Abstract
With the development of cloud computing, electronic health record (EHR) system has appeared in the form of patient-centric, in which patients store their personal health records (PHRs) at a remote cloud server and selectively share them with physicians for convenient medical care. Although the newly emerged form has many advantages over traditional client-server model, it inevitably introduces patients’ concerns on the privacy of their PHRs due to the fact that cloud servers are very likely to be in a different trusted domain from that of the patients. In this paper, aiming at allowing for efficient storing and sharing PHRs and also eliminating patients’ worries about PHR privacy, we design a secure cloud-based EHR system, which guarantees security and privacy of medical data stored in the cloud, relying on cryptographic primitive but not the full trust over cloud servers. Based on our proposed basic EHR system, we provide several extensions including adding searchability, supporting revocation functionality and enabling efficient local decryption, which fills the gap between theoretical proposal and practical application.
Similar content being viewed by others
Notes
For simplicity, we just re-publish the attribute public key component in PubUpdate because the other components are not be changed.
References
Armbrust M, Fox A, Griffith R, Joseph AD (2010) A view of cloud computing. Commun ACM 53(4):50–58
Benaloh J, Chase M, Horvitz E, Lauter K (2009) Patient controlled encryption: ensuring privacy of electronic medical records. In: CCSW ’09 proceedings of the 2009 ACM workshop on cloud computing security, pp 103–114
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: SP ’07: proceedings of the 2007 IEEE symposium on security and privacy. IEEE Computer Society, pp 321–334
Boneh D, Di Crescenzo G, Ostrovsky R, Persiano G (2004) Public key encryption with keyword search. In: Advances in cryptology-eurocrypt 2004. Springer, pp 506–522
Chase M (2007) Multi-authority attribute based encryption. Theory Cryptogr Lect Notes Comput Sci 4392:515–534
Chase M, Chow S (2009) Improving privacy and security in multi-authority attribute-based encryption. In: CCS ’09 proceedings of the 16th ACM conference on computer and communications security, pp 121–130
Cheung L, Newport C (2007) Provably secure ciphertext policy ABE. In: CCS ’07: proceedings of the 14th ACM conference on computer and communications security. ACM Request Permissions, pp 456–465
Elger BS, Iavindrasana J, Lo Iacono L, Müller H, Roduit N, Summers P, Wright J (2010) Strategies for health data exchange for secondary, cross-institutional clinical research. Comput Methods Prog Biomed 99(3):22–22
Farzandipour MM, Sadoughi FF, Ahmadi MM, Karimi II (2010) Security requirements and solutions in electronic health records: lessons learned from a comparative study. J Med Syst 34(4):629–642
Fernández-Alemán JL, Señor IC, Lozoya PÁO, Toval A (2013) Security and privacy in electronic health records: a systematic literature review. J Biomed Inform 46(3):541–562
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security. ACM, pp 89–98
Green M, Hohenberger S, Waters B (2011) Outsourcing the decryption of ABE ciphertexts. In: SEC’11: proceedings of the 20th USENIX conference on Security. USENIX Association, pp 34–49
Haas S, Wohlgemuth S, Echizen I, Sonehara N (2011) Aspects of privacy for electronic health records. Int J Med Inform 80(2):e26–31
Hu J, Chen H-H, Hou T-W (2010) A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Comput Stand Interfaces 32(5–6):7–7
Lee WBW, Lee CDC (2007) A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans Inf Technol Biomed 12(1):34–41
Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (Hierarchical) inner product encryption. In: EUROCRYPT’10: proceedings of the 29th annual international conference on theory and applications of cryptographic techniques. Springer-Verlag, pp 62–91
Lewko A,Waters B (2010) New techniques for dual system encryption and fully secure HIBE with short ciphertexts. Theory Cryptogr Lect Notes Comput Sci 5978:455–479
Lewko A, Waters B (2011) Decentralizing attribute-based encryption. In: EUROCRYPT’11: proceedings of the 30th annual international conference on theory and applications of cryptographic techniques: advances in cryptology, pp 568–588
Lewko A, Waters B (2011) Unbounded HIBE and Attribute-Based Encryption. In: EUROCRYPT’11: proceedings of the 30th annual international conference on theory and applications of cryptographic techniques: advances in cryptology, pp 547–567
Lewko A, Waters B (2012) New proof methods for attribute-based encryption: achieving full security through selective techniques. Advances in Cryptology–CRYPTO 2012, pp 180–198
Li J, Chen X, Li J, Jia C, Ma J, Lou W (2013) Fine-grained access control system based on outsourced attribute-based encryption. In: Computer security–ESORICS 2013, pp 592–609
Li J, Huang X, Li J, Chen X, Xiang Y (2013) Securely Outsourcing Attribute-based Encryption with Checkability. IEEE Trans Parallel Distrib Syst. doi:10.1109/TPDS.2013.271
Li J, Jia C, Li J, Chen X (2012) Outsourcing encryption of attribute-based encryption with mapreduce. ICICS’12: Proceedings of the 14th international conference on information and communications security, pp 191–201
Li J, Li J, Chen X, Liu Z, Jia C (2014) Privacy-preserving data utilization in hybrid clouds. Futur Gener Comput Syst 30:98–106
Li J, Li J, Liu Z, Jia C (2013) Enabling efficient and secure data sharing in cloud computing. Concurrency and computation: practice and experience
Li J, Wang Q, Wang C, Cao N, Ren K, Lou W (2009) Enabling efficient fuzzy keyword search over encrypted data in cloud computing. IACR Cryptology ePrint Archive, pp 1–16
Li J, Wang Q, Wang C, Cao N, Ren K, Lou W (2010) Fuzzy keyword search over encrypted data in cloud computing. In: INFOCOM’10: proceedings of the 29th conference on information communications. IEEE Press, pp 1–5
Li M, Yu S, Cao N, Lou W (2011) Authorized private keyword search over encrypted data in cloud computing. In: ICDCS ’11: proceedings of the 2011 31st international conference on distributed computing systems. IEEE Computer Society, pp 383–392
Menachemi N, Collum TH (2011) Benefits and drawbacks of electronic health record systems. Risk management and healthcare (4), 47–55
Narayan S, Gagné M, Safavi-Naini R (2010) Privacy preserving EHR system using attribute-based infrastructure. In: CCSW ’10: proceedings of the 2010 ACM workshop on cloud computing security workshop. ACM Request Permissions, pp 47–52
Neubauer T, Heurix J (2011) Amethodology for the pseudonymization of medical data. Int J Med Inform 80(3):190–204. doi:10.1016/j.ijmedinf.2010.10.016
Riedl B, Grascher V, Neubauer T (2007) Applying a threshold scheme to the pseudonymization of health data. In: PRDC ’07: proceedings of the 13th pacific rim international symposium on dependable computing. IEEE Computer Society, pp 397–400
Rodríguez-Vera FJ, Marin Y, Sanchez A, Borrachero C (2002) Illegible handwriting in medical records. J Roy Med Rec 95(11):545–546
Sahai A, Waters B (2005) Fuzzy Identity-Based Encryption. In: EUROCRYPT’05: proceedings of the 24th annual international conference on theory and applications of cryptographic techniques. Springer-Verlag, pp 457–473
Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613
Song DX, Wagner D, Perrig A (2000) Practical techniques for searches on encrypted data. In: Proceedings of the IEEE symposium on security and privacy, 2000. S&P 2000, pp 44–55
Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Public key cryptography–PKC 2011. Springer, pp 53–70
Winslow EHE, Nestor VAV, Davidoff SKS, Thompson PGP, Borum JCJ (1997) Legibility and completeness of physicians’ handwritten medication orders. Heart Lung J Acute Crit Care 26(2):158–164
Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE INFOCOM. IEEE, pp 1–9
Zhang RZR, Liu LLL (2010) Security models and requirements for healthcare application clouds. 2010 IEEE 3rd international conference on cloud computing (CLOUD), pp 268–275
Zhou Z, Huang D (2012) Efficient and secure data storage operations for mobile cloud computing. In: 2012 8th international conference on network and service management (CNSM). IEEE, pp 37–45
Acknowledgments
This work is supported by National Natural Science Foundation of China (Grant No.61100224, No.61272455), Guangdong Natural Science Foundation (No.S2013010013671), Guangzhou Research Infrastructure Development Fund (No. 201222412), Guangzhou Zhujiang Science and Technology Future Fellow Fund (No. 2011J2200089), and the MOE-China Mobile Research Fund (No. MCM20121051).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Xhafa, F., Li, J., Zhao, G. et al. Designing cloud-based electronic health record system with attribute-based encryption. Multimed Tools Appl 74, 3441–3458 (2015). https://doi.org/10.1007/s11042-013-1829-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-013-1829-6