Outsourcing multiauthority access control revocation and computations over medical data to mobile cloud

With recent advances in cloud computing, mobile devices are increasingly being used to record patient physiological parameters, and transfer them to a cloud-based hospital information system, for access control mediation over a variety of stakeholders. In such a cloud-based architecture, the patient must specify an access policy for a group of authorized parties towards its outsourced data. Multiauthority ciphertext-policy attribute-based encryption (CP-ABE) was provided as an innovative cloud-based access control cryptographic primitive to tackle the key escrow issue in a centralized architecture, and boost flexibility through cross-domain attributes management. Existing works, however, still have glaring drawbacks. First, they still rely on a trusted authority to generate and distribute user secret keys. Second, they do not simultaneously provide encryption, decryption, or revocation outsourcing, resulting in high processing and communication cost for both the data sender and the data receiver. Third, they do not support both user and attribute revocation, and the integrity of ciphertext downloaded from the cloud is not always verified at the user end. As a result, this paper exploits the dummy attribute technique and introduces a novel, efficient, and secure multiauthority ciphertext-policy ABE method for mediating access control over medical data, in the mobile cloud. The ciphertext access policy enforcement, partial ciphertext decryption, and both the user and attribute indirect revocation updates are safely outsourced to the cloud server in this study. Theoretical analysis demonstrates that our scheme is efficient and verifiable, and we prove that our construction is secure under the decisional bilinear Diffie-Hellman assumption.