The Research On Dynamic Access Control Based On Personal Health Record(PHR)Cloud Management System

With the development of cloud computing,an increasing number of users are using cloud based personal health record(PHR)systems.The PHR is closely tied to patient privacy,and thus existing studies suggest encrypting PHRs before outsourcing.Comparison-based encryption(CBE)was the first to implement time comparison in an attribute-based access policy by means of the forward and backward derivation functions.However,CBE cannot be directly applied to cloud-based PHR environments for the following reasons:First,the cost of encryption for the data owner grows linearly with the number of attributes in the access policy.Second,policy updating incurs high communication and computation costs for the data owner.To efficiently implement a dynamic access policy for PHRs in clouds,we first propose a hierarchical comparison-based encryption(HCBE)scheme that incorporates an attribute hierarchy into CBE.The HCBE scheme encrypts a ciphertext with a small number of generalized attributes at a higher level rather than many specific attributes at a lower level,greatly improving the encryption performance.Furthermore,we encode each attribute node with the positive-negative depth-first(PNDF)coding.By virtue of the backward derivation function of the CBE scheme,the users associated with the specific attributes can decrypt the ciphertext encrypted with the generalized attributes,within the specified time.Using the HCBE scheme as a foundation,we then develop a dynamic policy updating(DPU)scheme by utilizing the proxy re-encryption(PRE)technique.The main idea of the DPU scheme is to allow the data owner to send an update key to the cloud,which will update the access policy associated with the ciphertext without knowing the content of the plaintext.The DPU scheme can avoid the transmission of ciphertext and minimize the computation overhead incurred by the data owner by delegating the policy updating operations to the cloud.Finally,we completed the above work,and designed a reasonable experimental program.The experiment results show the HCBE scheme and the DPU scheme have better performance in terms of the encryption cost and the policy update,compared with the CBE scheme.