Collusion resistant multi-authority access control scheme with privacy protection for personal health records

The personal health record (PHR) is an important part of the smart health system. The medical profession can provide medical services to patients in time by accessing PHRs stored in the cloud. However, PHR suffers from unauthorized access and disclosure of a large amount of private information at present. Privacy protection of personal data and tracking and accountability of malicious users have been important issues in smart health systems. In this paper, we construct an accountable access control scheme based on ciphertext-policy attribute-based encryption (CP-ABE) scheme. Blockchain accounting node distributes the decryption key, and an audit mechanism judges whether the key is leaked by a malicious user or a corrupt node. The authority and user jointly generate the complete decryption key, which reduces the power of authority and resists collusion attacks between revoked users and unrevoked users. The revocation mechanism deletes the malicious users by updating parts of the ciphertext. Furthermore, blockchain records all operations in the form of transactions that can prevent tampering with ciphertext and trace the dishonest behavior of each entity. Security analysis and performance efficiency comparison show that our scheme is more practical and has important practical significance than the existing schemes. (c) 2023 The Author(s). Published by Elsevier B.V. on behalf of King Saud University. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).