A Delegatable Attribute Based Encryption Scheme for a Collaborative E-Health Cloud

With the popularization and growing utilization of electronic health records (EHRs) coupled with the advancements in cloud computing, healthcare providers are interested in storing EHRs in third-party, semi-trusted cloud platforms. Given the collaborative nature of modern e-health environments, integrating access delegation is of paramount importance to strengthen the flexibility of the sharing of health information. However, access delegation has to be enforced in a controlled manner so that it will not jeopardize the security of the system. For such applications, attribute based encryption (ABE) mechanisms are quite useful given the fact that ABE facilitates an efficient way of enforcing secure, fine-grained access control over encrypted data. However, incorporating delegatability with ABE mechanisms is tricky, and the existing schemes lack the control over the process of delegation of encrypted data. As a solution, we propose a novel ABE based access control scheme which can enforce multi-level, controlled access delegation and demonstrated how it could be deployed in an e-health environment to securely share outsourced EHRs of patients. Furthermore, we have shown that the proposed scheme is secure against chosen plaintext attacks as well as attacks mounted via attribute collusion.