09-10-2014, 02:12 PM
Scalable and Secure Sharing of Personal Health
Records in Cloud Computing using
Attribute-based Encryption
Scalable and Secure.pdf (Size: 349.12 KB / Downloads: 48)
Abstract
—Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often
outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health
information could be exposed to those third party servers and to unauthorized parties. To assure the patients’ control over access
to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure,
scalability in key management, flexible access and efficient user revocation, have remained the most important challenges toward
achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework
and a suite of mechanisms for data access control to PHRs stored in semi-trusted servers. To achieve fine-grained and scalable data
access control for PHRs, we leverage attribute based encryption (ABE) techniques to encrypt each patient’s PHR file. Different from
previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into
multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy
is guaranteed simultaneously by exploiting multi-authority ABE. Our scheme also enables dynamic modification of access policies or
file attributes, supports efficient on-demand user/attribute revocation and break-
glass access under emergency scenarios. Extensive
analytical and experimental results are presented which show the security, scalability and efficiency of our proposed scheme.
Problem Definition
We consider a PHR system where there are multiple PHR
owners and PHR users. The owners refer to patients who
have full control over their own PHR data, i.e., they can
create, manage and delete it. There is a central server
belonging to the PHR service provider that stores all
the owners’ PHRs. The users may come from various
aspects; for example, a friend, a caregiver or a researcher.
Users access the PHR documents through the server in
order to read or write to someone’s PHR, and a user can
simultaneously have access to multiple owners’ data.
A typical PHR system uses standard data formats.
For example, continuity-of-care (CCR) (based on XML
data structure), which is widely used in representative
PHR systems including Indivo [27], an open-source PHR
system adopted by Boston Children’s Hospital. Due to
the nature of XML, the PHR files are logically organized
by their categories in a hierarchical way [8], [20
CONCLUSION
In this paper, we have proposed a novel framework of