Open Access  Subscription or Fee Access

Personal Health Records (PHR) are often outsourced to be stored at the third party such as cloud service providers where those information could be exposed to unauthorized users and third party servers. to ensure the control over access to users PHR it is secure to encrypt the PHR before outsourcing ,there have been variety of risks of flexible access , key management, privacy exposure and user revocation ,have remained the most important challenges that leads to cryptographically enforced data access control . In this paper, I propose novel patient centric framework and suite of access policy to PHR‟s to be outsourced. scalability in key management and high degree of user (patient) privacy is achieved by exploiting multi owner attribute based encryption (ABE) .my scheme also enables dynamic modification of access policies or file attributes, user revocation, emergency access through break – glass access

Attribute- Based Encryption, Access Policy, Personal Health Records, User Revocation

M. Li, S. Yu, K. Ren, and W. Lou, “Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings,” in SecureComm‟10, Sept. 2010, pp. 89–106.

H. L¨ohr, A.-R. Sadeghi, and M. Winandy, “Securing the e-health cloud,” in Proceedings of the 1st ACM International Health Informatics Symposium, ser. IHI ‟10, 2010, pp. 220–229.

M. Li, S. Yu, N. Cao, and W. Lou, “Authorized private keyword search over encrypted personal health records in cloud computing,” in ICDCS ‟11, Jun. 2011.

“The health insurance portability and accountability act.” [Online].Available:http://www.cms.hhs.gov/HIPAAGenInfo/01 Overview.asp

“Google, microsoft say hipaa stimulus rule doesn‟t apply to them,” http://www.ihealthbeat.org/Articles/2009/4/8/.

“At risk of exposure – in the push for electronic medical records, concern is growing about how well privacy can be safeguarded,” 2006. [Online]. Available: http://articles.latimes.com/2006/jun/26/health/he-privacy26

S. Kamara and K. Lauter, “Cryptographic cloud storage,” in Proc. of FC, January 2010, pp. 136-149.

M. Armbrust, A. Fox, R. Griffith, A. D.Joseph, R. H.Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, andM. Zaharia, “A View of Cloud Computing,” Communications of the ACM, vol. 53, no. 4, pp. 50-58, Apirl 2010.

S. Yu, C. Wang, K. Ren, and W. Lou,“ Achieving secure, scalable, and fine- grained data access control in cloud computing,” in Proc. of INFOCOM, 2010, pp. 534-542.

M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Scalable secure file sharing on untrusted storage,” in Proc. Of FAST, 2003, pp. 29-42.

E. Goh, H. Shacham, N. Modadugu, and D. Boneh, “Sirius: Securing remote untrusted storage,” in Proc. of NDSS, 2003, pp. 131-145.

G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved proxy re-encryption schemes with applications to secure distributed storage,” in Proc. of NDSS, 2005, pp. 29-43.

R. Lu, X. Lin, X. Liang, and X. Shen, “Secure Provenance: The Essential of Bread and Butter of Data Forensics in Cloud Computing,”, in Proc. of AISIACCS, 2010, pp. 282-292.

N. Shang, M. Nabeel, F. Paci, and E. Bertino, “A privacypreserving approach to policy-based content dissemination,”in ICDE ‟10: Proceedings of the 2010 IEEE 26th InternationalConference on Data Engineering, 2010

Y. Challal and H. Seba, “Group key management protocols: Anovel taxonomy,” International Journal of Information Technology, vol. 2, no. 2, pp. 105–118, 2006.

H. Harney and C. Muckenhirn, “Group key management protocol (gkmp) specification,” Network Working Group, United States, Tech. Rep., 1997.

E. F. Brickell, “Some ideal secret sharing schemes,” in EUROCRYPT ‟89: Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology. New York, NY, USA: Springer-Verlag New York, Inc., 1990, pp. 468–475.

N. Shang, M. Nabeel, F. Paci, and E. Bertino, “A privacypreserving approach to policy-based content dissemination,” in ICDE ‟10: Proceedings of the 2010 IEEE 26th International Conference on Data Engineering, 2010.

O. Goldreich, Foundations of Cryptography: Basic Tools. New York, NY, USA: Cambridge University Press, 2000.

M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols,” in CCS ‟93: Proceedings of the 1st ACM conference on Computer and communications security. New York, NY, USA: ACM, 1993, pp. 62–73.

S. Goldwasser, S. Micali, and C. Rackoff, “The knowledge complexity of interactive proof-systems,” in STOC ‟85: Proceedings of the seventeenth annual ACM symposium on Theory of computing. NewYork, NY, USA: ACM, 1985, pp. 291–304.

A. Kundu and E. Bertino, “Structural signatures for tree data structures,” Proc. VLDB Endow., vol. 1, no. 1, pp. 138–150, 2008.

S. Coull, M. Green, and S. Hohenberger, “Controlling access to an oblivious database using stateful anonymous credentials,” in Irvine: Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography. Berlin, Heidelberg: Springer-Verlag, 2009, pp. 501–520.