<p>The Healthcare Internet of Things (H-IoT) relies on third-party cloud servers to store patients’ sensitive healthcare data and to facilitate data sharing during health checkups and emergencies. For secure data sharing, H-IoT systems employ ciphertext-policy attribute-based encryption (CP-ABE) to facilitate fine-grained access control and protect data confidentiality. However, existing CP-ABE schemes limit their applicability in H-IoT systems due to the key escrow issue and the computational overhead of complex decryption operations on data users (DUs). State-of-the-art research mitigates key escrow through multi-authority, collaborative, and blockchain-assisted key management approaches. Nevertheless, these approaches remain partially effective, as semi-trusted key authorities and system entities can maliciously collude to reconstruct the secret keys of DUs, thereby compromising the confidentiality of sensitive healthcare data. Moreover, existing approaches are computationally expensive due to their reliance on pairing operations. To overcome these limitations, this article proposes an <b>e</b>scrow-free and <b>c</b>ollusion-<b>r</b>esistant key management scheme in pairing-free CP-<b>ABE</b> (<b>ECR-ABE</b>) with outsourced decryption for H-IoT. The proposed ECR-ABE scheme eliminates the key escrow issue through a secure key construction protocol jointly established between the key authority and the DU. Moreover, ECR-ABE outsources partial decryption to a cloud-based decryption server. This design enables parallel processing of decryption requests and significantly reduces the computational burden on resource-constrained devices. We design ECR-ABE for distributed cloud-based H-IoT environments, where high-performance and parallel computing infrastructures support large-scale access control, low-latency data access, and real-time responsiveness. The ECR-ABE scheme is secure against collusion attacks among semi-honest authorities, with correctness and semantic security demonstrated under the decisional Diffie–Hellman assumption. Theoretical analysis and experimental evaluation confirm that ECR-ABE achieves a 1.01% reduction in key generation time and a 42.86% reduction in local decryption time compared with competing schemes.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Escrow-free and collusion-resistant key management in CP-ABE with outsourced decryption for healthcare IoT

  • Sourabh Bhaskar,
  • Keyur Parmar,
  • Devesh C. Jinwala

摘要

The Healthcare Internet of Things (H-IoT) relies on third-party cloud servers to store patients’ sensitive healthcare data and to facilitate data sharing during health checkups and emergencies. For secure data sharing, H-IoT systems employ ciphertext-policy attribute-based encryption (CP-ABE) to facilitate fine-grained access control and protect data confidentiality. However, existing CP-ABE schemes limit their applicability in H-IoT systems due to the key escrow issue and the computational overhead of complex decryption operations on data users (DUs). State-of-the-art research mitigates key escrow through multi-authority, collaborative, and blockchain-assisted key management approaches. Nevertheless, these approaches remain partially effective, as semi-trusted key authorities and system entities can maliciously collude to reconstruct the secret keys of DUs, thereby compromising the confidentiality of sensitive healthcare data. Moreover, existing approaches are computationally expensive due to their reliance on pairing operations. To overcome these limitations, this article proposes an escrow-free and collusion-resistant key management scheme in pairing-free CP-ABE (ECR-ABE) with outsourced decryption for H-IoT. The proposed ECR-ABE scheme eliminates the key escrow issue through a secure key construction protocol jointly established between the key authority and the DU. Moreover, ECR-ABE outsources partial decryption to a cloud-based decryption server. This design enables parallel processing of decryption requests and significantly reduces the computational burden on resource-constrained devices. We design ECR-ABE for distributed cloud-based H-IoT environments, where high-performance and parallel computing infrastructures support large-scale access control, low-latency data access, and real-time responsiveness. The ECR-ABE scheme is secure against collusion attacks among semi-honest authorities, with correctness and semantic security demonstrated under the decisional Diffie–Hellman assumption. Theoretical analysis and experimental evaluation confirm that ECR-ABE achieves a 1.01% reduction in key generation time and a 42.86% reduction in local decryption time compared with competing schemes.