A Research Of EHR System Using Attribute-based Encryption In Cloud Computing Environment

Cloud computing makes on-demand computing resources a reality and provides the required computing infrastructure for storage of EHR. Thus it greatly reduces the cost of use and maintenance of medical health care system. However, a cloud environment introduces an even greater risk to security and privacy of sensitive data. This thesis proposed a framework of decentralizing multi-authority attribute-based encryption(DMA-ABE) solution to solve the security issues caused by the central authority. Multiple attribute authorities manage and issue users’ corresponding keys without any coordination of CA, which enhances security of the system. This solution is implemented in EHR system to support efficient, flexible and fine-grained access control, on-demand attribute revocation, and emergency access control and so on. The main work is as follows:(1)A decentralizing multi-authority attribute-based encryption(DMA-ABE) solution in cloud computing environment is proposed. The scheme is resistance to N-1 AA collusion. The access policy is flexible and supports any Linear Secret Sharing Schemes(LSSS) access structure. Security analysis shows that our scheme is secure against INA-CPA in the standard security model.(2)DMA-ABE scheme is implemented in EHR system in cloud environment. Integrated system architecture is established and a detail implementation process is described in this paper. According to the needs of practical application scenarios, the system is divided into the public domain and personal domain. Different access control methods are used in different domains in order to improve system efficiency and flexibility.(3)We use proxy re-encryption in EHR system to realize on-demand attribute revocation and authorization. User revocation method is given on the basis of attribute level revocation. On the other hand, we propose an emergency access control method and give solution to write access control of EHR and access control problems caused by user with multiple roles.(4)A thorough analysis of complexity of DMA-ABE and comparison of our EHR system with other systems and experimental results are provided to show the security, efficiency and scalability of our scheme.