A traceable and revocable decentralized attribute-based encryption scheme with fully hidden access policy for cloud-based smart healthcare

Abstract

Smart healthcare is an emerging technology for enabling interaction between patients and medical personnel, medical institutions, and medical devices utilizing advanced Internet of Things (IoT) technologies. It has attracted significant attention from researchers because of the convenience of storing and sharing electronic medical records (EMRs) in the cloud. Given that a patient’s EMR contains sensitive individual information, it must be encrypted before uploading it to the cloud. As a solution for data confidentiality and fine-grained access control, the Ciphertext Policy Attribute-Based Encryption (CP-ABE) technique is proposed, which helps manipulate private personal data without explicit authorization. However, most CP-ABE schemes use a centralized mechanism which may lead to performance bottlenecks and single-point-of-failure issues. They will also be at risk of key abuse and privacy breaches in smart healthcare applications. To this end, in this paper, we investigate a traceable and revocable decentralized attribute-based encryption scheme with a fully hidden access policy (TR-HP-DABE). Firstly, to overcome the issues of user privacy leakage and single-point-of-failure, a fully hidden access policy is established for multiple attribute authorities. Secondly, to prevent key abuse, the proposed TR-HP-DABE can achieve the tracking and revocation of malicious users by using Key Encryption Key (KEK) trees and updating the partial ciphertext. Furthermore, the online/offline encryption and verifiable outsourced decryption are applied to improve its efficiency in practical smart healthcare. According to our analysis, the security and traceability of TR-HP-DABE can be proved. Finally, the performance evaluation of TR-HP-DABE is more effective than some existing typical ones.