Rainbow: reliable personally identifiable information retrieval across multi-cloud

Abstract Personally identifiable information (PII) refers to any information that links to an individual. Sharing PII is extremely useful in public affairs yet hard to implement due to the worries about privacy violations. Building a PII retrieval service over multi-cloud, which is a modern strategy to make services stable where multiple servers are deployed, seems to be a promising solution. However, three major technical challenges remain to be solved. The first is the privacy and access control of PII. In fact, each entry in PII can be shared to different users with different access rights. Hence, flexible and fine-grained access control is needed. Second, a reliable user revocation mechanism is required to ensure that users can be revoked efficiently, even if few cloud servers are compromised or collapse, to avoid data leakage. Third, verifying the correctness of received PII and locating a misbehaved server when wrong data are returned is crucial to guarantee user’s privacy, but challenging to realize. In this paper, we propose Rainbow, a secure and practical PII retrieval scheme to solve the above issues. In particular, we design an important cryptographic tool, called Reliable Outsourced Attribute Based Encryption (ROABE) which provides data privacy, flexible and fine-grained access control, reliable immediate user revocation and verification for multiple servers simultaneously, to support Rainbow. Moreover, we present how to build Rainbow with ROABE and several necessary cloud techniques in real world. To evaluate the performance, we deploy Rainbow on multiple mainstream clouds, namely, AWS, GCP and Microsoft Azure, and experiment in browsers on mobile phones and computers. Both theoretical analysis and experimental results indicate that Rainbow is secure and practical

Efficient Fine-Grained Data Sharing Mechanism for Electronic Medical Record Systems with Mobile Devices

IEEE Sharing digital medical records on public cloud storage via mobile devices facilitates patients (doctors) to get (offer) medical treatment of high quality and efficiency. However, challenges such as data privacy protection, flexible data sharing, efficient authority delegation, computation efficiency optimization, are remaining toward achieving practical fine-grained access control in the Electronic Medical Record (EMR) system. In this work, we propose an innovative access control model and a fine-grained data sharing mechanism for EMR, which simultaneously achieves the above-mentioned features and is suitable for resource-constrained mobile devices. In the model, complex computation is outsourced to public cloud servers, leaving almost no complex computation for the private key generator (PKG), sender and receiver. Additionally, the communication cost of the PKG and users is optimized. Moreover, we develop an extensible library called libabe that is compatible with Android devices, and the access control mechanism is actually deployed on realistic environment, including public cloud servers, a laptop and an inexpensive mobile phone with constrained resources. The experimental results indicate that the mechanism is efficient, practical and economical