Skip to main content
SpringerLink
Log in

Fine-Grained Access Control in mHealth with Hidden Policy and Traceability

  • Conference paper
  • First Online:
Broadband Communications, Networks, and Systems (Broadnets 2019)

Abstract

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a well-received cryptographic primitive to securely share personal health records (PHRs) in mobile healthcare (mHealth). Nevertheless, traditional CP-ABE can not be directly deployed in mHealth. First, the attribute universe scale is bounded to the system security parameter and lack of scalability. Second, the sensitive data is encrypted, but the access policy is in the plaintext form. Last but not least, it is difficult to catch the malicious user who intentionally leaks his access privilege since that the same attributes mean the same access privilege. In this paper, we propose HTAC, a fine-grained access control scheme with partially hidden policy and white-box traceability. In HTAC, the system attribute universe is larger universe without any redundant restriction. Each attribute is described by an attribute name and an attribute value. The attribute value is embedded in the PHR ciphertext and the plaintext attribute name is clear in the access policy. Moreover, the malicious user who illegally leaks his (partial or modified) private key could be precisely traced. The security analysis and performance comparison demonstrate that HTAC is secure and practical for mHealth applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Beimel, A.: Secure schemes for secret sharing and key distribution. DSc dissertation (1996)

    Google Scholar 

  2. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334, May 2007. https://doi.org/10.1109/SP.2007.11

  3. Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_4

    Chapter  Google Scholar 

  4. Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_28

    Chapter  Google Scholar 

  5. Cheung, L., Newport, C.: Provably secure ciphertext policy ABE. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, New York, NY, USA, pp. 456–465. ACM (2007). https://doi.org/10.1145/1315245.1315302

  6. Lai, J., Deng, R.H., Li, Y.: Expressive CP-ABE with partially hidden access structures. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2012, New York, NY, USA, pp. 18–19. ACM (2012). https://doi.org/10.1145/2414456.2414465

  7. Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_4

    Chapter  Google Scholar 

  8. Lewko, A., Waters, B.: Unbounded HIBE and attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 547–567. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_30

    Chapter  Google Scholar 

  9. Li, J., Chen, X., Chow, S.S., Huang, Q., Wong, D.S., Liu, Z.: Multi-authority fine-grained access control with accountability and its application in cloud. J. Netw. Comput. Appl. 112, 89–96 (2018). https://doi.org/10.1016/j.jnca.2018.03.006. http://www.sciencedirect.com/science/article/pii/S1084804518300870

    Article  Google Scholar 

  10. Li, Q., Ma, J., Li, R., Liu, X., Xiong, J., Chen, D.: Secure, efficient and revocable multi-authority access control system in cloud storage. Comput. Secur. 59, 45–59 (2016). https://doi.org/10.1016/j.cose.2016.02.002. http://www.sciencedirect.com/science/article/pii/S0167404816300050

    Article  Google Scholar 

  11. Li, Q., Zhu, H., Xiong, J., Mo, R., Wang, H.: Fine-grained multi-authority access control in IoT-enabled mhealth. Ann. Telecommun. 4, 1–12 (2019)

    Google Scholar 

  12. Liu, Z., Cao, Z., Wong, D.S.: White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures. IEEE Trans. Inf. Forensics Secur. 8(1), 76–88 (2013). https://doi.org/10.1109/TIFS.2012.2223683

    Article  Google Scholar 

  13. Ning, J., Cao, Z., Dong, X., Liang, K., Ma, H., Wei, L.: Auditable \(sigma\)-time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 13(1), 94–105 (2018). https://doi.org/10.1109/TIFS.2017.2738601

    Article  Google Scholar 

  14. Ning, J., Dong, X., Cao, Z., Wei, L., Lin, X.: White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans. Inf. Forensics Secur. 10(6), 1274–1288 (2015). https://doi.org/10.1109/TIFS.2015.2405905

    Article  Google Scholar 

  15. Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden encryptor-specified access structures. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 111–129. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68914-0_7

    Chapter  Google Scholar 

  16. Phuong, T.V.X., Yang, G., Susilo, W.: Hidden ciphertext policy attribute-based encryption under standard assumptions. IEEE Trans. Inf. Forensics Secur. 11(1), 35–45 (2016). https://doi.org/10.1109/TIFS.2015.2475723

    Article  Google Scholar 

  17. Qi, L., Zhu, H., Ying, Z., Tao, Z.: Traceable ciphertext-policy attribute-based encryption with verifiable outsourced decryption in ehealth cloud. Wirel. Commun. Mob. Comput. 2018, 1–12 (2018)

    Google Scholar 

  18. Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, New York, NY, USA, pp. 463–474. ACM (2013). https://doi.org/10.1145/2508859.2516672

  19. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27

    Chapter  Google Scholar 

  20. Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19379-8_4

    Chapter  Google Scholar 

  21. Xue, K., Xue, Y., Hong, J., Li, W., Yue, H., Wei, D.S.L., Hong, P.: RAAC: robust and auditable access control with multiple attribute authorities for public cloud storage. IEEE Trans. Inf. Forensics Secur. 12(4), 953–967 (2017). https://doi.org/10.1109/TIFS.2016.2647222

    Article  Google Scholar 

  22. Yang, K., Jia, X., Ren, K.: Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Trans. Parallel Distrib. Syst. 26(12), 3461–3470 (2015). https://doi.org/10.1109/TPDS.2014.2380373

    Article  Google Scholar 

  23. Yang, Y., Liu, X., Deng, R.H.: Lightweight break-glass access control system for healthcare internet-of-things. IEEE Trans. Ind. Inform. 14, 3610–3617 (2017). https://doi.org/10.1109/TII.2017.2751640

    Article  Google Scholar 

  24. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE INFOCOM 2010 Proceedings, pp. 1–9, March 2010. https://doi.org/10.1109/INFCOM.2010.5462174

  25. Zhang, L., Hu, G., Mu, Y., Rezaeibagha, F.: Hidden ciphertext policy attribute-based encryption with fast decryption for personal health record system. IEEE Access 7, 33202–33213 (2019). https://doi.org/10.1109/ACCESS.2019.2902040

    Article  Google Scholar 

  26. Zhang, Y., Zheng, D., Deng, R.H.: Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J. 5(3), 2130–2145 (2018)

    Article  Google Scholar 

Download references

Acknowledgment

This research is sponsored by The National Natural Science Foundation of China under grant No. 61602365, No. 61502248, and the Key Research and Development Program of Shaanxi [2019KW-053]. Yinghui Zhang is supported by New Star Team of Xi’an University of Posts and Telecommunications [2016-02]. We thank the anonymous reviewers for invaluable comments.

Author information

Authors and Affiliations

  1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, 210023, China

    Qi Li

  2. Jiangsu Key laboratory of Big Data Security and Intelligent Processing, Nanjing University of Posts and Telecommunications, Nanjing, China

    Qi Li

  3. National Engineering Laboratory for Wireless Security, Xi’an University of Posts and Telecommunications, Xi’an, 710121, China

    Yinghui Zhang

  4. School of Computer Science and Technology, Xidian University, Xi’an, 710071, China

    Tao Zhang

Authors
  1. Qi Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yinghui Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qi Li .

Editor information

Editors and Affiliations

  1. Xidian University, Xi'an, China

    Qingshan Li

  2. Xidian University, Xi'an, China

    Shengli Song

  3. Xidian University, Xi'an, China

    Rui Li

  4. Xidian University, Xi'an, China

    Yueshen Xu

  5. Xi’an Jiaotong University, Xi'an, Shaanxi, China

    Wei Xi

  6. Shanghai University, Shanghai, China

    Honghao Gao

Rights and permissions

Reprints and permissions

Copyright information

© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, Q., Zhang, Y., Zhang, T. (2019). Fine-Grained Access Control in mHealth with Hidden Policy and Traceability. In: Li, Q., Song, S., Li, R., Xu, Y., Xi, W., Gao, H. (eds) Broadband Communications, Networks, and Systems. Broadnets 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 303. Springer, Cham. https://doi.org/10.1007/978-3-030-36442-7_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-36442-7_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-36441-0

  • Online ISBN: 978-3-030-36442-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation