Abstract
Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a well-received cryptographic primitive to securely share personal health records (PHRs) in mobile healthcare (mHealth). Nevertheless, traditional CP-ABE can not be directly deployed in mHealth. First, the attribute universe scale is bounded to the system security parameter and lack of scalability. Second, the sensitive data is encrypted, but the access policy is in the plaintext form. Last but not least, it is difficult to catch the malicious user who intentionally leaks his access privilege since that the same attributes mean the same access privilege. In this paper, we propose HTAC, a fine-grained access control scheme with partially hidden policy and white-box traceability. In HTAC, the system attribute universe is larger universe without any redundant restriction. Each attribute is described by an attribute name and an attribute value. The attribute value is embedded in the PHR ciphertext and the plaintext attribute name is clear in the access policy. Moreover, the malicious user who illegally leaks his (partial or modified) private key could be precisely traced. The security analysis and performance comparison demonstrate that HTAC is secure and practical for mHealth applications.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Beimel, A.: Secure schemes for secret sharing and key distribution. DSc dissertation (1996)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334, May 2007. https://doi.org/10.1109/SP.2007.11
Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_4
Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_28
Cheung, L., Newport, C.: Provably secure ciphertext policy ABE. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, New York, NY, USA, pp. 456–465. ACM (2007). https://doi.org/10.1145/1315245.1315302
Lai, J., Deng, R.H., Li, Y.: Expressive CP-ABE with partially hidden access structures. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2012, New York, NY, USA, pp. 18–19. ACM (2012). https://doi.org/10.1145/2414456.2414465
Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_4
Lewko, A., Waters, B.: Unbounded HIBE and attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 547–567. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_30
Li, J., Chen, X., Chow, S.S., Huang, Q., Wong, D.S., Liu, Z.: Multi-authority fine-grained access control with accountability and its application in cloud. J. Netw. Comput. Appl. 112, 89–96 (2018). https://doi.org/10.1016/j.jnca.2018.03.006. http://www.sciencedirect.com/science/article/pii/S1084804518300870
Li, Q., Ma, J., Li, R., Liu, X., Xiong, J., Chen, D.: Secure, efficient and revocable multi-authority access control system in cloud storage. Comput. Secur. 59, 45–59 (2016). https://doi.org/10.1016/j.cose.2016.02.002. http://www.sciencedirect.com/science/article/pii/S0167404816300050
Li, Q., Zhu, H., Xiong, J., Mo, R., Wang, H.: Fine-grained multi-authority access control in IoT-enabled mhealth. Ann. Telecommun. 4, 1–12 (2019)
Liu, Z., Cao, Z., Wong, D.S.: White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures. IEEE Trans. Inf. Forensics Secur. 8(1), 76–88 (2013). https://doi.org/10.1109/TIFS.2012.2223683
Ning, J., Cao, Z., Dong, X., Liang, K., Ma, H., Wei, L.: Auditable \(sigma\)-time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 13(1), 94–105 (2018). https://doi.org/10.1109/TIFS.2017.2738601
Ning, J., Dong, X., Cao, Z., Wei, L., Lin, X.: White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans. Inf. Forensics Secur. 10(6), 1274–1288 (2015). https://doi.org/10.1109/TIFS.2015.2405905
Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden encryptor-specified access structures. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 111–129. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68914-0_7
Phuong, T.V.X., Yang, G., Susilo, W.: Hidden ciphertext policy attribute-based encryption under standard assumptions. IEEE Trans. Inf. Forensics Secur. 11(1), 35–45 (2016). https://doi.org/10.1109/TIFS.2015.2475723
Qi, L., Zhu, H., Ying, Z., Tao, Z.: Traceable ciphertext-policy attribute-based encryption with verifiable outsourced decryption in ehealth cloud. Wirel. Commun. Mob. Comput. 2018, 1–12 (2018)
Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, New York, NY, USA, pp. 463–474. ACM (2013). https://doi.org/10.1145/2508859.2516672
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19379-8_4
Xue, K., Xue, Y., Hong, J., Li, W., Yue, H., Wei, D.S.L., Hong, P.: RAAC: robust and auditable access control with multiple attribute authorities for public cloud storage. IEEE Trans. Inf. Forensics Secur. 12(4), 953–967 (2017). https://doi.org/10.1109/TIFS.2016.2647222
Yang, K., Jia, X., Ren, K.: Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Trans. Parallel Distrib. Syst. 26(12), 3461–3470 (2015). https://doi.org/10.1109/TPDS.2014.2380373
Yang, Y., Liu, X., Deng, R.H.: Lightweight break-glass access control system for healthcare internet-of-things. IEEE Trans. Ind. Inform. 14, 3610–3617 (2017). https://doi.org/10.1109/TII.2017.2751640
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE INFOCOM 2010 Proceedings, pp. 1–9, March 2010. https://doi.org/10.1109/INFCOM.2010.5462174
Zhang, L., Hu, G., Mu, Y., Rezaeibagha, F.: Hidden ciphertext policy attribute-based encryption with fast decryption for personal health record system. IEEE Access 7, 33202–33213 (2019). https://doi.org/10.1109/ACCESS.2019.2902040
Zhang, Y., Zheng, D., Deng, R.H.: Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J. 5(3), 2130–2145 (2018)
Acknowledgment
This research is sponsored by The National Natural Science Foundation of China under grant No. 61602365, No. 61502248, and the Key Research and Development Program of Shaanxi [2019KW-053]. Yinghui Zhang is supported by New Star Team of Xi’an University of Posts and Telecommunications [2016-02]. We thank the anonymous reviewers for invaluable comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Li, Q., Zhang, Y., Zhang, T. (2019). Fine-Grained Access Control in mHealth with Hidden Policy and Traceability. In: Li, Q., Song, S., Li, R., Xu, Y., Xi, W., Gao, H. (eds) Broadband Communications, Networks, and Systems. Broadnets 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 303. Springer, Cham. https://doi.org/10.1007/978-3-030-36442-7_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-36442-7_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-36441-0
Online ISBN: 978-3-030-36442-7
eBook Packages: Computer ScienceComputer Science (R0)