Authors: Yifan Wang; Yunling Wang; Jianfeng Wang
Addresses: School of Cyber Engineering, Xidian University, Xi'an, China ' National Engineering Laboratory for Wireless Security, Xi'an University of Posts and Telecommunications, Xi'an, China ' State Key Laboratory of Integrated Service Networks (ISN), Xidian University, Xi'an, China
Abstract: The notion of access control allows data owners to outsource their data to cloud server, while encouraging the sharing of data with legally authorised users. Note that the traditional access control techniques only allow authorised users to access the sharing data. However, it is intractable to obtain the required data when the data owner encounters some emergency circumstances, such as, medical first-aid. Recently, Yang et al. proposed a self-adaptive access control scheme, which can ensure secure data sharing in both normal and emergency medical scenarios. However, their construction needs to involve an emergency contact person. We argue that Yang et al.'s scheme suffers from two weaknesses: 1) it is vulnerable to single point of failure when the emergency contact person is offline; 2) the two cloud model brings extra computation and communication overhead. To overcome the above shortcomings, we present a new efficient self-adaptive medical data access control by integrating fuzzy identity-based encryption and convergent encryption. Specifically, our proposed construction can achieve patients' data access by their fingerprint in emergency setting. Furthermore, the proposed scheme supports cross-user data deduplication and improves the performance of system by convergent encryption. Experiment results show that our scheme has an advantage in efficiency.
Keywords: self-adaptive access control; privacy-preserving; medical data storage; secure deduplication.
International Journal of Computational Science and Engineering, 2020 Vol.23 No.4, pp.341 - 351
Received: 19 Mar 2020
Accepted: 07 Jun 2020
Published online: 10 Feb 2021 *