Bilateral Privacy-Aware Proxy Re-Encryption With Traceability and Revocation for IoMT

Internet of Medical Things (IoMT) serves as a pivotal cornerstone for intelligent healthcare services by extending communication networks into medical settings. Within smart hospitals, IoMT facilitates the interconnectedness among essential healthcare elements, including individuals, equipment, and objects, thereby enabling the intelligent application of medical data irrespective of temporal or spatial constraints. IoMT is distinguished by its stringent data privacy and security requisites stemming from the sensitive nature of protected health information (PHI), dynamic healthcare environments, and time-critical medical interventions. It emphasizes the paramount importance of preserving patient confidentiality through partially hidden access policies, enabling time-sensitive authority delegation in emergency scenarios, and maintaining audit trails for regulated medical workflows. To address this varied challenge, this work introduces a novel framework, PTR-ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE), designed to effectively navigate the complexities of this evolving digital ecosystem. PTR-CP-ABPRE is featured by its bilateral and distributed access control, which involves a partially hidden access policy, thereby hiding sensitive attribute values contained in the access control policies. This feature serves to balance the dual objectives of access transparency and information confidentiality required for PHI. In addition, PTR-CP-ABPRE fulfills white-box traceability and revocation mechanisms, critical for maintaining chain-of-custody and enabling immediate privilege revocation. Finally, PTR-CP-ABPRE is designed for anti-collusion attacks, particularly crucial in healthcare ecosystems where multiple entities require differentiated access levels to share PHI.