Education and Information Technologies

, Volume 23, Issue 5, pp 2213–2233 | Cite as

A secure cloud framework to share EHRs using modified CP-ABE and the attribute bloom filter

  • Gandikota Ramu


In recent years, the Internet of Things (IoT), cloud computing, and wireless body area networks (WBANs) have converged and become popular due to their potential to improve quality of life. This convergence has greatly promoted the industrialization of e-healthcare. With the flourishing of the e-healthcare industry, full electronic health records (EHRs) are expected to promote preventative health services as well as global health. However, the outsourcing of EHRs to third-party servers, like the cloud, involves many challenges, including securing health information and preserving privacy. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising scheme for storing and sharing information in third-party servers. This scheme enables patients and doctors to encrypt or decrypt their information using access policies defined by attributes. In this scheme, the access policy is tied with the ciphertext in the form of plaintext, which may risk leaking personal patient information. Earlier protocols only partially hide the attribute values in the access policies but leave the attribute names unprotected. To address these security issues, we propose a secure cloud framework using modified CP-ABE and an attribute Bloom filter (ABF). In modified CP-ABE, we can hide the entire attribute, including values, in the access policies. The ABFs assist in data decryption by evaluating the presence of an attribute in the access policy and pointing to its position. Security analysis and performance evaluation demonstrate the efficiency and effectiveness of the proposed framework. Finally, the proposed framework is explored to verify its feasibility.


EHRs IoT Cloud computing CP-ABE and bloom filter 



The authors are especially indebted to the Science and Engineering Research Board (SERB), Department of Science and Technology (DST), and Government of India for providing an environment where the authors could do the best work possible.


  1. Beimel, A. (1996). Secure schemes for secret sharing and key distribution. Ph.D. dissertation, Israel Inst. Technol. Technion, Haifa, Israel.Google Scholar
  2. Boneh, D., & Waters, B. (2007). Conjunctive, subset, and range queries on encrypted data. In Theory of Cryptography. Heidelberg, Germany: Springer, pp. 535–554.Google Scholar
  3. Frikken, K., Atallah, M., & Li, J. (2006). Attribute-based access control with hidden policies and hidden credentials. IEEE Transactions on Computers, 55(10), 1259–1270.CrossRefGoogle Scholar
  4. Helmer, A., Lipprandt, M., Frenken, T., et al. (2011). Empowering patients through personal health records: a survey of existing third-party webbased PHR products. Electronic Journal of Health Informatics, 6(3), e26.Google Scholar
  5. Hur, J. (2013). Attribute-based secure data sharing with hidden policies in smart grid. IEEE Transactions on Parallel and Distributed Systems, 24(11), 2171–2180.CrossRefGoogle Scholar
  6. Jara, A.J., Zamora, M.A., Skarmeta, A.F.G. (2010). An architecture based on internet of things to support mobility and security in medical environments. Proceedings of 7th IEEE Consumer Communications and Networking Conference. pp: 1–5.Google Scholar
  7. Jiang, R., Wu, X., & Bhargava, B. (2016). SDSS-MAC: Secure data sharing scheme in multi-authority cloud storage systems. Computers & Security, 62, 193–212. Scholar
  8. Katz, J., Sahai, A., & Waters, B. (2008). Predicate encryption supporting disjunctions, polynomial equations, and inner products. In Advances in cryptology–EUROCRYPT 2008. Heidelberg, Germany: Springer, pp. 146–162.Google Scholar
  9. Lai, J., Deng, R. H., & Li, Y. (2011). Fully secure cipertext-policy hiding CPABE. In Information security practice and experience. Heidelberg, Germany: Springer, pp. 24–39.Google Scholar
  10. Lai, J., Deng, R. H., & Li, Y. (2012) Expressive CP-ABE with partially hidden access structures. In Proc. ASIACCS, Seoul, South Korea, pp. 18–19.Google Scholar
  11. Lei, L., Zhong, Z., Zheng, K., Chen, J., & Meng, H. (2013). Challenges on wireless heterogeneous networks for mobile cloud computing. IEEE Wireless Communications, 20(3), 34–44.CrossRefGoogle Scholar
  12. Leng, C., Yu, H., Wang, J., & Huang, J. (2013). Securing personal health records in the cloud by enforcing sticky policies. Telkomnika Indonesian J Elect Eng, 11(4), 2200–2208.Google Scholar
  13. Li, J., Ren, K., Zhu, Z., & Wan, Z. (2009). Privacy-aware attribute-based encryption with user accountability. In Proc. Inf. Security, Pisa, Italy, pp. 347–362.Google Scholar
  14. Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems, 24(1), 131–143.CrossRefGoogle Scholar
  15. Li, H., Liu, D., Alharbi, K., Zhang, S., & Lin, X. (2015a). Enabling fine-grained access control with efficient attribute revocation and policy updating in smart grid. KSII Transactions on Internet and Information Systems, 9(4), 1404–1423.Google Scholar
  16. Li, H., Liu, D., Dai, Y., & Luan, T. H. (2015b). Engineering searchable encryption of mobile cloud networks: when QoE meets QoP. IEEE Wireless Communications, 22(4), 74–80.CrossRefGoogle Scholar
  17. Li, Q., et al. (2016a). Secure, efficient and revocable multi-authority access control system in cloud storage. Computers & Security, 59, 45–59. Scholar
  18. Li, H., et al. (2016b). Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data. IEEE Transactions on Dependable and Secure Computing, 13(3), 312–325. Scholar
  19. Lin, H., Cao, Z., Liang, X., & Shao, J. (2008). Secure threshold multi authority attribute based encryption without a central authority. In Proc. INDOCRYPT, Kharagpur, India, pp. 426–436.Google Scholar
  20. Lin, H., Shao, J., Zhang, C., & Fang, Y. (2013). CAM: cloud-assisted privacy preserving mobile health monitoring. IEEE Transactions on Information Forensics and Security, 8(6), 985–997.CrossRefGoogle Scholar
  21. Liu, H., Ning, H., Xiong, Q., & Yang, L. T. (2015). Shared authority based privacypreserving authentication protocol in cloud computing. IEEE Transactions on Parallel and Distributed Systems, 26(1), 241–251.CrossRefGoogle Scholar
  22. Lu, R., Zhu, H., Liu, X., Liu, J. K., & Shao, J. (2014). Toward efficient and privacy-preserving computing in big data era. IEEE Network, 28(4), 46–50.CrossRefGoogle Scholar
  23. Mell, P. & Grance, T. (2011). The NIST definition of cloud computing. Recommendations Nat. Inst. Standards Technol., NIST,Washington, DC, USA, Tech. Rep. 800–145.Google Scholar
  24. Nishide, T., Yoneyama, K., & Ohta, K. (2008). Attribute-based encryption with partially hidden encryptor-specified access structures. In Applied Cryptography and Network Security. Heidelberg, Germany: Springer, pp. 111–129.Google Scholar
  25. Park, E., & Nam, H. S. (2009). A service-oriented medical framework for fast and adaptive information delivery in mobile environment. IEEE Transactions on Information Technology in Biomedicine, 13(6), 1049–1056.CrossRefGoogle Scholar
  26. Ramu, G. & Eswara Reddy, B. (2015). Secure architecture to manage EHR’s in cloud using SSE and ABE. Springer, Health Technol.
  27. Sawand, Djahel, S., Zhang, Z., & Naїt-Abdesselam, F. (2015). Toward energyefficient and trustworthy ehealth monitoring system. China Commun, 12(1), 46–65.CrossRefGoogle Scholar
  28. Shin, M. S., Jeon, H. S., Ju, Y. W., Lee, B. J., & Jeong, S. P. (2015). Constructing RBAC based security model in u-healthcare service platform. The Scientific World Journal, 2015, Art. no. 937914.
  29. Su, Z., Xu, Q., & Qi, Q. (2016). Big data in mobile social networks: A QoE-oriented framework. IEEE Network, 30(1), 52–57.CrossRefGoogle Scholar
  30. Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1–11.CrossRefGoogle Scholar
  31. Vossberg, M., Tolxdorff, T., & Krefting, D. (2008). DICOM image communication in globus-based medical grids. IEEE Transactions on Information Technology in Biomedicine, 12(2), 145–153.CrossRefGoogle Scholar
  32. Wang, Zhang, B., Ren, K., Roveda, J. M., Chen, C. W., & Xu, Z. (2014). A privacy-aware cloud-assisted healthcare monitoring system via compressive sensing. In Proc. 33rd IEEE INFOCOM Conf., pp. 2130–2138.Google Scholar
  33. Waters, B. (2011). Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Proc. PKC, Taormina, Italy, pp. 53–70.Google Scholar
  34. Weber, R. H. (2010). Internet of things – New security and privacy challenges. Computer Law & Security Review, 26(1), 23–30.CrossRefGoogle Scholar
  35. Yang, K., & Jia, X. (2014). Expressive, efficient, and revocable data accesscontrol for multi-authority cloud storage. IEEE Transactions on Parallel and Distributed Systems, 25(7), 1735–1744.CrossRefGoogle Scholar
  36. Yang, K., Jia, X., & Ren, K. (Dec. 2015). Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Transactions on Parallel and Distributed Systems, 26(12), 3461–3470.CrossRefGoogle Scholar
  37. Yang, K., Liu, Z., Jia, X., & Shen, X. S. (2016). Time-domain attribute-based access control for cloud-based video content sharing: a cryptographic approach. IEEE Transactions on Multimedia, 18(5), 940–950.CrossRefGoogle Scholar
  38. Yu, S., Ren, K., & Lou, W. (2008). Attribute-based content distribution with hidden policy. In Proc. Secure Netw. Protocols (NPSec), Orlando, FL, USA, pp. 39–44.Google Scholar
  39. Zheng, K., Yang, Z., Zhang, K., Chatzimisios, P., Yang, K., & Xiang, W. (2016). Big data-driven optimization for mobile networks toward 5G. IEEE Network, 30(1), 44–51.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Computer Science & EngineeringInstitute of Aeronautical EngineeringTelanganaIndia

Personalised recommendations