Authorized Private Keyword Search over Encrypted Personal Health Records in Cloud Computing

Recently, personal health record (PHR) has emerged as a patient-centric model of health information exchange, which features storing PHRs electronically in one centralized place, such as a third-party cloud service provider. Although this greatly facilitates the management and sharing of patients’ personal health information (PHI), there have been serious privacy concerns about whether these service providers can be fully trusted in handling patients’ sensitive PHI. To ensure patients’ control over their own privacy, data encryption has been proposed as a promising solution. However, key functionalities of a PHR service such as keyword searches by multiple users become especially challenging with PHRs stored in encrypted form. Basically, users’ queries should be performed in a privacypreserving way that hides both the keywords in the queries and documents. More importantly, in order to prevent unnecessary exposure of patients’ PHI from unlimited query capabilities, each user’s query capability should be authorized and controlled in a fine-grained manner, which shall be achieved with a high level of system scalability. Existing works in searchable encryption are unable to meet the above requirements simultaneously. In this paper, we formulate and address the problem of authorized private keyword searches (APKS) on encrypted PHR in cloud computing environments. We first present a scalable and fine-grained authorization framework for searching on encrypted PHR, where users obtain query capabilities from localized trusted authorities according to their attributes, which is highly scalable with the user scale of the system. Then we propose two novel solutions for APKS based on a recent cryptographic primitive, hierarchical predicate encryption (HPE), one with enhanced efficiency and the other with enhanced query privacy. In addition to document privacy and query privacy, other salient features of our schemes include: efficiently support multi-dimensional, multiple keyword searches with simple range query, allow delegation and revocation of search capabilities. We implement our scheme on a modern workstation, and experimental results demonstrate its suitability for practical usage.