Efficient and Expressive Access Control With Revocation for Privacy of PHR Based on OBDD Access Structure

Abstract

Read online

With the advancement of information and communication technology (ICT), the medical sector is undergoing a massive transformation. Health records are being digitized, stored remotely in the cloud and shared with different stakeholders. However, the use of the cloud for personal health record (PHR) storage presents data security and privacy challenges. Ciphertext-policy attribute-based encryption (CP-ABE) is being widely studied for fine-grained access control of PHRs in the cloud. Expressiveness, efficiency and attribute revocation, among others, are some key requirements of a cloud based health systems. But, many of the proposed CP-ABE schemes rely on access structures that are either restrictive or cumbersome and thus result in less expressive and efficient schemes. Many of the schemes also lack mechanisms for efficient and immediate attribute/user revocation. In this work, we propose an expressive and efficient access control scheme with attribute/user revocation based on ordered binary decision diagram (OBDD) access structure. We use the attribute group approach to achieve the attribute/user revocation in our work. Additionally, the ciphertexts and private keys are assigned version numbers to prevent the revoked group members from colluding with non-revoked members. Security and efficiency analysis show that our proposed scheme is secure, expressive and efficient.

Keywords

• Attribute-based encryption (ABE)
• ordered binary decision diagram (OBDD)
• personal health record (PHR)
• attribute/user revocation
• security and privacy