doiSerbia

Privacy-preserving multi-authority attribute-based encryption with dynamic policy updating in PHR

Yan Xixi (School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo, China)
Ni Hao (School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo, China)
Liu Yuan (School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo, China)
Han Dezhi (College of Information Engineering, Shanghai Maritime University, Shanghai, China)

As a new kind of patient-centred health-records model, the personal health record (PHR) system can support the patient in sharing his/her health information online. Attribute-Based Encryption (ABE), as a new public key cryptosystem that guarantees fine-grained access control of outsourced encrypted data, has been used to design the PHR system. Considering that privacy preservation and policy updating are the key problems in PHR, a privacy-preserving multiauthority attribute-based encryption scheme with dynamic policy updating in PHR was proposed. In the scheme, each of the patient’s attributes is divided into two parts: attribute name and attribute value. The values of the user’s attributes will be hidden to prevent them from being revealed to any third parties. In addition, the Linear Secret-Sharing Scheme (LSSS) access structure and policy-updating algorithms are designed to support all types of policy updating (based on “and”, “or”, and “not” operations). Finally, the scheme is demonstrated to be secure against chosen-plaintext attack under the standard model. Compared to the existing related schemes, the sizes of the user’s secret key and ciphertext are reduced, and the lower computing cost makes it more effective in the PHR system.

Keywords: attribute-based encryption, privacy preserving, policy dynamic updating, fine-grained access control, personal health record