Cloud-Based Fine-Grained Health Information Access Control Framework for LightweightIoT Devices with Dynamic Auditing andAttribute Revocation

Lo Yao Yeh, Pei Yu Chiang, Yi Lang Tsai, Jiun-Long Huang

Research output: Contribution to journalArticlepeer-review

34 Scopus citations

Abstract

The eHealth trend has spread globally. Internet of Things (IoT) devices for medical service and pervasive Personal Health Information (PHI) systems play important roles in the eHealth environment. A cloud-based PHI system appears promising but raises privacy and information security concerns. We propose a cloud-based fine-grained health information access control framework for lightweight IoT devices with data dynamics auditing and attribute revocation functions. Only symmetric cryptography is required for IoT devices, such as wireless body sensors. A variant of ciphertext-policy attribute-based encryption, dual encryption, and Merkle hash trees are used to support fine-grained access control, efficient dynamic data auditing, batch auditing, and attribute revocation. Moreover, the proposed scheme also defines and handles the cloud reciprocity problem wherein cloud service providers can help each other avoid fines resulting from data loss. Security analysis and performance comparisons show that the proposed scheme is an excellent candidate for a cloud-based PHI system.

Original languageEnglish
Pages (from-to)532-544
Number of pages13
JournalIEEE Transactions on Cloud Computing
Volume6
Issue number2
DOIs
StatePublished - 1 Apr 2018

Keywords

  • auditing
  • cloud storage
  • fine-grained access control
  • Internet of thing
  • personal health information

Fingerprint Dive into the research topics of 'Cloud-Based Fine-Grained Health Information Access Control Framework for LightweightIoT Devices with Dynamic Auditing andAttribute Revocation'. Together they form a unique fingerprint.

Cite this