Non-interactive revocable identity-based access control over e-healthcare records

Yunya Zhou; Jianwei Liu; Hua Deng; Bo Qin; Lei Zhang

doi:10.1007/978-3-319-17533-1_33

Non-interactive revocable identity-based access control over e-healthcare records

Yunya Zhou
, Jianwei Liu
, Hua Deng
, Bo Qin
, Lei Zhang

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

Revocation of access control on private e-healthcare records (EHRs) allows to revoke the access rights of valid users. Most existing solutions rely on a trusted third party too much to generate and update decryption keys, or require the computations of non-revoked users during the revocation, which make them impractical for some more complicated scenarios. In this paper, we propose a new revocation model, referred to as non-interactive revocable identity-based access control (NRIBAC) on EHRs. In NRIBAC, a trusted third party only needs to generate secret keys for group authorities and each group authority can generate decryption keys for the users in its domain. The NRIBAC distinguishes itself from other revocation schemes by the advantageous feature that it does not require any participation of non-revoked users in the revocation. We construct an NRIBAC scheme with short ciphertexts and decryption keys by leveraging hierarchical identity-based encryption and introducing the version information. We formally prove the security of the NRIBAC scheme and conduct thorough theoretical analysis to evaluate the performance. The results reveal that the scheme provides favorable revocation procedure without disturbing non-revoked users.

Original language	English
Title of host publication	Information Security Practice and Experience - 11th International Conference, ISPEC 2015, Proceedings
Editors	Javier Lopez, Yongdong Wu
Publisher	Springer Verlag
Pages	485-498
Number of pages	14
ISBN (Print)	9783319175324
DOIs	https://doi.org/10.1007/978-3-319-17533-1_33
State	Published - 2015
Event	11th International Conference on Information Security Practice and Experience, ISPEC 2015 - Beijing, China Duration: 5 May 2015 → 8 May 2015

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9065
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	11th International Conference on Information Security Practice and Experience, ISPEC 2015
Country/Territory	China
City	Beijing
Period	5/05/15 → 8/05/15

Keywords

E-healthcare records
Identity-based access control
Non-interaction
Revocation

Access to Document

10.1007/978-3-319-17533-1_33

Cite this

Zhou, Y., Liu, J., Deng, H., Qin, B., & Zhang, L. (2015). Non-interactive revocable identity-based access control over e-healthcare records. In J. Lopez, & Y. Wu (Eds.), Information Security Practice and Experience - 11th International Conference, ISPEC 2015, Proceedings (pp. 485-498). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9065). Springer Verlag. https://doi.org/10.1007/978-3-319-17533-1_33

Zhou, Yunya ; Liu, Jianwei ; Deng, Hua et al. / Non-interactive revocable identity-based access control over e-healthcare records. Information Security Practice and Experience - 11th International Conference, ISPEC 2015, Proceedings. editor / Javier Lopez ; Yongdong Wu. Springer Verlag, 2015. pp. 485-498 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{379ae1e7188d4c338c8116ce74f331f9,

title = "Non-interactive revocable identity-based access control over e-healthcare records",

abstract = "Revocation of access control on private e-healthcare records (EHRs) allows to revoke the access rights of valid users. Most existing solutions rely on a trusted third party too much to generate and update decryption keys, or require the computations of non-revoked users during the revocation, which make them impractical for some more complicated scenarios. In this paper, we propose a new revocation model, referred to as non-interactive revocable identity-based access control (NRIBAC) on EHRs. In NRIBAC, a trusted third party only needs to generate secret keys for group authorities and each group authority can generate decryption keys for the users in its domain. The NRIBAC distinguishes itself from other revocation schemes by the advantageous feature that it does not require any participation of non-revoked users in the revocation. We construct an NRIBAC scheme with short ciphertexts and decryption keys by leveraging hierarchical identity-based encryption and introducing the version information. We formally prove the security of the NRIBAC scheme and conduct thorough theoretical analysis to evaluate the performance. The results reveal that the scheme provides favorable revocation procedure without disturbing non-revoked users.",

keywords = "E-healthcare records, Identity-based access control, Non-interaction, Revocation",

author = "Yunya Zhou and Jianwei Liu and Hua Deng and Bo Qin and Lei Zhang",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 11th International Conference on Information Security Practice and Experience, ISPEC 2015 ; Conference date: 05-05-2015 Through 08-05-2015",

year = "2015",

doi = "10.1007/978-3-319-17533-1\_33",

language = "英语",

isbn = "9783319175324",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "485--498",

editor = "Javier Lopez and Yongdong Wu",

booktitle = "Information Security Practice and Experience - 11th International Conference, ISPEC 2015, Proceedings",

address = "德国",

}

Zhou, Y, Liu, J, Deng, H, Qin, B & Zhang, L 2015, Non-interactive revocable identity-based access control over e-healthcare records. in J Lopez & Y Wu (eds), Information Security Practice and Experience - 11th International Conference, ISPEC 2015, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9065, Springer Verlag, pp. 485-498, 11th International Conference on Information Security Practice and Experience, ISPEC 2015, Beijing, China, 5/05/15. https://doi.org/10.1007/978-3-319-17533-1_33

Non-interactive revocable identity-based access control over e-healthcare records. / Zhou, Yunya; Liu, Jianwei; Deng, Hua et al.
Information Security Practice and Experience - 11th International Conference, ISPEC 2015, Proceedings. ed. / Javier Lopez; Yongdong Wu. Springer Verlag, 2015. p. 485-498 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9065).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Non-interactive revocable identity-based access control over e-healthcare records

AU - Zhou, Yunya

AU - Liu, Jianwei

AU - Deng, Hua

AU - Qin, Bo

AU - Zhang, Lei

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - Revocation of access control on private e-healthcare records (EHRs) allows to revoke the access rights of valid users. Most existing solutions rely on a trusted third party too much to generate and update decryption keys, or require the computations of non-revoked users during the revocation, which make them impractical for some more complicated scenarios. In this paper, we propose a new revocation model, referred to as non-interactive revocable identity-based access control (NRIBAC) on EHRs. In NRIBAC, a trusted third party only needs to generate secret keys for group authorities and each group authority can generate decryption keys for the users in its domain. The NRIBAC distinguishes itself from other revocation schemes by the advantageous feature that it does not require any participation of non-revoked users in the revocation. We construct an NRIBAC scheme with short ciphertexts and decryption keys by leveraging hierarchical identity-based encryption and introducing the version information. We formally prove the security of the NRIBAC scheme and conduct thorough theoretical analysis to evaluate the performance. The results reveal that the scheme provides favorable revocation procedure without disturbing non-revoked users.

AB - Revocation of access control on private e-healthcare records (EHRs) allows to revoke the access rights of valid users. Most existing solutions rely on a trusted third party too much to generate and update decryption keys, or require the computations of non-revoked users during the revocation, which make them impractical for some more complicated scenarios. In this paper, we propose a new revocation model, referred to as non-interactive revocable identity-based access control (NRIBAC) on EHRs. In NRIBAC, a trusted third party only needs to generate secret keys for group authorities and each group authority can generate decryption keys for the users in its domain. The NRIBAC distinguishes itself from other revocation schemes by the advantageous feature that it does not require any participation of non-revoked users in the revocation. We construct an NRIBAC scheme with short ciphertexts and decryption keys by leveraging hierarchical identity-based encryption and introducing the version information. We formally prove the security of the NRIBAC scheme and conduct thorough theoretical analysis to evaluate the performance. The results reveal that the scheme provides favorable revocation procedure without disturbing non-revoked users.

KW - E-healthcare records

KW - Identity-based access control

KW - Non-interaction

KW - Revocation

UR - https://www.scopus.com/pages/publications/84942515732

U2 - 10.1007/978-3-319-17533-1_33

DO - 10.1007/978-3-319-17533-1_33

M3 - 会议稿件

AN - SCOPUS:84942515732

SN - 9783319175324

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 485

EP - 498

BT - Information Security Practice and Experience - 11th International Conference, ISPEC 2015, Proceedings

A2 - Lopez, Javier

A2 - Wu, Yongdong

PB - Springer Verlag

T2 - 11th International Conference on Information Security Practice and Experience, ISPEC 2015

Y2 - 5 May 2015 through 8 May 2015

ER -

Zhou Y, Liu J, Deng H, Qin B, Zhang L. Non-interactive revocable identity-based access control over e-healthcare records. In Lopez J, Wu Y, editors, Information Security Practice and Experience - 11th International Conference, ISPEC 2015, Proceedings. Springer Verlag. 2015. p. 485-498. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-17533-1_33

Non-interactive revocable identity-based access control over e-healthcare records

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this