Medical Health Record Protection Using Ciphertext-Policy Attribute-Based Encryption and Elliptic Curve Digital Signature Algorithm

Information on medical record is very sensitive data due to the number of confidential information about a patient's condition. Therefore, a secure and reliable storage mechanism is needed so that the data remains original without any changes during it was stored in the data center. The user must go through an authentication process to ensure that not an attacker and verify to ensure the authenticity and accuracy of the data received. In this research, we proposed a solution to secure medical data using the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and Elliptic Curve Digital Signature Algorithm (ECDSA) methods. Our system can secure data centers from illegal access because the uploaded data has patient control over access rights based on attributes that have been embedded during the data encryption process. Encrypted data was added to the digital signature to pass the authentication process before being sent to the data center. The results of our experiments serve efficient system security and secure with low overhead. We compare the proposed system performance with the same CP-ABE method but don’t add user revocation to this system and for our computing times are shorter than the previous time for 0.06 seconds and 0.1 seconds to verify the signature. The total time in the system that we propose requires 0.6 seconds

Unified fine-grained access control for personal health records in cloud computing

© 2013 IEEE. Attribute-based encryption has been a promising encryption technology to secure personal health records (PHRs) sharing in cloud computing. PHRs consist of the patient data often collected from various sources including hospitals and general practice centres. Different patients' access policies have a common access sub-policy. In this paper, we propose a novel attribute-based encryption scheme for fine-grained and flexible access control to PHRs data in cloud computing. The scheme generates shared information by the common access sub-policy, which is based on different patients' access policies. Then, the scheme combines the encryption of PHRs from different patients. Therefore, both time consumption of encryption and decryption can be reduced. Medical staff require varying levels of access to PHRs. The proposed scheme can also support multi-privilege access control so that medical staff can access the required level of information while maximizing patient privacy. Through implementation and simulation, we demonstrate that the proposed scheme is efficient in terms of time. Moreover, we prove the security of the proposed scheme based on security of the ciphertext-policy attribute-based encryption scheme