Attribute based encryption for health data sharing

Abstract

Nowadays, more and more data has been moved to the public cloud for access, how to protect confidentiality against unauthorized access behavior is very important. Attribute based Encryption (ABE) is an asymmetric crypto scheme that bundles access control with data encryption. In this cryptosystem, the original message can only be accessed if an attribute set in the user secret key matches an access policy related to that attributes set in the encrypted message. Thus ABE can provide a new data protection approach for sensitive information protection in the cloud. In the thesis, we focus on the application challenges of ABE such as outsourcing computation, user and attribute revocation, malicious traitor tracing, keyword search over ciphertext. and propose some solution to address those challenges. We also choose the health data sharing scenario to explore how to apply the ABE algorithm into the current system. A software architecture of electronic health record (EHR) management system is proposed to verify ABE's application value at the end.

For the outsourcing computation and revocation issue, we propose a revocable and outsourcing ABE scheme (RO-ABE). We adopt the logical key hierarchy (LKH) algorithm to support the user and attribute revocation mechanism and combine it into the original outsourcing ABE scheme. Thus it can help to reduce the decryption time of ABE scheme performance on mobile devices. Furthermore, we consider the malicious tractor tracing issue into the scheme designing and thus propose the traceable CP-ABE scheme with attribute revocation and outsourcing computation (TRO-ABE). Based on the outsourcing CP-ABE structure, we adopt the subset cover (SC) revocation framework to solve the attribute revocation and traceability at the same time. The TRO-ABE contains two versions: TRO-ABE-1 scheme and TRO-ABE-2 scheme. These two schemes have similar feature and construction, while the former scheme has a more concise access structure which supports ``AND" operation only. Both of RO-ABE and TRO-ABE meet the security level of the Replayable-CCA. For the keyword search over encrypted message challenge, we introduce multi-key searchable encryption (MKSE) to settle and propose a searchable and revocable attribute based encryption scheme (SRAME). In this scheme a novel ABE outcome is utilized to improve the decryption efficiency, we also introduce the complete tree subset difference (CSD) to realize attribute revocation function.

At the last part of this thesis, we build a software architecture named Crypt-EHRServer for ABE application in health data sharing. We apply the ABE algorithm into an opensource EHR background management system, EHRServer, and then adopt CryptDB SQL query-searchable encryption to solve the problem that EHRServer APIs cannot support query after encryption. This architecture can resist two common attacks for ABE: collusion resistant attack and chosen plaintext attack.

For the scenarios of data encryption with user identity access control, ABE is indeed one of the acceptable solutions. In this thesis, we address different application challenges and present detailed and secure ABE schemes. We hope that all of the works given in this thesis could provide insights for following researchers to come up with more ABE outcomes to meet different actual data protection needs.