Securing Outsourced Personal Health Records on Cloud Using Encryption Techniques

Due to the greater flexibility and accessibility of data outsourcing environments such as cloud computing environments, several healthcare organizations have implemented electronic Personal Health Records (PHRs) to ensure that individual patients have such resilience and scalability. It allows users to manage their health information in a safe environment. However, PHRs contain highly sensitive information where security and privacy issues are major concerns. PHR owners should also be able to securely define their own access policies for offsite data. In addition to basic authentication capabilities, existing commercial cloud platforms typically offer symmetric or public key encryption as an optional feature to keep tenants’ data confidential. However, such traditional encryption schemes are not suitable for data outsourcing environments due to the high key management overhead of symmetric encryption and the high maintenance costs of handling multiple copies of ciphertext for public key encryption solutions.

The output of this study is to design and development of a secure, fine-grained access control scheme with lightweight updates to outsourced PHR access policies. The proposed scheme is based on Cipher Text Policy Attribute-Based Encryption (CP-ABE) and Proxy Re-Encryption (PRE). Additionally, this study introduces a policy versioning technique that supports full traceability of policy changes using the Elgamal technique and a performance evaluation that demonstrates the efficiency of the proposed scheme.