Security and privacy in smart health: Efficient policy-hiding attribute-based access control

Author

Yinghui ZHANG, Xi'an Institute of Posts and Telecommunications
Dong ZHENG, Xi'an Institute of Posts and Telecommunications
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

6-2018

Abstract

With the rapid development of the Internet of Things (IoT) and cloud computing technologies, smart health (s-health) is expected to significantly improve the quality of health care. However, data security and user privacy concerns in s-health have not been adequately addressed. As a well-received solution to realize fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has the potential to ensure data security in s-health. Nevertheless, direct adoption of the traditional CP-ABE in s-health suffers two flaws. For one thing, access policies are in cleartext form and reveal sensitive health-related information in the encrypted s-health records (SHRs). For another, it usually supports small attribute universe, which places an undesirable limitation on practical deployments of CP-ABE because the size of its public parameters grows linearly with the size of the universe. To address these problems, we introduce PASH, a privacy-aware s-health access control system, in which the key ingredient is a large universe CP-ABE with access policies partially hidden. In PASH, attribute values of access policies are hidden in encrypted SHRs and only attribute names are revealed. In fact, attribute values carry much more sensitive information than generic attribute names. Particularly, PASH realizes an efficient SHR decryption test which needs a small number of bilinear pairings. The attribute universe can be exponentially large and the size of public parameters is small and constant. Our security analysis indicates that PASH is fully secure inthe standard model. Performance comparisons and experimental results show that PASH is more efficient and expressive than previous schemes.

Keywords

Access control, Attribute-based encryption, Cloud computing, Cryptography, Decryption test, Full security, Hospitals, Internet of Things, Large universe, Privacy protection, Smart health, Urban areas

Discipline

Health Information Technology | Information Security

Research Areas

Cybersecurity

Publication

IEEE Internet of Things Journal

Volume

5

Issue

3

First Page

2130

Last Page

2145

ISSN

2327-4662

Identifier

10.1109/JIOT.2018.2825289

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Citation

ZHANG, Yinghui; ZHENG, Dong; and DENG, Robert H.. Security and privacy in smart health: Efficient policy-hiding attribute-based access control. (2018). IEEE Internet of Things Journal. 5, (3), 2130-2145.
Available at: https://ink.library.smu.edu.sg/sis_research/4000

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/JIOT.2018.2825289