Abstract: Securing e-healthcare involves encrypting sensitive patient data, such as medical records, in a way that allows for search operations to be performed on the encrypted data without compromising the security of the patient's information. One way to accomplish this is through the use of homomorphic encryption, which allows computations to be performed on ciphertext, resulting in an encrypted output that can be decrypted to the same plaintext as if the computation was performed on the plaintext. Another way is through the use of searchable encryption, which uses a combination of encryption and data structures such as inverted indexes to enable keyword searches on encrypted data. These methods can be used to create secure systems for e-healthcare that allow authorized personnel to search patient data while ensuring that the data remains confidential and protected from unauthorized access. E-Healthcare systems are increasingly popular due to the introduction of wearable healthcare devices and sensors. Personal health records (PHRs) are collected by these devices and stored in a remote cloud. Due to privacy concern, these records should not be accessible by any unauthorized party, and the cloud providers should not be able to learn any information from the stored records. To address the above issues, one promising solution is to employ attribute-based encryption (ABE) for fine-grained access control and searchable encryption for keyword search on encrypted data. However, most of existing ABE schemes leak the privacy of access policy which may also contain sensitive information. On the other hand, for users' devices with limited computing power and bandwidth, the mechanism should enable them to be able to search the PHRs efficiently. Unfortunately, most existing works on ABE do not support efficient keyword search on encrypted data. In this work, we propose an efficient hidden policy ABE scheme with keyword search. Our scheme enables efficient keyword search with constant computational overhead and constant storage overhead. Moreover, we enhance the recipient's privacy which hides the access policy. As of independent interest, we present a trapdoor malleability attack and demonstrate that some of previous schemes may suffer from such attack.
Keywords: Advance Encryption Standard, E-healthcare, Security, Cloud Security, Attribute Based Encryption, Fine Grained Access Control.
| DOI: 10.17148/IJARCCE.2023.12311