Journal Title
Title of Journal: Int J Inf Secur
|
Abbravation: International Journal of Information Security
|
Publisher
Springer Berlin Heidelberg
|
|
|
|
|
|
Authors: Huiling Qian Jiguo Li Yichen Zhang Jinguang Han
Publish Date: 2014/11/29
Volume: 14, Issue: 6, Pages: 487-497
Abstract
Personal health record PHR service is an emerging model for health information exchange In PHR systems patient’s health records and information are maintained by the patient himself through the Web In reality PHRs are often outsourced to be stored at the third parties like cloud service providers However there have been serious privacy concerns about cloud service as it may expose user’s sensitive data like PHRs to those cloud service providers or unauthorized users Using attributebased encryption ABE to encrypt patient’s PHRs in cloud environment secure and flexible access control can be achieved Yet problems like scalability in key management finegrained access control and efficient user revocation remain to be addressed In this paper we propose a privacypreserving PHR which supports finegrained access control and efficient revocation To be specific our scheme achieves the goals 1 scalable and finegrained access control for PHRs by using multiauthority ABE scheme and 2 efficient ondemand user/attribute revocation and dynamic policy update In our scheme we consider the situation that multiple data owners exist and patient’s PHRs are encrypted and stored in semitrust servers The access structure in our scheme is expressive access tree structure and the security of our scheme can be reduced to the standard decisional bilinear Diffie–Hellman assumptionWe would like to thank anonymous referees for their helpful comments and suggestions This work is supported by the National Natural Science Foundation of China 61272542 61300213 the Fundamental Research Funds for the Central Universities 2013B07014
Keywords:
.
|
Other Papers In This Journal:
|