (2009). Privacy-aware attribute-based encryption with user accountability. In Proc. Inf. Security, Pisa, Italy, pp. 347–362.
Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems, 24(1), 131–143.
Li, H., Liu, D., Alharbi, K., Zhang, S., & Lin, X. (2015a). Enabling fine-grained access control with efficient attribute revocation and policy updating in smart grid. KSII Transactions on Internet and Information Systems, 9(4), 1404–1423.
Li, H., Liu, D., Dai, Y., & Luan, T. H. (2015b). Engineering searchable encryption of mobile cloud networks: when QoE meets QoP. IEEE Wireless Communications, 22(4), 74–80.
Li, Q., et al. (2016a). Secure, efficient and revocable multi-authority access control system in cloud storage. Computers & Security, 59, 45–59. https://doi.org/10.1016/j.cose.2016.02.002.
Li, H., et al. (2016b). Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data. IEEE Transactions on Dependable and Secure Computing, 13(3), 312–325. https://doi.org/10.1109/TDSC.2015.2406704.
Lin, H., Cao, Z., Liang, X., & Shao, J. (2008). Secure threshold multi authority attribute based encryption without a central authority. In Proc. INDOCRYPT, Kharagpur, India, pp. 426–436.
Lin, H., Shao, J., Zhang, C., & Fang, Y. (2013). CAM: cloud-assisted privacy preserving mobile health monitoring. IEEE Transactions on Information Forensics and Security, 8(6), 985–997.
Liu, H., Ning, H., Xiong, Q., & Yang, L. T. (2015). Shared authority based privacypreserving authentication protocol in cloud computing. IEEE Transactions on Parallel and Distributed Systems, 26(1), 241–251.
Lu, R., Zhu, H., Liu, X., Liu, J. K., & Shao, J. (2014). Toward efficient and privacy-preserving computing in big data era. IEEE Network, 28(4), 46–50.
Mell, P. & Grance, T. (2011). The NIST definition of cloud computing. Recommendations Nat. Inst. Standards Technol., NIST,Washington, DC, USA, Tech. Rep. 800–145.
Nishide, T., Yoneyama, K., & Ohta, K. (2008). Attribute-based encryption with partially hidden encryptor-specified access structures. In Applied Cryptography and Network Security. Heidelberg, Germany: Springer, pp. 111–129.
Park, E., & Nam, H. S. (2009). A service-oriented medical framework for fast and adaptive information delivery in mobile environment. IEEE Transactions on Information Technology in Biomedicine, 13(6), 1049–1056.
Ramu, G. & Eswara Reddy, B. (2015). Secure architecture to manage EHR’s in cloud using SSE and ABE. Springer, Health Technol. https://doi.org/10.1007/s12553-015-0116-0.
Sawand, Djahel, S., Zhang, Z., & Naїt-Abdesselam, F. (2015). Toward energyefficient and trustworthy ehealth monitoring system. China Commun, 12(1), 46–65.
Shin, M. S., Jeon, H. S., Ju, Y. W., Lee, B. J., & Jeong, S. P. (2015). Constructing RBAC based security model in u-healthcare service platform. The Scientific World Journal, 2015, Art. no. 937914. https://doi.org/10.1155/2015/937914.
Su, Z., Xu, Q., & Qi, Q. (2016). Big data in mobile social networks: A QoE-oriented framework. IEEE Network, 30(1), 52–57.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1–11.
Vossberg, M., Tolxdorff, T., & Krefting, D. (2008). DICOM image communication in globus-based medical grids. IEEE Transactions on Information Technology in Biomedicine, 12(2), 145–153.
Wang, Zhang, B., Ren, K., Roveda, J. M., Chen, C. W., & Xu, Z. (2014). A privacy-aware cloud-assisted healthcare monitoring system via compressive sensing. In Proc. 33rd IEEE INFOCOM Conf., pp. 2130–2138.
Waters, B. (2011). Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Proc. PKC, Taormina, Italy, pp. 53–70.
Weber, R. H. (2010). Internet of things – New security and privacy challenges. Computer Law & Security Review, 26(1), 23–30.
Yang, K., & Jia, X. (2014). Expressive, efficient, and revocable data accesscontrol for multi-authority cloud storage. IEEE Transactions on Parallel and Distributed Systems, 25(7), 1735–1744.
Yang, K., Jia, X., & Ren, K. (Dec. 2015). Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Transactions on Parallel and Distributed Systems, 26(12), 3461–3470.
Yang, K., Liu, Z., Jia, X., & Shen, X. S. (2016). Time-domain attribute-based access control for cloud-based video content sharing: a cryptographic approach. IEEE Transactions on Multimedia, 18(5), 940–950.
Yu, S., Ren, K., & Lou, W. (2008). Attribute-based content distribution with hidden policy. In Proc. Secure Netw. Protocols (NPSec), Orlando, FL, USA, pp. 39–44.
Zheng, K., Yang, Z., Zhang, K., Chatzimisios, P., Yang, K., & Xiang, W. (2016). Big data-driven optimization for mobile networks toward 5G. IEEE Network, 30(1), 44–51.
Acknowledgements
The authors are especially indebted to the Science and Engineering Research Board (SERB), Department of Science and Technology (DST), and Government of India for providing an environment where the authors could do the best work possible.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ramu, G. A secure cloud framework to share EHRs using modified CP-ABE and the attribute bloom filter. Educ Inf Technol 23, 2213–2233 (2018). https://doi.org/10.1007/s10639-018-9713-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10639-018-9713-7