01-10-2012, 11:49 AM
Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-based Encryption
scalable.pdf (Size: 299.55 KB / Downloads: 106)
Abstract
Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often
outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health
information could be exposed to those third party servers and to unauthorized parties. To assure the patients’ control over access
to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure,
scalability in key management, flexible access and efficient user revocation, have remained the most important challenges toward
achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework
and a suite of mechanisms for data access control to PHRs stored in semi-trusted servers. To achieve fine-grained and scalable data
access control for PHRs, we leverage attribute based encryption (ABE) techniques to encrypt each patient’s PHR file. Different from
previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into
multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy
is guaranteed simultaneously by exploiting multi-authority ABE.
INTRODUCTION
In recent years, personal health record (PHR) has emerged
as a patient-centric model of health information
exchange. A PHR service allows a patient to create,
manage, and control her personal health data in one
place through the web, which has made the storage, retrieval,
and sharing of the the medical information more
efficient. Especially, each patient is promised the full
control of her medical records and can share her health
data with a wide range of users, including healthcare
providers, family members or friends. Due to the high
cost of building and maintaining specialized data centers,
many PHR services are outsourced to or provided
by third-party service providers, for example, Microsoft
HealthVault1. Recently, architectures of storing PHRs in
cloud computing have been proposed in [2], [3].
RELATED WORK
This paper is mostly related to works in cryptographically
enforced access control for outsourced data and
attribute based encryption. To realize fine-grained access
control, the traditional public key encryption (PKE)
based schemes [8], [10] either incur high key management
overhead, or require encrypting multiple copies
of a file using different users’ keys. To improve upon
the scalability of the above solutions, one-to-many encryption
methods such as ABE can be used. In Goyal
et. al’s seminal paper on ABE [11], data is encrypted
under a set of attributes so that multiple users who
possess proper keys can decrypt. This potentially makes
encryption and key management more efficient [12]. A
fundamental property of ABE is preventing against user
collusion. In addition, the encryptor is not required to
know the ACL.
Revocable ABE
It is a well-known challenging problem to revoke users/
attributes efficiently and on-demand in ABE. Traditionally
this is often done by the authority broadcasting
periodic key updates to unrevoked users frequently
[13], [22], which does not achieve complete backward/
forward security and is less efficient. Recently, [23]
and [24] proposed two CP-ABE schemes with immediate
attribute revocation capability, instead of periodical
revocation. However, they were not designed for MAABE.
In addition, Ruj et al. [25] proposed an alternative
solution for the same problem in our paper using Lewko
and Waters’s (LW) decentralized ABE scheme [26]. The
main advantage of their solution is, each user can obtain
secret keys from any subset of the TAs in the system,
in contrast to the CC MA-ABE. The LW ABE scheme
enjoys better policy expressiveness, and it is extended
by [25] to support user revocation. On the downside,
the communication overhead of key revocation is still
high, as it requires a data owner to transmit an updated
ciphertext component to every non-revoked user. They
also do not differentiate personal and public domains.
In this paper, we bridge the above gaps by proposing
a unified security framework for patient-centric sharing
of PHRs in a multi-domain, multi-authority PHR system
with many users. The framework captures applicationlevel
requirements of both public and personal use of a
patient’s PHRs, and distributes users’ trust to multiple
authorities that better reflects reality. We also propose a
suite of access control mechanisms by uniquely combining
the technical strengths of both CC MA-ABE [21] and
the YWRL ABE scheme [9]. Using our scheme, patients
can choose and enforce their own access policy for each
PHR file, and can revoke a user without involving high
overhead. We also implement part of our solution in a
prototype PHR system.
FRAMEWORK FOR PATIENT-CENTRIC, SECURE
AND SCALABLE PHR SHARING
In this section, we describe our novel patient-centric
secure data sharing framework for cloud-based PHR
systems. The main notations are summarized in Table 1.
Problem Definition
We consider a PHR system where there are multiple PHR
owners and PHR users. The owners refer to patients who
have full control over their own PHR data, i.e., they can
create, manage and delete it. There is a central server
belonging to the PHR service provider that stores all
the owners’ PHRs. The users may come from various
aspects; for example, a friend, a caregiver or a researcher.
Users access the PHR documents through the server in
order to read or write to someone’s PHR, and a user can
simultaneously have access to multiple owners’ data.
A typical PHR system uses standard data formats.
For example, continuity-of-care (CCR) (based on XML
data structure), which is widely used in representative
PHR systems including Indivo [27], an open-source PHR
system adopted by Boston Children’s Hospital. Due to
the nature of XML, the PHR files are logically organized
by their categories in a hierarchical way [8], [20].
Overview of Our Framework
The main goal of our framework is to provide secure
patient-centric PHR access and efficient key management
at the same time. The key idea is to divide the system
into multiple security domains (namely, public domains
(PUDs) and personal domains (PSDs)) according to the
different users’ data access requirements. The PUDs consist
of users who make access based on their professional
roles, such as doctors, nurses and medical researchers. In
practice, a PUD can be mapped to an independent sector
in the society, such as the health care, government or
insurance sector. For each PSD, its users are personally
associated with a data owner (such as family members
or close friends), and they make accesses to PHRs based
on access rights assigned by the owner.
Enhancing MA-ABE for User Revocation
The original CC MA-ABE scheme does not enable efficient
and on-demand user revocation. To achieve this
for MA-ABE, we combine ideas from YWRL’s revocable
KP-ABE [9], [15] (its details are shown in supplementary
material), and propose an enhanced MA-ABE scheme.
In particular, an authority can revoke a user or user’s
attributes immediately by re-encrypting the ciphertexts
and updating users’ secret keys, while a major part of
these operations can be delegated to the server which
enhances efficiency.
The idea to revoke one attribute of a user in MA-ABE
is as follows. The AA who governs this attribute actively
updates that attribute for all the affected unrevoked users.
To this end, the following updates should be carried
out: (1) the public/master key components for the affected
attribute; (2) the secret key component corresponding
to that attribute of each unrevoked user; (3) Also, the
server shall update all the ciphertexts containing that
attribute. In order to reduce the potential computational
burden for the AAs, we adopt proxy encryption to delegate
operations (2) and (3) to the server, and use lazyrevocation
to reduce the overhead.
Enforce Write Access Control
If there is no restrictions on write access, anyone may
write to someone’s PHR using only public keys, which
is undesirable. By granting write access, we mean a data
contributor should obtain proper authorization from the
organization she is in (and/or from the targeting owner),
which shall be able to be verified by the server who
grants/rejects write access.
A naive way is to let each contributor obtain a signature
from her organization every time she intends to
write. Yet this requires the organizations be always online.
The observation is that, it is desirable and practical
to authorize according to time periods whose granularity
can be adjusted. For example, a doctor should be permitted
to write only during her office hours; on the other
hand, the doctor must not be able to write to patients that
are not treated by her. Therefore, we combine signatures
with the hash chain technique to achieve our goals.
Computation Costs
Next, we evaluate the computational cost of our scheme
through combined implementation and simulation. We
provide the first implementation of the GPSW KP-ABE
scheme [35] (to the best of our knowledge), and also
integrated the ABE algorithms into a prototype PHR
system, Indivo [27], [36]. The GPSW KP-ABE scheme is
tested on a PC with 3.4 GHz processor, using the pairing
based cryptography (PBC) library [37]. The public
parameters are chosen to provide 80 bits security level,
and we use a pairing-friendly type-A 160-bit elliptic
curve group [37]. This parameter setting has also been
adopted in other related works in ABE [19], [38].We then
use the ABE algorithms to encrypt randomly generated
XML-formatted files (since real PHR files are difficult
to obtain), and implement the user-interfaces for data
input and output. Due to space limitations, the details
of prototype implementation are reported in [36].
CONCLUSION
In this paper, we have proposed a novel framework of
secure sharing of personal health records in cloud computing.
Considering partially trustworthy cloud servers,
we argue that to fully realize the patient-centric concept,
patients shall have complete control of their own privacy
through encrypting their PHR files to allow fine-grained
access. The framework addresses the unique challenges
brought by multiple PHR owners and users, in that we
greatly reduce the complexity of key management while
enhance the privacy guarantees compared with previous
works. We utilize ABE to encrypt the PHR data, so that
patients can allow access not only by personal users, but
also various users from public domains with different
professional roles, qualifications and affiliations. Furthermore,
we enhance an existing MA-ABE scheme to handle
efficient and on-demand user revocation.