# A practical application of CP-ABE for mobile PHR system: a study on the user accountability

- Hanshu Hong
^{1}, - Di Chen
^{2}and - Zhixin Sun
^{1}Email author

**Received: **14 May 2016

**Accepted: **5 August 2016

**Published: **11 August 2016

## Abstract

### Background

Attribute based encryption has been widely applied for secure data protection in PHR systems. However, since different users may share the same attributes in the system, a user may leaks his private key for illegal data sharing without being detected. This will add more threat to the private data stored in PHR system.

### Finding

To help users achieve higher efficiency and more secure data sharing in mobile PHR system, based on previous works, we study the traitor tracing mechanism in attribute based cryptosystem and propose a high efficient attribute based encryption with user accountability in mobile PHR system. If a malicious PHR user exposes his private key for illegal data sharing, his identity can be accurately pinpointed by the system manager. During the whole process of data sharing, no bilinear pairing operations are needed, hence this will the mobile terminal devices from heavy computation burden.

### Conclusion

As a further study, in this short report, we show that using a novel attribute based encryption with user accountability can help users achieve better efficiency and more secure data sharing in mobile PHR system.

## Keywords

## Background

Personal health record (PHR) (Zuckerman and Kim 2009; Koufi et al. 2014) contains massive private data in terms of the user’s health conditions, disease history, medication and other personal information. Due to the capability of improving the efficiency of healthcare, PHR has gained increasingly popularity nowadays and has been widely applied in the medical area such as diseases rehabilitation, disease prevention (McInnes and Shimada 2013), medical treatment, etc. Considering the private nature of PHR (Price et al. 2015), special encryption techniques should be implemented for protection in the PHR system (Liu et al. 2015; Sangeetha et al. 2014).

Many schemes have applied attribute based encryption to design medical care systems such as PHR (Qian et al. 2015; Liu et al. 2013; Li et al. 2015; Xhafa et al. 2015) and BAN (Tan et al. 2011; Tian et al. 2014), but the efficiency is still unsatisfactory. One important factor is that a PHR user has to run many times of bilinear pairing operations when decrypting a ciphertext. When PHR users get access to the encrypted data using mobile devices with restricted computing resources such as cellphones, body area sensors, smart watches, the heavy decryption computation will add difficulty in the process of mobile PHR data sharing.

Key abuse is another obstacle to apply attribute based encryption to PHR system. ABE is an advanced type of broadcast encryption, users owing the same attributes share the same private key. However at the same time, a malicious user may expose his private key deliberately without being detected. Thus, a mechanism which provides user accountability and traitor tracing should also be introduced.

Based on the previous works (Liu et al. 2013; Tan et al. 2011; Li et al. 2015; Tian et al. 2014; Xhafa et al. 2015; Li and Khan 2012; Hong and Sun 2016), to better solve the problems described above and help users achieve secure data sharing in mobile PHR system, the following constructions are established:

Firstly, we propose a user accountable ciphertext policy attribute based encryption without pairings (UA-CPABE-WP) for mobile PHR system. In our UA-CPABE-WP, users can recover the plaintext on condition that the possessing attributes satisfy with the access policy.

Secondly, the mechanism of user accountability is introduced. If a malicious PHR user exposes his private key for illegal data sharing, his identity can be accurately pinpointed by the system manager.

Thirdly, no bilinear pairing are needed during data sharing, hence relieving the mobile terminal devices from large calculation.

## Our studies

### Implementation of the proposed UA-CPABE-WP

### Constructions

Notations and their corresponding meanings

Notation | Meaning | Notation | Meaning |
---|---|---|---|

AA | Attribute authority |
| Public parameters |

| System master key |
| A single attribute |

| User’s private key |
| User’s identity |

| Ciphertext |
| Plaintext |

Our UA-CPABE-WP includes the following algorithms:

*Setup*: Let Let *G* to be a cyclic addition group with generator *q* and prime order *p*. Defines a global attribute set \(\left\{ {A_{i} } \right\}\) and picks \(t_{i} \in Z_{q}^{*}\) for each attribute in \(\left\{ {A_{i} } \right\}\). Let \(T_{i} = t_{i} p\). Picks secret numbers \(h ,y \in Z_{q}^{*}\) and calculates \(Y = yp,\;H = hp\). Define a hash function \(H_{1} : \left\{ {0,1} \right\}^{ *} \to \left\{ {0,1} \right\}^{m} ,m\) is the size of plaintext.

The system public parameters are \(\left\{ {G,q,p,A_{i} ,T_{i} , Y,H_{1} ,H} \right\}\) and the system master keys are \(\left\{ {t_{i} ,y,h} \right\}\).

*Private key generation*: AA assigns a global unique identifier for each user in the PHR system. For a PHR user (without loss of generality, denote his identity by

*id*) possessing attribute set

*S*, AA generates his private key

*SK*

_{ id }as follows:

*Encrypt*: When a data owner wants to share his private PHR data with some people processing certain attributes, he works as described below:

*Decrypt*: Upon receiving

*CT*, data receiver calculates:

Correctness proof:

If \(x\) is a non-leaf node,

## Results and discussion

### Security proof

###
**Theorem**

*UA-CPABE-WP is secure under chosen message attack if CDH assumption holds*.

###
*Proof*

*Adversary*can break our UA-CPABE-WP with an advantage \(\left( {t,\varepsilon } \right)\), then there exists a

*Simulator*breaking the CDH assumption with an advantage of \(\left( {t^{\prime } ,\varepsilon^{\prime } } \right)\) which satisfies:

In lemma (7), \(q_{p}\) is the amount of public key queries in the challenge game.

The detail proof follows from that in (Liu et al. 2013).

### PHR user accountability

*mid*as his unique identity and \(SK_{mid}\) as the private key he owns) leaks his private key deliberately in the PHR system for illegal data sharing, then his identity can be exactly pinpointed by tracer. Two main methods can be adopted for traitor tracing as follows:

- a.Since user’ds private key is unique, if the amount of users is not huge, tracer can build a list recoding each private key with its corresponding user’s identity as Table 2 shows. When private key exposure happens, tracer searches the identifier which corresponds to the leaked private key in the list and the traitor is able to be exactly traced.Table 2
List of each private key with its corresponding user’s identity

User’s identity

Corresponding private key

\(id_{1}\)

\(SK_{{id_{1} }}\)

\(id_{2}\)

\(SK_{{id_{2} }}\)

…

…

\(id_{n}\)

\(SK_{{id_{n} }}\)

- b.Upon receiving a legal private key \(SK_{mid} = \left\{ {K = \left( {mid \cdot y + r} \right)h^{ - 1} ,\forall A_{i} \in S,D_{i} = t_{i} - r} \right\}\) from PHR system, tracer firstly recovers the attribute set belonging to the malicious user from \(D_{i}\) and calculates \(r\) as follows:$$r = D_{i} - t_{i}$$(8)

### Efficiency evaluation

*Encrypt*algorithm will take \(\left( {2n + 2} \right)\) times of multiplication operation, while the

*Decrypt*algorithm will take \(\left( {n + 2} \right)\) times of multiplication operation and \(\left( {n + 1} \right)\) times of addition. Denote “Exp”, “Pair”, “Mul”, and “Add” to be exponential operation, pairing operation, multiplication and addition respectively. The detailed comparison results in terms of computation costs are shown in Table 3.

Since the computation cost of bilinear pairing is much larger than that of multiplication and addition, it can be seen that the efficiency of our UA-CPABE-WP is higher since no bilinear pairings are needed.

## Conclusion

In this report we provide a high efficient data sharing method using attribute based encryption with user accountability (UA-CPABE-WP). In our scheme, data owner can achieve secure and self-centric access control over the PHR data. Besides, the mechanism of user accountability is introduced. If a malicious PHR user exposes his private key for illegal data sharing, his identity can be pinpointed exactly. The better efficiency and security makes UA-CPABE-WP to be a promising method for data protection in mobile PHR system.

## Declarations

### Authors’ contributions

All the authors contributed equally to this work. All authors read and approved the final manuscript.

### Authors’ information

Dr Zhixin Sun is the dean of Internet of Things institute, Nanjing University of Posts and Telecommunications. He has published more than 50 literatures on journals worldwide. His research area includes information security, computer networks, computer science, etc. Dr Hanshu Hong is a PHD candidate in Nanjing University of Posts and Telecommunications. His research area includes information security, cryptology. Dr Di Chen is a PHD candidate in Genetics at the Pennsylvania State University, he works in the Huck Institutes of the Life Sciences. His work engages statistical modeling and bioinformatics tools to explore the regional variation of mutation rate in human genome.

### Acknowledgements

This research is supported by the National Natural Science Foundation of China (60973140, 61170276 and 61373135).The authors thank the sponsors for their support and the reviewers for their helpful comments.

### Competing of interest

The authors declare that they have no competing interests.

**Open Access**This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

## Authors’ Affiliations

## References

- Fuji KT, Abbott AA (2012) Standalone personal health records in the United States: meeting patient desires. Health Technol 2(3):197–205View ArticleGoogle Scholar
- Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute based encryption for fine-grained access control of encrypted data. In: ACM conference on Computer and Communications Security, 2006, pp 89–98Google Scholar
- Hong H, Sun Z (2016) High efficient key-insulated attribute based encryption scheme without bilinear pairing operations. SpringerPlus 5(1):1–12View ArticleGoogle Scholar
- Hong H, Sun Z, Liu X (2016) A key-insulated CP-ABE with key exposure accountability for secure data sharing in the cloud. KSII Trans Internet Inf Syst 10(5):2394–2406. doi:10.3837/tiis.2016.05.024 Google Scholar
- Koufi V, Malamateniou F, Vassilacopoulos G (2014) Privacy-preserving access control for PHR-based emergency medical systems, concepts and trends in healthcare information systems, vol 16 of the series annals of information systems, 2014, September, 61–78Google Scholar
- Li F, Khan MK (2012) A biometric identity-based signcryption scheme. Future Gener Comput Syst 28(1):306–310View ArticleGoogle Scholar
- Li J, Xhafa F, Feng J (2015) Privacy-aware attribute-based PHR sharing with user accountability in cloud computing. J Supercomput 71(5):1607–1619View ArticleGoogle Scholar
- Liu X, Ma J, Xiong J (2013) Personal health records integrity verification using attribute based proxy signature in cloud computing. In: Internet and distributed computing systems vol 8223 of the series lecture notes in computer science, 2013, pp 238–251Google Scholar
- Liu X, Liu Q, Peng T (2015) HCBE: Achieving fine-grained access control in cloud-based PHR systems, algorithms and architectures for parallel processing, vol 9530 of the series lecture notes in computer science, 2015, pp 562–576Google Scholar
- McInnes DK, Shimada SL (2013) Personal health record use and its association with antiretroviral adherence: survey and medical record data from 1871 US veterans infected with HIV. AIDS Behav 17(9):3091–3100View ArticleGoogle Scholar
- Price JM, Bellwood P, Kitson N (2015) Conditions potentially sensitive to a Personal Health Record (PHR) intervention, a systematic review. BMC Med Inf Decis Mak. http://link.springer.com/article/10.1186/s12911-015-0159-1
- Qian H, Li J, Zhang Y (2015) Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation. Int J Inf Secur 14(6):487–497View ArticleGoogle Scholar
- Sangeetha D, Vijayakumar V, Thirunavukkarasu V (2014) Enhanced security of PHR system in cloud using prioritized level based encryption, recent trends in computer networks and distributed systems security, vol 420 of the series communications in computer and information science, 2014, pp 57–69Google Scholar
- Tan Y-L, Goi B-M, Komiya R (2011) A study of attribute-based encryption for body sensor Networks. In: Informatics engineering and information science, communications in computer and information science, vol 251, pp 238–247Google Scholar
- Tian Y, Peng Y, Peng X (2014) An attribute-based encryption scheme with revocation for fine-grained access control in wireless body area networks. Int J Distrib Sensor Netw. http://www.hindawi.com/journals/ijdsn/2014/259798/
- Waters B (2011) Ciphertext policy attribute based encryption: an expressive, efficient, and provably secure realization. In: Proceedings of international conference PKC 2011, March, pp 53–70Google Scholar
- Xhafa F, Li J, Zhao G (2015) Designing cloud-based electronic health record system with attribute-based encryption. Multimed Tools Appl 74(10):3441–3458View ArticleGoogle Scholar
- Zuckerman AE, Kim GR (2009) Personal health records. In: Lehmann CU, Kim GR, Johnson KB (eds) Pediatric informatics, part of the series health informatics. Springer, New York, pp 293–301Google Scholar