Practically adaptable CPABE based Health-Records sharing framework

TL;DR

This paper tackles secure, practical sharing of electronic health records (EHRs) over cloud/mobile environments by integrating Ciphertext-Policy Attribute-Based Encryption (CPABE) with OAuth 2.0. The authors propose an architecture where EHRs are encrypted with CPABE, access is delegated via OAuth 2.0 tokens, and data owners retain policy-driven control even when data is stored in semi-trusted clouds, mitigating data entrapment and loss of resource control. They implement the framework, compare it to related works (notably Jang-Jaccard), and demonstrate favorable performance in key generation and decryption for realistic attribute sets, with acceptable encryption performance and scalability. The study highlights the practical viability of CPABE-based EHR services and discusses future enhancements, including Blockchain-based mechanisms for immutability and decentralization to further improve trust and traceability in cross-organizational health data sharing.

Abstract

With recent elevated adaptation of cloud services in almost every major public sector, the health sector emerges as a vulnerable segment, particularly in data exchange of sensitive Health records, as determining the retention, exchange, and efficient use of patient records without jeopardizing patient privacy, particularly on mobile-applications remains an area to expand. In the existing scenarios of cloud-mobile services, several vulnerabilities can be found including trapping of data within a single cloud-service-provider and loss of resource control being the significant ones. In this study, we have suggested a CPABE and OAuth2.0 based framework for efficient access-control and authorization respectively to improve the practicality of EHR sharing across a single client-application. In addition to solving issues like practicality, data entrapment, and resource control loss, the suggested framework also aims to provide two significant functionalities simultaneously, the specific operation of client application itself, and straightforward access of data to institutions, governments, and organizations seeking delicate EHRs. Our implementation of the suggested framework along with its analytical comparison signifies its potential in terms of efficient performance and minimal latency as this study would have a considerable impact on the recent literature as it intends to bridge the pragmatic deficit in CPABE-based EHR services.

Figures (6)

• Figure 1: (a) Framework for Electronic Health Record (EHR) System. (b) Exploitation of Sensitive Health Records over Cloud.
• Figure 2: (a) An example of Access Tree representing an Access Policy. (b) Framework of standard CPABE system with entities including Trusted Authority, Data Owner, and Data User.
• Figure 3: Architectural overview of the proposed framework incorporating the CPABE model bounded with OAuth 2.0 protocol for efficient sharing of Electronic Health Records across Multi-sharing Cloud environment. DO-(1-3) are the steps denoting the procedure in respect to the Data Owner whereas DU-(1-8) are the steps denoting the procedure in respect to the Data User.
• Figure 4: Access Policy Tree representing the Attribute Policy defined by to Data Owner in relation to the proposed use-case scenario of Electronic Health Record.
• Figure 5: Final Caption. (a) Comparison of our scheme and Jaccard Scheme in terms of Encryption cost under 10 attributes. (b) Comparison of our scheme and Jaccard Scheme in terms of Decryption cost under 10 attributes.