{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T10:52:59Z","timestamp":1779101579822,"version":"3.51.4"},"reference-count":42,"publisher":"MDPI AG","issue":"10","license":[{"start":{"date-parts":[[2021,5,20]],"date-time":"2021-05-20T00:00:00Z","timestamp":1621468800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"Healthcare is a multi-actor environment that requires independent actors to have a different view of the same data, hence leading to different access rights. Ciphertext Policy-Attribute-based Encryption (CP-ABE) provides a one-to-many access control mechanism by defining an attribute\u2019s policy over ciphertext. Although, all users satisfying the policy are given access to the same data, this limits its usage in the provision of hierarchical access control and in situations where different users\/actors need to have granular access of the data. Moreover, most of the existing CP-ABE schemes either provide static access control or in certain cases the policy update is computationally intensive involving all non-revoked users to actively participate. Aiming to tackle both the challenges, this paper proposes a patient-centric multi message CP-ABE scheme with efficient policy update. Firstly, a general overview of the system architecture implementing the proposed access control mechanism is presented. Thereafter, for enforcing access control a concrete cryptographic construction is proposed and implemented\/tested over the physiological data gathered from a healthcare sensor: shimmer sensor. The experiment results reveal that the proposed construction has constant computational cost in both encryption and decryption operations and generates constant size ciphertext for both the original policy and its update parameters. Moreover, the scheme is proven to be selectively secure in the random oracle model under the q-Bilinear Diffie Hellman Exponent (q-BDHE) assumption. Performance analysis of the scheme depicts promising results for practical real-world healthcare applications.<\/jats:p>","DOI":"10.3390\/s21103556","type":"journal-article","created":{"date-parts":[[2021,5,20]],"date-time":"2021-05-20T06:13:45Z","timestamp":1621491225000},"page":"3556","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":20,"title":["Granular Data Access Control with a Patient-Centric Policy Update for Healthcare"],"prefix":"10.3390","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6609-5928","authenticated-orcid":false,"given":"Fawad","family":"Khan","sequence":"first","affiliation":[{"name":"Department of Information Security, National University of Sciences and Technology, Sector H-12, Islamabad 44000, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Saad","family":"Khan","sequence":"additional","affiliation":[{"name":"Department of Computer Science & IT, Sarhad University of Science and Information Technology, Peshawar 25000, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shahzaib","family":"Tahir","sequence":"additional","affiliation":[{"name":"Department of Information Security, National University of Sciences and Technology, Sector H-12, Islamabad 44000, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6289-8248","authenticated-orcid":false,"given":"Jawad","family":"Ahmad","sequence":"additional","affiliation":[{"name":"School of Computing, Edinburgh Napier University, Edinburgh EH11 4BN, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0966-0721","authenticated-orcid":false,"given":"Hasan","family":"Tahir","sequence":"additional","affiliation":[{"name":"Department of Information Security, National University of Sciences and Technology, Sector H-12, Islamabad 44000, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2052-1121","authenticated-orcid":false,"given":"Syed Aziz","family":"Shah","sequence":"additional","affiliation":[{"name":"Faculty Research Centre for Intelligent Healthcare, Coventry University, Coventry CV1 5FB, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2021,5,20]]},"reference":[{"key":"ref_1","unstructured":"Peter, M., and Grance, T. (2020, May 01). The NIST Definition of Cloud Computing, Available online: https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-145\/final."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Mongelli, M., Orani, V., Cambiaso, E., Vaccari, I., Paglialonga, A., Braido, F., and Catalano, C.E. (2020, January 26\u201328). Challenges and Opportunities of IoT and AI in Pneumology. Proceedings of the 23rd Euromicro Conference on Digital System Design (DSD), Kranj, Slovenia.","DOI":"10.1109\/DSD51259.2020.00054"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Yaqoob, I., Salah, K., Jayaraman, R., and Al-Hammadi, Y. (2021). Blockchain for healthcare data management: Opportunities, challenges, and future recommendations. Neural Computing and Applications, Springer.","DOI":"10.1007\/s00521-020-05519-w"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Bethencourt, J., Sahai, A., and Waters, B. (2007, January 20\u201323). Ciphertext-Policy Attribute-Based Encryption. Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP \u201907), Berkeley, CA, USA.","DOI":"10.1109\/SP.2007.11"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1020","DOI":"10.1016\/j.future.2016.12.027","article-title":"Secure and fine-grained access control on e-healthcare records in mobile cloud computing","volume":"78","author":"Liu","year":"2018","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"499","DOI":"10.1007\/s10207-014-0272-7","article-title":"Flexible attribute-based encryption applicable to secure e-healthcare records","volume":"14","author":"Qin","year":"2015","journal-title":"Int. J. Inf. Secur."},{"key":"ref_7","unstructured":"Gritti, C., Susilo, W., Plantard, T., Liang, K., and Wong, D.S. (2020, March 15). Empowering Personal Health Records with Cloud Computing: How to Encrypt with Forthcoming Fine-Grained Policies Efficiently. Available online: https:\/\/ro.uow.edu.au\/cgi\/viewcontent.cgi?article=4299&context=eispapers."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1007\/s10916-016-0588-0","article-title":"Fine-grained database field search using attribute-based encryption for e-healthcare clouds","volume":"40","author":"Guo","year":"2016","journal-title":"J. Med Syst."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1007\/s10916-019-1301-x","article-title":"Securing Personal Health Record System in Cloud Using User Usage Based Encryption","volume":"43","author":"Suresh","year":"2019","journal-title":"J. Med Syst."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1735","DOI":"10.1109\/TPDS.2013.253","article-title":"Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage","volume":"25","author":"Yang","year":"2013","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"1527","DOI":"10.1109\/JSEN.2010.2045498","article-title":"SHIMMER\u2122\u2014A Wireless Sensor Platform for Noninvasive Biomedical Research","volume":"10","author":"Burns","year":"2010","journal-title":"IEEE Sens. J."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Sahai, A., and Waters, B. (2005). Fuzzy Identity-Based Encryption. Advances in Cryptology\u2014EUROCRYPT, Springer.","DOI":"10.1007\/11426639_27"},{"key":"ref_13","unstructured":"Cheung, L., and Newport, C. (November, January 29). Provably secure ciphertext policy ABE. Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS \u201907), Alexandria, VA, USA."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Lewko, A., and Waters, B. (2011). Decentralizing Attribute-Based Encryption. Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer.","DOI":"10.1007\/978-3-642-20465-4_31"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"778","DOI":"10.1109\/TMM.2013.2238910","article-title":"Attribute-Based Access to Scalable Media in Cloud-Assisted Content Sharing Networks","volume":"15","author":"Wu","year":"2013","journal-title":"IEEE Trans. Multimed."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"8967","DOI":"10.1109\/ACCESS.2016.2632132","article-title":"Owner Specified Excessive Access Control for Attribute Based Encryption","volume":"4","author":"Khan","year":"2016","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Zhang, L., Li, H., Zhang, Y., and Khan, F. (2017, January 1\u20134). Efficient privacy-preserving decentralized ABE supporting expressive access structures. Proceedings of the 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Atlanta, GA, USA.","DOI":"10.1109\/INFCOMW.2017.8116436"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Zhang, L., Li, H., Zhang, Y., and Khan, F. (2017, January 26\u201329). Privacy-preserving attribute-based encryption supporting expressive access structures. Proceedings of the 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC), Shenzhen, China.","DOI":"10.1109\/DSC.2017.61"},{"key":"ref_19","unstructured":"Pirretti, M., Traynor, P., McDaniel, P., and Waters, B. (November, January 30). Secure attribute-based systems. Proceedings of the 13th ACM Conference on Computer and Communications Security\u2014CCS \u201906, Alexandria, VA, USA."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Attrapadung, N., and Imai, H. (2009). Conjunctive Broadcast and Attribute-Based Encryption. Pairing-Based Cryptography, LNCS 5671, Springer.","DOI":"10.1007\/978-3-642-03298-1_16"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Lewko, A., Sahai, A., and Waters, B. (2010, January 16\u201319). Revocation Systems with Very Small Private Keys. Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA.","DOI":"10.1109\/SP.2010.23"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Yang, K., Jia, X., Ren, K., and Zhang, B. (2013, January 14\u201319). DAC-MACS: Effective data access control for multi-authority cloud storage systems. Proceedings of the 2013 Proceedings IEEE INFOCOM, Turin, Italy.","DOI":"10.1109\/INFCOM.2013.6567100"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"1315","DOI":"10.1109\/TIFS.2015.2407327","article-title":"Security Analysis of Attribute Revocation in Multiauthority Data Access Control for Cloud Storage Systems","volume":"10","author":"Hong","year":"2015","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s11432-015-5428-1","article-title":"Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating","volume":"59","author":"Ying","year":"2016","journal-title":"Sci. China Inf. Sci."},{"key":"ref_25","unstructured":"Yuan, W. (2020, March 15). Dynamic Policy Update for Ciphertext-Policy Attribute-Based Encryption. Available online: https:\/\/eprint.iacr.org\/2016\/457.pdf."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"533","DOI":"10.1007\/s10207-017-0388-7","article-title":"Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes","volume":"17","author":"Jiang","year":"2017","journal-title":"Int. J. Inf. Secur."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"6500","DOI":"10.1109\/TII.2019.2931156","article-title":"An efficient attribute-based encryption scheme with policy update and file update in cloud computing","volume":"15","author":"Li","year":"2019","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"899","DOI":"10.1016\/j.future.2019.11.012","article-title":"Proud: Verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted iot applications","volume":"111","author":"Belguith","year":"2020","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1109\/MM.2016.101","article-title":"On the feasibility of attribute-based encryption on internet of things devices","volume":"36","author":"Ambrosin","year":"2016","journal-title":"IEEE Micro"},{"key":"ref_30","first-page":"1","article-title":"Attribute-based encryption for cloud computing access control: A survey","volume":"53","author":"Zhang","year":"2020","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Liang, K., Fang, L., Susilo, W., and Wong, D.S. (2013, January 9\u201311). A ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security. Proceedings of the 2013 5th International Conference on Intelligent Networking and Collaborative Systems, Xi\u2019an, China.","DOI":"10.1109\/INCoS.2013.103"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Ning, J., Dong, X., Cao, Z., and Wei, L. (2015). Accountable authority ciphertext-policy attribute-based encryption with white-box traceability and public auditing in the cloud. European Symposium on Research in Computer Security, Springer.","DOI":"10.1007\/978-3-319-24177-7_14"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1109\/TIFS.2017.2738601","article-title":"Auditable \u03c3-time outsourced attribute-based encryption for access control in cloud computing","volume":"13","author":"Ning","year":"2017","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Georgakakis, E., Nikolidakis, S.A., Vergados, D.D., and Douligeris, C. (July, January 28). Spatio temporal emergency role based access control (STEM-RBAC): A time and location aware role based access control model with a break the glass mechanism. Proceedings of the 2011 IEEE Symposium on Computers and Communications (ISCC), Corfu, Greece.","DOI":"10.1109\/ISCC.2011.5983932"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Zheng, D., Chen, X., Li, J., and Li, H. (2014). Computationally Efficient Ciphertext-Policy Attribute-Based Encryption with Constant-Size Ciphertexts. International Conference on Provable Security, Springer International Publishing.","DOI":"10.1007\/978-3-319-12475-9_18"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Chen, C., Zhang, Z., and Feng, D. (2011). Efficient Ciphertext Policy Attribute-Based Encryption with Constant-Size Ciphertext and Constant Computation-Cost. International Conference on Provable Security, Springer.","DOI":"10.1007\/978-3-642-24316-5_8"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Khan, F., Li, H., Zhang, L., and Shen, J. (2017, January 26\u201329). An Expressive Hidden Access Policy CP-ABE. Proceedings of the 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC), Shenzhen, China.","DOI":"10.1109\/DSC.2017.29"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. (2007, January 1). A data outsourcing architecture combining cryptography and access control. Proceedings of the 2007 ACM workshop on Computer security architecture\u2014CSAW \u201907, Fairfax, VA, USA.","DOI":"10.1145\/1314466.1314477"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1455526.1455531","article-title":"Dynamic and Efficient Key Management for Access Hierarchies","volume":"12","author":"Atallah","year":"2009","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"ref_40","unstructured":"di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. (2017, January 23\u201327). Over-encryption: Management of access control evolution on outsourced data. Proceedings of the 33rd International Conference on Very Large Data Bases, VLDB Endowment, Vienna, Austria."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1007\/s13389-013-0057-3","article-title":"Charm: A framework for rapidly prototyping cryptosystems","volume":"3","author":"Akinyele","year":"2013","journal-title":"J. Cryptogr. Eng."},{"key":"ref_42","unstructured":"(2020, March 15). PyCrypto. Available online: https:\/\/pypi.org\/project\/pycryptodomex\/."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/10\/3556\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T06:04:34Z","timestamp":1760162674000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/10\/3556"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,20]]},"references-count":42,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2021,5]]}},"alternative-id":["s21103556"],"URL":"https:\/\/doi.org\/10.3390\/s21103556","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,5,20]]}}}