29th International Conference on Information Technology (IT) ˇ Zabljak, 19 – 22 February, 2025 Enhancing Traceability and Security in mHealth Systems: A Proximal Policy Optimization-Based Multi-Authority Attribute-Based Encryption Approach Bhargavi Konda, Akhila Reddy Yadulla, Vinay Kumar Kasula, Mounica Yenugula and Chakradhar Adupa Abstract— Mobile healthcare (mHealth) is an emerging tech- nology that facilitates the sharing of personal health records (PHR), but it also introduces risks related to the security and privacy of PHRs. To address these concerns, Attribute- Based Encryption (ABE) has been proposed as an advanced cryptographic solution to enable fine-grained access control over encrypted data. However, existing attribute-based mHealth systems often lack efficient traceability or are limited to a single authority. This paper presents a novel traceable multi-authority ABE scheme, incorporating Proximal Policy Optimization (PPO), a state-of-the-art reinforcement learning algorithm, to enhance traceability and security. The scheme is built on composite order groups and supports arbitrary monotonic access structures defined by Linear Secret Sharing Schemes (LSSS). The security of the system is validated under adaptive security assumptions, with PPO optimizing the access control decisions and identifying potential vulnerabilities in real-time. Additionally, the performance of the system is evalu- ated, demonstrating its efficiency, scalability, and availability for practical mHealth applications. This approach not only ensures robust access control but also guarantees high adaptability and traceability, effectively addressing privacy concerns in the sharing of sensitive health data. I. I NTRODUCTION Mobile healthcare (mHealth) systems leverage mobile devices and emerging technologies such as cloud computing, wireless sensors, and communication technologies to collect, record, and integrate personal health records (PHRs). These records are then uploaded to cloud-based health information management platforms, enabling various health services from providers. While mHealth offers a convenient way to share PHRs and provide personalized healthcare services, it also introduces significant privacy and security challenges due to *This work was not supported by any organization Bhargavi Konda is a Systems Analyst IV, HRIS, Auburndale, MA 02466 USA (e-mail: bhargavi kondaatriushealth.org) Vinay Kumar Kasula is a Sr. Systems Applications Analyst, VISA Inc, Ashburn, VA 20147, USA (e-mail: vikasula@visa.com) Akhila Reddy Yadulla, Mounica Yenugula is with the Depart- ment of Information Technology, University of the Cumberlands, Williamsburg, KY 40769, USA (e-mail: akhilareddyyadulla@ieee.org; ymounica.phd@ieee.org) Chakradhar Adupa is Assistant Professor of Department of Electronics and Communication Engineering, SR University, Hanamkonda, TG 506371, India (e-mail: chakradhar.a@sru.edu.in) the sensitive nature of PHRs, such as medical histories and diagnostic records [1] [2]. Attribute-Based Encryption (ABE) has emerged as a pow- erful cryptographic technique to address these challenges by enabling fine-grained access control through the association of data encryption with user attributes. ABE supports a one-to-many encryption model, ensuring data confidentiality and controlled access. ABE schemes are generally classified into two types: Ciphertext-Policy ABE (CP-ABE), where the data owner defines the access policy, and Key-Policy ABE (KP-ABE), where the access policy is embedded within the users private key [3]. CP-ABE is particularly well-suited for mHealth systems, as it allows data owners to specify access policies that align with real-world scenarios and their needs for fine-grained control [4]. However, existing mHealth systems face two major chal- lenges in implementing ABE effectively: • Single Authority Bottleneck: In single-authority ABE schemes, a central authority manages the entire attribute domain and generates all user keys, which creates a bottleneck in terms of both system performance and security. Multi-authority ABE schemes were introduced to address this issue by distributing the management of attributes across multiple authorities [5]. Despite this, early multi-authority schemes lacked essential features such as adaptive security or traceability, limiting their applicability in real-world scenarios. • Malicious User Traceability: In ABE systems, ma- licious users may sell their decryption keys to unau- thorized users for illegal benefits. Given that attributes in ABE can be shared among multiple users, tracing the source of compromised keys becomes a challeng- ing task. Existing traceable ABE schemes often focus on single-authority setups or rely on simplistic access policies, which restrict their scalability and robustness [6] [7]. This paper aims to address these challenges by integrating Proximal Policy Optimization (PPO), a cutting-edge rein- forcement learning algorithm, into a novel multi-authority CP-ABE scheme. The proposed scheme enhances traceabil- ity by enabling the identification of malicious users and ensures adaptive security in multi-authority settings. The 979-8-3315-1764-9/25/$31.00 ©2025 IEEE