Fine-Grained Access Control in mHealth with Hidden Policy and Traceability

  • Qi LiEmail author
  • Yinghui Zhang
  • Tao Zhang
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 303)


Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a well-received cryptographic primitive to securely share personal health records (PHRs) in mobile healthcare (mHealth). Nevertheless, traditional CP-ABE can not be directly deployed in mHealth. First, the attribute universe scale is bounded to the system security parameter and lack of scalability. Second, the sensitive data is encrypted, but the access policy is in the plaintext form. Last but not least, it is difficult to catch the malicious user who intentionally leaks his access privilege since that the same attributes mean the same access privilege. In this paper, we propose HTAC, a fine-grained access control scheme with partially hidden policy and white-box traceability. In HTAC, the system attribute universe is larger universe without any redundant restriction. Each attribute is described by an attribute name and an attribute value. The attribute value is embedded in the PHR ciphertext and the plaintext attribute name is clear in the access policy. Moreover, the malicious user who illegally leaks his (partial or modified) private key could be precisely traced. The security analysis and performance comparison demonstrate that HTAC is secure and practical for mHealth applications.


CP-ABE Partially hidden policy Traceability Large universe Adaptive security 



This research is sponsored by The National Natural Science Foundation of China under grant No. 61602365, No. 61502248, and the Key Research and Development Program of Shaanxi [2019KW-053]. Yinghui Zhang is supported by New Star Team of Xi’an University of Posts and Telecommunications [2016-02]. We thank the anonymous reviewers for invaluable comments.


  1. 1.
    Beimel, A.: Secure schemes for secret sharing and key distribution. DSc dissertation (1996)Google Scholar
  2. 2.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334, May 2007.
  3. 3.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004). Scholar
  4. 4.
    Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). Scholar
  5. 5.
    Cheung, L., Newport, C.: Provably secure ciphertext policy ABE. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, New York, NY, USA, pp. 456–465. ACM (2007).
  6. 6.
    Lai, J., Deng, R.H., Li, Y.: Expressive CP-ABE with partially hidden access structures. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2012, New York, NY, USA, pp. 18–19. ACM (2012).
  7. 7.
    Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010). Scholar
  8. 8.
    Lewko, A., Waters, B.: Unbounded HIBE and attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 547–567. Springer, Heidelberg (2011). Scholar
  9. 9.
    Li, J., Chen, X., Chow, S.S., Huang, Q., Wong, D.S., Liu, Z.: Multi-authority fine-grained access control with accountability and its application in cloud. J. Netw. Comput. Appl. 112, 89–96 (2018). Scholar
  10. 10.
    Li, Q., Ma, J., Li, R., Liu, X., Xiong, J., Chen, D.: Secure, efficient and revocable multi-authority access control system in cloud storage. Comput. Secur. 59, 45–59 (2016). Scholar
  11. 11.
    Li, Q., Zhu, H., Xiong, J., Mo, R., Wang, H.: Fine-grained multi-authority access control in IoT-enabled mhealth. Ann. Telecommun. 4, 1–12 (2019)Google Scholar
  12. 12.
    Liu, Z., Cao, Z., Wong, D.S.: White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures. IEEE Trans. Inf. Forensics Secur. 8(1), 76–88 (2013). Scholar
  13. 13.
    Ning, J., Cao, Z., Dong, X., Liang, K., Ma, H., Wei, L.: Auditable \(sigma\)-time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 13(1), 94–105 (2018). Scholar
  14. 14.
    Ning, J., Dong, X., Cao, Z., Wei, L., Lin, X.: White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans. Inf. Forensics Secur. 10(6), 1274–1288 (2015). Scholar
  15. 15.
    Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden encryptor-specified access structures. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 111–129. Springer, Heidelberg (2008). Scholar
  16. 16.
    Phuong, T.V.X., Yang, G., Susilo, W.: Hidden ciphertext policy attribute-based encryption under standard assumptions. IEEE Trans. Inf. Forensics Secur. 11(1), 35–45 (2016). Scholar
  17. 17.
    Qi, L., Zhu, H., Ying, Z., Tao, Z.: Traceable ciphertext-policy attribute-based encryption with verifiable outsourced decryption in ehealth cloud. Wirel. Commun. Mob. Comput. 2018, 1–12 (2018)Google Scholar
  18. 18.
    Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, New York, NY, USA, pp. 463–474. ACM (2013).
  19. 19.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). Scholar
  20. 20.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). Scholar
  21. 21.
    Xue, K., Xue, Y., Hong, J., Li, W., Yue, H., Wei, D.S.L., Hong, P.: RAAC: robust and auditable access control with multiple attribute authorities for public cloud storage. IEEE Trans. Inf. Forensics Secur. 12(4), 953–967 (2017). Scholar
  22. 22.
    Yang, K., Jia, X., Ren, K.: Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Trans. Parallel Distrib. Syst. 26(12), 3461–3470 (2015). Scholar
  23. 23.
    Yang, Y., Liu, X., Deng, R.H.: Lightweight break-glass access control system for healthcare internet-of-things. IEEE Trans. Ind. Inform. 14, 3610–3617 (2017). Scholar
  24. 24.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE INFOCOM 2010 Proceedings, pp. 1–9, March 2010.
  25. 25.
    Zhang, L., Hu, G., Mu, Y., Rezaeibagha, F.: Hidden ciphertext policy attribute-based encryption with fast decryption for personal health record system. IEEE Access 7, 33202–33213 (2019). Scholar
  26. 26.
    Zhang, Y., Zheng, D., Deng, R.H.: Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J. 5(3), 2130–2145 (2018)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  1. 1.School of Computer ScienceNanjing University of Posts and TelecommunicationsNanjingChina
  2. 2.Jiangsu Key laboratory of Big Data Security and Intelligent ProcessingNanjing University of Posts and TelecommunicationsNanjingChina
  3. 3.National Engineering Laboratory for Wireless SecurityXi’an University of Posts and TelecommunicationsXi’anChina
  4. 4.School of Computer Science and TechnologyXidian UniversityXi’anChina

Personalised recommendations