Skip to main content
Log in

Designing cloud-based electronic health record system with attribute-based encryption

Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

With the development of cloud computing, electronic health record (EHR) system has appeared in the form of patient-centric, in which patients store their personal health records (PHRs) at a remote cloud server and selectively share them with physicians for convenient medical care. Although the newly emerged form has many advantages over traditional client-server model, it inevitably introduces patients’ concerns on the privacy of their PHRs due to the fact that cloud servers are very likely to be in a different trusted domain from that of the patients. In this paper, aiming at allowing for efficient storing and sharing PHRs and also eliminating patients’ worries about PHR privacy, we design a secure cloud-based EHR system, which guarantees security and privacy of medical data stored in the cloud, relying on cryptographic primitive but not the full trust over cloud servers. Based on our proposed basic EHR system, we provide several extensions including adding searchability, supporting revocation functionality and enabling efficient local decryption, which fills the gap between theoretical proposal and practical application.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. For simplicity, we just re-publish the attribute public key component in PubUpdate because the other components are not be changed.

References

  1. Armbrust M, Fox A, Griffith R, Joseph AD (2010) A view of cloud computing. Commun ACM 53(4):50–58

    Article  Google Scholar 

  2. Benaloh J, Chase M, Horvitz E, Lauter K (2009) Patient controlled encryption: ensuring privacy of electronic medical records. In: CCSW ’09 proceedings of the 2009 ACM workshop on cloud computing security, pp 103–114

  3. Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: SP ’07: proceedings of the 2007 IEEE symposium on security and privacy. IEEE Computer Society, pp 321–334

  4. Boneh D, Di Crescenzo G, Ostrovsky R, Persiano G (2004) Public key encryption with keyword search. In: Advances in cryptology-eurocrypt 2004. Springer, pp 506–522

  5. Chase M (2007) Multi-authority attribute based encryption. Theory Cryptogr Lect Notes Comput Sci 4392:515–534

    Google Scholar 

  6. Chase M, Chow S (2009) Improving privacy and security in multi-authority attribute-based encryption. In: CCS ’09 proceedings of the 16th ACM conference on computer and communications security, pp 121–130

  7. Cheung L, Newport C (2007) Provably secure ciphertext policy ABE. In: CCS ’07: proceedings of the 14th ACM conference on computer and communications security. ACM Request Permissions, pp 456–465

  8. Elger BS, Iavindrasana J, Lo Iacono L, Müller H, Roduit N, Summers P, Wright J (2010) Strategies for health data exchange for secondary, cross-institutional clinical research. Comput Methods Prog Biomed 99(3):22–22

    Article  Google Scholar 

  9. Farzandipour MM, Sadoughi FF, Ahmadi MM, Karimi II (2010) Security requirements and solutions in electronic health records: lessons learned from a comparative study. J Med Syst 34(4):629–642

    Article  Google Scholar 

  10. Fernández-Alemán JL, Señor IC, Lozoya PÁO, Toval A (2013) Security and privacy in electronic health records: a systematic literature review. J Biomed Inform 46(3):541–562

    Article  Google Scholar 

  11. Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security. ACM, pp 89–98

  12. Green M, Hohenberger S, Waters B (2011) Outsourcing the decryption of ABE ciphertexts. In: SEC’11: proceedings of the 20th USENIX conference on Security. USENIX Association, pp 34–49

  13. Haas S, Wohlgemuth S, Echizen I, Sonehara N (2011) Aspects of privacy for electronic health records. Int J Med Inform 80(2):e26–31

    Article  Google Scholar 

  14. Hu J, Chen H-H, Hou T-W (2010) A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Comput Stand Interfaces 32(5–6):7–7

    Google Scholar 

  15. Lee WBW, Lee CDC (2007) A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans Inf Technol Biomed 12(1):34–41

    Google Scholar 

  16. Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (Hierarchical) inner product encryption. In: EUROCRYPT’10: proceedings of the 29th annual international conference on theory and applications of cryptographic techniques. Springer-Verlag, pp 62–91

  17. Lewko A,Waters B (2010) New techniques for dual system encryption and fully secure HIBE with short ciphertexts. Theory Cryptogr Lect Notes Comput Sci 5978:455–479

    Google Scholar 

  18. Lewko A, Waters B (2011) Decentralizing attribute-based encryption. In: EUROCRYPT’11: proceedings of the 30th annual international conference on theory and applications of cryptographic techniques: advances in cryptology, pp 568–588

  19. Lewko A, Waters B (2011) Unbounded HIBE and Attribute-Based Encryption. In: EUROCRYPT’11: proceedings of the 30th annual international conference on theory and applications of cryptographic techniques: advances in cryptology, pp 547–567

  20. Lewko A, Waters B (2012) New proof methods for attribute-based encryption: achieving full security through selective techniques. Advances in Cryptology–CRYPTO 2012, pp 180–198

  21. Li J, Chen X, Li J, Jia C, Ma J, Lou W (2013) Fine-grained access control system based on outsourced attribute-based encryption. In: Computer security–ESORICS 2013, pp 592–609

  22. Li J, Huang X, Li J, Chen X, Xiang Y (2013) Securely Outsourcing Attribute-based Encryption with Checkability. IEEE Trans Parallel Distrib Syst. doi:10.1109/TPDS.2013.271

  23. Li J, Jia C, Li J, Chen X (2012) Outsourcing encryption of attribute-based encryption with mapreduce. ICICS’12: Proceedings of the 14th international conference on information and communications security, pp 191–201

  24. Li J, Li J, Chen X, Liu Z, Jia C (2014) Privacy-preserving data utilization in hybrid clouds. Futur Gener Comput Syst 30:98–106

    Google Scholar 

  25. Li J, Li J, Liu Z, Jia C (2013) Enabling efficient and secure data sharing in cloud computing. Concurrency and computation: practice and experience

  26. Li J, Wang Q, Wang C, Cao N, Ren K, Lou W (2009) Enabling efficient fuzzy keyword search over encrypted data in cloud computing. IACR Cryptology ePrint Archive, pp 1–16

  27. Li J, Wang Q, Wang C, Cao N, Ren K, Lou W (2010) Fuzzy keyword search over encrypted data in cloud computing. In: INFOCOM’10: proceedings of the 29th conference on information communications. IEEE Press, pp 1–5

  28. Li M, Yu S, Cao N, Lou W (2011) Authorized private keyword search over encrypted data in cloud computing. In: ICDCS ’11: proceedings of the 2011 31st international conference on distributed computing systems. IEEE Computer Society, pp 383–392

  29. Menachemi N, Collum TH (2011) Benefits and drawbacks of electronic health record systems. Risk management and healthcare (4), 47–55

  30. Narayan S, Gagné M, Safavi-Naini R (2010) Privacy preserving EHR system using attribute-based infrastructure. In: CCSW ’10: proceedings of the 2010 ACM workshop on cloud computing security workshop. ACM Request Permissions, pp 47–52

  31. Neubauer T, Heurix J (2011) Amethodology for the pseudonymization of medical data. Int J Med Inform 80(3):190–204. doi:10.1016/j.ijmedinf.2010.10.016

    Google Scholar 

  32. Riedl B, Grascher V, Neubauer T (2007) Applying a threshold scheme to the pseudonymization of health data. In: PRDC ’07: proceedings of the 13th pacific rim international symposium on dependable computing. IEEE Computer Society, pp 397–400

  33. Rodríguez-Vera FJ, Marin Y, Sanchez A, Borrachero C (2002) Illegible handwriting in medical records. J Roy Med Rec 95(11):545–546

    Article  Google Scholar 

  34. Sahai A, Waters B (2005) Fuzzy Identity-Based Encryption. In: EUROCRYPT’05: proceedings of the 24th annual international conference on theory and applications of cryptographic techniques. Springer-Verlag, pp 457–473

  35. Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613

    Article  MATH  MathSciNet  Google Scholar 

  36. Song DX, Wagner D, Perrig A (2000) Practical techniques for searches on encrypted data. In: Proceedings of the IEEE symposium on security and privacy, 2000. S&P 2000, pp 44–55

  37. Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Public key cryptography–PKC 2011. Springer, pp 53–70

  38. Winslow EHE, Nestor VAV, Davidoff SKS, Thompson PGP, Borum JCJ (1997) Legibility and completeness of physicians’ handwritten medication orders. Heart Lung J Acute Crit Care 26(2):158–164

    Article  Google Scholar 

  39. Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE INFOCOM. IEEE, pp 1–9

  40. Zhang RZR, Liu LLL (2010) Security models and requirements for healthcare application clouds. 2010 IEEE 3rd international conference on cloud computing (CLOUD), pp 268–275

  41. Zhou Z, Huang D (2012) Efficient and secure data storage operations for mobile cloud computing. In: 2012 8th international conference on network and service management (CNSM). IEEE, pp 37–45

Download references

Acknowledgments

This work is supported by National Natural Science Foundation of China (Grant No.61100224, No.61272455), Guangdong Natural Science Foundation (No.S2013010013671), Guangzhou Research Infrastructure Development Fund (No. 201222412), Guangzhou Zhujiang Science and Technology Future Fellow Fund (No. 2011J2200089), and the MOE-China Mobile Research Fund (No. MCM20121051).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Fatos Xhafa.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Xhafa, F., Li, J., Zhao, G. et al. Designing cloud-based electronic health record system with attribute-based encryption. Multimed Tools Appl 74, 3441–3458 (2015). https://doi.org/10.1007/s11042-013-1829-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-013-1829-6

Keywords

Navigation