Achieving Privacy-preserving For Sensitive Attributes And Data Assured Deletion In Smart Healthcare

The technological advances,such as 5G,Internet of Thing(Io T),edge computing and so on,gave birth to the new pattern,Smart Healthcare.Compared with traditional healthcare,it provides patients with more accurate and effective treatment while reducing the burden on nurses and doctors.To ensure data shared securly,data needs to be encrypted and outsourced to untrusted third-party servers.Therefore,how to achieve fine-grained access control while protecting patient privacy has become a key issue in smart healthcare.As a fine-grained encryption technology,CPABE is widely studied.Researchers have proposed many variants for different scenarios.However,existing CPABE solutions cannot be directly applied to smart healthcare.They either transfer policy in plaintext,or only hide attribute names.The former causes complete disclosure of patients’ sensitive attributes,while the latter makes attackers to pay special attention to this type of data.In addition,these schemes also ignore assured deletion of server-side data.When a request for deletion was not executed honestly by the server,the health data which has been deleted by the data owner may still be spread on the network.In this paper,we study an access control scheme that supports full policy hiding and assured data deletion.The main contributions are as follows.(1)This paper studies a full policy hiding scheme based on PSI.First we define a minimum authorization set for each policy and design a recursive algorithm to find all minimum authorization sets.For an access policy,a user attribute set containing at least one minimum authorization set is authorized.In the encryption phase,the cipher of each minimum authorization set is generated by constructing polynomial interpolation.At the same time,multiple auxiliary vectors are produced.Before decryption,the user calculates the authorization relationship and the mapping between the secret key and ciphers.(2)After that,we propose an assured data deletion scheme by revoking all users’ access right.We define a policy graph to convert file deletion to policy revocation.A key attribute set and a minimum key attribute set selection algorithm are defined for each access policy.On this basis,policy revocation is constructed with the help of cipher update.To achieve assured deletion,data owners use Merkle trees to verify cipher update.If and only if the Merkle root of the latest cipher is consistent with that generated by the original cipher,the user is convinced that the file has been deleted successfully.(3)In order to achieve user-side efficiency,users extend exponent operations to multiple servers by using existing verifiable outsourcing schemes.Then all security proofs indicate that ours guarantees the confidentiality of data and attributes while achieving assured deletion.Finally,all algorithms of ours and two comparison schemes are implemented based on the JPBC library.Performance analysis and experimental results show that ours has better efficiency at the user end.