An Efficient Blockchain Based Data Access with Modified Hierarchical Attribute Access Structure with CP-ABE Using ECC Scheme for Patient Health Record

Sammy, F.; Vigila, S. Maria Celestin

doi:https://doi.org/10.1155/2022/8685273

Security and Communication Networks

On this page

Abstract Introduction Related Works Preliminaries Conclusion Data Availability Conflicts of Interest References Copyright Related Articles

Special Issue

Recent Advances in Securing Medical Data

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 8685273 | https://doi.org/10.1155/2022/8685273

An Efficient Blockchain Based Data Access with Modified Hierarchical Attribute Access Structure with CP-ABE Using ECC Scheme for Patient Health Record

F. Sammy¹and S. Maria Celestin Vigila²

Academic Editor: G. Thippa Reddy

Received21 Jan 2022

Revised02 Feb 2022

Accepted12 Feb 2022

Published08 Mar 2022

Abstract

Secure patient health record (PHR) information exchange via cloud computing is a considerable security risk to user privacy. The fundamental reason of this issue is cloud computing’s reliance on trustworthy third parties to share data across it. To exchange data securely, many conventional cryptographic algorithms employ various keying approaches. However, relying on a trusted third party compromises the privacy of consumers’ data. To offer secure communication without the involvement of a third party, a distributed blockchain based (DBC) ciphertext–policy attribute-based encryption (CP-ABE) approach is employed in this study. Because of bilinear paring and simple scalar multiplication factors, the proposed CP-ABE system is entirely dependent on elliptic curve cryptography to reduce complexity. Furthermore, the data requester provides dynamic attributes, and a user-centric access policy is created, allowing multiple authorities to manage the attributes and provide data access. Data confidentiality, data authentication, user authentication, and tamper-proof data are all guaranteed by the suggested method. The DBC-CP-ABE method is used to provide user-centric access policies and effective key management.

1. Introduction

The Internet of Things (IoT) is a new technology that allows items to communicate with one another across wireless networks. IoT devices are resource-constrained and have challenges with data processing, data storage, and energy consumption. Cloud computing provides a centralized solution to these resource restricted procedures to overcome these limits. The collected data is stored and processed in the cloud, but the cloud can be a trustless environment with major security issues such as single point failure, data tampering, lack of user privacy due to a lack of data access control, Denial of Service (DoS), Man-in-the-Middle attack (MiTM), and password phishing. As a result of permitted data/device access, the cloud environment is prone to security breaches, compromising users' privacy. Many public key secret writing techniques provide a fine-grained access control strategy while also protecting the privacy of users. Among other public key encryption methods, CP-ABE scheme offers one-to-many access control which allows data to be shared across multiple users. But the implementation overhead incurs due to operations with bilinear pairing. It consumes more resources with high computational cost. To overcome this issue, less complex and less resource consumption scalar computation with elliptic curve cryptography (ECC) is used in this work. This reduces the computational requirement by two-three times that of bilinear pairing. This work focuses on building a security system with blockchain where hierarchical access control policy is achieved by combining CP-ABE and ECC. The experiment analysis shows that our scheme outperforms the compared work in cryptographic operations. The major focus of this work is concentrated to achieve the following criteria:(1)Adoption of straightforward scalar multiplication with ECC and CP-ABE approach reduces procedure overhead caused by bilinear pairing methodology(2)The proposed method ensures use of multiple authorities to manage attributes and shares multiple data attributes of single data user(3)To specify the access policy scheme with increased security, the Linear Secret Sharing Scheme (LSSS) is used(4)Attribute revocation for a data user is achieved with the help of RSA key pair in communication between the data user and Attribute Authority (AA)

The following are the last sections: Section 2 contains material from the research study that is relevant to the current effort, and Section 3 contains information on the proposed study's contribution. The preliminaries utilized on this project are explained in Section 4. The architecture of the blockchain based hierarchical access control scheme with CP-ABE using ECC is briefly described in Section 5. The modified hierarchical attribute access structure (MHAAS) with CP-ABE employing ECC is explained in Section 6. The integration of HACS-CP-ABE-ECC with blockchain is explained in Section 7. Section 8 summarizes the HACS-CP-ABE-ECC with blockchain security analysis, whereas Section 9 describes the performance evaluation conducted in this study.

Cloud computing offers computation of massive data and data sharing in a promising way [1]. Data are encrypted and shared in cloud computing environment either with symmetric key encryption or public key standards [2–4]. This method has drawback in achieving security [2] and drawback in flexible access control [3] and shows poor performance [4]. To deal with these drawbacks, attribute-based encryption (ABE) is proposed. There are two types of attribute-based encryption: KP-ABE and CP-ABE. Bethencourt et al. [5] were the first to suggest CP-ABE. ABE scheme with bilinear pairing showing less efficiency was proposed [6]. ABE is further refined with CP-ABE involving hierarchical attributes as proposed by [7] to address key management problem [8]. A multiauthority-ABE with dynamic policy attributes is proposed, although the CP-ABE method demonstrates little improvement [9]. An access policy based on the DBDH scheme is proposed. All the CP-ABE methods described above use bilinear mapping using large sized keys. To lessen the complexity of CP-ABE, the decryption method is split into degrees: predecryption and final decryption degrees in [10]. But this method does not ensure forward security. This has been improved in other work [11] where encryption and decryption are outsourced and validated but lack improvement in encryption and decryption process. The work is also extended in [12] by redistributing the encoding and decoding system to fog nodes; however, they are easily attacked. Another decryption outsourcing work proposed in [13] resists against selective ciphertext. Although the work in [14] provides outsourcing of encryption and decryption process, it uses bilinear pairing that remains as hurdle to performance improvement to CP-ABE.

CP-ABE does not ensure less storage overhead and good cost-effective solution as it depends on the use of bilinear maps. A bilinear map produces secret keys of larger values and ciphertext with linear associated attribute. And also it uses exponentiation factors for doing encryption and decryption process which relies on linear attributes defined in the access policy [15–17]. The problem of requiring a large key size necessitates the usage of elliptic curve cryptography (ECC) with a smaller key size. This paves the path for CP-ABE to define an access structure utilizing ECC [18–20]. Lightweight devices such as the CP-ABE with constant key size using ECC have been developed, but they are not appropriate for complex access structures [21, 22]. Another lightweight work using KP-ABE without bilinear pairing is proposed but suffers from poor scalability and lack of decryption outsourcing [23]. The overall computation overhead due to bilinear pairing is overcome with ECC [24]. Constant key size with CP-ABE using ABE addressing collision attack problem is proposed in [25]. Alternative to bilinear pairing with ECC to address secured data share is proposed in [26]. All the abovementioned work defines the access policy based on the set of attributes.

Betherncourt created the first tree-based access control structure in order to implement AND, OR, and OF strategies [27]; however, it is insecure. Many studies focus on improving access control strategies; however, the time it takes to encrypt and decrypt data grows as the number of attributes increases. The research was furthered by Lewko and Waters, who proposed a technique to convert tree access control to an LSSS and Waters enhanced CP-ABE with a matrix format [28]. With d-parallel BDHE assumption, this gives security. Many studies have refined the use of CP-ABE with flat access control [29–33], constant ciphertext [34], accountability and authorities with attribute revocation [35–38], and improvement in security through accountability and authorities. However, none of these structures support hierarchical file relationships.

Hierarchical CP-ABE based on LSSS matrix structure was also studied. By considering hierarchical heads sharing secret keys with users, these approaches lessen the burden of a single head [39, 40]. In this paper, we design a hierarchical based access relation for sharing multiple files [41] in a distributed blockchain context using LSSS. To address the privacy and security concerns, [45] present a unique pairing-free certificateless method that builds a novel reliable and efficient lightweight certificateless signature (CLS) scheme using a state-of-the-art blockchain technique and smart contract. Paper [46] addresses a lightweight and reliable authentication protocol for wireless medical sensor networks (WMSN), which is composed of cutting-edge blockchain technology and physically unclonable functions (PUF), to address physical layer security and the overcentralized server problem in WMSN. The elliptic curve digital signature algorithm (ECDSA), which is one of the essential building blocks of blockchain, is proposed in [47] as an efficient and large-scale batch verification technique with group testing technology. Using edge computing and blockchain approaches, [48] introduces search efficiency, reliability requirements, and a resource allocation scheme to properly handle IoT devices. The study [49] demonstrates how to use erasure coding to overcome data integrity issues in IoT devices.

3. Our Contribution

We suggested a blockchain based hierarchical access scheme that uses CP-ABE with ECC in this paper. A hierarchical access hierarchy is defined here, with the user attribute satisfying partially or entirely alone allowing partial or complete access to the data. A root authority (RA) checks and joins all of the domain attribute authorities (AA) in the blockchain. For each AA, RA produces a public key and a master key. It also sends hierarchical access scheme to all AA. RA sends the public key to AA while keeping the master key hidden. AA takes an attribute from the users and generates an address, an RSA key pair, and a private key for that attribute. Based on this, AA distributes the attribute's address, RSA key pair, and private key to the user who satisfies the access structure to decrypt the data. The AA keeps track of the RSA key pair in order to revoke the user's attribute. To reduce computing complexity, the predecryption is outsourced to AA, and AA's trust is kept thanks to the presence of blockchain. The suggested method ensures that data is shared with several authorities and that different attributes of the user's identification are shared.

4. Preliminaries

4.1. Elliptic Curve Cryptography

ECC is a discrete logarithm problem-based public key cryptography (ECDLP). The elliptic curve E is defined by FG (P), a finite field, and is written as y² = x³+ax + b (mod p) and 4a³ + 27 b²≠0. Calculate a point on the curve Q = KG, where G is the prime order r generator group over the polynomial time k. The plain texts are transferred to the elliptic curve's point Q. The ECC procedure is broken down into three phases.(a)Key generation:(1)Both the data server and the data client have agreed to use the same elliptic curve y2 = x3+ax + b (mod p) and (2)The data server generates a random number, Sa ∈ Zp, as the private key, and Pa = SaG, as the public key(3)Data clients generate a private key using a random number Sb ∈ Zp and a public key using Pb = SbG(b)Encryption: The data server encrypts the message with Q by selecting a random number K ∈ Zp, then computes the cypher text C1 = KG and C2 = Q + K Pb, and sends both C1 and C2 to the data clients(c)Decryption: Data clients use C₂–S_bC₁ = Q + kP_b − S_bkG = Q to decrypt the message. The message is obtained by mapping to the curve's point Q.

4.2. Hierarchical Access Control Strategies

As demonstrated in Figures 1 and 2, a hierarchical access control technique allows numerous access structures to be combined into a single structure T.

4.3. Linear Secret Sharing Scheme

Beimel proposed the Linear Secret Sharing Scheme [33]. When all parties make up a share on vector Zp, a Secret Sharing Scheme is defined across linear Zp for various parties. Matrix M was created to generate shares for all parties. Consider the M matrix, which has p rows and q columns. Consider a row of a matrix Mi where i= (1, 2, ......, p) meets the criterion 1, 2, ....., p) ⟶ d, and given a column vector Ō = (s, u2...un) with the secret key s Zp and u2….un Zp picked at random. M is made up of m shares of s, each of which is dependent. The share mi = (M Ō)i belongs to a specific political party.

Consider an LSSS with T as the access tree structure and S T. This denotes an arbitrary permitted set, L {1 ...p}, and L = {i: mi .s = and are arbitrary secret s specified by which is discovered in the matrix M in polynomial time. There is a vector and. = 0 for the unlawful set of rows i.

When a jth secret of a nonleaf node is recovered from a set of n secrets, the set of attributes { } can be discovered in polynomial time by satisfying = , where j denotes a row vector of length n with the jth element equal to 1 and all other elements equal to 0. As a result, secret share = . The marking method defined by [34] is used to create the LSSS matrix. It translates a Boolean formula-defined access tree to the LSSS matrix technique. In hierarchical access control, this LSSS marking mechanism is employed. According to Figure 3, if the user characteristics only partially satisfy the access structure policy, just a portion of the information is decrypted.

5. Architecture of Blockchain Based Hierarchical Access Control Scheme with CP-ABE Using ECC (BHACS-CP-ABE-ECC)

Certificate authority (CA), attribute authority for personal, health, and insurance domain, cloud service provider, data owner (DO), data clients (DC), and edge nodes for predecryption process are all part of the proposed blockchain linked architecture. Figure 3 depicts the proposed scheme framework. The following is a description of each participant’s functionality:(1)Root authority (RA): the main role RA is to provide identity of the communicating nodes by considering the security parameter (K) of the node and generates public parameter (PP). To generate a public key and master key for an attribute, this public parameter is submitted to the appropriate attribute authority.(2)Attribute authority (AA): attribute authority of the domain extracts the attributes of their respective data clients. Attribute authority further generates public key and master key for that attribute.(3)Cloud storage: cloud storage serves to store encrypted data (CT) sent by the data owners.(4)Data owners (DO): the data is encrypted before being uploaded to the cloud server by the data owners. It creates ciphertext CT using plaintext B, the matching public key PK, and the access policy given by the LSSS matrix structure (M,m).(5)Data clients (DC): data clients are responsible for performing decryption on CT. Deciphering is done in two stages. First the local server near the DC serves as edge nodes and does partial encryption by inputting CT and SK. Finally the DC decrypt the partial decrypted CT to plaintext by considering CT′ and DSK.

6. Modified Hierarchical Attribute Access Structure (MHAAS) with CP-ABE Using ECC

The following section explains the process carried out using hierarchical access policy structure (Schemes 1–5).

7. Integration of HACS-CP-ABE-ECC with Blockchain

The hierarchical access control scheme employing with ciphertext ABE using ECC is integrated with blockchain and its operation is explained below.

The operation of this method is explained as six principal components as initialization phase, authority creation, user creation, ciphertext data upload, creation and issuance of attributes, and revoke attribute. This process includes the reception of only the secret key of the attribute for a particular address in its wallet alone is specified in the process. The encryption, decryption, and retrieval of public key of the attribute are omitted here.(a)Initialization phase: this phase includes initialization of blockchain and setting of hierarchical access based policy scheme to all attribute authorities in different domains and provides permission chain through RA. The RA performs mining of the genesis block. For all attribute authority domains, RA is in charge of producing pubic key PK and master key MSK. Everyone has access to the public key, while the master key is kept hidden in order to generate the private key for data decryption.(b)Authority creation: RA uses MSK of the and generates private key SK_AU for each AA domain. For this, RA generates new address {p, } for each AA domain and transmits public key and RSA key pair to all AA domains. RSA key pair is used to transmit the symmetric encryption key securely to all the requester. RA provides “transmit”, “receive,” and permission rights to all AA domain and joins the blockchain system.(c)User creation: now the respective AA adds the individual users and obtains the attributes from the users in the domain. AA generates the address u, RSA key pair, and private key of the individual users SK_USER. AA transmits the address u and RSA key pair to the individual users and keeps the SK_USER with AA.(d)Ciphertext data upload: data owners create ciphertext of the data and uploads the hashed ciphertext to the cloud storage.(e)Attribute creation and distribution: data owners specify the LSSS policy for all data requesters via AA. AA holds the LSSS policy attributes and generates the data decryption private key for the each data requester. Data clients who satisfy the partial or full policy structure are granted access to the data; otherwise, access is refused.(f)Revoke attribute: since AA holds the attributes of the data clients, it can also withdraw the attributes as it holds the RSA key pair of the attribute for the particular data client. It revokes all the attributes of the data client.

7.1. Functions of the Blockchain Components

7.1.1. Root Authority

BHACS-CP-ABE-ECC:(1)Initialization phase-(PP⟶PK,MSK)(2)Authority Creation(PK,MSK,P)⟶SK_AA1,SK_AA2…SK_AAn Functions of RA:(1)Blockchain creation(2)Permits all AA to join the blockchain(3)Grants connect, send, and receive permission to all AAs

7.1.2. Attribute Authority

(1)User creation(2)Obtains attributes from the data requester(3)Creates address and RSA key pair and private key for a particular attribute of the data requester(4)Sends LSSS access policy to all the data requester(5)Pre-Decryption of CT(6)Revoke attributes for a particular data requester

7.1.3. Data Owner

(1)Define and send LSSS access policy to all AA(2)Data is encrypted and sent to cloud storage using the symmetric encryption technique(3)Shares the symmetric key securely using RSA key pair to the entire AA

7.1.4. Data Clients

(1)Sends the attribute list to the AA of that domain(2)Performs final decryption of the data requested

8. Security Analysis of BHACS-CP-ABE-ECC

The following section examines the proposed scheme's security. Under the assumption of DDH, the security model is considered as being secure.

The proposed method supports multiauthority and multiattribute from single data user. For each attribute, attribute authority generates a set of {address, RSA key pair, and private key). The address, master key, and RSA key pair are preserved by the AA to secure the system against adversary attacks and to perform attribute revocation. Instead of bilinear pairing, the computing phase uses basic scalar multiplication, which makes the procedure more efficient with the compared models. Also, the decryption process is done at two stages: one at the AA end and the other at the data requester which makes the decryption process lighter at the data requester end.

8.1. Security Assumption under Decisional Diffie–Hellman

The proposed model considers Decisional Diffie–Hellman (d-DDH) Assumption and described as follows: the challenger chooses F, a cyclic group with prime order s, and , a cyclic group F generator, while y and k are chosen at random from Zs. Despite being given a tuple of (, yG, kG), the adversary finds it difficult to validate y, k, in polynomial time from random element X ∈ F. The algorithm A overcomes the DDH problem with a constant factor which is obtained from |Fs[A(, yG, kG, Z = ykG) = 0] − Fs[A(, yG, kG, Z = X) = 0]| ≥

8.2. Security under Chosen Ciphertext Attack

The communication between adversary and the challenger is given below. The summons is given an access structure (T, m) by the opponent. The initialization algorithm is run by challenger. The system's public parameter is used to compute the public and secret keys, with the public key being sent to the opponent. Stage 1: the adversary queries the secret keys of the attribute from the challenger. The challenger records the attributes provided by the adversary in the list and stores it with the corresponding adversary address in the attribute list.

Challenge phase: here the challenger picks out two identical-length messages (B0, B1) ∈ Zp. Then the challenger selects β ∈ {0, 1} and forwards B β under matrix (, m) to challenger .

Stage 2: the adversary inquires about the secret key with same input queries in Stage 1. Guess: the guess that the adversary creates is equal to ½, the probability of guessing β0 of β. The game is defined as [Fs [β0 = β] − . Thus our model is secure against selective ciphertext attack.

8.3. Data Security

The adversary is unable to obtain to decrypt the ciphertext as its attribute must satisfy the access policy defined in the matrix structure corresponding to a row of Tm. For unauthorized set of rows L, there exists a vector and = 0 for i, where L = {i: m_i.s and is the polynomial time in matrix M. The adversary cannot calculate the first element of vector Thus, the proposed scheme ensures the data security.

8.4. Forward Security

The attribute authority revokes the attribute of the user with the users address and RSA key pair. The user/address of the revoked attribute cannot decrypt the data again as AA has deleted/blocked the address of the corresponding attribute from the attribute list. Hence the proposed method ensures forward security.

8.5. Collision Resistance

The proposed method ensures resistance to collision attack. The hierarchical access structure policy has been defined in the system. There is a chance of colliding with same access policy generated by multiple users. In this system, a unique address is generated for each set of attributes defined by different users. Hence address of User_A address of User_B. This uniqueness provides collision-free system.

8.6. Data Integrity

The owner of the data computes ciphertext with symmetric encryption key algorithm to encode the plaintext message using symmetric key and calculates the ciphertext data = (). Then the hash value on the ciphertext data = is calculated. This ensures data integrity. The final cryptic message uploaded to the cloud is , {, . During decryption, the hash value is used to ensure data integrity at the data requester end.

8.7. Unauthorized Communication

In each level, the data is decrypted using the user address and an RSA key pair. For each set of attributes defined by distinct users, a unique address is generated in this system. As a result, user A’s address is different from user B's address and the unauthorized users cannot be entirely in the system. This prevents unauthorized hierarchical communication between nodes.

9. Performance Evaluations

This section briefs the performance evaluation in terms of used system properties, communication overhead, and computation overhead with the previous works and the proposed work.

The subsequent section describes Table 1 that provides the comparative study of the proposed approach with other research works carried out.

From Table 1, it is found that all the works carried out rely on ECC scheme rather than bilinear pairing and [24, 44] use LSSS based access structure where [21, 42, 43] use AND gate access structure whose performance is lesser than the previous LSSS approach. The proposed work differs from all the above by adopting hierarchical access structure with LSSS. Each attribute set corresponds to a row of a matrix in LSSS structure. Thus, our scheme supports multiauthority and multiple data access method.

Table 2 describes the computation cost encountered in current research study and compared study. The entire scheme employs common ECC with 160 bit by . It seems that our scheme considers a single row in matrix structure for performing cryptographic operation which is more efficient than the compared schemes.

It is observed that, from [21, 43], the computation overhead depends on the difference between the number of attributes defined in the access policy and the total attributes in the system. Schemes in [24, 44] depend on different attribute set to perform cryptographic process. The scheme in [42] uses KP-ABE and our scheme uses CP-ABE and has efficient encryption process as the encryption process depends on set of attributes alone. But there is an overhead in decryption process in the scheme in [42] as the end node has to do total decryption process. But our scheme offloads the predecryption process to AA and final decryption at the end nodes. The proposed work excels other compared works in computation and communication cost.

Table 3 discusses the communication cost observed in our work and other compared works. Compared with other works, our scheme and the scheme in [44] have increased communication overhead as predecryption process is carried at the AA in our scheme and at edge nodes in the scheme in [44]. Also revocation process is carried at AA in our scheme without affecting other components in the system. Hence the communication overhead at the end data requester is minimum compared with others.

To excel our scheme, we implemented our proposed work in Ubuntu platform. It is deployed with Python and charm library to implement the ECC using simple scalar multiplication. The scheme is implemented with 512-bit ECC where 160 bits serves as ECC group order. In Figures 4 and 5, we show that our scheme excels the work done in [24, 44] in executing cryptographic operations. Our scheme excels [24, 44] in executing encryption method and decryption outsourcing is performed in the proposed work and [44]; hence it has same decryption time.

10. Conclusion

The proposed work uses CP-ABE using ECC in blockchain network with hierarchical access structure. The scheme considers multiple authorities and multiple data access by defining the attribute set. The attribute set is represented as row in LSSS matrix structure. For each attribute set, a unique address is generated along with RSA key pair. This pair is helpful in revoking the attribute, thereby providing security from unauthorized users. Further, the security mechanism of the proposed work is defined under d-DDH assumption. From the experimental analysis, it is found that our scheme shows better outcome than the compared work. The constraint of the current work affects the ciphertext length with increase in number of attributes. Hence, in future work an efficient CP-ABE will focus on alleviating this problem.

Data Availability

The data shall be made available on request.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

References

J. F. Ransome, Cloud Computing: Implementation, Management, and Security, CRC Press, Boca Raton, Florida, 2017.
G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved proxy re-encryption schemes with applications to secure distributed storage,” ACM Transactions on Information and System Security, vol. 9, no. 1, pp. 1–30, 2006.
View at: Publisher Site | Google Scholar
M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “March). Plutus: scalable secure file sharing on untrusted storage,” Fast Company, vol. 3, pp. 29–42, 2003.
View at: Google Scholar
S. D. C. Di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, “Over-encryption: management of access control evolution on outsourced data,” in Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 123–134, Vienna, Austria, 2007, September.
View at: Google Scholar
J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” in Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP'07), pp. 321–334, IEEE, Berkeley, CA, USA, 2007, May.
View at: Google Scholar
A. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters, “Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption,” Advances in Cryptology - EUROCRYPT 2010, Springer, Berlin, Heidelberg, pp. 62–91, 2010.
View at: Publisher Site | Google Scholar
H. Deng, Q. Wu, B. Qin et al., “Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts,” Information Sciences, vol. 275, pp. 370–384, 2014.
View at: Publisher Site | Google Scholar
X. Yan, H. Ni, Y. Liu, and D. Han, “Privacy-preserving multi-authority attribute-based encryption with dynamic policy updating in PHR,” Computer Science and Information Systems, vol. 16, no. 3, pp. 831–847, 2019.
View at: Publisher Site | Google Scholar
L. Aceto, I. Damgaard, L. A. Goldberg, M. M. Halldorsson, A. Ingolfsdottir, and I. Walukiewicz, Automata, languages and programming: 35th international colloquium, ICALP 2008 Reykjavik, Iceland, July 7-11, 2008, Proceedings, Part II, Springer, Berlin, Heidelberg, vol. 5126, 2008.
M. Green, S. Hohenberger, and B. Waters, “Outsourcing the decryption of abe ciphertexts,” in Proceedings of the USENIX security symposium, vol. 2011, no. 3, San Diego, CA, USA, 2011, August.
View at: Google Scholar
W.-M. Li, X.-L. Li, Q.-Y. Wen, S. Zhang, and H. Zhang, “Flexible CP-ABE based access control on encrypted data for mobile users in hybrid cloud system,” Journal of Computer Science and Technology, vol. 32, no. 5, pp. 974–990, 2017.
View at: Publisher Site | Google Scholar
P. Zhang, Z. Chen, J. K. Liu, K. Liang, and H. Liu, “An efficient access control scheme with outsourcing capability and attribute update for fog computing,” Future Generation Computer Systems, vol. 78, pp. 753–762, 2018.
View at: Publisher Site | Google Scholar
C. Zuo, J. Shao, G. Wei, M. Xie, and M. Ji, “CCA-secure ABE with outsourced decryption for fog computing,” Future Generation Computer Systems, vol. 78, pp. 730–738, 2018.
View at: Publisher Site | Google Scholar
H. Zhong, Y. Zhou, Q. Zhang, Y. Xu, and J. Cui, “An efficient and outsourcing-supported attribute-based access control scheme for edge-enabled smart healthcare,” Future Generation Computer Systems, vol. 115, pp. 486–496, 2021.
View at: Publisher Site | Google Scholar
C. Chen, Z. Zhang, and D. Feng, “Efficient ciphertext policy attribute-based encryption with constant-size ciphertext and constant computation-cost,” International Conference on Provable Security, Springer, Berlin, Heidelberg, pp. 84–101, 2011.
View at: Publisher Site | Google Scholar
Z. Zhou, D. Huang, and Z. Wang, “Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption,” IEEE Transactions on Computers, vol. 64, no. 1, pp. 126–138, 2013.
View at: Google Scholar
F. Fuchun Guo, Y. Yi Mu, W. Susilo, D. S. Wong, and V. Varadharajan, “CP-ABE with constant-size keys for lightweight devices,” IEEE Transactions on Information Forensics and Security, vol. 9, no. 5, pp. 763–771, 2014.
View at: Publisher Site | Google Scholar
P. S. L. M. Barreto, H. Y. Kim, B. Lynn, and M. Scott, “Efficient algorithms for pairing-based cryptosystems,” Advances in Cryptology - CRYPTO 2002, Springer, Berlin, Heidelberg, pp. 354–369, 2002.
View at: Publisher Site | Google Scholar
K. Lauter, “The advantages of elliptic curve cryptography for wireless security,” IEEE Wireless communications, vol. 11, no. 1, pp. 62–67, 2004.
View at: Publisher Site | Google Scholar
M. Zheng, Y. Xiang, and H. Zhou, “A strong provably secure IBE scheme without bilinear map,” Journal of Computer and System Sciences, vol. 81, no. 1, pp. 125–131, 2015.
View at: Publisher Site | Google Scholar
V. Odelu and A. K. Das, “Design of a new CP-ABE with constant-size secret keys for lightweight devices using elliptic curve cryptography,” Security and Communication Networks, vol. 9, no. 17, pp. 4048–4059, 2016.
View at: Publisher Site | Google Scholar
V. Odelu, A. K. Das, M. Khurram Khan, K.-K. R. Choo, and M. Jo, “Expressive CP-ABE scheme for mobile devices in IoT satisfying constant-size keys and ciphertexts,” IEEE Access, vol. 5, pp. 3273–3283, 2017.
View at: Publisher Site | Google Scholar
K. Sowjanya, M. Dasgupta, S. Ray, and M. S. Obaidat, “An efficient elliptic curve cryptography-based without pairing KPABE for Internet of Things,” IEEE Systems Journal, vol. 14, no. 2, pp. 2154–2163, 2019.
View at: Google Scholar
S. Ding, C. Li, and H. Li, “A novel efficient pairing-free CP-ABE based on elliptic curve cryptography for IoT,” IEEE Access, vol. 6, pp. 27336–27345, 2018.
View at: Publisher Site | Google Scholar
N. Raj and A. R. Pais, “CP-ABE scheme satisfying constant-size keys based on ECC,” ICETE, vol. 2, pp. 535–540, 2020.
View at: Publisher Site | Google Scholar
Y. Tian, T. Shao, and Z. Li, “An efficient scheme of cloud data assured deletion,” Mobile Networks and Applications, vol. 26, pp. 1–12, 2020.
View at: Publisher Site | Google Scholar
L. Cheung and C. Newport, “Provably secure ciphertext policy ABE,” in Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 456–465, Alexandria, Virginia, USA, 2007, October.
View at: Publisher Site | Google Scholar
B. Waters, “Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization,” Public Key Cryptography - PKC 2011, Springer, Berlin, Heidelberg, pp. 53–70, 2011.
View at: Publisher Site | Google Scholar
R. Bharti, A. Khamparia, M. Shabaz, G. Dhiman, S. Pande, and P. Singh, “Prediction of heart disease using a combination of machine learning and deep learning,” Computational Intelligence and Neuroscience, vol. 2021, pp. 1–11, 2021.
View at: Publisher Site | Google Scholar
H. He, J. Zhang, J. Gu, Y. Hu, and F. Xu, “A fine-grained and lightweight data access control scheme for WSN-integrated cloud computing,” Cluster Computing, vol. 20, no. 2, pp. 1457–1472, 2017.
View at: Publisher Site | Google Scholar
P. Ratta, A. Kaur, S. Sharma, M. Shabaz, and G. Dhiman, “Application of blockchain and Internet of Things in healthcare and medical sector: applications, challenges, and future perspectives,” Journal of Food Quality, vol. 2021, pp. 1–20, 2021.
View at: Publisher Site | Google Scholar
J. Li, W. Yao, Y. Zhang, H. Qian, and J. Han, “Flexible and fine-grained attribute-based data storage in cloud computing,” IEEE Transactions on Services Computing, vol. 10, no. 5, pp. 785–796, 2016.
View at: Google Scholar
J. Li, Y. Zhang, X. Chen, and Y. Xiang, “Secure attribute-based data sharing for resource-limited users in cloud computing,” Computers & Security, vol. 72, pp. 1–12, 2018.
View at: Publisher Site | Google Scholar
W. Teng, G. Yang, Y. Xiang, T. Zhang, and D. Wang, “Attribute-based access control with constant-size ciphertext in cloud computing,” IEEE Transactions on Cloud Computing, vol. 5, no. 4, pp. 617–627, 2015.
View at: Google Scholar
F. Ajaz, M. Naseem, S. Sharma, M. Shabaz, and G. Dhiman, “COVID-19: challenges and its technological solutions using IoT,” Current Medical Imaging Formerly: Current Medical Imaging Reviews, Bentham Science Publishers Ltd, vol. 17, 2021.
View at: Google Scholar
T. Naruse, M. Mohri, and Y. Shiraishi, “Provably secure attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating,” Human-centric Computing and Information Sciences, vol. 5, no. 1, pp. 1–13, 2015.
View at: Publisher Site | Google Scholar
J. Li, W. Yao, J. Han, Y. Zhang, and J. Shen, “User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage,” IEEE Systems Journal, vol. 12, no. 2, pp. 1767–1777, 2017.
View at: Google Scholar
L. Xue, Y. Yu, Y. Li, M. H. Au, X. Du, and B. Yang, “Efficient attribute-based encryption with attribute revocation for assured data deletion,” Information Sciences, vol. 479, pp. 640–650, 2019.
View at: Publisher Site | Google Scholar
Y. Wang, F. Li, J. Xiong, B. Niu, and F. Shan, “Achieving lightweight and secure access control in multi-authority cloud,” IEEE Trustcom/BigDataSE/ISPA, IEEE, vol. 1, pp. 459–466, 2015.
View at: Publisher Site | Google Scholar
M. Chase, “Multi-authority attribute based encryption,” Theory of Cryptography Conference, Springer, Berlin, Heidelberg, pp. 515–534, 2007.
View at: Google Scholar
S. Wang, J. Zhou, J. K. Liu, J. Yu, J. Chen, and W. Xie, “An efficient file hierarchy attribute-based encryption scheme in cloud computing,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 6, pp. 1265–1277, 2016.
View at: Publisher Site | Google Scholar
X. Yao, Z. Chen, and Y. Tian, “A lightweight attribute-based encryption scheme for the Internet of Things,” Future Generation Computer Systems, vol. 49, pp. 104–112, 2015.
View at: Publisher Site | Google Scholar
A. K. Junejo and N. Komninos, “A lightweight Attribute-based security scheme for fog-enabled cyber physical systems,” Wireless Communications and Mobile Computing, vol. 2020, Article ID 2145829, 18 pages, 2020.
View at: Publisher Site | Google Scholar
R. Cheng, K. Wu, Y. Su, W. Li, W. Cui, and J. Tong, “An efficient ECC-based CP-ABE scheme for power IoT,” Processes, vol. 9, no. 7, p. 1176, 2021.
View at: Publisher Site | Google Scholar
W. Wang, H. Xu, M. Alazab, T. R. Gadekallu, Z. Han, and C. Su, “Blockchain-based reliable and efficient certificateless signature for IIoT devices,” IEEE Transactions on Industrial Informatics, vol. 14, no. 8, 2021.
View at: Publisher Site | Google Scholar
W. Wang, C. Qiu, Z. Yin et al., “Blockchain and PUF-based lightweight authentication protocol for wireless medical sensor networks,” IEEE Internet of Things Journal, vol. 14, no. 8, 2021.
View at: Publisher Site | Google Scholar
H. Xiong, C. Jin, M. Alazab et al., “On the design of blockchain-based ECDSA with fault-tolerant batch verication protocol for blockchain-enabled IoMT,” IEEE Journal of Biomedical and Health Informatics, 2021.
View at: Publisher Site | Google Scholar
L. Zhang, Y. Zou, W. Wang, Z. Jin, Y. Su, and H. Chen, “Resource allocation and trust computing for blockchain-enabled edge computing system,” Computers & Security, vol. 105, Article ID 102249, 2021.
View at: Publisher Site | Google Scholar
D. Liu, Y. Zhang, W. Wang, K. Dev, and S. A. Khowaja, “Flexible data integrity checking with original data recovery in IoT-enabled maritime transportation systems,” IEEE Transactions on Intelligent Transportation Systems, pp. 1–12, 2021.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 F. Sammy and S. Maria Celestin Vigila. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

956

Downloads

719

Citations

Security and Communication Networks

Recent Advances in Securing Medical Data

An Efficient Blockchain Based Data Access with Modified Hierarchical Attribute Access Structure with CP-ABE Using ECC Scheme for Patient Health Record

Abstract

1. Introduction

2. Related Works

3. Our Contribution

4. Preliminaries

4.1. Elliptic Curve Cryptography

4.2. Hierarchical Access Control Strategies

4.3. Linear Secret Sharing Scheme

5. Architecture of Blockchain Based Hierarchical Access Control Scheme with CP-ABE Using ECC (BHACS-CP-ABE-ECC)

6. Modified Hierarchical Attribute Access Structure (MHAAS) with CP-ABE Using ECC

7. Integration of HACS-CP-ABE-ECC with Blockchain

7.1. Functions of the Blockchain Components

7.1.1. Root Authority

7.1.2. Attribute Authority

7.1.3. Data Owner

7.1.4. Data Clients

8. Security Analysis of BHACS-CP-ABE-ECC

8.1. Security Assumption under Decisional Diffie–Hellman

8.2. Security under Chosen Ciphertext Attack

8.3. Data Security

8.4. Forward Security

8.5. Collision Resistance

8.6. Data Integrity

8.7. Unauthorized Communication

9. Performance Evaluations

10. Conclusion

Data Availability

Conflicts of Interest

References

Copyright