Decentralized Access Control for Privacy-Preserving Cloud-Based Personal Health Record With Verifiable Policy Update
Haoyuan Fan, Qi Li, Jinbo Xiong, Rui Li, Wei Chen, Haiping Huang
Abstract
With the advancement of cloud computing technology, cloud-based personal health record (CB-PHR) has become an increasingly popular way for modern patients to flexibly manage and share their health records with doctors. However, the confidentiality of CB-PHR privacy is vulnerable to threats due to unauthorized users and untrusted cloud service provider (CSP). Additionally, patients and doctors may be constrained by changes in access permissions and limited device resources. To address these challenges, we propose an efficient decentralized privacy-preserving attribute-based access control scheme with verifiable policy update (DPVPU) for CB-PHR systems. DPVPU supports large attribute universe and safeguards the privacy of both the access policy and the doctor’s identity through partially hiding the access policy and employing a one-way anonymous key agreement technique. Unlike re-encrypting ciphertext, it can dynamically update policy by fully utilizing the previous policy and outsourcing the computation of ciphertext update to the CSP. Also, we design an efficient verification algorithm enabling patients to check the correctness of updated ciphertext. For devices with limited resources, we use online/offline and outsourced decryption techniques to reduce system costs. Finally, we provide formal security proofs and performance analysis to demonstrate the security and practicality of DPVPU.