Publication Type

Journal Article

Version

acceptedVersion

Publication Date

7-2023

Abstract

The Internet of Things and cloud services have been widely adopted in many applications, and personal health records (PHR) can provide tailored medical care. The PHR data is usually stored on cloud servers for sharing. Weighted attribute-based encryption (ABE) is a practical and flexible technique to protect PHR data. Under a weighted ABE policy, the data user's attributes will be “scored”, if and only if the score reaches the threshold value, he/she can access the data. However, while this approach offers a flexible access policy, the data owners have difficulty controlling their privacy, especially sharing PHR data in collaborative e-health systems. This article aims to find a balance between privacy and flexibility and proposes an AND-weighted ABE scheme in cloud-based personal health records sharing systems. The proposed scheme can meet both privacy and flexibility. Only when the data user satisfies the scored-based policy and is in the specified organization(s), can the data user access the PHR data. Besides, we give the security proof and the performance evaluation of the proposed scheme. The security proof and performance analysis show that the proposed scheme can efficiently and securely share PHR data in cloud service.

Keywords

Attribute-based encryption, privacy-preserving and flexible access control, secure PHR date sharing, weighted attribute

Discipline

Databases and Information Systems | Health Information Technology | Information Security

Research Areas

Cybersecurity

Publication

IEEE Transactions on Cloud Computing

Volume

11

Issue

3

First Page

2420

Last Page

2430

ISSN

2168-7161

Identifier

10.1109/TCC.2022.3208168

Publisher

Institute of Electrical and Electronics Engineers

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/TCC.2022.3208168

Share

COinS