Preprint: In proceedings of IEEE International Conference on Digital Health (ICDH) 2021

Secure Cloud EHR with Semantic Access Control,

Searchable Encryption and Attribute Revocation
Redwan Walid Karuna P. Joshi Seung Geol Choi
Department of Information Systems Department of Information Systems Department of Computer Science
University of Maryland, Baltimore County University of Maryland, Baltimore County United States Naval Academy
Baltimore, MD, US Baltimore, MD, US Annapolis, MD, US
rwalid1@umbc.edu karuna.joshi@umbc.edu choi@usna.edu

Abstract—To ensure a secure Cloud-based Electronic Health be financially devastating to an organization. Noncompliance
Record (EHR) system, we need to encrypt data and impose carries a range of penalties depending on the degree of
field-level access control to prevent malicious usage. Since the misconduct which can result in hefty fines. Violations can also
attributes of the Users will change with time, the encryption
policies adopted may also vary. For large EHR systems, it is lead to an arrest. As a result, an EHR solution must abide with
often necessary to search through the encrypted data in real- all applicable laws and regulations and also allow an easy and
time and perform client-side computations without decrypting all seamless exchange of patient information.
patient records. This paper describes our novel cloud-based EHR
system that uses Attribute Based Encryption (ABE) combined A. Motivation
with Semantic Web technologies to facilitate differential access
to an EHR, thereby ensuring only Users with valid attributes EHR system with semantic access control. Recently, Walid
can access a particular field of the EHR. The system also et al. [55] proposed a cloud-based EHR system that offers
includes searchable encryption using keyword index and search
trapdoor, which allows querying EHR fields without decrypting
a semantically rich, policy-driven mechanism that employs
the entire patient record. The attribute revocation feature is Attribute-Based Access Control (ABAC) [22] to evaluate
efficiently managed in our EHR by delegating the revision of the users’ entrance to the system.
secret key and ciphertext to the Cloud Service Provider (CSP). The architecture of their system was created using Semantic
Our methodology incorporates advanced security features that Web Technologies [7]. By referencing the HIPAA knowledge
eliminate malicious use of EHR data and contributes significantly
towards ensuring secure digital health systems on the Cloud.
graph (ontology) developed in [23], they created a HIPAA-
Index Terms—Attribute Revocation, Searchable Encryption, consistent knowledge graph. This way, the system systemati-
Electronic Health Record, Knowledge Graph (Ontology), Cloud cally addressed the issues with the aforementioned compliance
Computing, Cloud Security problem.
In particular, the system used a knowledge graph to derive
I. I NTRODUCTION user attributes and the EHR fields based on the type of
request. The knowledge graph is queried using SPARQL, and
Healthcare organizations are increasingly adopting cloud-
it entails complete details of individuals in the organization
based technologies to maintain their digital records efficiently.
and their associated unique attributes. The unique attribute
A cloud-based Electronic Health Record (EHR) service allows
control various access to different fields of an EHR. Thus,
centralizing patient data and using the advantages of elasticity
each individual has distinct access to a patient EHR.
and scalability of a cloud infrastructure [5], [34], [35], [40].
The system also allowed the client to search through en-
The cloud also offers a highly supportive atmosphere for
crypted data based on keyword queries, without needing to
efficiently handling the load [2]. Moreover, cloud services are
download and decrypt all encrypted data from the cloud.
usually a more economical solution than others when they
develop a technology infrastructure to deploy their services. Disadvantages of the work [55]. Although their system
It has become much more popular due to the pay-as-you-go has many good features, it still has a few disadvantages. In
concept, which incentivizes customers to pay only for what this work, we want to improve the system by resolving those
they want and how much they use. disadvantages.
Although the Cloud offers many advantages, it also con- First of all, the system uses two different encryption
tinues to pose unique risks to healthcare organizations in schemes, one for searchability and the other for data encryp-
terms of data privacy and security. With the recognition of the tion. It often becomes more cumbersome in large systems to
security risks, all healthcare organizations must comply with have multiple schemes within a system, as more keys and
Health Insurance Portability and Accountability Act (HIPAA) policies may have to be maintained. A system would be better
[14], [50] and Health Information Technology for Economic if it uses a single encryption scheme.
and Clinical Health (HITECH) [49] privacy guidelines set by Second, although the system provides the search feature, the
regulatory authorities. Failing to comply with the acts can search time is quite slow. In the presence of Big data, it usually
requires a lot of time and analysis to search through the data changes in the system along with the associated EHR fields.
to locate specific patients with certain diseases or conditions. So, the knowledge graph functions to revoke unwanted user
We want to speed up the search time. attributes and help to protect patient privacy.
Most importantly, the system doesn’t provide revocation. The outsourcing framework also benefits when the system
It is essential that an attribute-based EHR system have an performs revocation. In particular, when a user attribute is
attribute revocation feature, since the organization policies and revoked, the revocation takes place only in the CSP level.
the user attributes keep changing with time. For example, a This works because a user secret is split into two keys, and
physician might have been promoted, so its attributes would revoking only one key would still disable the function of a user
change. Likewise, an employee might have moved to another secret. The secret key that lies within the user remains firm
department, or an employee leaves the organization, so its during the entire revocation process, which greatly simplifies
unique attributes must be revoked from the system. Often the the revocation process.
organization policies also vary with time, which requires some
attributes to be revoked. Edge computing. The term edge computing [51] refers to
B. Our Work the need to analyze data locally before sending it to the cloud,
and we have followed this principle in our system. Inside the
In this paper, we improve the EHR system in [55] by
organizational periphery, which we refer to as the edge in
resolving the issues mentioned above. Below, we overview
our system, we enforce an access control mechanism on the
our system.
records. All users are checked only within the organization’s
Underlying ABE encryption. We use the revocable, search- borders, preserving their anonymity. Within the organization
able ABE scheme introduced by Wang et al. [59]. The scheme limit, we have implemented a robust encryption approach that
provides both searchability and data encryption, which fits protects data integrity from privacy risks until moving it to the
our purpose. The scheme also allows us to outsource the cloud. As a result, the frontier continues to be a formidable
computation to the cloud, which we describe next. barrier to data protection.
Outsourcing the computation to cloud. In general, our
system requires fewer computations as most functions are Threat model. Cloud users, while storing their data on the
safely delegated to the cloud service provider (CSP). This cloud, usually categorize CSP on one of these threat models:
is achieved by splitting each user’s secret into two keys and the Honest-But-Curious (HBC) adversary model, where CSPs
having one key uploaded to the CSP while the other key is run the programs and algorithms correctly, but might look
kept secret to the user. at the information passed between entities; or the malicious
For example, since each user has a dedicated private key adversary model, where providers behave in an arbitrary
stored within the CSP, partial decryption is delegated to the manner that may be hostile to the cloud customer [42]. We
CSP. The output from the partial decryption still hides the have considered the HBC threat model for our approach since
plaintext from the CSP and outsiders. However, given the cloud users trust the functionality of their applications running
partial decryption from the CSP, the user can recover the on the cloud, but they may not fully trust the CSP whose
plaintext record with much less effort. dataset is stored in distant Cloud data centers. First of all,
Clouds may be exposed to tainted workers who fail to adhere
Faster search time. Owing to the presence of Big Data,
to data protection standards. Secondly, cloud applications may
searching through encrypted data requires utmost attention.
be subject to external cyberattacks, and cloud users may not
The search time can also be improved, thanks to the outsourc-
be aware of the possible repercussions on their data security
ing framework.
when such invasions occur. The users worry that the CSP
In particular, to search for a keyword in the encrypted index
might attempt to decrypt the data by analyzing it thoroughly
for the EHR database, the user first creates a token connected
or monitoring data traffic between users. We presume our
with a keyword query. For privacy, the token hides the keyword
framework to withstand a compromised user attempting to
from the CSP.
decode ciphertext with her decryption key and gain knowledge.
Once the CSP gets the search token, the CSP uses the token
We also assume our system to be resilient in the face of a user
to run the search algorithm over the ciphertexts to see which
alliance trying to crack the ciphertext with decryption keys
ones have the privately linked keyword (s). When the indexes,
that no single member of the coalition can decode with her
keywords, and the user’s attributes are set to meet the ci-
decryption key.
phertext access control policies, the cloud service retrieves the
search results. The encoded version of the message containing
the keyword is sent back to the recipient.
C. Organization
Our technique enables keyword search with substantially
reduced network latency and client-side computing costs com- The remainder of the paper is structured as follows – We
pared to prior work [55]. discuss related work in Section II, preliminaries in section III,
Attribute revocation. The knowledge graph records all system architecture in Section IV, system implementation in
users and patients in our framework, considering all attribute Section V, and conclusions in Section VI.
 II. R ELATED W ORK retrieval and their usage of incorrect contexts. Semantic Web
A. Electronic Health Record System technologies include languages such as Resource Description
Framework (RDF) [26] and Web Ontology Language (OWL)
Digital health record systems are commonly employed to
[43] for defining ontologies and describing meta-data using
enhance hospital services, improve treatment efficacy, and
these ontologies as well as tools for reasoning over these
reduce premiums [16], [25]. EHR records a patient’s vital stats,
descriptions.
diagnoses, medications, immunization history, laboratory and
radiology reports, doctor notes, and other medical facts along Our most fundamental requirement is for a representation
with the patient’s details. An EHR system provides several that supports interoperability at both the syntactic and semantic
benefits such as accurate documentation, disease tracking, levels. OWL has well-defined semantics grounded in first-
data sharing, statistical analysis, and so forth. Consequently, order logic and model theory, allowing programs to draw
security and privacy concerns have hampered the spread of inferences with the assurance that the subsequent interpretation
the EHR system, and they have received increasing focus in is sound. An important advantage for OWL over many other
current years [35]–[37], [48]. Narayan et al. [45] recommended knowledge-representation systems is that it has well-defined
using ABE to protect the privacy of EHR data from outside subset profiles guaranteeing sound and complete reasoning
threats, as well as the CSP. Fatos et al. [60] originally with various levels of reasoning complexity and is designed
presented a multi-user fuzzy keyword search method that to work with popular implementation technologies, such as
supported fine-grained permission restriction over encrypted OWL QL for databases and OWL RL for rule-based systems.
data. A second design requirement is for a language that is designed
Unfortunately, most proposed solutions fall short in provid- to integrate well with the Web and Cloud, which is becoming
ing controlled access, encryption device, searchable encryp- the dominant technology for today’s digital health systems.
tion, and attribute revocation. Furthermore, the majority of These technologies can be used to provide common semantics
the accessible application is licensed, making them costly to of service information and policies enabling all agents who
use. In this circumstance, our research effort tries to develop understand essential Semantic Web technologies to communi-
an open-source, low-cost EHR management system that can cate and use each other’s data and Services effectively. OWL is
provide advanced data privacy and protection levels. built on basic Web standards and protocols and is evolving to
remain compatible with them. It is possible to embed RDF and
B. Regulatory Policies OWL knowledge in HTML pages, and several search engines
Patient data is secured in the United States under some (including Google) will find and process some embedded RDF.
statutes; the most notable is the HIPAA Act. Electronic safe
health information (ePHI) [11] is the name given to the
information about one’s health that is protected by these
D. Attribute-Based Encryption
rules. The Health Information Technology for Economic and
Clinical Health Act (HITECH) allows sharing ePHI while still
ABE [17], introduced by Sahai and Waters, has been one
requiring HIPAA privacy and protection laws to be applied
way to ensure data security and eliminate risks. In ABE [17],
more strictly and thoroughly [1]. These rules, on the other
The data is encoded using a set of attributes, and the private
hand, make no mention of encryption principles or algorithms.
key is defined using a different set of attributes. Based on the
Furthermore, data encryption in data access control and trans-
threshold parameter, the ciphertext can only be deciphered if
fer is defined as addressable rather than mandatory. This left
the two sets of attributes overlap. One of the EHR system
space for different definitions and then became a source of
security developments was known as ABE [3], [6], and [45].
debate regarding sharing ePHI. Cloud-based EHR services in
It has been further divided into ciphertext-policy ABE (CP-
the United States are required to comply with these regulatory
ABE) [8] and key-policy ABE (KP-ABE) [4] due to lack of
standards and ensure enhanced data protection combined with
expressibility. The secret key is coupled with an attribute set in
the seamless user experience that cloud services offer. This
CP-ABE [8], and the ciphertext is paired with an access policy.
also requires implementing strict access control mechanisms
In most cases, the policy is defined as a Boolean formula
to provide unauthorized access by any user is prohibited by
with a specific set of attributes. A secret key may decrypt a
their EHR.
ciphertext if the attributes set match the access policy, while
C. Semantic Web Technologies the whole scenario is reversed in the KP-ABE scheme.
We have used Semantic Web technologies to develop our CP-ABE [8] is considered more effective for authentication
system’s knowledge graph and the reasoning component of in the cloud because an individual ciphertext defines a policy
our system. These enable us to build the schema using W3C that explicitly specifies attributes that data users must hold for
standardized languages that support our design requirements, the encryption process. Joshi et al. [24] developed attributed-
including interoperability, sound semantics, Web integration, based access control (ABAC) that is semantically enriched in
and the availability of tools and system components. Seman- accessing data leveraging CP-ABE [8]. Their model evaluates
tic Web tools enable data to be annotated with machine- access categories based on user attributes and EHR fields. The
understandable meta-data, allowing the automation of their national hub controls both EHR secure entry and distribution.
E. Attribute-Based Encryption With Attribute Revocation on symmetric cryptography, establishing a significant standard
Since the user’s attribute can vary significantly over time, for keyword search on encrypted data. Boneh et al. [10] later
attribute revocation is crucial in ABE frameworks. Perretti et pioneered SE research into public-key cryptography. Follow-
al. [46] were the first to implement attribute revocation, which ing that, numerous SE schemes were developed to improve
they accomplished by a timed rekeying process. Each attribute search performance, security issues, and search functionality
had an expiration time in the system, so authority centers [12], [15], [27], [32], [53]. Attribute-based keyword search,
had to reprint revised keys regularly. The authority center had which combines ABE and SE properties, has seen many hypes
to cease releasing and modifying the current edition of the in current history that can be seen in [28], [29], [33], [44], [58],
attribute to revoke an attribute in the scheme. Bethencourt [64], and [38].
et al. [8] later expanded Perretti’s work where there was a III. P RELIMINARIES
single expiration time connected with the user’s private key.
Let λ be the security parameter.
Boldyreva et al. [9] proposed a revocable KP-ABE scheme
that improved on their previous revocable IBE. Wang et al. A. Revocable, Searchable ABE
[57], [56] presented two explicitly revocable CP-ABE frame- In this section, we describe revocable, searchable attribute-
works based on bilinear and multilinear maps, accordingly. based encryption scheme.
Several ABE systems involving instant attribute revocation
were suggested in current history. Yu et al. [62] and Ibraimi Syntax. Let X be the attribute universe. A revocable, search-
proposed et al. [21] the CP-ABE scheme that employs a semi- able ABE consists of the following algorithms:
λ
trusted proxy server to execute instant attribute revocation. • Setup(1 , X ) → (mpk, msk, msvk). The setup algorithm

Their approach shifted the authority’s responsibilities to the gets as input the security parameter λ, the attribute
proxy server, significantly reducing the authority’s burden. universe X . It outputs the public parameter mpk, the
They have, nevertheless, been unable to obtain fine-grained master secret key msk, and the master secret version key.
access control. Furthermore, as the number of users increases The master secret version key will be updated when users
rapidly, the proxy server’s update work skyrockets. Li et al. or attributes are revoked through algorithm Update-msvk
[31] devised an effective CP-ABE scheme of user revocation described below.
1 2
with a lower computing expense. Several other schemes can • KeyGen(msk, msvk, x) → (skx , skx ). The key generation

be seen in [66], [47], [63], and [39]. algorithm gets as input msk, msvk and a set of attributes
Computational efficiency is another consideration in the x. It outputs a pair of secret keys (sk1x , sk2x ).
latest ABE schemes. Outsourced decoding technologies can The first key sk1x will be sent to the user, and the second
help decrease the user’s computing load. Green et al. [18] first key sk2x will be stored on the cloud server.
proposed an effective ABE scheme that facilitates outsourced • Enc(mpk, msk, f, m) → ctf . The encryption algorithm

decoding. The bulk of decryption activities are done by the gets as input mpk, and a boolean formula f over X , and
CSP using the users’ key. Zhou et al. in [65] suggested a message m. It outputs a cipehrtext ctf .
an optimized data management system centered on mobile • EncInd(mpk, W ) → IW . The encrypted index algorithm

devices, in which portions of the encryption and decryption gets as input mpk, and a set of keywords W . It outputs
processes were safely delegated to the CSP without sensitive an encrypted index IW for W .
1
data leakage. Li et al. [30] proposed an ABE scheme including • Token(skx , w) → tw . The token generation algorithm

complete verification for outsourced decryption, which ad- gets as input the user secret key sk1x and a query keyword
dresses the problem of ensuring the accuracy of outsourced w. It outputs a token tw .
2
decryption for unauthorized individuals. The scheme imple- • Test(skx , IW , tw ) → 0/1. The test algorithm gets as

mented in our systems seems to be perfect compared to [20], input the clout secret key sk2x , the encrypted index IW and
[61], [54], and [41]. the user generated token tw . If the embedded keyword in
tw is contained in IW , it outputs true; otherwise it outputs
F. Keyword Search Over Encrypted Data false.
Fast and efficient searchability is required for any EHR Note that this algorithm can be performed by the cloud
system, particularly in the movement of evidence-based health- that holds the key sk2x when it receives the token tw for
care, because doctors have a limited time in which to make the user; the encrypted index IW is typically stored on
judgments. Dawes et al. [13] mentioned that time constraints the cloud server.
2
are the most significant factor impeding computer systems in • Decrypt-cloud(skx , ctf ) → pd. This algorithm gets as
medical practice. Physicians indicated that response time is input the cloud secret key sk2x and the ciphertext ctf . If
one of the obstacles to EHR system adoption in another study f (x) = 1, it outputs partial decryption pd; otherwise, it
by Holden et al. [19]. Searchable encryption (SE) thus remains outputs an error.
1
to be of the utmost important feature in EHR systems. • Decrypt-user(skx , pd) → m. Given the partial decryp-
SE is an encryption technique that allows users to scan tion, the user with sk1x will recover the message m.
for keywords in cyphertext without revealing the keywords. • Update-msvk(msvk, x) → ∆x . This algorithm is run by
Song et al. [52] first devised a realistic SE scheme focused the central authority to update the attribute x when a
 user with attribute x is revoked. The algorithm updates organizations control these two modules, they are known as
the master secret version key for the attribute x, and also trustworthy bodies. All users are authenticated inside the or-
outputs ∆x to be used for updating the master public key, ganizational perimeters, preserving their anonymity. The other
the cloud secret key that is associated with attribute x, section concerns an untrustworthy CSP. Before uploading data
and ciphertexts associated with attribute x. to the cloud, a rigorous encryption approach is implemented
• Update-mpk(mpk, ∆x ). This algorithm updates the mas- within the organizational border to protect data integrity from
ter public key mpk using ∆x . privacy risks. An attacker may also be sabotaging the CSP. In
• Update-cloudkey(sk2x , ∆x ). This algorithm updates the our system, we assume a compromised CSP will behave in an
cloud secret key sk2x using ∆x . honest-but-curious manner [42].
• Update-ct(ct, ∆x ). This algorithm updates ciphertext ct Our framework has a diverse set of users, authorities, and
using ∆x . data owners from various medical fields. A single CSP stores
the EHRs, encrypted index file, and user’s secondary secret
Revocation Security. For a stateful adversary A and secu- keys. The Authentication module performs a thorough check
rity parameter λ, we define an experiment ExptrevokeA (λ) as on any request to the framework. Each user is granted access
follows: rights based on attributes as determined by the organization’s
Exptrevoke
A (λ): policies. Patients have read access to all fields of their EHR.
f ∗ ← A(1λ );
(mpk, msk, msvk) ← Setup(1λ , X ); Use cases. Whether users choose to read, write, revoke an
(m0 , m1 ) ← AKeyGen(msk,msvk,·),Update-msvk(msvk,·) (mpk); attribute, or browse through encrypted EHRs, our framework
b ←R {0, 1}; has multiple use cases. A user first asks for access to the EHR
ctf ∗ ← Enc(mpk, f ∗ , mb ); system. The Authentication Module reviews the application by
b0 ← A(ctf ∗ ) looking over the user attributes in the user graph and ABAC
If b = b0 output 1; otherwise output 0. rules defined according to the individual company policy. If
the attributes follow the guidelines of the company, access is
In the above, all queries x that A makes to oracle
granted.
KeyGen(msk, msvk, ·) should satisfy f ∗ (x) 6= 1. In addition,
Whenever a user modifies an EHR, the framework uses the
all queries m0 and m1 should have the same length.
Data Processing Module to encrypt the updated details of the
A revocable, searchable ABE is said to be revocation
accessed fields. The Attribute Control Center in this module
secure, if for all polynomial adversary A, the probability
supplies the user attributes during the process. The Key
| Pr[Exptrevoke (λ)] − 1/2| is negligible in λ.
Production Unit provides encryption keys for re-encryption.
Keyword-search Security. For a stateful adversary A and The EHR ontology housed with the CSP is then modified with
security parameter λ, we define an experiment Exptkeyword (λ) the ciphertexts. A similar operation is performed during a read
as follows: request.
Exptkeyword
A (λ): During the search process, the user enters the search key-
(mpk, msk, msvk) ← Setup(1λ , X ); word as a request. The Key Production Unit provides the keys
x ← A(mpk); used for searching. Using the search keyword and hidden keys,
(sk1x , sk2x ) ← KeyGen(msk, msvk, x); the Token Origination Unit creates a trapdoor. The trapdoor is
1
(W0 , W1 ) ← AToken(skx ,·) (mpk); then sent to the CSP, where it is compared to the encrypted
b ←R {0, 1}; Indexes. The search operation retrieves encrypted EHRs if
IWb ← EncInd(mpk, Wb ); there is a match. The user may then choose any particular
1
b0 ← AToken(skx ,·) (IWb ) EHR to decrypt.
If b = b0 output 1; otherwise output 0. Attribute revocation is entirely handled in the Data Process-
ing Module. The user gives revoked attributes to the Attribute
In the above, all queries w to Token(sk1x , ·) should satisfy
Center, which it stores and supplies to Cryptography Unit. The
w 6∈ {W0 , W1 }.
Key Production Unit provides the master key. The ciphertext
A revocable, searchable ABE is said to be keyword-search
and the secondary secret that lies with the CSP are then
secure, if for all polynomial adversary A, the probability
updated to account for the changes.
| Pr[Exptkeyword (λ)] − 1/2| is negligible in λ.
In the following sections, we will go through each sub-
The scheme we use. In this paper, we use the scheme module in detail.
in [59] that satisfies both revocation security and keyword-
A. Authentication Module
search security.
Any login request passes through a comprehensive inves-
IV. S YSTEM A RCHITECTURE tigation in this module. The key policy behind the module
The entire framework is based on the principles of Edge is the ABAC. There are also several units within the module
computing [51]. It is divided into two sections, with the or- with critical functions. The user’s login information is at first
ganizational boundary comprising the Authentication Module checked in the database. If it passes, the sub-modules begin
and Data Processing Module as shown in Figure 1. Since to perform their functions.
 Fig. 1. System Architecture

The Medical Center Ontology store all attributes of every

person belonging to the healthcare organization. This helps any
user getting unnecessary information and only information to
complete their job functions. It also preserves EHR access-
related information involving the particular field level access
for all users and patients of the EHR system. For example, a
nurse is given access only to the data stored in the Lab Results
and Doctor Notes fields of an EHR to prevent privacy leakage.
The ontology is built considering the HIPAA regulations.
Policy Controller holds the organization’s policies. It is
often listed in terms of the attributes of the users. Different
policies are set for various users that help to protect individual
privacy. Fig. 2. Token generation process
Regulation Processor employs Semantic Web Rule Lan-
guage (SWRL) to achieve access choices. It does it with the
help of the Policy Controller and the output given by querying Production Unit supplies the keys for encrypting or decrypting
the Medical Center Ontology. The SWRL is unique for each an EHR. Whenever a user modifies an EHR, the Attribute
individual in the EHR system. Regulation Processor also stores Control Center, and Key Production Unit function to encrypt
the user attributes and control policies for the data records the updated data. The EHR ontology housed with the CSP is
and passes them to Cryptography Unit during the encryption- then modified with the ciphertexts.
related process. During a search operation, the user gives the search keyword
in the form of a query. The same Key Production Unit supplies
B. Data Processing Module
the keys for the operation. A trapdoor is later generated, as
The Data Processing Module performs several critical func- shown in Figure 2. The trapdoor allows scanning through the
tions in the EHR system. Several sub-modules within the encrypted index, and it is given to the CSP and compared
module help data encryption, data decryption, search token to the encrypted indexes. The user gets the corresponding
generation, encrypted index creation, and attribute revocation. EHRs if there is a match. The user may then decrypt any
Since we have used a single scheme in all such operations particular EHR with the help of the Cryptography Unit and
compared to our previous work [55], it seems more straight- Key Production Unit. For example, a doctor may want to find
forward and convenient. patients with covid symptoms for immediate treatment. So, the
The user attributes and the control policies stored within the doctor puts a search query, and by processing it with the secret
Regulation Process are passed to the Attribute Control Center key, a trapdoor is generated. The trapdoor scans through the
that supplies the user attributes for any operation. The Key encrypted indexes and returns all the corresponding patients.
 lab [23], and later it was updated to accommodate new
enhancements: the knowledge graph stores users, patients,
and EHR attributes. The EHR in our study has eight fields.
Depending on the user and their attributes, different type of
access are given. All such information is recorded within the
ontology. The ontology further describes the roles and traits of
health organization members and their various relationships.
2) Encrypted Index: The encrypted index file holds en-
crypted word tokens from each patient EHR along with the
patient id. The file is needed for any search operation. Word to-
kens from each patient are extracted. The tokens are then pre-
processed and then encrypted with the aid of the Cryptography
Unit following the RSABE scheme [59]. The Key Production
Unit supplies the public key during the process. The process
is depicted in the Figure 4. The Attribute Control Center via
Fig. 3. Token generation process the Regulation Processor obtains all the attributes from the
Medical Center Ontology. All these functions are performed
within the organization’s limit. The file is then stored within
Attribute Revocation functions are also carried out within the CSP.
the Data Processing Module. The process is depicted as shown
in Figure 3. A user provides the attribute to be revoked, and the
V. I MPLEMENTATION
Attribute Control Center accepts it. These operations are most
common when a user leaves an organization, gets a promotion, The open-source EHR software is built using the Python
or organization policies change, so the last attributes need to be Django web-based framework. The application facilitates field-
revoked. Key Production Unit supplies the master key during level ABE and access to patient EHR. Due to the presence of
the process. The process is completed when the ciphertext Big Data, it is often necessary to search through encrypted
and the secret user key that lies with the CSP are updated. data within a limited time and computations; such functions
The updated private key is then used for decrypting the EHRs are also available in the software. The user attributes keep
at any later time. changing with time, and it is also allowed in our open-
source software. Model-View-Controller (MVC) architectural
C. Cloud Service Provider
concepts have been followed while designing the application.
The EHR ontology, cryptographic index, and secondary The EHR framework allows doctors to treat their patients
secret key are stored in the CSP. The CSP is located outsides securely. It also provides the necessary features that are
the organization frontier. We consider it to be an honest-but- needed for regular operation. The ABAC controls the field-
curious model [42]. The CSP not only runs the programs and level access to the EHR. The patient data, along with the
algorithms correctly, but it can also examine the information encrypted index, are encrypted using the RSABE scheme.
shared in or out of the company. To address this, we enforce Searchable Encryption functions are also allowed using the
an authorization protocol on data inside the organizational same scheme in the system. The EHR ontology and the
periphery, which we refer to as the edge of our framework. Medical Center Ontology have been built using the Protege
As a result, users are checked only within the organization’s [protege.stanford.edu]. Protege is a management framework
boundaries, preserving their privacy. While transferring data for knowledge that is open-source. The ontologies are queried
to the cloud, we introduced a robust encryption mechanism at using SPARQL with Apache Jena library. The knowledge
the organizational edge to shield data from privacy risks. graph is modified using the SWRL rules. Thus, our application
The EHR ontology that lies within the CSP defines patients, espouses ABE, searchable encryption, attribute revocation, and
users, and patient records in the medical domain. The nodes semantic web for smooth operation.
of an ontology store the EHR records. The ontology was built
previously in our lab following the HIPAA act [23], and it
A. Dataset Description
has been slightly modified to accommodate the enhancements.
The encrypted index file holds the encrypted word token from There are more than eleven thousand patient records in
each patient’s EHR. It also preserves the unique patient id for our framework. A patient record has several fields, and we
locating. The dedicated secondary private key for users with have considered the standard eight fields in all records in our
several computational advantages in using the scheme resides system. There are almost thirty medical users with different
within the CSP. We will discuss each of the files in detail in attributes. The attribute defines the role and the type of access
the next few subsections. to the EHR system. All operations on the patient records are
1) EHR Ontology: HIPAA act has been considered while performed within the organizational limit before they are kept
designing the EHR ontology. It was built previously in our on the cloud.
 Fig. 4. Token generation process

B. Evaluation VI. C ONCLUSION

To evaluate the EHR framework, we developed a proof In this paper, we developed an EHR system that supports
of concept prototype that is described as follows. The EHR field-level ABE, ABAC, searchable encryption, and attribute
management software allows users to treat their patients revocation by employing a knowledge graph that is HIPAA
supporting several critical functions. Suppose a doctor named compliant. A knowledge graph produced by our framework
Sarah submits an access request. The request is comprehen- accounts for all user roles and attributes in the healthcare orga-
sively evaluated in the Authentication Module; username and nization. It records the attributes of the users along with EHR
password are checked with the database; Policy Controller fields to provide meaningful access to the EHR system. Often
checks the policies, and Medical Center Ontology provides the in the presence of Big Data, doctors require to search through
unique attributes. The Regulation Processor then processes all encrypted data within limited time and computation. Our
these pieces of information. If Dr. Sarah plans to decrypt the framework allows search through the data within a short time.
EHR of Thomas, a patient in the EHR system, the request User attributes also keep changing with time because some
is processed in the Cryptography Unit by obtaining the Keys users leave the organization, some may be promoted, or orga-
from the Key Production Unit. A similar operation is per- nization policies vary. So, all these changes require attributes
formed for encrypting an EHR. To search through encrypted to be revoked. Our framework also ingeniously addresses this
EHRs, Sarah provides a search query that is processed by the issue by assigning ciphertext updates and secondary secret
Token Origination Unit by obtaining the secret keys from the key updates to the cloud. The secret key that resides with
Key Production Unit. To revoke the attribute of another Junior the user remains firm. Usually, a system with many features
Doctor named Jennifer, Sarah submits the revoke attribute has several keys that become an extra management load to the
information to the Attribute Control Center. The request is user. By using a single scheme for all the above operations,
processed, and later ciphertext and the secret key that lies with our framework seems to be more user-friendly. The knowledge
the CSP are updated. graph, encrypted index file, and secondary secret key are stored
To demonstrate the performance of our system, we calcu- in the CSP considering the HBC adversary model [42]. We
lated the time to produce tokens from the Token Origination have also assumed the principles of Edge Computing in our
Unit. It takes just 0.035 seconds on average, which is accept- framework [51]. Users are verified within the organization’s
able given the high security it enforces. limit to protect privacy. All operations on the data were also
performed within the organization frontier before moving it to [18] Matthew Green, Susan Hohenberger, Brent Waters, et al. Outsourcing
the cloud to protect against privacy threats. the decryption of abe ciphertexts. In USENIX security symposium,
volume 2011, 2011.
ACKNOWLEDGMENT [19] Richard J Holden. What stands in the way of technology-mediated
patient safety improvements? a study of facilitators and barriers to
This work has been supported by Office of Naval Research physicians’ use of electronic health records. Journal of patient safety,
under grants N00014-18-1-2453, N00014-19-WX-00568, and 7(4):193, 2011.
[20] Junbeom Hur and Dong Kun Noh. Attribute-based access control with
N00014-20-WX01704 and by NSF grant 1955319. efficient revocation in data outsourcing systems. IEEE Transactions on
Parallel and Distributed Systems, 22(7):1214–1221, 2010.
R EFERENCES [21] Luan Ibraimi, Milan Petkovic, Svetla Nikova, Pieter Hartel, and Willem
[1] Health Information Technology for Economic and Clinical Health Jonker. Mediated ciphertext-policy attribute-based encryption and its
(HITECH) Act, Title XIII of Division A and Title IV of Division B of application. In International Workshop on Information Security Appli-
the American Recovery and Reinvestment Act of 2009 (ARRA), Pub. L. cations, pages 309–323. Springer, 2009.
No. 111-5, 123 Stat. 226 (Feb. 17, 2009), codified at 42 U.S.C. §§300jj [22] Xin Jin, Ram Krishnan, and Ravi Sandhu. A unified attribute-based
et seq.; §§17901 et seq. access control model covering dac, mac and rbac. In IFIP Annual
[2] Sanjay P Ahuja, Sindhu Mani, and Jesus Zambrano. A survey of the Conference on Data and Applications Security and Privacy, pages 41–
state of cloud computing in healthcare. Network and Communication 55. Springer, 2012.
Technologies, 1(2):12, 2012. [23] Karuna Pande Joshi, Yelena Yesha, Tim Finin, et al. An ontology for a
[3] Joseph A Akinyele, Matthew W Pagano, Matthew D Green, Christoph U hipaa compliant cloud service. In 4th International IBM Cloud Academy
Lehmann, Zachary NJ Peterson, and Aviel D Rubin. Securing electronic Conference ICACON 2016, 2016.
medical records using attribute-based encryption on mobile devices. [24] Maithilee Joshi, Karuna Joshi, and Tim Finin. Attribute based encryption
In Proceedings of the 1st ACM workshop on Security and privacy in for secure access to cloud based ehr systems. In 2018 IEEE 11th
smartphones and mobile devices, pages 75–86, 2011. International Conference on Cloud Computing (CLOUD), pages 932–
[4] Nuttapong Attrapadung, Benoı̂t Libert, and Elie De Panafieu. Expressive 935. IEEE, 2018.
key-policy attribute-based encryption with constant-size ciphertexts. In [25] Alex H Krist, Eric Peele, Steven H Woolf, Stephen F Rothemich,
International Workshop on Public Key Cryptography, pages 90–108. John F Loomis, Daniel R Longo, and Anton J Kuzel. Designing a
Springer, 2011. patient-centered personal health record to promote preventive care. BMC
[5] Arshdeep Bahga and Vijay K Madisetti. A cloud-based approach medical informatics and decision making, 11(1):1–11, 2011.
for interoperable electronic health records (ehrs). IEEE Journal of [26] Ora Lassila, Ralph R Swick, et al. Resource description framework (rdf)
Biomedical and Health Informatics, 17(5):894–906, 2013. model and syntax specification. 1998.
[6] Josh Benaloh, Melissa Chase, Eric Horvitz, and Kristin Lauter. Patient [27] Hongwei Li, Dongxiao Liu, Yuanshun Dai, Tom H Luan, and
controlled encryption: ensuring privacy of electronic medical records. In Xuemin Sherman Shen. Enabling efficient multi-keyword ranked search
Proceedings of the 2009 ACM workshop on Cloud computing security, over encrypted mobile cloud data through blind storage. IEEE Trans-
pages 103–114, 2009. actions on Emerging Topics in Computing, 3(1):127–138, 2014.
[7] Tim Berners-Lee, James Hendler, and Ora Lassila. The semantic web. [28] Jiguo Li, Xiaonan Lin, Yichen Zhang, and Jinguang Han. Ksf-oabe:
Scientific american, 284(5):34–43, 2001. Outsourced attribute-based encryption with keyword search function for
[8] John Bethencourt, Amit Sahai, and Brent Waters. Ciphertext-policy cloud storage. IEEE Transactions on Services Computing, 10(5):715–
attribute-based encryption. In 2007 IEEE symposium on security and 725, 2016.
privacy (SP’07), pages 321–334. IEEE, 2007. [29] Jiguo Li, Yuerong Shi, and Yichen Zhang. Searchable ciphertext-policy
[9] Alexandra Boldyreva, Vipul Goyal, and Virendra Kumar. Identity-based attribute-based encryption with revocation in cloud storage. Interna-
encryption with efficient revocation. In Proceedings of the 15th ACM tional Journal of Communication Systems, 30(1):e2942, 2017.
conference on Computer and communications security, pages 417–426, [30] Jiguo Li, Yao Wang, Yichen Zhang, and Jinguang Han. Full verifi-
2008. ability for outsourced decryption in attribute based encryption. IEEE
[10] Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky, and Giuseppe transactions on services computing, 13(3):478–487, 2017.
Persiano. Public key encryption with keyword search. In International [31] Jiguo Li, Wei Yao, Yichen Zhang, Huiling Qian, and Jinguang Han.
conference on the theory and applications of cryptographic techniques, Flexible and fine-grained attribute-based data storage in cloud comput-
pages 506–522. Springer, 2004. ing. IEEE Transactions on Services Computing, 10(5):785–796, 2016.
[11] Centers for Medicare & Medicaid Services. The Health Insurance [32] Jin Li, Qian Wang, Cong Wang, Ning Cao, Kui Ren, and Wenjing Lou.
Portability and Accountability Act of 1996 (HIPAA). Online at Fuzzy keyword search over encrypted data in cloud computing. In 2010
http://www.cms.hhs.gov/hipaa/, 1996. Proceedings IEEE INFOCOM, pages 1–5. IEEE, 2010.
[12] Reza Curtmola, Juan Garay, Seny Kamara, and Rafail Ostrovsky. [33] Jingwei Li, Jin Li, Xiaofeng Chen, Chunfu Jia, and Zheli Liu. Efficient
Searchable symmetric encryption: improved definitions and efficient keyword search over encrypted data with fine-grained access control
constructions. Journal of Computer Security, 19(5):895–934, 2011. in hybrid cloud. In International conference on network and system
[13] Martin Dawes and Uchechukwu Sampson. Knowledge management in security, pages 490–502. Springer, 2012.
clinical practice: a systematic review of information seeking behavior [34] Ming Li, Shucheng Yu, Ning Cao, and Wenjing Lou. Authorized private
in physicians. International journal of medical informatics, 71(1):9–15, keyword search over encrypted data in cloud computing. In 2011 31st
2003. International Conference on Distributed Computing Systems, pages 383–
[14] Centers for Disease Control, Prevention, et al. Hipaa privacy rule 392. IEEE, 2011.
and public health. guidance from cdc and the us department of health [35] Ming Li, Shucheng Yu, Yao Zheng, Kui Ren, and Wenjing Lou. Scalable
and human services. MMWR: Morbidity and mortality weekly report, and secure sharing of personal health records in cloud computing using
52(Suppl. 1):1–17, 2003. attribute-based encryption. IEEE transactions on parallel and distributed
[15] Zhangjie Fu, Xingming Sun, Qi Liu, Lu Zhou, and Jiangang Shu. systems, 24(1):131–143, 2012.
Achieving efficient cloud search services: multi-keyword ranked search [36] Xiong Li, Maged Hamada Ibrahim, Saru Kumari, Arun Kumar Sangaiah,
over encrypted cloud data supporting parallel computing. IEICE Trans- Vidushi Gupta, and Kim-Kwang Raymond Choo. Anonymous mutual
actions on Communications, 98(1):190–200, 2015. authentication and key agreement scheme for wearable sensors in
[16] Allan H Goroll, Steven R Simon, Micky Tripathi, Carl Ascenzo, and wireless body area networks. Computer Networks, 129:429–443, 2017.
David W Bates. Community-wide implementation of health information [37] Xiong Li, Jianwei Niu, Saru Kumari, Fan Wu, and Kim-Kwang Ray-
technology: the massachusetts ehealth collaborative experience. Journal mond Choo. A robust biometrics based three-factor authentication
of the American Medical Informatics Association, 16(1):132–139, 2009. scheme for global mobility networks in smart city. Future Generation
[17] Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. Attribute- Computer Systems, 83:607–618, 2018.
based encryption for fine-grained access control of encrypted data. In [38] Yuxi Li, Fucai Zhou, Yuhai Qin, Muqing Lin, and Zifeng Xu. Integrity-
Proceedings of the 13th ACM conference on Computer and communi- verifiable conjunctive keyword searchable encryption in cloud storage.
cations security, pages 89–98, 2006. International Journal of Information Security, 17(5):549–568, 2018.
[39] Zhenhua Liu, Shuhong Duan, Peilin Zhou, and Baocang Wang. [59] Shangping Wang, Duo Zhang, Yaling Zhang, and Lihua Liu. Efficiently
Traceable-then-revocable ciphertext-policy attribute-based encryption revocable and searchable attribute-based encryption scheme for mobile
scheme. Future Generation Computer Systems, 93:903–913, 2019. cloud storage. IEEE Access, 6:30444–30457, 2018.
[40] Hans Löhr, Ahmad-Reza Sadeghi, and Marcel Winandy. Securing the [60] Fatos Xhafa, Jianfeng Wang, Xiaofeng Chen, Joseph K Liu, Jin Li, and
e-health cloud. In Proceedings of the 1st acm international health Paul Krause. An efficient phr service system supporting fuzzy keyword
informatics symposium, pages 220–229, 2010. search and fine-grained access control. Soft computing, 18(9):1795–
[41] Zhiquan Lv, Jialin Chi, Min Zhang, and Dengguo Feng. Efficiently 1802, 2014.
attribute-based access control for mobile cloud storage system. In 2014 [61] Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou. Achieving
IEEE 13th International Conference on Trust, Security and Privacy in secure, scalable, and fine-grained data access control in cloud computing.
Computing and Communications, pages 292–299. IEEE, 2014. In 2010 Proceedings IEEE INFOCOM, pages 1–9. Ieee, 2010.
[42] Tim Mather, Subra Kumaraswamy, and Shahed Latif. Cloud security and [62] Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou. Attribute
privacy: an enterprise perspective on risks and compliance. ” O’Reilly based data sharing with attribute revocation. In Proceedings of the
Media, Inc.”, 2009. 5th ACM symposium on information, computer and communications
security, pages 261–270, 2010.
[43] Deborah L McGuinness, Frank Van Harmelen, et al. Owl web ontology
[63] Peng Zhang, Zehong Chen, Kaitai Liang, Shulan Wang, and Ting Wang.
language overview. W3C recommendation, 10(10):2004, 2004.
A cloud-based access control scheme with user revocation and attribute
[44] Yinbin Miao, Jianfeng Ma, Ximeng Liu, Fushan Wei, Zhiquan Liu, and update. In Australasian Conference on Information Security and Privacy,
Xu An Wang. m 2-abks: Attribute-based multi-keyword search over pages 525–540. Springer, 2016.
encrypted personal health records in multi-owner setting. Journal of [64] Fucai Zhou, Yuxi Li, Alex X Liu, Muqing Lin, and Zifeng Xu. Integrity
medical systems, 40(11):1–12, 2016. preserving multi-keyword searchable encryption for cloud computing.
[45] Shivaramakrishnan Narayan, Martin Gagné, and Reihaneh Safavi-Naini. In International Conference on Provable Security, pages 153–172.
Privacy preserving ehr system using attribute-based infrastructure. In Springer, 2016.
Proceedings of the 2010 ACM workshop on Cloud computing security [65] Zhibin Zhou and Dijiang Huang. Efficient and secure data storage
workshop, pages 47–52, 2010. operations for mobile cloud computing. In 2012 8th international
[46] Matthew Pirretti, Patrick Traynor, Patrick McDaniel, and Brent Wa- conference on network and service management (cnsm) and 2012
ters. Secure attribute-based systems. Journal of Computer Security, workshop on systems virtualiztion management (svm), pages 37–45.
18(5):799–837, 2010. IEEE, 2012.
[47] Huiling Qian, Jiguo Li, Yichen Zhang, and Jinguang Han. Privacy- [66] Longhui Zu, Zhenhua Liu, and Juanjuan Li. New ciphertext-policy
preserving personal health record using multi-authority attribute-based attribute-based encryption with efficient revocation. In 2014 IEEE
encryption with revocation. International Journal of Information Secu- International Conference on Computer and Information Technology,
rity, 14(6):487–497, 2015. pages 281–287. IEEE, 2014.
[48] Bo Qin, Hua Deng, Qianhong Wu, Josep Domingo-Ferrer, David Nac-
cache, and Yunya Zhou. Flexible attribute-based encryption applicable
to secure e-healthcare records. International Journal of Information
Security, 14(6):499–511, 2015.
[49] Rishi Kanth Saripalle. Fast health interoperability resources (fhir):
Current status in the healthcare system. International Journal of E-
Health and Medical Communications (IJEHMC), 10(1):76–93, 2019.
[50] Matthew A Scholl, Kevin M Stine, Joan Hash, Pauline Bowen, L Arnold
Johnson, Carla Dancy Smith, and Daniel I Steinberg. Sp 800-66 rev.
1. an introductory resource guide for implementing the health insurance
portability and accountability act (hipaa) security rule, 2008.
[51] Weisong Shi, Jie Cao, Quan Zhang, Youhuizi Li, and Lanyu Xu. Edge
computing: Vision and challenges. IEEE internet of things journal,
3(5):637–646, 2016.
[52] Dawn Xiaoding Song, David Wagner, and Adrian Perrig. Practical
techniques for searches on encrypted data. In Proceeding 2000 IEEE
Symposium on Security and Privacy. S&P 2000, pages 44–55. IEEE,
2000.
[53] Wenhai Sun, Bing Wang, Ning Cao, Ming Li, Wenjing Lou, Y Thomas
Hou, and Hui Li. Privacy-preserving multi-keyword text search in the
cloud supporting similarity-based ranking. In Proceedings of the 8th
ACM SIGSAC symposium on Information, computer and communica-
tions security, pages 71–82, 2013.
[54] Wenhai Sun, Shucheng Yu, Wenjing Lou, Y Thomas Hou, and Hui Li.
Protecting your right: Verifiable attribute-based keyword search with
fine-grained owner-enforced search authorization in the cloud. IEEE
Transactions on Parallel and Distributed Systems, 27(4):1187–1198,
2014.
[55] Redwan Walid, Karuna Pande Joshi, SeungGeol Choi, and Dae-
young Leroy Kim. Cloud-based encrypted ehr system with semantically
rich access control and searchable encryption. UMBC Student Collec-
tion, 2020.
[56] Hao Wang, Debiao He, Jian Shen, Zhihua Zheng, Xiaoyan Yang, and
Man Ho Au. Fuzzy matching and direct revocation: a new cp-abe scheme
from multilinear maps. Soft Computing, 22(7):2267–2274, 2018.
[57] Hao Wang, Zhihua Zheng, Lei Wu, and Ping Li. New directly revocable
attribute-based encryption scheme and its application in cloud storage
environment. Cluster Computing, 20(3):2385–2392, 2017.
[58] Qinqin Wang, Yanqin Zhu, and Xizhao Luo. Multi-user searchable
encryption with fine-grained access control without key sharing. In
2014 3rd International Conference on Advanced Computer Science
Applications and Technologies, pages 145–150. IEEE, 2014.