Lavida: Large-Universe, Verifiable, and Dynamic Fine-Grained Access Control for E-Health Cloud

Electronic healthcare (E-health) cloud system enables electronic health records (EHRs) sharing and improves efficiency of diagnosis and treatment. In order to address EHRs confidentiality and authorized user access control in E-health cloud, attribute-based proxy re-encryption (ABPRE) has been widely employed which provides dynamic fine-grained access control over encrypted EHRs. Unfortunately, existing ABPRE schemes still have the following defects: 1) capacity of attribute-universe is defined at setup; 2) verifiable mechanism for re-encryption reveals EHRs about patients; 3) traditional access policy reveals sensitive information pertaining to patients. This paper focuses on these issues and presents large-universe, verifiable and privacy-preserving dynamic fine-grained access control scheme for E-health cloud. More details, we solve limitation of attribute-universe to large-universe, which means that attributes aren’t required to be enumerated at setup. Considering disclosure of underlying EHRs in verifiable mechanism, scheme introduces non-interactive zero-knowledge proof as verifiable mechanism that supports public validation and doesn’t leak EHRs of patients. Furthermore, partially hidden policy is employed to protect privacy of patients in policy, which divides attribute into attribute name and attribute value, displaying attribute name and hiding attribute value. Finally, experimental evaluation is given that demonstrates the more comprehensive functionality of our scheme without sacrificing significant computational overhead.