Lightweight and Privacy-Preserving Medical Services Access for Healthcare Cloud

With the popularity of cloud computing technology, the healthcare cloud system is becoming increasingly perfect, which reduces the time of disease diagnosis and brings great convenience to people's lives. But meanwhile, the healthcare cloud system usually involves users' privacy information, and there is still a challenge on how to ensure that the sensitive information of users is not disclosed. Attribute-based signature (ABS) is a very useful technique for the privacy protection of users and is very suitable for anonymous authentication and privacy access control. However, general ABS schemes usually contain heavy computation overhead in signing and verification phases, which is not conducive for resource-limited devices to access healthcare cloud system. To address the above issues, we propose a lightweight and privacy-preserving medical services access scheme based on multi-authority ABS for healthcare cloud, named LPP-MSA. By using online/offline signing and server-aided verification mechanisms, the proposed scheme can greatly reduce the calculation overhead. In addition, LPP-MSA achieves unforgeability and anonymity and can resist collision attack. The comparisons of computational cost and storage overhead between LPP-MSA and the other existing schemes show that LPP-MSA is more efficient in both signing and verification phases. Therefore, it could be well applied to the scenarios where users access the healthcare cloud system for large scale remote medical services via resource-constrained mobile devices.