Traceable Ciphertext-Policy Attribute-Based Encryption with Verifiable Outsourced Decryption in eHealth Cloud

Abstract EN

In cloud-assisted electronic health care (eHealth) systems, a patient can enforce access control on his/her personal health information (PHI) in a cryptographic way by employing ciphertext-policy attribute-based encryption (CP-ABE) mechanism.

There are two features worthy of consideration in real eHealth applications.

On the one hand, although the outsourced decryption technique can significantly reduce the decryption cost of a physician, the correctness of the returned result should be guaranteed.

On the other hand, the malicious physician who leaks the private key intentionally should be caught.

Existing systems mostly aim to provide only one of the above properties.

In this work, we present a verifiable and traceable CP-ABE scheme (VTCP-ABE) in eHealth cloud, which simultaneously supports the properties of verifiable outsourced decryption and white-box traceability without compromising the physician’s identity privacy.

An authorized physician can obtain an ElGamal-type partial decrypted ciphertext (PDC) element of original ciphertext from the eHealth cloud decryption server (CDS) and then verify the correctness of returned PDC.

Moreover, the illegal behaviour of malicious physician can be precisely (white-box) traced.

We further exploit a delegation method to help the resource-limited physician authorize someone else to interact with the CDS.

The formal security proof and extensive simulations illustrate that our VTCP-ABE scheme is secure, efficient, and practical.