Annals of Telecommunications

, Volume 74, Issue 7–8, pp 389–400 | Cite as

Fine-grained multi-authority access control in IoT-enabled mHealth

  • Qi LiEmail author
  • Hongbo Zhu
  • Jinbo Xiong
  • Ruo Mo
  • Zuobin Ying
  • Huaqun Wang


With the popularity of Internet of Things (IoT) and cloud computing technologies, mobile healthcare (mHealth) can offer remote, accurate, and effective medical services for patients according to their personal health records (PHRs). However, data security and efficient access of the PHR should be addressed. Attribute-based encryption (ABE) is regarded as a well-received cryptographic mechanism to simultaneously realize fine-grained access control and data confidentiality in mHealth. Nevertheless, existing works are either constructed in the single-authority setting which may be a performance bottleneck, or lack of efficient user decryption. In this paper, we propose SEMAAC, a secure and efficient multi-authority access control system for IoT-enabled mHealth. In SEMAAC, there are multiple independently worked attribute authorities (AAs). A new entity could be an AA without re-building the system. To reduce the user decryption overhead, most decryption is executed in cloud server, which whereafter returns a partial decryption ciphertext (PDC). The AAs can help the user to check if the PDC is correctly computed. Additionally, a restricted user can delegate his/her key to someone to outsource the decryption and check the returned result, without exposing the plaintext PHR file. The proposed SEMAAC is proved to be adaptively secure in the standard model. The numerical analysis and extensive experiments illustrate the efficiency and advantage of our scheme.


Mobile healthcare Attribute-based encryption Access control Multiple authorities Efficient decryption 



We thank the reviewers for the helpful comments.

Funding information

This research is supported by the National Natural Science Foundation of China under grant no. 61502248, 61872192, 61427801, u1405255, China Postdoctoral Science Foundation (Grant no. 2018M632350), Natural Science Foundation of Jiangsu Province (No. BK20181394) and Qing Lan Project.


  1. 1.
    Hahn C, Kwon H, Hur J (2016) Efficient attribute-based secure data sharing with hidden policies and traceability in mobile health networks. Mob Inf Syst 2016:13Google Scholar
  2. 2.
    Xu LD, He W, Li S (2014) Internet of things in industries: a survey. IEEE Trans Ind Inf 10(4):2233–2243CrossRefGoogle Scholar
  3. 3.
    Wu D, Shi H, Wang H, Wang R, Fang H (2018) A feature-based learning system for internet of things applications. IEEE Internet Things J 1–1.
  4. 4.
    Xiong J, Ren J, Chen L et al (2018) Enhancing privacy and availability for data clustering in intelligent electrical service of iot. IEEE Internet Things J 1–10.
  5. 5.
    Al-Janabi S, Al-Shourbaji I, Shojafar M, Shamshirband S (2017) Survey of main challenges (security and privacy) in wireless body area networks for healthcare applications. Egyptian Inf J 18(2):113–122CrossRefGoogle Scholar
  6. 6.
    Zhang Y, Deng RH, Liu X, Zheng D (2018) Blockchain based efficient and robust fair payment for outsourcing services in cloud computing. Inf Sci 462:262–277MathSciNetCrossRefGoogle Scholar
  7. 7.
    Yang YL, Liu R, Chen YL, Li T, Tang Y (2018) Normal cloud model-based algorithm for multi-attribute trusted cloud service selection. IEEE Access 7:37644–37652CrossRefGoogle Scholar
  8. 8.
    Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Cramer R (ed) Advances in cryptology – EUROCRYPT 2005, Lecture Notes in Computer Science, vol 3494. Springer, Berlin, pp 457–473Google Scholar
  9. 9.
    Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security, CCS ’06. ACM, New York, pp 89– 98Google Scholar
  10. 10.
    Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE symposium on security and privacy, 2007. SP ’07, pp 321–334Google Scholar
  11. 11.
    Zhang Y, Chen X, Li J, Wong DS, Li H, You I (2017) Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing. Inf Sci 379:42– 61CrossRefGoogle Scholar
  12. 12.
    Chase M (2007) Multi-authority attribute based encryption. In: Vadhan S (ed) Theory of cryptography. Lecture Notes in Computer Science, vol 4392. Springer, Berlin, pp 515–534Google Scholar
  13. 13.
    Chase M, Chow SS (2009) Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM conference on computer and communications security, CCS ’09. ACM, New York, pp 121–130Google Scholar
  14. 14.
    Liu Z, Cao Z, Huang Q, Wong D, Yuen T (2011) Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles. In: Atluri V, Diaz C (eds) Computer security – ESORICS 2011. Lecture Notes in Computer Science, vol 6879. Springer, Berlin, pp 278–297Google Scholar
  15. 15.
    Li Q, Ma J, Li R, Xiong J, Liu X (2015) Large universe decentralized key-policy attribute-based encryption. Secur Commun Netw 8(3):501–509CrossRefGoogle Scholar
  16. 16.
    Li Q, Ma J, Li R, Xiong J, Liu X (2015) Provably secure unbounded multi-authority ciphertext-policy attribute-based encryption. Secur Commun Netw 8(18):4098–4109CrossRefGoogle Scholar
  17. 17.
    Xue K, Xue Y, Hong J, Li W, Yue H, Wei DSL, Hong P (2017) Raac: robust and auditable access control with multiple attribute authorities for public cloud storage. IEEE Trans Inf Forensics Secur 12(4):953–967CrossRefGoogle Scholar
  18. 18.
    Green M, Hohenberger S, Waters B (2011) Outsourcing the decryption of abe ciphertexts. In: Proceedings of the 20th USENIX conference on security, SEC’11. USENIX Association, Berkeley, pp 34–34Google Scholar
  19. 19.
    Lai J, Deng R, Guan C, Weng J (2013) Attribute-based encryption with verifiable outsourced decryption. IEEE Trans Inf Forensics Secur 8(8):1343–1354CrossRefGoogle Scholar
  20. 20.
    Li J, Wang Y, Zhang Y, Han J (2017) Full verifiability for outsourced decryption in attribute based encryption. IEEE Trans Serv Comput PP(99):1–1Google Scholar
  21. 21.
    Ning J, Cao Z, Dong X, Liang K, Ma H, Wei L (2018) Auditable σ -time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans Inf Forensics Secur 13(1):94– 105CrossRefGoogle Scholar
  22. 22.
    Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert H (ed) Advances in cryptology – EUROCRYPT 2010. Lecture Notes in Computer Science, vol 6110. Springer, Berlin, pp 62–91Google Scholar
  23. 23.
    Lewko A, Waters B (2011) Decentralizing attribute-based encryption. Advances in Cryptology – EUROCRYPT 2011. Lecture Notes in Computer Science, vol 6632. In: Paterson K (ed). Springer, Berlin, pp 568–588Google Scholar
  24. 24.
    Zhang Y, Zheng D, Deng RH (2018) Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J 5(3):2130–2145CrossRefGoogle Scholar
  25. 25.
    Li J, Huang Q, Chen X, Chow SSM, Wong DS, Xie D (2011) Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Proceedings of the 6th ACM symposium on information, computer and communications security, ASIACCS ’11. ACM, New York, pp 386–390Google Scholar
  26. 26.
    Qin B, Deng RH, Liu S, Ma S (2015) Attribute-based encryption with efficient verifiable outsourced decryption. IEEE Trans Inf Forensics Secur 10(7):1384–1393CrossRefGoogle Scholar
  27. 27.
    Gao C, Lv S, Wei Y, Wang Z, Liu Z, Cheng X (2018) M-sse: an effective searchable symmetric encryption with enhanced security for mobile devices. IEEE Access 1–1Google Scholar
  28. 28.
    Wang X, Zhang Y, Zhu H, Jiang L (2018) An identity-based signcryption on lattice without trapdoor. J Univ Comput Sci 1–1Google Scholar
  29. 29.
    Li J, Li J, Chen X, Jia C, Lou W (2015) Identity-based encryption with outsourced revocation in cloud computing. IEEE Trans Comput 64(2):425–437MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Gao C, Cheng Q, He P, Susilo W, Li J (2018) Privacy-preserving naive bayes classifiers secure against the substitution-then-comparison attack. Inf Sci 444:72–88MathSciNetCrossRefGoogle Scholar
  31. 31.
    Yu Z, Gao CZ, Jing Z, Gupta BB, Cai Q (2018) A practical public key encryption scheme based on learning parity with noise. IEEE Access 6:31918–31923CrossRefGoogle Scholar
  32. 32.
    Li J, Li YK, Chen X, Lee PPC, Lou W (2015) A hybrid cloud approach for secure authorized deduplication. IEEE Trans Parallel Distrib Syst 26(5):1206–1216CrossRefGoogle Scholar
  33. 33.
    Yang L, Han Z, Huang Z, Ma J (2018) A remotely keyed file encryption scheme under mobile cloud computing. J Netw Comput Appl 106:90–99CrossRefGoogle Scholar
  34. 34.
    Wang H, He D, Han J (2017) Vod-adac: anonymous distributed fine-grained access control protocol with verifiable outsourced decryption in public cloud. IEEE Trans Serv Comput PP(99):1–1Google Scholar
  35. 35.
    Wang H, He D, Yu J, Wang Z (2018) Incentive and unconditionally anonymous identity-based public provable data possession. IEEE Trans Serv Comput.
  36. 36.
    Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: INFOCOM, 2010 Proceedings IEEE, pp 1–9Google Scholar
  37. 37.
    Li Q, Ma J, Li R, Liu X, Xiong J, Chen D (2016) Secure, efficient and revocable multi-authority access control system in cloud storage. Comput Secur 59:45–59CrossRefGoogle Scholar
  38. 38.
    Yang Y, Liu X, Deng RH (2017) Lightweight break-glass access control system for healthcare internet-of-things. IEEE Trans Ind Inf 14(8):3610–3617CrossRefGoogle Scholar
  39. 39.
    Li J, Huang X, Li J, Chen X, Xiang Y (2014) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210CrossRefGoogle Scholar
  40. 40.
    Wang H, Zheng Z, Wu L, Li P (2017) New directly revocable attribute-based encryption scheme and its application in cloud storage environment. Clust Comput 20(3):2385– 2392CrossRefGoogle Scholar
  41. 41.
    Li J, Chen X, Chow SS, Huang Q, Wong DS, Liu Z (2018) Multi-authority fine-grained access control with accountability and its application in cloud. J Netw Comput Appl 112:89– 96CrossRefGoogle Scholar
  42. 42.
    Beimel A (1996) Secure schemes for secret sharing and key distribution. DSc dissertationGoogle Scholar
  43. 43.
    Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. Springer, Berlin, pp 53–70zbMATHGoogle Scholar
  44. 44.
    Rahulamathavan Y, Veluru S, Han J, Li F, Rajarajan M, Lu R (2016) User collusion avoidance scheme for privacy-preserving decentralized key-policy attribute-based encryption. IEEE Trans Comput 65(9):2939–2946MathSciNetCrossRefzbMATHGoogle Scholar
  45. 45.
    De Caro A, Iovino V (2011) jpbc: Java pairing based cryptography. In: Proceedings of the 16th IEEE symposium on computers and communications, ISCC 2011, Kerkyra, Corfu, Greece, June 28–July 1, pp 850–855Google Scholar

Copyright information

© Institut Mines-Télécom and Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.School of Computer ScienceNanjing University of Posts and TelecommunicationsNanjingChina
  2. 2.Jiangsu Innovative Coordination Center of Internet of ThingsNanjing University of Posts and TelecommunicationsNanjingChina
  3. 3.College of Mathematics and InformaticsFujian Normal UniversityFuzhouChina
  4. 4.School of Cyber EngineeringXidian UniversityXi’anChina
  5. 5.School of Computer Science and TechnologyAnhui UniversityHefeiChina

Personalised recommendations