Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
International Journal of Information Security
Erschienen in: International Journal of Information Security 6/2015

01.11.2015 | Special Issue Paper

Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation

verfasst von: Huiling Qian, Jiguo Li, Yichen Zhang, Jinguang Han

Erschienen in: International Journal of Information Security | Ausgabe 6/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Personal health record (PHR) service is an emerging model for health information exchange. In PHR systems, patient’s health records and information are maintained by the patient himself through the Web. In reality, PHRs are often outsourced to be stored at the third parties like cloud service providers. However, there have been serious privacy concerns about cloud service as it may expose user’s sensitive data like PHRs to those cloud service providers or unauthorized users. Using attribute-based encryption (ABE) to encrypt patient’s PHRs in cloud environment, secure and flexible access control can be achieved. Yet, problems like scalability in key management, fine-grained access control, and efficient user revocation remain to be addressed. In this paper, we propose a privacy-preserving PHR, which supports fine-grained access control and efficient revocation. To be specific, our scheme achieves the goals (1) scalable and fine-grained access control for PHRs by using multi-authority ABE scheme, and (2) efficient on-demand user/attribute revocation and dynamic policy update. In our scheme, we consider the situation that multiple data owners exist, and patient’s PHRs are encrypted and stored in semi-trust servers. The access structure in our scheme is expressive access tree structure, and the security of our scheme can be reduced to the standard decisional bilinear Diffie–Hellman assumption.
Vorheriger Artikel Security and privacy of electronic health information systems
Nächster Artikel Flexible attribute-based encryption applicable to secure e-healthcare records

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Literatur
1.
Fernandes, Diogo A.B., Soares, Liliana F.B., et al.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13(2), 113–170 (2014)CrossRef
2.
Gouglidis, A., Mavridis, I., Hu, V.C.: Security policy verification for multi-domains in cloud systems. Int. J. Inf. Secur. 13(2), 97–111 (2014)CrossRef
3.
Li, M., Yu, S., Cao, N., Lou, W.: Authorized private keyword search over encrypted personal health records in cloud computing. In: Proceedings of the 31st IEEE International Conference on Distributed Computing Systems (ICDCS’11), pp. 383–392 (2011)
4.
Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24, 131–143 (2013)CrossRef
5.
Health insurance portability and accountability act of 1996. U.S. Government Printing Office (1996)
6.
Sahai, A., Waters, B.: Fuzzy identity based encryption. In: Advances in Cryptology—EUROCRYPT 2005, LNCS 3494, pp. 457–473 (2005)
7.
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of IEEE Symposium on Security and Privacy 2007 (SP’07), LNCS 6571, pp. 321–334 (2007)
8.
Cheung, L., Newport, C.: Provably secure ciphertext policy ABE. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07) pp. 456–465 (2007)
9.
Herranz, J., Laguillaumie, F., R\(\grave{a}\)fols, C.: Constant size ciphertexts in threshold attribute-based encryption. In: Proceedings of 13th International Conference on Practice and Theory in Public Key Cryptography (PKC’10) pp. 19–34 (2010)
10.
Waters, B.: Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Proceedings of 14th International Conference on Practice and Theory in Public Key Cryptography (PKC’11), LNCS, Vol. 6571, pp. 53–70. Springer-Verlag, Berlin Heidelberg New York (2011)
11.
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted Data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06) x, pp. 89–98 (2006)
12.
Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07) pp. 195–203 (2007)
13.
Mandl, K.D., Szolovits, P., Kohane, I.S.: Public standards and patients control: how to keep electronic medical records accessible but private. BMJ 322(7281), 283–287 (2001)CrossRef
14.
Chase, M.: Multi-authority attribute based encryption. In: Proceedings of the 4th Theory of Cryptography Conference (TCC’07) pp. 515–534 (2007)
15.
Lin, H., Cao, Z., Liang, X., Shao, J.: Secure threshold multi-authority attribute based encryption without a central authority. In: Proceedings of the 9th International Conference on Cryptology in India (INDOCRYPT’08), pp. 426–436. (2008)
16.
Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09) pp. 121–130 (2009)
17.
Pirretti, M., Traynor, P., McDaniel, P., Waters, B.: Secure attribute-based systems. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06) pp. 99–112 (2006)
18.
Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS’05) pp. 417–426 (2008)
19.
Liang, X., Lu, R., Lin, X., Shen, X.S.: Ciphertext Policy Attribute Based Encryption with Efficient Revocation. Univ. of Waterloo, Technical report (2010)
20.
Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS’10) pp. 261–270 (2010)
21.
Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing system. IEEE Trans. Parallel Distrib. Syst. 22, 1214–1221 (2011)
22.
Jahid, S., Mittal, P., Borisov, N.: Easier: encryption-based access control in social networks with efficient revocation. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS’11) pp. 411–415 (2011)
23.
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of the 29th IEEE International Conference on Computer Communications (INFOCOM’10) pp. 534–542 (2010)
24.
Ibraimi, L., Petkovic, M., Nikova, S., Hartel, P., Jonker, W.: Ciphertext-Policy Attribute-Based Threshold decryption with Flexible Delegation and Revocation of User Attributes. University of Twente, Technical report (2009)
25.
Ibraimi, L., Asim, M., Petkovic, M.: Secure Management of Personal Health Records by Applying Attribute-Based Encryption. University of Twente, Technical report (2009)
26.
Akinyele, A., Lehmann, C.U., Green, M.D., Pagano, M.W., Peterson, Z.N.J., Rubin, A.D.: Self-Protecting Electronic Medical Records using Attribute-Based Encryption on Mobile Device. Technical report. Cryptology ePrint Archive, Report 2010/565 (2010)
27.
Beimel, A.: Secure schemes for secret sharing and key distribution. PhD thesis, Israel Institute of Technology. Technion, Haifa, Israel (1996)
28.
Jung, T., Li, X., Wan, Z., Wan, M.: Privacy preserving cloud data access with multi-authorities. In: Proceedings of the 32th IEEE International Conference on Computer Communications (INFOCOM’13) pp. 2625–2633 (2013)
29.
Boneh, D., Boyen, X.: Efficient selective-ID secure identity based encryption without random oracles. In: Advances in Cryptology—EUROCRYPT 2004, LNCS 3027, pp. 223–238 (2004)
30.
Xiao, M., Yuan, S.: Achieving fine-grained access control and integrity auditing in cloud storage. J. Comput. Inf. Syst. 9, 5477–5484 (2013)
31.
Fiore, D., Gennaro, R.: Publicly verifiable delegation of large polynomials and matrix computations, with applications. In: Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12) pp. 501–512 (2012)
32.
Zheng, Q., Xu, S., Ateniese, G.: VABKS: verifiable attribute-based keyword search over outsourced encrypted data. IACR Cryptology ePrint Archive 462 (2013)
Metadaten
Titel
Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation
verfasst von
Huiling Qian
Jiguo Li
Yichen Zhang
Jinguang Han
Publikationsdatum
01.11.2015
Verlag
Springer Berlin Heidelberg
Erschienen in
International Journal of Information Security / Ausgabe 6/2015
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI
https://doi.org/10.1007/s10207-014-0270-9

Weitere Artikel der Ausgabe 6/2015

International Journal of Information Security 6/2015 Zur Ausgabe

Regular Contribution

Gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme

Regular Contribution

Security and searchability in secret sharing-based data outsourcing

Regular Contribution

URL query string anomaly sensor designed with the bidimensional Haar wavelet transform

Regular Contribution

Secure floating point arithmetic and private satellite collision analysis

Editorial

Security and privacy of electronic health information systems

Special Issue Paper

Flexible attribute-based encryption applicable to secure e-healthcare records

Premium Partner

    Bildnachweise