A Privacy-Preserving Data Sharing Scheme with Traceability and Revocability for Health Data Space

The Health Data Space (HDS) is a promising platform for the secure health data sharing among entities including patients and healthcare providers. However, health data is highly sensitive and critical for diagnosis, and unauthorized access or destruction by malicious users can lead to serious privacy leaks or medical negligence. Thus, robust access control, privacy preservation, and data integrity are essential for HDS. Although Ciphertext-Policy Attribute-Based Encryption (CP-ABE) supports secure sharing, it has limitations when directly applied to HDS. Many current schemes cannot simultaneously handle data integrity violations, trace and revoke malicious users, and protect against privacy leaks from plaintext access policies, with key escrow being another major risk. To overcome these issues, we put forward a Traceable and Revocable Privacy-Preserving Data Sharing (TRPPDS) scheme. Our solution uses a novel distributed CP-ABE with a large universe alongside data auditing to provide fine-grained, key-escrow-resistant access control over unbounded attributes and guarantee data integrity. It also features tracing-then-revocation and full policy hiding to thwart malicious users and protect policy privacy. Formal security analysis is presented for our proposal, with thorough performance assessment also demonstrates its feasibility in HDS.