Towards privacy protection and malicious behavior traceability in smart health

摘要

As a more ubiquitous concept, smart health (s-health) is the context-aware complement of mobile health within smart cities, and it has made an increasing number of people turn to cloud-based services. In a practical s-health system, security and privacy issues are of great importance and have to be addressed. In this paper, we propose a secure s-health system which realizes fine-grained access control on s-health cloud data and hence ensures users’ privacy protection. The key technique is a promising cryptographic primitive called ciphertext-policy attribute-based encryption. In order to trace malicious behaviors in the proposed s-health system, two kinds of key abuse problems are considered: malicious key sharing among colluding users and key escrow problem of the semi-trusted authority. In the proposed s-health system, any malicious behavior of a user including illegal key sharing can be traced. For the semi-trusted authority, it can be accountable for its misbehavior including illegal key re-distribution. Particularly, the proposed system supports large universe and attributes do not need to be pre-specified during the system initialization phase. Besides, our system is proven fully secure in the random oracle model and it allows any monotonic access policies. Theoretical analysis and experimental results indicate that the proposed s-health system is suitable for smart city environment.