Secure Fine-grained Attribute-based Access Control with Hidden Policy for Electronic Health Record System

Sai Ji,
Xin Jin,
Jin-Feng Lai,
Jian Shen,

Abstract


Electronic health record system (EHRs) has become an important part of medical system, which has more meaningful benefits compared with paper-based records. However, how to conduct secure fine-grained access control remains challenging. Although ciphertext-policy attribute-based encryption (CP-ABE) is a promising candidate for solving the above challenges. It is still not suitable for EHRs when considering privacy preserving. The access policy is uploaded to cloud in plaintext form, which may leak sensitive personal privacy. In this paper, we present a secure fine-grained attribute-based access control with hidden policy for electronic health record system. In the proposed scheme, a novel attribute name randomization scheme is designed to randomize each entity’s attribute names. Therefore, each entity’s attribute name set is different and unreadable. In addition, we utilize garbled bloom filter (GBF) to hide necessary values which are used to help decrypt ciphertext. At the same time, only user has corresponding secret keys can he reveal the hidden values. Moreover, security and performance analysis demonstrate that our scheme is secure and privacy-preserving with low overhead.


Citation Format:
Sai Ji, Xin Jin, Jin-Feng Lai, Jian Shen, "Secure Fine-grained Attribute-based Access Control with Hidden Policy for Electronic Health Record System," Journal of Internet Technology, vol. 21, no. 4 , pp. 941-948, Jul. 2020.

Full Text:

PDF

Refbacks

  • There are currently no refbacks.





Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Office of Library and Information Services, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd., Shoufeng, Hualien 974301, Taiwan, R.O.C.
Tel: +886-3-931-7314  E-mail: jit.editorial@gmail.com