Abstract
The smart health medical system is expected to enhance the quality of health care services significantly. These system keeps patients related record and provides the services over the insecure public channel which may cause data security and privacy concerns in a smart health system. On the other hand, ciphertext attribute-based encryption(CP-ABE) provides possible encrypted data security. There are some security flaws in CP-ABE, where the existing access policies are in the cleartext form for accessing encrypted sensitive data. On the other hand, it supports the small attribute universe, which restricts the practical deployments of CP-ABE. Moreover, outsider adversary observed the communication, which also creates a serious threat to CP-ABE model. To overcome security and privacy risk, efficient access control have been designed and devolved for medical services. Although we also demonstrate the security analysis of Zhang et al.’s scheme, which is vulnerable to inefficient security proof and man in the middle attack. In the proposed scheme, we proposed an efficient and security preserve scheme to overcome the weaknesses of Zhang’s et al.’s system. The protocol satisfies the attribute values of the medical user with hidden access policies. It has been proved under the standard model, which ensure the security of the protocol. Moreover, performance analysis comparison shows that the proposed scheme is more efficient than the existing one.
Similar content being viewed by others
References
Amin R., Islam S.H., Biswas G., Khan M.K., Obaidat M.S.: Design and analysis of an enhanced patient-server mutual authentication protocol for telecare medical information system. Journal of medical systems 39 (11): 137, 2015
Bellare M., Pointcheval D., Rogaway P.: Authenticated key exchange secure against dictionary attacks.. In: International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2000, pp 139–155
Bethencourt J., Sahai A., Waters B.: Ciphertext-policy attribute-based encryption.. In: IEEE Symposium on Security and Privacy-SP’07. IEEE, 2007, pp 321–334
Cui H., Deng R.H., Lai J., Yi X., Nepal S.: An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures, revisited. Computer Networks 133: 157–165, 2018
Dolev D., Yao A.C.: On the security of public key protocols. IEEE Trans. Inform. Theory 29 (2): 198–208, 1983
Gope P., Amin R.: A novel reference security model with the situation based access policy for accessing ephr data. J. Med. Syst. 40 (11): 242, 2016
Goyal V., Pandey O., Sahai A., Waters B.: Attribute-based encryption for fine-grained access control of encrypted data.. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. ACM, 2006, pp 89–98
He D., Hu H.: Cryptanalysis of a dynamic id-based remote user authentication scheme with access control for multi-server environments. IEICE Trans. Inform. Syst. 96 (1): 138–140, 2013
Jakobsson M., Pointcheval D.: Mutual authentication for low-power mobile devices.. In: International Conference on Financial Cryptography. Springer, 2001, pp 178–195
Jia X., He D., Kumar N., Choo K.K.R.: Authenticated key agreement scheme for fog-driven iot healthcare system. Wireless Networks 25 (8): 4737–4750, 2019
Lai J., Deng R.H., Li Y. (2012) Expressive cp-abe with partially hidden access structures
Li J., Ren K., Kim K.: A2be: Accountable attribute-based encryption for abuse free access control. IACR Cryptology ePrint Archive 2009: 118, 2009
Mukhopadhyay S.C.: Wearable sensors for human activity monitoring: a review. IEEE Sensors Journal 15 (3): 1321–1330, 2014
Shao M.H., Chin Y.C.: A privacy-preserving dynamic id-based remote user authentication scheme with access control for multi-server environment. IEICE Trans. Inform. Syst. 95 (1): 161–168, 2012
Tran P.V.X., Yang G., Susilo W. (2016) Hidden ciphertext policy attribute-based encryption under standard assumptions
Wang H., He D., Shen J., Zheng Z., Yang X., Au M.H.: Fuzzy matching and direct revocation: a new cp-abe scheme from multilinear maps. Soft Comput. 22 (7): 2267–2274, 2018
Xu B., Da Xu L., Cai H., Xie C., Hu J., Bu F.: Ubiquitous data accessing method in iot-based information system for emergency medical services. IEEE Trans. Ind. Inform. 10 (2): 1578–1586, 2014
Yan H., Xu L.D., Bi Z., Pang Z., Zhang J., Chen Y.: An emerging technology–wearable wireless sensor networks with applications in human health condition monitoring. Journal of Management Analytics 2 (2): 121–137, 2015
Yang K., Han Q., Li H., Zheng K., Su Z., Shen X.: An efficient and fine-grained big data access control scheme with privacy-preserving policy. IEEE Internet of Things Journal 4 (2): 563–571, 2016
Zhang X., Jin C., Li C., Wen Z., Shen Q., Fang Y., Wu Z.: Ciphertext-policy attribute-based encryption with user and authority accountability.. In: International Conference on Security and Privacy in Communication Systems. Springer, 2015, pp 500–518
Zhang Y., Chen X., Li J., Wong D.S., Li H.: Anonymous attribute-based encryption supporting efficient decryption test.. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. ACM, 2013, pp 511–516
Zhang Y., Li J., Zheng D., Chen X., Li H.: Towards privacy protection and malicious behavior traceability in smart health. Pers. Ubiquit. Comput. 21 (5): 815–830, 2017
Zhang Y., Yang M., Zheng D., Lang P., Wu A., Chen C.: Efficient and secure big data storage system with leakage resilience in cloud computing. Soft Comput. 22 (23): 7763–7772, 2018
Zhang Y., Zheng D., Deng R.H.: Security and privacy in smart health: Efficient policy-hiding attribute-based access control. IEEE Internet of Things Journal 5 (3): 2130–2145, 2018
Zhou Y., Yang B., Mu Y.: Continuous leakage-resilient identity-based encryption without random oracles. Comput. J 61 (4): 586–600, 2018
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Informed Consent
All the authors have agreed to this submission.
Research involving human participants and/or animals
This article does not contain any studies with human participants or animals performed by any of the authors.
Disclosure of potential conflicts of interest
All authors declare that they have no conflict of interest.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection on Mobile & Wireless Health
Rights and permissions
About this article
Cite this article
Rana, S., Mishra, D. Efficient and Secure Attribute Based Access Control Architecture for Smart Healthcare. J Med Syst 44, 97 (2020). https://doi.org/10.1007/s10916-020-01564-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-020-01564-z