Flexible Attribute-Based Encryption Applicable to Secure E-Healthcare Records

TL;DR

This paper introduces a flexible attribute-based encryption scheme for secure e-healthcare records that allows dynamic access policy redefinition, overcoming limitations of traditional key-policy ABE in practical healthcare scenarios.

Contribution

It proposes a novel access policy redefinable ABE (APR-ABE) scheme enabling policy updates and delegation, with proven security and short ciphertexts.

Findings

Supports dynamic access policy redefinition

Ensures full security under standard assumptions

Produces short ciphertexts for efficiency

Abstract

In e-healthcare record systems (EHRS), attribute-based encryption (ABE) appears as a natural way to achieve fine-grained access control on health records. Some proposals exploit key-policy ABE (KP-ABE) to protect privacy in such a way that all users are associated with specific access policies and only the ciphertexts matching the users' access policies can be decrypted. An issue with KP-ABE is that it requires an a priori formulation of access policies during key generation, which is not always practicable in EHRS because the policies to access health records are sometimes determined after key generation. In this paper, we revisit KPABE and propose a dynamic ABE paradigm, referred to as access policy redefinable ABE (APR-ABE). To address the above issue, APR-ABE allows users to redefine their access policies and delegate keys for the redefined ones; hence a priori precise policies are no longer mandatory. We construct an APR-ABE scheme with short ciphertexts and prove its full security in the standard model under several static assumptions.