Secure Access Control of Personal Health Records in Cloud Computing Using Attribute-Based Encryption

• Main Authors: Dai, Ching-Yao, 戴靜瑤
• Other Authors: Tzeng, Wen-Guey
• Format: Others
• Language: zh-TW
• Published: 2013
• Online Access: http://ndltd.ncl.edu.tw/handle/34242460078997883536

碩士 === 國立交通大學 === 資訊科學與工程研究所 === 101 === Personal Health Record (PHR) is an information related to the care of a patient himself and is maintained and managed by patient. PHR contains variety of health data such as a patient’s diet, family history, and prescription record etc. Nowadays with the emergence of cloud computing, many cloud services are provided, including the cloud storage which enables people to store and manage their data in remote storage conveniently. Deploying cloud computing platform in PHR system is not only inexpensive but also provides wide-area access and large storage capability for a patient, who can control and share his PHR with other people. However migrating PHR to cloud storage incurs new security problem: how does patient enforce secure access control of his PHR? Although cloud delivers many resources as a service, unfortunately it also gives attackers new possibilities to launch attacks. On the other hand, cloud service provider does not promise the security and confidentiality of PHR. Besides, patient may share his PHR with many people under different access policy. Therefore, we propose a framework of PHR system, which leverages Decentralizing Attribute-Based Encryption (DABE) to encrypt PHR and enforce access control policy. This framework satisfies several security properties such as fine-grained access control, data privacy and scalable access. And we implement a PHR system to display that this system is effective.