IEEE J Biomed Health Inform. 2020 Oct;24(10):2960-2972. doi: 10.1109/JBHI.2020.2973713. Epub 2020 Feb 13.
The digitization of health records due to technological developments has paved the way for patients to be collaboratively treated by different healthcare institutions. In collaborative ehealth systems, a patient's health data is stored remotely in the cloud for sharing with different healthcare service providers. However, the use of third parties for storage exposes the data to several privacy and security violation threats. Ciphertext policy attribute-based encryption (CP-ABE) which provides a fine-grained access control is a promising solution to privacy and security issues in the cloud environment and as a result, it has been widely studied for secure sharing of health data in cloud-based ehealth systems. Addressing the aspects of expressiveness, efficiency, user collusion resistance and attribute/user revocation in CP-ABE have been at the forefront of these studies. Thus, in this article, we proposed a novel expressive, efficient and collusion-resistant access control scheme with immediate attribute/user revocation for secure sharing of health data in collaborative ehealth systems. The proposed scheme additionally achieves forward and backward security. To realize these features, our access control is based on the ordered binary decision diagram (OBDD) access structure and it binds the user keys to the user identities. Security and performance analysis show that our proposed scheme is secure, expressive and efficient.
由于技术的发展,健康记录的数字化为患者在不同医疗机构的协作治疗铺平了道路。在协作电子健康系统中,患者的健康数据被远程存储在云中,以便与不同的医疗服务提供商共享。然而,使用第三方进行存储会使数据面临多种隐私和安全违规威胁。密文策略属性基加密 (CP-ABE) 提供了细粒度的访问控制,是解决云环境中隐私和安全问题的一种有前途的解决方案,因此,它已被广泛研究用于基于云的电子健康系统中健康数据的安全共享。解决 CP-ABE 中的表达能力、效率、用户共谋抵抗和属性/用户撤销方面的问题一直是这些研究的重点。因此,在本文中,我们提出了一种新的、表达能力强、高效且具有共谋抵抗能力的访问控制方案,具有即时属性/用户撤销功能,用于协作电子健康系统中健康数据的安全共享。所提出的方案还实现了前向和后向安全性。为了实现这些功能,我们的访问控制基于有序二叉决策图 (OBDD) 访问结构,并将用户密钥绑定到用户身份。安全性和性能分析表明,我们提出的方案是安全的、表达能力强的和高效的。
