1

Lab Project
Attribute-based Access Control: Healthcare Scenario
(Cryptography-based Approach)
Version 2.1
LERSAIS

School of Computing and Information

University of Pittsburg

This lab is designed by Runhua Xu and also part of lab module Electronic Health Record Security in SAHI Project
2

Part I: Introduction and A Motivating Scenario

Read the following scenario of healthcare application: a patient-centric health application.

Suppose that a patient/user-centric health application allows a patient/user to store and manage all of his
Electronic Health Records (EHRs) by storing them in a Cloud Service Provider (CSP). The CSP is assumed to be
honest-but-curious. Using an attribute-based access control (cryptography approach), a patient stores his EHRs in
cloud storage. A typical usage scenario of attribute-based encryption is depicted as follows:

A patient encrypts his/her EHRs with a specified access policy and then sends to the CSP. With a provided link,
anyone in the hospital can download the outsourced encrypted EHRs. However, only a user who has attributes that
satisfy the access policy can access(decrypt) the encrypted EHRs.

In this lab, you will develop an advanced crypto system that supports attribute-based access
control to protect the users’ sensitive EHR data and provide access control features.
The Goal and Roadmap.
• Learn the usage of attribute-based encryption via a specific CP-ABE toolkit in the above
scenario.
• Learn the usage of Charm-Crypto lib (How to develop a specific scheme by adopting
Charm-Crypto).
• Use Charm-Crypto to develop a simple public key crypto scheme.
• Use Charm-Crypto to develop a CP-ABE scheme.
3

The recommended environment for this lab is Xnix OS, e.g., Unix, Linux, Mac OS. If you don’t
have them, try to use a virtual machine. It will help you save time dealing with environment
setting/configuration.
Part II: An Overview of Attribute-based Access Control in Cryptography Approach
2.1 Environment Setting
First, verify that you have installed the following dependencies:
• [GMP 5.x] (http://gmplib.org/)
• [OPENSSL](http://www.openssl.org/source/)
• [PBC](http://crypto.stanford.edu/pbc/download.html)
If your environment does not include such libs, we have provided them in the tools folder. Install
GMP and OPENSSL lib first and then the PBC lib. You can download the last version from the
official website. Note that the CPABE toolkit might not compile against versions of PBC older
than 0.5.4.
Then, install the CP-ABE toolkit. You may follow the instructions as follows:
• Install libbswabe

• Install CP-ABE toolkit

4

When you install the CP-ABE toolkit successfully, you will have following four tools that can be
executed in the terminal environment.
• cpabe-setup – generates a public key and a master secret key
• cpabe-keygen – generates a private key with a given set of attributes
• cpabe-enc – encrypts a file according to a policy, which is an expression in terms of attributes
• cpabe-dec – decrypts a file using a private key
To check the availability of these tools, you can check the version, e.g.,

To find the specific usage of these tools, check the manual, e.g.,

2.2 Adopt CP-ABE toolkit in the application scenario

Here, we first show you a demonstration of the CP-ABE toolkit, then you are required to
demonstrate to use the CP-ABE toolkit in the healthcare application scenario.
5

Example Scenario
Suppose that in a company an employee Alice who wants to share a secret report to a group of employees who
should satisfy one of the following conditions:
• an employee who is the system administrator and is also in the security group
• an employee who is in the market group and also satisfies two of the following requirements:
1) Her/His executive level should be 5
2) She/He should be conjunctively enrolled in audit group
3) She/He should be conjunctively enrolled in strategy group
Try this example scenario first.

Demonstration Steps:
1) Create five folders to represent five parties

2) The Third Part Authority initializes the system and delivers the public key

3) Alice designs the following access policy based on the attribute identities:
(system_admin and security_group) or (market_group and 2 of (executive_level = 5, audit_group,
strategy_group))
Then, she encrypts the secret report and outsources it to the cloud:
6

(Note that we just output the encrypted file “secret_report.pdf.cpabe” to the cloud folder instead of
outsourcing to the real cloud for the purpose of simulation.)
4) Suppose that bob has attribute identities: security_group, market_group, executive_level = 5,
strategy_group; while Chris has attribute identities: system_admin, market_group, audit_group. Thus,
according to our manual verification, we can learn that Bob can access the secret report while Chris
cannot access the secret report. Now we verify this statement by using CP-ABE toolkit.
5) Bob and Chris apply their secret key from the TTP.

(Note that we just output the generated private key to the folder of Bob and Chris instead of sending
through the secure channel.)
7

6) Bob and Chris download the encrypted file from the cloud and decrypt it to access by using their private
key, respectively.
8

Now, it is your turn to demonstrate the application in the healthcare example. Consider the
following access requirements.
Suppose that a patient Alice who wants to share an EHR document to a group of staffs who work
at the hospital. However, the staff should satisfy one of the following conditions:
• a staff who is the senior physician
• a staff who is the junior physician but with privilege level 5
• a staff who is a pharmacist and also satisfies two of the following requirements:
1) the pharmacist works in Pittsburgh area
2) the pharmacist has privilege level 5
3) the pharmacist works at UPMC

Q1: Write similar steps as the example above. You need to abstract proper attribute identities
first and then design the access policy. Then, give two test cases: one to demonstrate the access
successfully, the other to demonstrates a failed access.
9

Part III: Develop a Simple Crypto Scheme with Charm-Crypto

In this part, you will implement a simple public key crypto scheme with Charm-Crypto.
3.1 Introduction of Charm-Crypto
Charm is a framework for rapidly prototyping advanced cryptosystems. Based on the Python
language, it was designed from the ground up to minimize development time and code
complexity while promoting the reuse of components.
Charm uses a hybrid design: performance intensive mathematical operations are implemented in
native C modules, while cryptosystems themselves are written in a readable, high-level language.
Charm additionally provides a number of new components to facilitate the rapid development of
new schemes and protocols.
You can visit Official website via http://charm-crypto.io/ or Github via
https://github.com/JHUISI/charm
3.2 Environment Setting
First, verify that you have installed the following dependencies:
• [GMP 5.x](http://gmplib.org/)
• [PBC](http://crypto.stanford.edu/pbc/download.html)
• [OPENSSL](http://www.openssl.org/source/)
You can follow the installation instructions from Github. Here is an example.

Note that the option “--enable-darwin” is for Mac OS X system. The command “make install”
and command “make test” may require super-user privileges of your system.
Q2: Show that you have installed charm successfully and pass the test session by attaching
screenshots.
10

3.3 Use Charm-Crypto

The first stage of new scheme development is selecting the appropriate group to instantiate a
scheme. Modern cryptographic algorithms are typically implemented on top of mathematical
groups based on certain hardness assumptions (e.g., Diffie-Hellman).
At the moment, there are three cryptographic settings covered by Charm: integergroups,
ecgroups, and pairinggroups.
• To initialize a group in the elliptic curve (EC) setting, refer to the toolbox.eccurve for the
full set of identifiers and supported NIST approved curves (e.g., prime192v1).
• For EC with billinear maps (or pairings), Charm provides a set of identifiers for both
symmetric and asymmetric type of curves. For example, the 'SS512' represents a
symmetric curve with a 512-bit base field and 'MNT159' represents an asymmetric curve
with 159-bit base field. Note that these curves are of prime order.
• Finally, for integer groups, typically defining large primes p and q is enough to generate
an RSA group.
You can learn more about these from Charm-Crypto Documentation.
Here are detailed examples below for integer and pairing groups:
• Move to your workspace folder and create a python file to generate a random integer
from IntegerGroup and execute it to get results, as an example below.

Q3: Show your generated integer from the IntegerGroup.

• Create a python file to generate a random element from PairingGroup and execute it to
get the results, as follows.
11

Q4: Show your generated elements from the PairingGroup.

3.4 Implement a Simple PKC scheme

Here you need to implement a simple public key encryption scheme proposed by Cramer-Shoup
in 1998. The paper is here, if you are interested. http://knot.kaist.ac.kr/seminar/archive/46/46.pdf
The CS-PKC includes three algorithms: key generator, encryption, decryption.
Here we only provide scheme construction as follows:
Assumption: We assume that we have a group G of prime order q, where q is large. We also
assume that messages are (or can be encoded as) elements of G. We also use a universal one-
way family of hash functions that map long bit strings to elements of Zq.
12

We have provided the skeleton of such a PKC CS98 scheme (lab_pkc_cs98.py) with
implementation of Key Generation algorithm. Compare the existing implementation with above
algorithm descriptions to complete the Encryption and Decryption algorithms. Then run the test
file (test_pkc_cs98.py) to check your work. (Note that you need to keep both scheme file and test
file in the same folder)
Q5: Submit your implementation and show the screenshot of the result(s) showing that your
work has passed the test case.
13

Part IV: Attribute based Encryption and Implementation

In this part, you will need to implement a more complex public key encryption scheme, i.e.,
ciphertext-policy attribute-based encryption (CP-ABE) scheme. Such a scheme could be
employed as attribute-based access control framework for outsourced data in the public cloud, as
in the case of the example scenario above.
Specifically, you will implement an ABE scheme proposed in the following research paper.
Waters, Brent. "Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably
secure realization." Public Key Cryptography. Vol. 6571. 2011.
The paper is also attached. You are encouraged to read the paper. For this lab, the essential parts
are as below.
Overview of Ciphertext-Policy ABE.

Implementation.
14

We have provided the skeleton of such an ABE scheme (lab_abe.py) with implementation of the
Setup algorithm. Compare the existing implementation with above algorithm descriptions to
complete the KeyGen, Encryption and Decryption algorithms. Then run the test file (test_abe.py)
to check your work. (Note that you need to keep both the scheme file and the test file in the same
folder)
Q6: Submit your implementation and show the screenshot of result(s) showing that your work
has passed the test case.