Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings

Ming Li, Shucheng Yu, Kui Ren, Wenjing Lou

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Online personal health record (PHR) enables patients to manage their own medical records in a centralized way, which greatly facilitates the storage, access and sharing of personal health data. With the emergence of cloud computing, it is attractive for the PHR service providers to shift their PHR applications and storage into the cloud, in order to enjoy the elastic resources and reduce the operational cost. However, by storing PHRs in the cloud, the patients lose physical control to their personal health data, which makes it necessary for each patient to encrypt her PHR data before uploading to the cloud servers. Under encryption, it is challenging to achieve fine-grained access control to PHR data in a scalable and efficient way. For each patient, the PHR data should be encrypted so that it is scalable with the number of users having access. Also, since there are multiple owners (patients) in a PHR system and every owner would encrypt her PHR files using a different set of cryptographic keys, it is important to reduce the key distribution complexity in such multi-owner settings. Existing cryptographic enforced access control schemes are mostly designed for the single-owner scenarios. In this paper, we propose a novel framework for access control to PHRs within cloud computing environment. To enable fine-grained and scalable access control for PHRs, we leverage attribute based encryption (ABE) techniques to encrypt each patient's PHR data. To reduce the key distribution complexity, we divide the system into multiple security domains, where each domain manages only a subset of the users. In this way, each patient has full control over her own privacy, and the key management complexity is reduced dramatically. Our proposed scheme is also flexible, in that it supports efficient and on-demand revocation of user access rights, and break-glass access under emergency scenarios.

Original languageEnglish
Title of host publicationSecurity and Privacy in Communication Networks - 6th Iternational ICST Conference, SecureComm 2010, Proceedings
Number of pages18
StatePublished - 2010
Event6th International Conference on Security and Privacy in Communication Networks, SecureComm 2010 - Singapore, Singapore
Duration: Sep 7 2010Sep 9 2010

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
Volume50 LNICST


Conference6th International Conference on Security and Privacy in Communication Networks, SecureComm 2010

ASJC Scopus subject areas

  • Computer Networks and Communications


  • Attribute-based encryption
  • Cloud computing
  • Fine-grained access control
  • Patient-centric privacy
  • Personal health records

Cite this