Abstract
Personal Health Record (PHR) is an upcoming online service model for sharing health information. It helps patients to create, control, and share their health information with other users as well as healthcare providers. When PHR is outsourced to a third party semi trusted server, issues such as unauthorized access, privacy, and security concerns arise which remains an open challenge in a multi owner cloud environment. To overcome these challenges, a secure cloud based PHR framework for sharing PHRs among multiple users using attribute-based encryption (ABE) is proposed. In this proposed framework, patients can encrypt their PHRs and store them on semi trusted cloud servers. Moreover, patients can maintain control over access to their PHRs by assigning fine-grained, attribute-based access privileges to chosen data users. In order to achieve fine-grained access control, the proposed PHR framework is divided into personal domain (PSDs) and public domain (PUDs). To ensure security in a cloud based PHR framework, a secure key-policy attribute-based encryption (S-KP-ABE) and privacy preserving decentralized collusion resistant attribute-based encryption (PP-DCR-ABE) algorithm is implemented in the PSDs and PUDs, respectively. From the experimental analysis, it is shown that the proposed cloud based PHR framework improves the efficiency of the system in terms of encryption, decryption, and key generation time in both the domains. Also, the proposed framework is proved to be collusion resistant and the security analysis ensures privacy preservation, trustworthiness between user and authorities, thereby enhancing the security of PHR users in a multi owner environment.
Similar content being viewed by others
References
Zheng Y, Ren K, Li M, Yu S, Lou W (2013) Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans Parallel Distrib Syst 24(No. 1)
Xavier N, Chandrasekar V (2013) Security of PHR in cloud computing by using ABE techniques. IEEE Trans Parallel Distrib Syst 01(No. 72) ISSN num: 22789723
Korde P, Panwar V, Kalse S (2013) Securing personal health records in cloud using attribute based encryption. IEEE Trans Parallel Distrib Syst 2(Issue 4) ISSN: 2249–8958
Jahid S, Mittal P, Borisov N (2011) Easier: encryption-based access control in social networks with efficient revocation. Proceedings ACM Symposium Information, Computer and Comm. Security (ASIACCS)
Han J, Susilo W, Mu Y, Yan J (2012) Privacy-preserving decentralized key-policy attribute-based encryption. IEEE Trans Parallel Distrib Syst 23(11):2150–2162
Chase M, Chow SS (2009) Improving privacy and security in multi-authority attribute-based encryption. Proceedings, 16th ACM Conference Computer and Communication Security (CCS ’09). pp 121–130
Chase M, Chow SSM (2009) Improving privacy and security in multi-authority attribute-based encryption. Proceedings of the 16th ACM conference on Computer and Communications Security (CCS ’09)
Allison Lewko J, Waters B (2011) Decentralizing attribute-based encryption. EUROCRYPT ’11: Proceedings 30th Annual International Conference Theory and Applications of Cryptographic Techniques: Advances in Cryptology. In: Paterson KG (ed) p 568–588
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on Computer and communications security, CCS’06, pp 89–98
Bethencourt J, Sahai A, Waters B (2012) Ciphertext-policy attribute-based encryption. In: Proceedings of the IEEE Symposium on Security and Privacy, pp 321–334
Waters B (2011) Cipher text-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Cryptography PKC 2011, volume 6571 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, pp 53–70
Attrapadung N, Libert B, de Panafieu E (2011) Expressive key-policy attribute-based encryption with constant-size cipher texts. Proceedings ,14th International Conference on Practice and Theory in Public Key Cryptography, Taormina, Italy, pp 90–108
Ge A, Zhang J, Zhang R, Ma C, Zhang Z (2013) Security analysis of a privacy-preserving decentralized key-policy ABE scheme. IEEE Trans Parallel Distrib Syst 24(Issue 11), ISSN:1045–9219
Yang K, Jia X (2013) Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans Parallel Distrib Syst 25(7):1735–1744
Lin H, Cao Z, Liang X, Shao J (2008) Secure threshold multi-authority attribute based encryption without a central authority. Proceedings 9th International Conference on Cryptology in India, pp 426–436
Liu Z, Cao Z, Huang Q, Yuen TH, Wong DS (2011) Fully secure multi-authority ciphertext-policy attribute based encryption without random oracles. In: Computer Security-ESORICS, pp 278–297
Chase M (2007) Multi-authority attribute based encryption. In: Proceedings 4th theory of cryptography conference (TCC ). The Netherlands, Amsterdam, pp 515–534
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sangeetha, D., Vaidehi, V. A secure cloud based Personal Health Record framework for a multi owner environment. Ann. Telecommun. 72, 95–104 (2017). https://doi.org/10.1007/s12243-016-0529-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-016-0529-4