A Lightweight Policy Update Scheme for Outsourced Personal Health Records Sharing

With high flexibility and accessibility of data outsourcing environment such as cloud computing environment, several healthcare providers implement electronic personal health records (PHRs) to enable individual patients to manage their own health data in such resilient and scalable environment. However, PHRs contain highly sensitive information of which the security and privacy issues are the critical concern. Besides, PHRs owners should be capable to flexibly and securely define their own access policy for their outsourced data. In addition to the basic authentication feature, existing commercial cloud platforms usually provide symmetric or public key encryption as an optional feature to support data confidentiality for their tenants. However, such traditional encryption schemes are not suitable for data outsourcing environment because of high key management overhead of symmetric encryption and high maintenance cost for handling multiple copies of ciphertext for public key encryption solution. In this paper, we design and develop a secure and fine-grained access control scheme with lightweight access policy update for outsourced PHRs. Our proposed scheme is based on the ciphertext policy attribute-based encryption (CP-ABE) and proxy re-encryption (PRE). In addition, we introduce a policy versioning technique to support the full traceability of policy changes. Finally, we conducted the performance evaluation to demonstrate the efficiency of the proposed scheme.

Automated summary

This paper presents a secure and fine-grained access control scheme based on CP-ABE and PRE for outsourced PHRs, allowing for secure management of access policies, updates, and traceability. Performance evaluation demonstrates the efficiency of the proposed scheme.