This full-text paper was peer-reviewed and accepted to be presented at the IEEE WiSPNET 2016 conference. An Efficient Key Management Infrastructure for Personal Health Records in Cloud Sathishkumar Easwarmoorthy 1 , Sophia F 2 , Aravind Karrothu 3 Research Scholar 1,2,3 School of Information Technology VIT University Vellore, India srisathishkumarve@gmail.com 1 , sophia.allw30@gmail.com 2 , karrothuaravind118@gmail.com 3 Abstract— Personal Health Record (PHR) allows patients to create, manage, control and share their health information with other users as well as healthcare providers. The PHR is stored in “honest but curious” cloud servers and the system has serious privacy and security issues like cryptographic attacks, unknown access to the data etc. To overcome these issues, a novel and Efficient Key Management Infrastructure (EKMI) is proposed, which divides the system into two domains namely public domain (PUDs) and personal domain (PSDs) to achieve fine grained access control. The PUDs consists of users who make access based on their professional roles, such as doctors, nurses and medical researcher. The PSD users are personally associated with a data owner such as family members or close friends and they make access to PHR based on access rights assigned by the owner. In PHR unknown users may access the sensitive data; to overcome this revocation is proposed. Revocation is the process of revoking the users from their access. EKMI uses a new Decentralized Key Policy Attribute based Encryption (DKPABE) with user revocation in Private Domain and Multi Authority Cipher text Policy Attribute Based Encryption (MACPABE) with attribute revocation in Public Domain. In revocation Lazy revocation concept is used to reduce the computation overhead on cloud server. The EKMI system proves to be resistant to collusion attacks by employing Tokenization concept in above algorithms. The experimental analysis shows that the EKMI system reduces the time complexity of key generation for both domains and hence it is efficient when compared to existing systems. Keywords—personal health record – collusion resistant – decentralized – attribute based encryption – tokenization – revocation – fine grained access control. I. INTRODUCTION Personal health record is an emerging model which is used to store the personal health information of patients. Through PHR, patients referred here as data owners, can share their records with friends, relatives, family members, doctors and other professional users. The doctors can easily get information regarding a patient’s health history and make emergency access if needed. PHR are stored in a third party cloud service providers which is honest but curious means, the cloud servers being honest also tries to gather information illegally. The data present in third party servers are not fully controlled by the data owners. This results in serious security [2] and privacy issues [1]. Some key management infrastructures with data outsourced are presented in [3] and [4].In [4] the PHR is divided in to two domains namely public domain and private domain to reduce the complexity involved in key management. The system uses attribute based encryption (ABE) techniques to encrypt the personal records and delegate the access to the owners and share the data with users. It uses two types of ABE schemes, Key policy ABE (KPABE) and Cipher text policy ABE (CPABE), one for each domain. In personal domain, the users are related to the data owner personally like friends, family members and caretakers. The data owner directly controls the users in this domain, as they are small in number and can be easily managed. The data owner, themselves decide, which data can be viewed by the users. KPABE is used here. In public domain, the users are professionally related to data owner like doctors, researchers. They are managed by the system, as the users in public domain are huge in number and it would be tough for data owners to manage them. CPABE is used to encrypt data in public domain. In PHR unknown users may access the sensitive data; to overcome this revocation is used which is to revoke users from their access. The ABE schemes with Central authority to grant control to users is given in [4]. ABE is used as the building block to express flexible access structure. These schemes have several drawbacks. Firstly, with a single central authority it is difficult the manage system with large number of users. Secondly, if the central authority fails or corrupted, the whole system will fail and the privacy and security of the data will be lost. There are lot attacks possible in PHR in which collusion attack is a serious cryptographic attack that demolishes the security of the system [6]. Thus the system should ensure that no two users can combine their secret keys to gain access to unauthorized data. The existing systems often yield to collusion attacks [4], [7]. The collusion attack is proved for the system proposed in [4]. A. Related works In the Han et al. scheme [5], the first privacy preserving decentralized KPABE encryption algorithm is proposed. In this work, the authorities are not connected through central authority. Hence the authorities can work independently. The Global Identifier, that uniquely identifies the user in this system, is used to connect the keys of the user. Although the system reduces the overhead and other privacy issues involved with central authority, it failed to solve the collusion attack between users. The paper [6] throws light on the security failure of Han et al.’s scheme [5]. It provides three 1651 978-1-4673-9338-6/16/$31.00 c 2016 IEEE