Publication Type
Journal Article
Version
acceptedVersion
Publication Date
7-2023
Abstract
The Internet of Things and cloud services have been widely adopted in many applications, and personal health records (PHR) can provide tailored medical care. The PHR data is usually stored on cloud servers for sharing. Weighted attribute-based encryption (ABE) is a practical and flexible technique to protect PHR data. Under a weighted ABE policy, the data user's attributes will be “scored”, if and only if the score reaches the threshold value, he/she can access the data. However, while this approach offers a flexible access policy, the data owners have difficulty controlling their privacy, especially sharing PHR data in collaborative e-health systems. This article aims to find a balance between privacy and flexibility and proposes an AND-weighted ABE scheme in cloud-based personal health records sharing systems. The proposed scheme can meet both privacy and flexibility. Only when the data user satisfies the scored-based policy and is in the specified organization(s), can the data user access the PHR data. Besides, we give the security proof and the performance evaluation of the proposed scheme. The security proof and performance analysis show that the proposed scheme can efficiently and securely share PHR data in cloud service.
Keywords
Attribute-based encryption, privacy-preserving and flexible access control, secure PHR date sharing, weighted attribute
Discipline
Databases and Information Systems | Health Information Technology | Information Security
Research Areas
Cybersecurity
Publication
IEEE Transactions on Cloud Computing
Volume
11
Issue
3
First Page
2420
Last Page
2430
ISSN
2168-7161
Identifier
10.1109/TCC.2022.3208168
Publisher
Institute of Electrical and Electronics Engineers
Citation
ZHANG, Yudi; GUO, Fuchun; SUSILO, Willy; and YANG, Guomin.
Balancing privacy and flexibility of cloud-based personal health records sharing system. (2023). IEEE Transactions on Cloud Computing. 11, (3), 2420-2430.
Available at: https://ink.library.smu.edu.sg/sis_research/8337
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/TCC.2022.3208168
Included in
Databases and Information Systems Commons, Health Information Technology Commons, Information Security Commons