By Topic

Secure management of personal health records by applying attribute-based encryption

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Luan Ibraimi ; Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, Enschede, The Netherlands ; Muhammad Asim ; Milan Petković

The confidentiality of personal health records is a major problem when patients use commercial Web-based systems to store their health data. Traditional access control mechanisms have several limitations with respect to enforcing access control policies and ensuring data confidentiality. In particular, the data has to be stored on a central server locked by the access control mechanism, and the data owner loses control on the data from the moment when the data is sent to the server. Therefore, these mechanisms do not fulfill the requirements of data outsourcing scenarios where the third party storing the data should not have access to the plain data, and it is not trusted to enforce access policies. In this paper, we present a new variant of ciphertext-policy attribute-based encryption (CP-ABE) scheme which is used to enforce patient/organizational access control policies. In CP-ABE, the data is encrypted according to an access policy over a set of attributes. The access policy specifies which attributes a user needs to have in order to decrypt the encrypted data. Once the data is encrypted, it can be safely stored in an untrusted server such that everyone can download the encrypted data but only authorized users who satisfy the access policy can decrypt. The novelty of our construction is that attributes can be from two security domains: social domain (e.g. family, friends, or fellow patients) and professional domain (e.g. doctors or nurses).

Published in:

Wearable Micro and Nano Technologies for Personalized Health (pHealth), 2009 6th International Workshop on

Date of Conference:

24-26 June 2009