Abstract:
Personal e-health records (EHR) enable medical workers (e.g., doctors and nurses) to conveniently and quickly access each patient's medical history through the public cloud, which greatly facilitates patients' visits and makes telemedicine possible. Additionally, since EHR involve patients' personal privacy information, EHR holders would hesitate to directly outsource their data to cloud servers. A natural and favorite manner of conquering this issue is to encrypt these outsourced EHR such that only authorized medical workers can access them. Specifically, the ciphertext-policy attribute-based encryption (CP-ABE) supports fine-grained access over encrypted data and is considered to be a perfect solution of securely sharing EHR in the public cloud. In this paper, to strengthen the system security and meet the requirement of specific applications, we add functionalities of user revocation, secret key delegation and ciphertext update to the original ABE, and propose a revocable-storage hierarchical attribute-based encryption (RS-HABE) scheme, as the core building of establishing a framework for secure sharing of EHR in public cloud. The proposed RS-HABE scheme features of forward security (a revoked user can no longer access previously encrypted data) and backward security (a revoked user also cannot access subsequently encrypted data) simultaneously, and is proved to be selectively secure under a complexity assumption in bilinear groups, without random oracles. The theoretical analysis indicates that the proposed scheme surpasses existing similar works in terms of functionality and security, at the acceptable cost of computation overhead. Moreover, we implement the proposed scheme and present experiments to demonstrate its practicability.