HTAC: Fine-Grained Policy-Hiding and Traceable Access Control in mHealth

As an emerging cryptographic primitive, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is suitable for the owner to share his personal health records (PHRs) in mobile healthcare systems (mHealth). Before deploying traditional CP-ABE in real mHealth applications, there are three concerns worth...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 8; pp. 123430 - 123439
Main Authors Li, Qi, Zhang, Yinghui, Zhang, Tao, Huang, Haiping, He, Yingjie, Xiong, Jinbo
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 2020
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Access control
adaptive security
Algorithms
Cryptography
Encryption
Indexes
Large universe
Medical services
partially hidden access policy
Privacy
Systems architecture
traceable CP-ABE
Universe
Online AccessGet full text

Cover

More Information
Summary:As an emerging cryptographic primitive, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is suitable for the owner to share his personal health records (PHRs) in mobile healthcare systems (mHealth). Before deploying traditional CP-ABE in real mHealth applications, there are three concerns worth considering. First, the scale of pre-defined attribute universe is lack of scalability. Second, the plaintext access policy sent along with the ciphertext would leak the PHR owner's privacy. Third, it is difficult to identify the malicious user who intentionally disclosed his (partial or modified) private key. In this paper, we present HTAC, a fine-grained policy-hiding and traceable access control scheme for mHealth. In HTAC, the attribute universe is exponentially large and unbounded. Each attribute is expressed by an attribute name and an attribute value. In the encryption phase, the value is hidden in the ciphertext and only the generic attribute name is exposed. The malicious user will be precisely identified by searching the identity linked with the suspicious private key in an identity table. We further extend HTAC by removing the identity table and assigning more explicitly responsibility for the authority and the trace center. Then the storage overhead of tracing the malicious users is constant. The security analysis and performance comparison indicate that HTAC and the extended scheme are secure and practicable for real mHealth.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2020.3004897