Non-interactive Revocable Identity-Based Access Control over e-Healthcare Records

  • Yunya ZhouEmail author
  • Jianwei Liu
  • Hua Deng
  • Bo Qin
  • Lei Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9065)


Revocation of access control on private e-healthcare records (EHRs) allows to revoke the access rights of valid users. Most existing solutions rely on a trusted third party too much to generate and update decryption keys, or require the computations of non-revoked users during the revocation, which make them impractical for some more complicated scenarios. In this paper, we propose a new revocation model, referred to as non-interactive revocable identity-based access control (NRIBAC) on EHRs. In NRIBAC, a trusted third party only needs to generate secret keys for group authorities and each group authority can generate decryption keys for the users in its domain. The NRIBAC distinguishes itself from other revocation schemes by the advantageous feature that it does not require any participation of non-revoked users in the revocation. We construct an NRIBAC scheme with short ciphertexts and decryption keys by leveraging hierarchical identity-based encryption and introducing the version information. We formally prove the security of the NRIBAC scheme and conduct thorough theoretical analysis to evaluate the performance. The results reveal that the scheme provides favorable revocation procedure without disturbing non-revoked users.


E-healthcare records Identity-based access control Revocation Non-interaction 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Belsis, P., Vassis, D., Gritzalis, S., Skourlas, C.: W-ehr: a wireless distributed framework for secure dissemination of electronic healthcare records. In: IWSSIP 2009, pp. 1–4. IEEE (2009)Google Scholar
  2. 2.
    Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encrytion with efficient revocation. In: ACM CCS 2008, pp. 417–426. ACM (2008)Google Scholar
  3. 3.
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Deng, H., Wu, Q., Qin, B., Chow, S.S.M., Domingo-Ferrer, J., Shi, W.: Tracing and revoking leaked credentials: accountability in leaking sensitive outsourced data. In: ASIACCS 2014, pp. 425–434. ACM (2014)Google Scholar
  6. 6.
    Deng, H., Wu, Q., Qin, B., Domingo-Ferrer, J., Zhang, L., Liu, J., Shi, W.: Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Information Sciences 275, 370–384 (2014)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Deng, H., Wu, Q., Qin, B., Mao, J., Liu, X., Zhang, L., Shi, W.: Who is touching my cloud. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part I. LNCS, vol. 8712, pp. 362–379. Springer, Heidelberg (2014)Google Scholar
  8. 8.
    Jin, J., Ahn, G.-J., Hu, H., Covington, M.J., Zhang, X.: Patient-centric authorization framework for sharing electronic health records. In: SACMAT 2009, pp. 125–134. ACM (2009)Google Scholar
  9. 9.
    Lee, K., Choi, S.G., Lee, D.H., Park, J.H., Yung, M.: Self-updatable encryption: Time constrained access control with hidden attributes and better efficiency. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 235–254. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  10. 10.
    Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel and Distributed Systems 24(1), 131–143 (2013)CrossRefGoogle Scholar
  11. 11.
    Liang, K., Liu, J.K., Wong, D.S., Susilo, W.: An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part I. LNCS, vol. 8712, pp. 257–272. Springer, Heidelberg (2014)Google Scholar
  12. 12.
    Libert, B., Vergnaud, D.: Adaptive-ID secure revocable identity-based encryption. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 1–15. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Mashima, D., Ahamad, M.: Enabling robust information accountability in e-healthcare systems. In: 3rd USENIX Workshop on Health Security and Privacy (2012)Google Scholar
  14. 14.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Park, S., Lee, K., Lee, D.H.: New constructions of revocable identity-based encryption from multilinear maps. In: Cryptology ePrint Archive, Report 2013/880 (2013),
  16. 16.
    Perumal, B., Rajasekaran, M.P., Duraiyarasan, S.: An efficient hierarchical attribute set based encryption scheme with revocation for outsourcing personal health records in cloud computing. In: ICACCS 2013, pp. 1–5. IEEE (2013)Google Scholar
  17. 17.
    Sahai, A., Seyalioglu, H., Waters, B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 199–217. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Seo, J.H., Emura, K.: Revocable identity-based encryption revisited: Security model and construction. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 216–234. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  19. 19.
    Seo, J.H., Emura, K.: Efficient delegation of key generation and revocation functionalities in identity-based encryption. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 343–358. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  20. 20.
    Shoniregun, C.A., Dube, K., Mtenzi, F.: Secure e-healthcare information systems. In: Electronic Healthcare Information Security, pp. 101–121. Springer US (2010)Google Scholar
  21. 21.
    Sun, L., Wang, H., Yong, J., Wu, G.: Semantic access control for cloud computing based on e-Healthcare. In: CSCWD 2012, pp. 512–518. IEEE (2012)Google Scholar
  22. 22.
    Yi, X., Miao, Y., Bertino, E., Willemson, J.: Multiparty privacy protection for electronic health records. In: GLOBECOM 2013, pp. 2730–2735. IEEE (2013)Google Scholar
  23. 23.
    Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: ASIACCS 2010, pp. 261–270. ACM (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Yunya Zhou
    • 1
    • 2
    • 3
    Email author
  • Jianwei Liu
    • 4
    • 1
  • Hua Deng
    • 5
  • Bo Qin
    • 2
    • 6
  • Lei Zhang
    • 7
  1. 1.School of Electronic and Information EngineeringBeihang UniversityBeijingChina
  2. 2.State Key Laboratory of Integrated Services NetworksXidian UniversityXi’anChina
  3. 3.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  4. 4.The Academy of Satellite ApplicationBeijingChina
  5. 5.School of ComputerWuhan UniversityWuhanChina
  6. 6.Knowledge Engineering (Renmin University of China) Ministry of Education, School of InformationRenmin University of ChinaBeijingChina
  7. 7.Software Engineering InstituteEast China Normal UniversityShanghaiChina

Personalised recommendations