Novel Lagrange interpolation polynomials for dynamic access control in a healthcare cloud system

1.   Introduction

Patient-centered treatment has become a future trend to reduce unnecessary healthcare expenditure, and to enhance healthcare management quality and efficiency. The current applications contain electronic medical records, healthcare management, security control, telecare, personal health information cloud services, mobile health systems and wearable devices ^[1]. Healthcare staff members can conveniently access patient healthcare and physiological information through the combination of a healthcare cloud platform, terminal equipment and communication technology.

Big data analysis with artificial intelligence techniques can be applied to compare the personalized health records and data bank using cross-analysis. Also, the application of information technology analyzes the risks of underlying diseases and enables preventive treatment ^[2]. Especially, in emergency situations, the immediate acquisition of all patients' healthcare records and physiological information through the cloud system allows the healthcare staff members to make a fast and precise medical judgment.

This study stresses the security of healthcare information systems. The proposed algorithm allows us to update users' private keys for adding or removing any user. With the application of cloud platforms, the healthcare staff members with authority can access patients' past information by immediately logging into the personal health record (PHR) cloud system to ensure data availability among different medical institutions ^[2,3]. All related PHRs are stored in the personal health files. The users' security and privacy are therefore the most important issues when using the PHR cloud system in medical institutions.

File access in the healthcare environment should be controlled based on its personal identity. The authority limit for access control is therefore established in the system to ensure its data security. The hierarchically structured division can clearly define the security levels of files and user identities. Liu et al. proposed a hierarchy-based encryption mechanism and dynamic strategy for implementing the dynamic access control process introduced into the PHR cloud systems ^[3]. Therefore, key management becomes a primary issue in the access control process. In this case, a secure healthcare system with less computation should be built to achieve high efficiency and security.

Problem statement: When personal health information is uploaded to the healthcare cloud system, the PHRs must ensure the security of health information ^[4]. This approach can reduce some of the computational load, and it is practically applied to the medical information system at National Taiwan University Hospital. Illegal users might attempt to steal the information in the access control process with the goal of information loss or misappropriation ^[5]. Therefore, a modified Lagrange interpolation polynomial-based access control algorithm with timestamps is proposed to create an effective and secure healthcare system so as to avoid the cloud system from being hacked.

Thus, the main purposes of this research are summarized as follows:

1) To propose a secure access mechanism, which was established in the cloud system, to maintain the users' security and information.

2) To integrate various types of healthcare information files so that users can access images, examination files and abstracts of health information.

3) To resist the most common attacks, namely, external attacks, internal attacks, collaborative attacks and equation-based attacks.

4) To enable dynamic adjustment of the personal authority via the access control matrix, which can effectively manage several users' authority.

2.   Literature review

In this section, existing PHRs, key management mechanisms and related works are presented.

2.1.   Personal health records

Since PHR are protected by the Personal Data Protection Act, they encourage medical staff members to think about innovation and answers to the unsolved clinical problems. PHRs not only bring more research works, but also help users make clinical decisions. In the research work by Flaumenhaft and Ben-Assuli ^[5], they reported that the privacy concerns related to individual rights were significant issues.

The valuable potential of PHRs is based on the adoption of those technologies by consumers and the active participation in the use of those technologies by multiple healthcare delivery constituents, such as hospitals, labs, pharmacies, insurance companies and government agencies. Consequently, the effective deployment and adoption of PHRs can result in a variety of benefits for these constituents ^[6].

Although the amount of interest in PHRs has been increasing gradually, their adoption remains low ^[7,8]. One of the oft-cited reasons is related to privacy and security due to an increasing trend of health information breaches ^[9,10]. PHRs are employed in many areas, such as in emergency departments ^[11], for high-risk women ^[12] and for diabetes management ^[13]. PHRs can be used to demonstrate values by providing a single view of patients' history, creating one source of the truth and bringing together potentially divergent documentation from different sources. This ensures that all healthcare professionals have the right information at the right time to reduce duplication, to enable a more preventative approach and to perform appropriate decision-making ^[14].

2.2.   Key management mechanism

Since the quantity of decrypted data is large, the security management of private keys becomes an important issue. Key management aims to assist users in the process of dynamic access control. There are three key points required for key management, namely, security, stability and scalability.

2.3.   Related works

Edemacu et al. ^[15] constructed a novel, high-efficiency and real-time-expression access control mechanism, which, for the decisional bilinear Diffie-Hellman assumption, was used for adjusting PHRs in the cloud system. Zhang et al. ^[16] proposed an access control mechanism with a password; it was applied to a PHR cloud system to securely share PHR information and access control transformation. Zahid et al. ^[17] proposed a framework for the practice of blockchain technology in the healthcare field of electronic health records (EHRs). The framework solved the extensibility problem encountered in blockchain technology with access recording systems. The blockchain-based framework provided an extensible, secure and complete solution for EHR systems. Madine et al. proposed a blockchain-based PHR structure, which was implemented by employing multi-party authorization and threshold encryption with a smart contract to automatically fulfill the access requirements of secure and reliable healthcare information in a PHR system ^[16,18].

In this study, only the authorized party achieving the threshold number can access the healthcare information. Kibiwott et al. proposed the idea of healthcare traceable access control, aiming to target the granularity strategy for hiding and the traceable access control mechanism of mHealth, which can accurately identify malicious users and suspicious private keys in the identity form by searching linked identities ^[19]. The above attribute-based signcryption scheme provided confidentiality and unpredictability of PHR information ^[20]. Nevertheless, such schemes could not completely solve the problem of leaking users' privacy in a PHR cloud system. The security of hidden personal privacy in the access control of a PHR cloud system was still a critical challenge, e.g., regarding the prevention of various types of malicious attacks. The existing mechanisms cannot resist the chaining attacks. Thus, two authorized users could collaboratively generate a new and effective private key that was possessed by another legal user ^[21,22].

Dr. Knuth has proved this concept by focusing on the running time of the algorithm. Based on his research results, the time complexity is O(m* (log m)²), where m denotes the degree of polynomial $G\left(x, y\right).$ Similarly, the overall computational complexity of establishing and updating the polynomials is O(n*m* (log m)²), where n denotes the number of secure users in the hierarchy ^[23]. Consequently, the modified Lagrange interpolation polynomial with a time constraint was applied to prevent users' personal privacy and information from being leaked by allowing users to obtain different access authorities and supporting the appropriate dynamic access control.

3.   Research methodology

The developing idea proposed for this study, and its practical application, are presented in this section. The practical application of our access control mechanism can be viewed as a communication platform between patients and medical institutions. Patients or people can upload the healthcare information to the cloud system through mobile phones, including medication records, medical images and exercise records. The integration of lifestyle information uploaded to the cloud system could be of benefit to the doctor-patient relationship by enabling coordination of the decision-making process. Patient medical records are usually connected and transmitted to the healthcare cloud system in the medical information management office, as shown in Figure 1. Users can access the cloud system as long as they pass the verification of the polynomial G(x, y). The permission in the process is given by judging users' legitimacy and the accessed files by using a validation mechanism. A hacker attempting to obtain illegal access might be able to crack the validation mechanism to acquire the file key or users' private keys. Thus, designing a method to resist hacker attacks was the main purpose of this study.

3.1.   Personal health records in medical cloud system

Physiological information on the blood sugar, blood pressure and heart rate, as well as medical records and medical image information in the medical institutions and other relevant data records from the insurance companies and examination information in the research institutions or laboratories, can be collected through the wearable devices. Due to this, the medical staff members are allowed to collect important physical information and accelerate the understanding of patient health conditions to provide more appropriate diagnoses. All medical records, including past medical history and examination data, are included in the data bank of PHRs so that users can integrate various physiological information.

When logging in to this healthcare system, users can go through a two-stage validation procedure. The first stage of the polynomial ${A}_{i}\left(x\right)$ validates user legitimacy, and the second stage of the polynomial ${F}_{ij}\left(y\right)$ aims to validate whether users have the authority to decrypt the designated files. Thus, user authority is first validated; and, the cloud system will directly deny the log-in attempt of an illegal user. Its main purpose is to reduce unnecessary computational load and maintain the healthcare system effectively.

3.2.   System initialization

Table 1 lists the definitions of various notations, where the private key ${H}_{i}$, file decryption key ${DK}_{j}$ and polynomial $G\left(x, y\right)$, which is composed of various users' ${A}_{i}\left(x\right)$ and ${F}_{ij}\left(y\right)$, are the most important data items.

System initialization requires 10 steps of operation using the access control algorithm. Users need to have the private key, which is a polynomial ${\text{A}}_{i}\left(x\right)$, to log into the cloud system within a limited time. They are required to get the authority from the certificate authority (CA); otherwise, they cannot access the cloud system and are denied. The entire process is shown in Figure 2.

3.3.   Access control algorithm

Input: Personal Health Records (PHRs)

Output: Personal Health Records (PHRs)

Procedure:

Step 1. Build a system user list.

($S$, ≼) is a partially ordered set. The system uses partially ordered sets to build the access relationship. It is designed to give a set $S$, and the binary relationship "≼" with the characteristics of reflexivity, anti-symmetry and transitivity, and it is responsible for delivering binary data ^[20]. Different users are denoted as ${S}_{i}$ in a set $S$; according to the identity of each user, the authority to access authorized files is set up; and, ${H}_{i}$ denotes the user's private key. After giving sets of $S = \{{S}_{1}, {S}_{2}, ..., {S}_{n}\}$ and $H = \left\{{H}_{1}, {H}_{2}, ..., {H}_{n}\right\}$ to the cloud system, construct a user list with n users and their private keys.

Step 2. Build an incidence matrix between users and files.

The incidence matrix between users and files is built up. To encrypt all accessible files for users, the system is designed to construct a set of $file = \{{file}_{1}, {file}_{2}, ..., {file}_{m}\}$ with m files. There are decryption keys ${DK}_{j}$ corresponding to the files ${file}_{j}$ (where $j = \mathrm{1, 2}, ..., m$). The file encrypted by the key would not be accessed by illegal users without authority.

User authority is denoted as an access control matrix, where the number 1 denotes one with authority to access and the number 0 denotes one without authority. As shown in Figure 3, each confidential file, i.e., ${file}_{1}, {file}_{2}, {file}_{3}$ and ${file}_{4}$, has the respective decryption keys ${DK}_{1}, {DK}_{2}, {DK}_{3}$ and ${DK}_{4}$. To access a file, the decryption key for the file is needed.

Step 3. Build each user's file set ${J}_{i}$.

The CA is an impartial third-party unit in the system. Its function is to verify user identities and key issuances. It is also maintained as a secure information environment and mechanism with confidentiality, non-repudiation and availability. CA records the access authority of a user ${S}_{i}$ in a set ${J}_{i}$. The access authority of User ${S}_{i}$ is explained below.

where $i = \mathrm{1, 2}, ..., n$ and $n\in N$. For the set ($J$, ≼), ${J}_{j}$ ≼ ${J}_{i}$ $\left(i, j\in N\right)$ reveals that the user S_i could acquire the decryption key with access authority for file_j; otherwise, it is not legally authorized. For instance, when ${J}_{1} = \left\{\mathrm{2, 3}\right\}$ and ${J}_{2} = \{\mathrm{1, 2}, 3\}$, $\left\{\mathrm{2, 3}\right\}$ ≼ $\{\mathrm{1, 2}, 3\}$ such that ${J}_{1}$ ≼ ${J}_{2}$, we know that ${S}_{2}$ could acquire the decryption key of ${S}_{1}$ with the access authority to ${file}_{2}$ and ${file}_{3}$.

Step 4. The indicator function $I\left(x, y\right)$ is applied to judge the legal user, where the user's number is substituted into $x$. When it passes the validation, it is viewed as an internal user. However, an external user would be denied in this step. This step would reduce the computational load. Applying the example of User ${S}_{4}$ in Figure 3, User S₄ with a correct private key would receive a 1 for ${I}_{{H}_{4}}$ to pass the validation. On the contrary, when the user inputs a wrong password of 123, ${I}_{123}$ receives a 0.

Step 5. Based on the access control matrix, the CA builds a polynomial ${\text{A}}_{i}\left(x\right)$ to validate the private key for User ${S}_{i}$. In this step, each user is generated with a function for authentication.

In Eq (3), ${\rm{I}}_{\left\{ {{{\rm{H}}_{\rm{i}}}} \right\}}^{{\rm{(x)}}}$ is an indicator function. Before the system calculates ${\text{A}}_{i}\left(x\right)$, the system will authenticate the user's identification to determine whether the logged in user is an internal one. If it is a legitimate internal user, the first half of the Lagrange interpolation polynomial will be calculated to verify whether the user has entered the correct private key. If it is not an internal user, the cloud system will automatically terminate the calculation in order to optimize system operations.

The file access function is provided in Steps 6–9.

Step 6. The accessible files for each user are different. The CA sets q_ij and p_ij as the accessible files for each user.

Step 7. The indicator function ${I}_{{J}_{i}}\left({file}_{j}\right)$ is applied to validate the user's authority to access the designated files. That is, ${file}_{j}\text{∈}{J}_{i}$, and the verification value for indicator function must be 1 to proceed to the successive step; otherwise, the verification value is set to 0 to stop the verification procedure.

Step 8. A user's non-repeated private key ${H}_{i}$, $i = \mathrm{1, 2}, ..., n$, where 24 hrs is the time unit, is applied; the $t$ -th hour in a day is denoted as $TS\left(t\right)$, as shown in Eq (5).

$b\left({y}_{ij}\right)$ is the sole notation that allows User ${S}_{i}$ to decrypt ${file}_{j}$, as shown in Eq (6).

The parameter $t$ indicates that the user can only log in or access the file within a limited time. Without the parameter $t$, it only calculates the decryption of the file. $b\left({y}_{ij}\right)$ is used to decrypt the file ${file}_{j}$ and verify the user's identity. So, it is not necessary to add timestamps to the calculation.

Step 9. When the user's designated file number is included in legal access coverage, the decryption key DK_j is acquired after substituting ${y}_{ij}$ into ${F}_{ij}$ to decrypt the access polynomial. Otherwise, the maximal value is acquired. ${l}_{ij}\left(\right)$ denotes the Lagrange interpolation polynomial that is built according to each user's accessible files, as shown in Eq (7). When Eq (8) receives a 1, it is converted into a 0 through $a\left({l}_{ij}\left(b\left({y}_{ij}\right)\right)\right).$ On the contrary, Eq (9) yielding a 0 is viewed as an illegal access attempt so that it can be denoted as the original calculation value.

$R$ is not a fixed value; rather, it is a random integer generated by the cloud system. According to Eq (7), if the user's identity authentication is approved, the user can only obtain the decryption key ${DK}_{j}$; if the identity authentication fails, the user will get a meaningless number.

Step 10. When integrating the authentication (Eq (3)) and file authority (Eq (7)) to obtain $G\left(x, y\right)$, the CA builds a decryption equation that is employed in the internal surroundings, as shown in Eq (10).

In Eq (10), $G\left(x, y\right)$ is a public polynomial, ${A}_{i}\left(x\right)$ is used to verify the user's access authority and ${F}_{ij}\left(y\right)$ is used to verify whether the user has the authority to access the file. The security of $G\left(x, y\right)$ is based on the two polynomials ${A}_{i}\left(x\right)$ and ${F}_{ij}\left(y\right)$. It has a certain level of difficulty, and it is not easy to crack $G\left(x, y\right)$ through brute-force attacks.

If the legal users obtain the authority from the CA, they can access the PHRs within the limited time. However, if they are not the legal users, the cloud system will deny their access and they cannot log into the cloud system, which is shown in Figure 4.

4.   Dynamic access control scheme

In this section, security analysis and dynamic access control are discussed.

4.1.   Security analysis

1) Users attempting to access files with incorrect decryption keys during a non-specified period

When accessing files within a non-accessible period, for example, User S₃, t = 9, subtracting t from TS, time control ≠ 0 and ${l}_{{y}_{{S}_{3},~~ file3}}\left(b\left({y}_{{S}_{3},~~ file1}\right)\right)$ ≠ 1, the cloud system multiplies a random constant $R$ to obtain a maximal value such that $D{K}_{1}\mathrm{o}\mathrm{r}D{K}_{3}$ cannot be obtained.

2) Users attempting to access files with an incorrect decryption key during the correct period

Assume that a pharmacist (${S}_{3}$) attempts to access $D{K}_{3}$ with the term ${y}_{{S}_{3}, {file}_{1}}$ for the decryption key $DK.$ The pharmacist (${S}_{3}$) selects two prime numbers ${q}_{ij}$ = 73 and ${p}_{ij}$ = 79 for ${file}_{1}$, as shown in Eq (11).

The term ${y}_{{S}_{3},~~ file1}$ is substituted by $b\left({y}_{ij}\right)$, as shown in Eqs (12) and (13).

Substituting ${y}_{{S}_{3},~~ file1}$ into ${l}_{{y}_{{S}_{3},~~ file3}}~~\left(b\left({y}_{{S}_{3},~~ file3}\right)\right)$, the result is not equal to 1, as shown in Eq (14).

Even though a user accesses files during the correct period, time control = 0 and ${l}_{{y}_{{S}_{3},~~ file3}}\left(b\left({y}_{{S}_{3},~~ file1}\right)\right)$ ≠ 1, so the system multiplies a random constant $R$ to obtain a maximal value; then, $D{K}_{3}$ cannot be obtained.

4.2.   Dynamic access control

When building a PHR file in a cloud system, dynamic access control is often encountered in the use cases, such as when adding or removing a user or modifying a file. Also, the owners of files and the system manager present authorities to update user information.

1) Adding a user

Any user intending to access some resources must be validated by the cloud system. When a new user ${S}_{n+1}$ passes the system authentication, the personnel list in the system will be immediately updated with the data items and a private key ${H}_{n+1}$ corresponding to the user, which is automatically generated according to ${S}_{n+1}$. Meanwhile, the cloud system writes the accessible file number ${file}_{j}$ of the new user into ${J}_{n+1}$. The term ${file}_{j}\text{∈}{J}_{n+1}$ reveals a new user ${S}_{n+1}$ with authority to access ${file}_{j}$ and decrypts the key ${DK}_{j}$ corresponding to ${file}_{j}$ by substituting the generated ${y}_{{S}_{n+1}, j}$ and function $b'\left({y}_{{S}_{n+1}, j}\right)$ into the decryption key polynomial ${F}_{ij}'\left({y}_{{S}_{n+1}, j}\right)$ generated from the new user ${S}_{n+1}$, the decryption key ${DK}_{j}$ can be decrypted, and the original public polynomial $G\left(x, y\right)$ is updated as $G'\left(x, y\right)$.

When adding a new user to the cloud system, the CA will update the user's access authority and old public polynomial by employing the following steps:

Step 1. To add a member ${S}_{n+1}$, the CA builds a private key ${H}_{n+1}$.

Step 2. The CA updates the secret polynomial ${A}_{n+1}\left(x\right)$ and indicator function ${I}_{{H}_{n+1}}^{\left(x\right)}$.

Step 3. When ${H}_{\left(n+1\right)}$ is a legal private key, ${A}_{n+1}{(H}_{n+1})$ = 1; otherwise, it is 0.

Step 4. Aiming to target the accessible files for a new user, the file validation polynomial ${F}_{ij}\left({y}_{{S}_{n+1}, j}\right)$ is updated. The new user decrypts ${y}_{{S}_{n+1}, j, t}$ with the file decryption and timestamp, as shown in Eq (16).

${b}^{'}\left({y}_{ij}\right)$ is the sole term for the user ${S}_{n+1}$ decrypting ${file}_{j}$, as shown in Eq (17); the polynomial to validate files is shown in Eq (17).

Step 5. The original public polynomial $G\left(x, y\right)$ is updated as $G'\left(x, y\right)$, as shown in Eq (19).

The process outlined in Steps 6–10 depends on each user's authorities, and these steps are ignored for this particular task.

The change of i only adds or removes users, and the parameter I' is not used. The parameter j manages the access to the file, which is represented by ${F}_{ij}'\left({y}_{{S}_{n+1}, j}\right)$, as shown in Eq (19). It represents the change of the user's access authority.

In Eq (19), if the attackers attempt to crack ${G}^{'}\left(x, y\right)$, they must pass the verification of the indicator function ${I}_{{H}_{n+1}}$ before cracking ${A}_{n+1}\left(x\right)$. The attacker needs to face the difficulty of solving the polynomial before obtaining the user's private key $c$ and the equation of ${A}_{n+1}\left(x\right)$. If the private key is incorrect, the attacker cannot deduce ${A}_{n+1}\left(x\right)$.

2) Removing a user

When the manager intends to remove a user from the healthcare access control system, they must simply remove the identity and access authority of User ${S}_{k}$. Besides, it clears the user's authority, with immediate validation, thus preventing them from being able to authorize any file ${file}_{j}$; the term ${y}_{{S}_{i}, j}$ is synchronously updated to completely remove the user's authority. It is assumed to have removed the member ${S}_{k}.$ The CA removes the relevant notations ${A}_{k}\left(x\right)$ and ${F}_{ij}\left({y}_{{S}_{k}, j}\right)$ from the public polynomial to complete the removal update, as shown in Eq (20).

3) Adding or removing the authority of a legal user's file in a specified period

To add the access authority of User ${S}_{i}$ to ${file}_{j}$, the access authority of ${file}_{j}$ and the validation polynomial of ${F}_{ij}$ are updated and the $term{q}_{ij}~~mod~~{p}_{ij}$ to decrypt ${file}_{j}$ is added to ${S}_{i}$. When removing the access authority of User ${S}_{i}$, the user's authority is thoroughly updated from the incidence matrix as Steps 7–10. The process to add or remove the legal user's authority to access files in a specific time period is shown below.

The CA updates the indicator function as shown in Eq (21).

The CA adds the decryption notation y(_{S_i, j, t}) with a timestamp, as shown in Eq (22).

$\overline{b}\left({y}_{{S}_{i}, j}\right)$ is the sole term that allows User ${S}_{i}$ to decrypt ${file}_{j}$, as shown in Eq (23); and, $\overline{b}\left({y}_{{S}_{i}, j}\right)$ is substituted into ${F}_{ij}\left({y}_{{S}_{i}, j}\right)$ as shown in Eq (24).

The original polynomial $G\left(x, y\right)$ is updated as shown in Eqs (25) $\overline{G\left(x, y\right)}$ and (26) $\overline{\overline {G\left(x, y\right)}}$.

4) Adding a file

When a patient's PHR ${file}_{j+1}$ is added to the cloud system, it provides the user with the term ${q}_{ij}~~mod~~{p}_{ij}$, which is composed of two unrepeated prime numbers p and q for ${file}_{j+1}$, to obtain the file key ${DK}_{j+1}$. For the user ${S}_{i}$ with an access authority, the system updates the access authority; an example is provided in Table 2.

When a confidential file is added to the cloud system, the CA gives each PHR user an access authority for the added file ${file}_{j+1}$ and resets the validation indicator ${\text{I}}_{{J}_{i}}$ as ${{I}^{*}}_{{J}_{i}}$; and, the polynomial ${F}_{ij}\left({y}_{{S}_{i}, j}\right)$ is also updated as ${F}_{i, j+1}\left({y}_{{S}_{i}, j+1}\right)$. According to Steps 7–10, the updating process is as shown in Eq (27).

Step 7. When adding the file ${file}_{j+1}$, the validation indicator ${\text{I}}_{{J}_{i}}$ is updated and reset as ${{I}^{*}}_{{J}_{i}}$.

Step 8. When the target is a new file that users could access, the validation polynomial ${{F}^{*}}_{i, j+1}\left({y}_{ij+1}\right)$ is updated. The term ${y}_{{S}_{i}, j+1}$ with a timestamp for users decrypting a new file is shown in Eq (28).

${b}^{*}\left({y}_{{S}_{i}, j+1}\right)$ is the sole term that allows User ${S}_{i}$ to decrypt ${file}_{j+1}$, as shown in Eq (29).

Step 9. Substituting ${b}^{*}\left({y}_{{S}_{i}, j+1}\right)$ into ${{F}^{*}}_{i, j+1}\left({y}_{i, j+1}\right)$, the validation polynomial ${{F}^{*}}_{i, j+1}\left({y}_{ij+1}\right)$ is updated as shown in Eq (30).

Step 10. The original public polynomial $G\left(x, y\right)$ is updated as ${G}^{*}\left(x, y\right)$, as shown in Eq (31).

5) Removing a file

When a confidential file needs to be removed, simply remove the decryption key ${DK}_{W}$ of the file ${file}_{W}$. The CA authorizes User ${S}_{i}$ to modify the access authority of the removed file, and the validation indicator ${\text{I}}_{{J}_{i}}$ is reset as ${I}_{{J}_{i}}^{*}$. The term ${y}_{{S}_{i}, w}$ with a timestamp for each user is synchronously updated; the polynomial ${F}_{ij}\left({y}_{{S}_{i}, j}\right)$ is updated as ${F}_{iw}\left({y}_{{S}_{i}, w}\right)$ to completely gain the authority of the confidential file. The decryption polynomial update process is shown in Eq (32).

5.   Avoidance of common attacks

In this section, how to avoid four common attacks on cloud systems, namely, external attacks, internal attacks, collaborative attacks and equation-based attacks, is interpreted; and, the security of each case is analyzed.

5.1.   External attacks

External attacks are referred to as attacks through public decryption polynomials or any public information. To crack the validation indicator function and private key, an attacker starts from the application of the decryption polynomial to steal confidential files or private keys. The decryption polynomial is not publicized, as it merely allows internal users to prevent external users from acquiring user files and private keys.

5.2.   Internal attacks

This type of attacker mainly consists of legal users with lower authority in the cloud system who are attempting to steal the private keys from those with higher authority in order to access files to which they have no access; they do this by attempting to crack through the decryption polynomial $G\left(x, y\right)$ and private key.

5.3.   Collaborative attacks

Collaborative attacks refer to when two or more internal users are collaboratively attacking the cloud system.

From the access control matrix shown in Figure 3, the authority of Users ${S}_{3}$ and ${S}_{4}$ is ${J}_{4}$ = $\{ {file}_{1}, {file}_{2} \}$ and ${J}_{5}$ = $\{ {file}_{3} \}$, respectively; they intend to attack the files of User ${S}_{2}$, $\{ {file}_{1}, {file}_{3}, \wedge {file}_{4} \}$. The decryption information related to the private keys $D{K}_{2}$ and $D{K}_{4}$ is hidden in ${A}_{2}\left(x\right){F}_{{S}_{4}, file2}\left({y}_{{S}_{4}, file2}\right)$ and ${A}_{2}\left(x\right){F}_{D{S}_{4}, file4}\left({y}_{{S}_{4}, file4}\right)$, respectively.

A patient (${S}_{4}$) and their relative (${S}_{5}$) respectively substitute the private keys ${H}_{4}$ and ${H}_{5}$ into a decryption polynomial ${A}_{2}\left(x\right)$; the computational process is described by Eqs (33) and (34).

The derivation results of Eqs (33) and (34) merely equal to 0; and, the attacker cannot force the derivation nor re-derive the head nurse's (${S}_{2}$) private key ${H}_{2}$ or any decryption key.

The patient (${S}_{4}$) might attempt to attack the head nurse's (${S}_{2}$) file ${y}_{{S}_{2}, {file}_{4}}$ to select two prime numbers q = 109 and p = 113, as shown in Eq (35).

The result of substituting ${y}_{{S}_{4}, {file}_{4}}$ into $b\left({y}_{ij}\right)$ is shown in Eq (36).

The result of substituting $b\left({y}_{ij}\right)$ into ${l}_{{y}_{{S}_{2}, {file}_{4}}}\left(b\left({y}_{ij}\right)\right)$ is shown in Eq (37).

The derivation result of Eq (37) simply equals a maximal value, which is converted to 0 during Step 9, $asa\left({l}_{ij}\left(b\left({y}_{ij}\right)\right)\right)$. The attacker cannot force the derivation nor re-derive the head nurse's (${S}_{2}$) private key ${H}_{4}$ or any decryption key.

5.4.   Equation-based attacks

Equation-based attacks is referred to attacks whereby an attacker attempts to obtain a private key by deriving a mathematical formula. The attack could easily happen when users change the access authority. As a result, the security of the authority change is the key point. The resistance to attacks during the process of adding or removing a user and updating authority is explained below.

1) Adding a user

As shown in Eq (38), when the system needs to add a user, an attacker can deduce the updated decryption polynomial $G'\left(x, y\right)$ from the original decryption polynomial $G\left(x, y\right)$. Because ${A}_{n+1}\left(x\right)$ and ${F}_{ij}'\left({y}_{{S}_{n+1}, j}\right)$ cannot be cracked, the attacker merely obtains the multiplied polynomial of ${A}_{n+1}\left(x\right)$ and ${F}_{ij}'\left({y}_{{S}_{n+1}, j}\right)$; they cannot crack the polynomial ${A}_{n+1}\left(x\right)$ and decryption information of ${F}_{ij}'\left({y}_{{S}_{n+1}, j}\right)$ or obtain any file related to the user.

2) Removing a user

As shown in Eq (39), like adding a user, any attacker can obtain the deduction of a public polynomial $G''(x, y)\text{}$ from the old public polynomial $G\left(x, y\right)$ when a user is removed from the cloud system. The attacker does cannot crack ${A}_{k}\left(x\right){F''}_{ij}\left({y}_{{S}_{k}, j}\right)$ so no file related to the user can be obtained.

3) Updating a user's file access authority in a specified period

As shown in Eqs (40) and (41), in the process of adding or removing legal users' authority for file access in a specified period, any attacker can obtain the deduction of the public polynomial $\overline{G\left(x, y\right)}$ or $\overline{\overline {G\left(x, y\right)}}$ from the old public polynomial $G\left(x, y\right)$. The result is ${A}_{i}\left(x\right){F}_{ij}\left({y}_{{S}_{i}, j}\right)$ such that the attacker is unsuccessful.

In summary, the above four common attacks cannot crack this security mechanism. Meanwhile, attackers do not obtain any decrypted information. In this case, the security mechanism can effectively secure the healthcare cloud system against these attacks.

5.5.   Functional comparison

To fully validate the claim that our proposed cloud system is more feasible and acceptable than other existing systems, we have made a functional comparison using different schemes. In Table 3, our proposed mechanism is compared with discretionary access control (DAC), attribute-based access control (ABAC) and role-based access control (RBAC).

DAC is an access method in which the owner is equipped with the authority to determine the permissions to other users. DAC is typically implemented using an access control list that allows the owner to easily set the user authorities. However, DAC is difficult to manage because of the scattered authority control. Besides, DAC cannot ensure the restricted use of information ^[24].

ABAC assigns attributes to an individual resource to determine the access authority ^[25]. These attributes may refer to a medical professional's team and individual roles in an institution and in their specific environment. To determine a user's authority to engage in each task, ABAC requires that information be accessed from multiple sources and evaluated with the specific access determination rules.

Sandhu et al. proposed the idea of an RBAC system in which roles are assigned to subjects and associated with permissions that define what kind of actions can be taken for different objects ^[26]. RBAC abridges the management of user access by assigning various roles to each user, and these roles define a set of permissions. RBAC also has its shortcomings. The cost and load are increased significantly as long as the number of users increases, because a role must be defined for each user. RBAC is a resource-intensive process for defining and structuring roles. It can only implement static and predefined policies. The high granularity of RBAC means that the system is vulnerable to internal cyberattacks ^[27].

6.   Conclusions

The dynamic access control algorithm has been successfully built by employing the modified Lagrange interpolation polynomials with timestamps to enhance the security of healthcare cloud systems. To promote operational efficiency, user authentication and file authority verification have been applied to secure patient PHR files and private keys. In other words, it secures user files to effectively prevent illegal access by hackers. The access control matrix is used to manage users' keys and distinguish user identities and authorities. Moreover, the timestamp allows the dynamic access control process to become more feasible. The contributions of this novel access control algorithm are presented below.

1) Four common attacks, namely, external attacks, internal attacks, collaborative attacks and equation-based attacks, are disallowed for the purpose of proving the security of dynamic access control and the reliability of healthcare cloud systems.

2) A cloud system with higher security can optimize the service quality of healthcare information and enhance the capability of data sharing with each other among hospitals.

3) The significance is demonstrated by the ability to reduce the complexity of information management systems and effectively prevent hacker attacks.

4) It provides users with a complete and secure cloud-based healthcare information system.

In the future, PHR files will be used in various medical institutions. If a new cloud system is integrated with the proposed encryption polynomial and operated on healthcare websites, the healthcare staff members can immediately access individual medical data to accurately diagnose patients' diseases.

Acknowledgments

The authors are grateful to the anonymous reviewers for their constructive comments, which have improved the quality of this paper. Also, this work was supported by the Ministry of Science and Technology of Taiwan under grant number MOST 110-2221-E-029-011.

Conflict of interest

No conflict of interest is reported by the authors.