With the popularization and growing utilization of electronic health records (EHRs) coupled with the advancements in cloud computing, healthcare providers are interested in storing EHRs in third-party, semi-trusted cloud platforms. Given the collaborative nature of modern e-health environments, integrating access delegation is of paramount importance to strengthen the flexibility of the sharing of health information. However, access delegation has to be enforced in a controlled manner so that it will not jeopardize the security of the system. For such applications, attribute based encryption (ABE) mechanisms are quite useful given the fact that ABE facilitates an efficient way of enforcing secure, fine-grained access control over encrypted data. However, incorporating delegatability with ABE mechanisms is tricky, and the existing schemes lack the control over the process of delegation of encrypted data. As a solution, we propose a novel ABE based access control scheme which can enforce multi-level, controlled access delegation and demonstrated how it could be deployed in an e-health environment to securely share outsourced EHRs of patients. Furthermore, we have shown that the proposed scheme is secure against chosen plaintext attacks as well as attacks mounted via attribute collusion.

中文翻译：

---

协作电子医疗云的基于可委托属性的加密方案


随着电子健康记录 (EHR) 的普及和使用的不断增长，加上云计算的进步，医疗保健提供商有兴趣将 EHR 存储在第三方、半可信的云平台中。鉴于现代电子医疗环境的协作性质，整合访问授权对于加强健康信息共享的灵活性至关重要。然而，访问授权必须以受控的方式执行，这样才不会危及系统的安全。对于此类应用程序，基于属性的加密 (ABE) 机制非常有用，因为 ABE 有助于以一种有效的方式对加密数据实施安全、细粒度的访问控制。然而，将委托性与 ABE 机制相结合是很棘手的，并且现有方案缺乏对加密数据委托过程的控制。作为解决方案，我们提出了一种基于 ABE 的新型访问控制方案，该方案可以强制执行多级、受控访问授权，并演示了如何将其部署在电子医疗环境中以安全地共享患者的外包 EHR。此外，我们还表明，所提出的方案可以安全地抵御选定的明文攻击以及通过属性串通发起的攻击。