Secure and fine-grained access control on e-healthcare records in mobile cloud computing

In the era of Internet of things, wearable devices can be used to monitor residents' health and upload collected health data to cloud servers for sharing, which facilitates the development of e-healthcare record (EHR) systems. However, before finding wide applications, EHR systems have to tackle privacy and efficiency challenges. For one thing, the confidentiality of EHRs is one of most important issues concerned by patients. For another, wearable devices in mobile cloud computing are often resource-constrained to some extent. In this paper, we propose a fine-grained EHR access control scheme which is proven secure in the standard model under the decisional parallel bilinear Diffie-Hellman exponent assumption. In the proposed scheme, an EHR owner can generate offline ciphertexts before knowing EHR data and access policies, which performs a majority of computation tasks. Furthermore, the online phase can rapidly assemble the final ciphertexts when EHR data and access policies become known. Our EHR access control scheme allows access policies encoded in linear secret sharing schemes. Extensive performance comparisons and simulation results indicate that the proposed solution is very suitable for mobile cloud computing.