Ciphertext Policy Attribute Reduction based Encryption Algorithm in Cloud Instances for Electronic Health Records

Abstract

In recent times, cloud computing has become the most prominent computational paradigm. The adoption of cloud technologies has led to formidable advantages for enterprises. On the other hand, the use of cloud computing services poses several se curity risks and challenges. With the growing acceptance of cloud computing services, the confidentiality and integrity of the data need to be protected. As large amounts of data stored over the cloud contain sensitive data, storing this data with third party ser vice providers poses a significant threat to data privacy. Access control is the principal requirement in the cloud computing environment among all other security and privacy requirements to prevent unauthorized access in the cloud system. In healthcare organi zations, access control is the key feature, So safeguarding a huge amount of health data has become a significant challenge that prominently leads to the emergence of Elec tronic Health Records (EHR). The patient data is stored in the form of user attributes in EHR in private or public cloud environments. EHR is an emerging patient-centric health data-sharing model that is outsourced to third-party vendors available with cloud providers. Due to the highly valued sensitive personal data, the third-party storage servers often prevail as targets for varied malicious behaviors. Issues such as risks of privacy exposure, scalability in key management, flex ible user access policy, and efficient user revocation are the existing challenges. Around 2181 EHR breaches have been involved, resulting in the exposure of 176 million PHI (Personal Health Information) during the last 12 years (Adil Hussain Seh et al.(2020)). Anthem Inc. reported that 80 million personal data of their customers had been com promised by gaining access to their internal database. Howard University hospital also experienced a data breach of around 34,000 patient records. Malicious attacks lead to the disclosure of the PHI as EHR is stored in the cloud. Consequently,it becomes imperative for the us