Securing patient data in the cloud using Attribute Based Encryption

Abstract

Cloud computing has attracted attention worldwide in all industries, including the medical field leading to the rise of electronic healthcare systems. Although it has brought about an improvement in the provision of healthcare in terms of information management, it also poses a lot of security and privacy concerns to the patients. This is due to the fact that personal and highly sensitive data is outsourced to a third party (Cloud Service Provider) for processing and storage. This paper seeks to improve security of cloud-based patient data in healthcare organizations by employing a Ciphertext Policy Attribute Based Encryption (CP-ABE) scheme. The proposed scheme provides data confidentiality and allows the patient to control who accesses her personal health data by encrypting it under a specified access policy alongside with her key. It also provides collusion-resistance, flexible and immediate revocation of users who are no longer allowed to access a patient’s data.