A Coordinated Ciphertext Policy Attribute-based PHR Access Control with User Accountability

• Guofeng Lin,
• Lirong You,
• Bing Hu,
• Hanshu Hong,
• Zhixin Sun,

Vol. 12, No. 4, April 29, 2018
10.3837/tiis.2018.04.024, Download Paper (Free):

• Personal health record
• access control
• accountability
• provably secure

Abstract

The personal health record (PHR) system is a promising application that provides precise information and customized services for health care. To flexibly protect sensitive data, attribute-based encryption has been widely applied for PHR access control. However, escrow, exposure and abuse of private keys still hinder its practical application in the PHR system. In this paper, we propose a coordinated ciphertext policy attribute-based access control with user accountability (CCP-ABAC-UA) for the PHR system. Its coordinated mechanism not only effectively prevents the escrow and exposure of private keys but also accurately detects whether key abuse is taking place and identifies the traitor. We claim that CCP-ABAC-UA is a user-side lightweight scheme. Especially for PHR receivers, no bilinear pairing computation is needed to access health records, so the practical mobile PHR system can be realized. By introducing a novel provably secure construction, we prove that it is secure against selectively chosen plaintext attacks. The analysis indicates that CCP-ABAC-UA achieves better performance in terms of security and user-side computational efficiency for a PHR system.

Statistics

Cite this article