Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation

Huiling Qian, Jiguo Li*, Yichen Zhang, Jinguang Han

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

129 Citations (Scopus)


Personal health record (PHR) service is an emerging model for health information exchange. In PHR systems, patient’s health records and information are maintained by the patient himself through the Web. In reality, PHRs are often outsourced to be stored at the third parties like cloud service providers. However, there have been serious privacy concerns about cloud service as it may expose user’s sensitive data like PHRs to those cloud service providers or unauthorized users. Using attribute-based encryption (ABE) to encrypt patient’s PHRs in cloud environment, secure and flexible access control can be achieved. Yet, problems like scalability in key management, fine-grained access control, and efficient user revocation remain to be addressed. In this paper, we propose a privacy-preserving PHR, which supports fine-grained access control and efficient revocation. To be specific, our scheme achieves the goals (1) scalable and fine-grained access control for PHRs by using multi-authority ABE scheme, and (2) efficient on-demand user/attribute revocation and dynamic policy update. In our scheme, we consider the situation that multiple data owners exist, and patient’s PHRs are encrypted and stored in semi-trust servers. The access structure in our scheme is expressive access tree structure, and the security of our scheme can be reduced to the standard decisional bilinear Diffie–Hellman assumption.

Original languageEnglish
Pages (from-to)487-497
Number of pages11
JournalInternational Journal of Information Security
Issue number6
Publication statusPublished - 29 Nov 2014
Externally publishedYes


  • Attribute-based encryption
  • Cloud computing
  • Data privacy
  • Fine-grained access control
  • Personal health records

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation'. Together they form a unique fingerprint.

Cite this