Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Chanying Huang,Hwaseong Lee,Dong Hoon Lee

DOI: https://doi.org/10.1007/s10916-011-9774-2

IF: 4.92

2011-01-01

Journal of Medical Systems

Abstract:Recent Advances in Wireless Body Area Networks (WBANs) offer unprecedented opportunities and challenges to the development of pervasive electronic healthcare (E-Healthcare) monitoring system. In E-Healthcare system, the processed data are patients' sensitive health data that are directly related to individuals' privacy. For this reason, privacy concern is of great importance for E-Healthcare system. Current existing systems for E-Healthcare services, however, have not yet provided sufficient privacy protection for patients. In order to offer adequate security and privacy, in this paper, we propose a privacy-enhanced scheme for patients' physical condition monitoring, which achieves dual effects: (1) providing unlinkability of health records and individual identity, and (2) supporting anonymous authentication and authorized data access. We also conduct a simulation experiment to evaluate the performance of the proposed scheme. The experimental results demonstrate that the proposed scheme achieves better performance in terms of computational complexity, communication overheads and querying efficiency compared with previous results.

Yujie Wu,Xiao Tan,Qi Xie

DOI: https://doi.org/10.3390/math12243883

IF: 2.4

2024-12-11

Mathematics

Abstract:Electronic Health Records (EHRs: digital compilations of patient health status and diagnosis) are typically shared, analyzed, and stored on cloud servers. One operational challenge is to guarantee the accurate storage of EHRs, for instance, by utilizing Provable Data Possession (PDP). When a portion of one hospital's EHRs needs to be transferred to another, outsourcing the computational costs of data transfer to the cloud and ensuring the integrity of the data transferred off-site becomes a problematic issue. In this article, to tackle these two problems, we put forward a certificateless provable data possession scheme with outsourced data transmission on secure cloud storage. Our scheme achieves the following functions: ensuring the data integrity for the transferred data; only the data owner or the data recipient themselves can verify the integrity of their own remote data; delegating most of the computations to the public cloud server to enable data transferability. Finally, we analyze the security and efficiency of the concrete scheme. The analysis demonstrates that our scheme is demonstrably secure and efficient.

mathematics

Yonghua Zhan,Bixia Yi,Yang Yang,Rui Shi,Chen Dong,Minming Huang

DOI: https://doi.org/10.1016/j.sysarc.2023.102939

IF: 5.836

2023-07-13

Journal of Systems Architecture

Abstract:Electronic health record (EHR) sharing schemes are widely used in healthcare, medical, and research. However, privacy may be a concern for patients with EHRs. In this paper, a secure EHR sharing scheme with sanitizable signature is proposed to protect patients' privacy and enhance accountability. Our proposed scheme makes the following contributions: (1) doctors can specify patients to modify some fields before the expiration time; (2) patients can convert the original signature into a new and unlinkable signature for the modified record without interacting with the doctor; (3) the scheme satisfies traceability and can distinguish the generator of a given signature. In contrast to existing approaches, we introduce a new limited sanitizable signature scheme as the main ingredient, which allows the signer not only to decide which message blocks can be modified, but also to determine the maximum number of modifiable blocks and the expiration time for sanitization. Finally, the security analysis and experimental results show that the security and efficiency of our scheme can be approved.

computer science, software engineering, hardware & architecture

Yuanyuan Zhang,Zhihao Huang,Qilong Zhu,Lingzhe Meng

DOI: https://doi.org/10.1155/2022/1883293

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:The emergence of the E-health system has brought convenience to many chronically ill patients and elderly people with limited mobility. With the help of the E-health system, patients can upload their physiological data timely and get a diagnosis at home, which is more convenient and efficient as they do not have to line up in hospitals. In order to ensure this convenience while protecting patients’ privacy, many schemes have been proposed which can help patient and medical server authenticate each other. However, considering these patients’ inconvenience, sometimes family members need to participate in the patient’s treatment process. So, the E-health system needs to provide a secure communication platform for the family members. At present, most of the authentication schemes for the E-health system only focus on the secure communication between the patient and the medical server, while ignoring the participation of family members. Moreover, in the E-health system, the permissions of family members and patient should be different, and the medical server needs to distinguish their permissions efficiently. In order to overcome these problems, we propose a patient family binding and authentication privacy protection scheme for the E-health system. In the scheme proposed by us, the medical server can efficiently assign different permissions to the family member and patient. And our scheme can allow patient to authorize their family members freely, and the increase in the number of family members will not impose additional burden on the server. At the same time, the authentication between the family member and the medical server does not require the participation of the patient. In addition, by comparing with other related schemes, we prove that our scheme has suitable efficiency and security performance in the E-health system.

Xingguan Zhou,Jianwei Liu,Qianhong Wu,Zongyang Zhang

DOI: https://doi.org/10.1109/access.2018.2810243

IF: 3.9

2018-01-01

IEEE Access

Abstract:Electronic medical records (EMRs) play an important role in healthcare networks. Since these records always contain considerable sensitive information regarding patients, privacy preservation for the EMR system is critical. Current schemes usually authorize a user to read one’s EMR if and only if his/her role satisfies the defined access policy. However, these existing schemes allow an adversary to link patients’ identities to their doctors. Therefore, classifications of patients’ diseases are leaked without adversaries actually seeing patients’ EMRs. To address this problem, we present two anonymous schemes. They not only achieve data confidentiality but also realize anonymity for individuals. The first scheme achieves moderate security, where adversaries choose attack targets before obtaining information from the EMR system. The second scheme achieves full security, where adversaries adaptively choose attack targets after interaction with the EMR system. We provide rigorous proof showing the security and anonymity of our schemes. In addition, we propose an approach in which EMR owners can search for their EMRs in an anonymous system. For a better user experience, we apply the online/offline approach to speed up data processing. Experimental results show that the time complexity for key generation and EMR encapsulation can be reduced to milliseconds.

Jinyuan Sun,Xiaoyan Zhu,Chi Zhang,Yuguang Fang

DOI: https://doi.org/10.1109/icdcs.2011.83

2011-01-01

Abstract:Privacy concern is arguably the major barrier that hinders the deployment of electronic health record (EHR) systems which are considered more efficient, less error-prone, and of higher availability compared to traditional paper record systems. Patients are unwilling to accept the EHR system unless their protected health information (PHI) containing highly confidential data is guaranteed proper use and disclosure, which cannot be easily achieved without patients' control over their own PHI. However, cautions must be taken to handle emergencies in which the patient may be physically incompetent to retrieve the controlled PHI for emergency treatment. In this paper, we propose a secure EHR system, HCPP (Healthcare system for Patient Privacy), based on cryptographic constructions and existing wireless network infrastructures, to provide privacy protection to patients under any circumstances while enabling timely PHI retrieval for life-saving treatment in emergency situations. Furthermore, our HCPP system restricts PHI access to authorized (not arbitrary) physicians, who can be traced and held accountable if the accessed PHI is found improperly disclosed. Last but not least, HCPP leverages wireless network access to support efficient and private storage/retrieval of PHI, which underlies a secure and feasible EHR system.

Pei Huang,Borui Li,Linke Guo,Zhanpeng Jin,Yu Chen

DOI: https://doi.org/10.1109/glocom.2016.7841541

2016-01-01

Abstract:eHealth systems generate from the integration of information and communication technologies with traditional healthcare systems. They have widely replaced paper-based systems due to their prominent features of convenience and accuracy. However, eHealth systems also face many challenges, such as the privacy and security concerns over patients' identities and their personal health records (PHRs). Traditional cryptographic approaches are only capable of verifying "what you possess" or "what you remember" with the help of trust authorities. As a result, they are not suitable for medical applications and cannot handle above concerns effectively. Using biometrics can verify "who you are" due to permanence, distinctiveness, and undeniability properties of biometrics. It outstands conventional authentication and encryption approaches in eHealth systems. A promising one among all is the ECG (ElectroCardioGram) signal, which is easier to implement than other biometrics. Unfortunately, most of existing works do not take the nonuniformity of ECG signals into consideration. Besides, they do not protect ECG signals well despite their sensitivity. Hence, we propose a robust and reusable authentication and encryption scheme based on ECG signals for eHealth systems. Our scheme can authenticate patients' identities and protect their PHRs, enable the reuse of the same ECG signal, and preserve the privacy of ECG signals. Theoretical and empirical evaluations demonstrate the security, effectiveness, and efficiency of the proposed scheme.

Qilong Zhu,Yuanyuan Zhang

DOI: https://doi.org/10.1117/12.2634503

2022-01-01

Abstract:The rapid development of E-health system brings more convenience and flexibility to patient. However, it also faces several challenges. The private information which transmitted in the E-health will be used for medical diagnosis, so during transmission the issues of data privacy are the most concerning for users of E-health systems. In order to protect the private information of patients, we present a three-factor authentication scheme for E-health system. Furthermore, fuzzy extractor is added to our scheme, which can protect the biometric information of patient. Finally, analyzing the security and performance present usability of our scheme.

Chang Xu,Zijian Chan,Liehuang Zhu,Can Zhang,Rongxing Lu,Yunguo Guan

DOI: https://doi.org/10.1109/tsusc.2023.3257223

2023-01-01

IEEE Transactions on Sustainable Computing

Abstract:With the application of the Internet of Things (IoT) and cloud computing, the eHealthcare industry has developed markedly, attracting many patients to seek medical treatment in an eHealthcare system. However, for patients who first register in the system, due to lack of experience, an important aspect is to choose appropriate medical services. Considering the sensitivity of health care data and the semi-honest nature of the cloud server, it is a good solution to use searchable encryption (SE) to obtain some historical electronic medical records (EMRs) that are consistent with the patient's symptom keyword combination and have high service scores for reference. However, existing SE schemes still have issues meeting the requirements of the eHealthcare system for flexible authorization and revocation, efficiency, and forward privacy. To resolve these issues, we propose two efficient and privacy-preserving electronic medical records query schemes with forward privacy in a multiuser setting (EPPFM). First, we present the basic scheme EPPFM-I to achieve a multiuser multikeyword exact match query under linear search complexity. In EPPFM-I, we also use the pseudorandom function (PRF) to perform the function of forward privacy. Then, we use a bucket structure to construct the improved scheme EPPFM-II, which has a faster-than-linear search complexity. Finally, we use detailed security analysis and extensive simulations to show the security and efficiency of the proposed schemes, respectively.

Zhiwei Chen,Lunzhi Deng,Yu Ruan,Shuai Feng,Tao Wang,Bo Wang

DOI: https://doi.org/10.1093/comjnl/bxad004

2024-01-01

Abstract:Cloud medical treatment provides real-time data sharing in a cost-effective method, making it more practical to create, collect and manage vast amounts of personal health records (PHR) of patients. However, health information is considered highly sensitive. How to securely store and dynamically process massive patients’ PHR data in a public cloud environment has become one of the most important challenges. Therefore, we introduce a novel solution to the problems of privacy exposure, data security and flexible access of storage modules in medical systems. In this paper, we present a privacy-preserving certificateless broadcast encryption with authorization for the PHR system, which is the best approach to effectively solve the above problems and avoid key escrow. In our work, users (patients) outsource their encrypted data to the cloud server and reallocate data accessing rights of recipients through an authorization set, sharing with a group of authorized receivers (doctors) in a secure and efficient manner. In addition, it is shown to be capable of achieving both plaintext confidentiality and receiver anonymity under the random oracle model. Moreover, the experimental evaluation shows that the proposed scheme enjoys low computational and communication overhead, indicating the feasibility and practicality of the scheme.

Chun-Ta Li,Tsu-Yang Wu,Chin-Ling Chen,Cheng-Chi Lee,Chien-Ming Chen

DOI: https://doi.org/10.3390/s17071482

2017-06-23

Abstract:In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

Chin-Ling Chen,Tsai-Tung Yang,Mao-Lun Chiang,Tzay-Farn Shih

DOI: https://doi.org/10.1007/s10916-014-0143-9

IF: 4.92

2014-10-15

Journal of Medical Systems

Abstract:With the rapid development of the information technology, the health care technologies already became matured. Such as electronic medical records that can be easily stored. However, how to get medical resources more convenient is currently concerning issue. In spite of many literatures discussed about medical systems, these literatures should face many security challenges. The most important issue is patients’ privacy. Therefore, we propose a privacy authentication scheme based on cloud environment. In our scheme, we use mobile device’s characteristics, allowing peoples to use medical resources on the cloud environment to find medical advice conveniently. The digital signature is used to ensure the security of the medical information that is certified by the medical department in our proposed scheme.

health care sciences & services,medical informatics

Xiong Li,Jianwei Niu,Marimuthu Karuppiah,Saru Kumari,Fan Wu

DOI: https://doi.org/10.1007/s10916-016-0629-8

IF: 4.92

2016-01-01

Journal of Medical Systems

Abstract:Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.

Jianghua Liu,Lei Xu,Bruce Gu,Lei Cui,Fei Zhu

DOI: https://doi.org/10.1007/978-3-031-23020-2_25

2022-01-01

Abstract:Smart healthcare, as an examplar domain, is empowered by the remarkable miniaturization of sensors and the proliferation of smart devices, which lead to the production of massive amounts of healthcare data. Smart healthcare in the future is expected as a health service system that uses wearable devices, IoT, and mobile internet to dynamically collect and deliver healthcare data and then intelligently provide healthcare services. However, security is increasingly being challenged due to the highly valuable data transformed in such a healthcare network that might be tampered with by malicious users or disclosed without considering the privacy of patients. These pose new challenges for improving healthcare services' safety, quality, and efficiency. In this paper, we propose a redactable signature scheme (RSS) with a short signature and fine-grained sharing control for authenticating the integrity and authenticity of healthcare data while preserving the privacy of patients in the smart healthcare system. The security analysis of our construction shows that it achieves unforgeability and unlinkability. Finally, the efficiency comparison with other related solutions indicates that our scheme could solve the security issues for healthcare data sharing in the smart healthcare system with less computational and communication overhead.

Linke Guo,Chi Zhang,Jinyuan Sun,Yuguang Fang

DOI: https://doi.org/10.1109/icdcs.2012.45

2012-01-01

Abstract:Recently, eHealth systems have replaced paper based medical system due to its prominent features of convenience and accuracy. Also, since the medical data can be stored on any kind of digital devices, people can easily obtain medical services at any time and any place. However, privacy concern over patient medical data draws an increasing attention. In the current eHealth networks, patients are assigned multiple attributes which directly reflect their symptoms, undergoing treatments, etc. Those life-threatened attributes need to be verified by an authorized medical facilities, such as hospitals and clinics. When there is a need for medical services, patients have to be authenticated by showing their identities and the corresponding attributes in order to take appropriate healthcare actions. However, directly disclosing those attributes for verification may expose real identities. Therefore, existing eHealth systems fail to preserve patients' private attribute information while maintaining original functionalities of medical services. To solve this dilemma, we propose a framework called PAAS which leverages users' verifiable attributes to authenticate users in eHealth systems while preserving their privacy issues. In our system, instead of letting centralized infrastructures take care of authentication, our scheme only involves two end users. We also offer authentication strategies with progressive privacy requirements among patients or between patients and physicians. Based on the security and efficiency analysis, we show our framework is better than existing eHealth systems in terms of privacy preservation and practicality.

Lei Yang,Qingji Zheng,Xinxin Fan

DOI: https://doi.org/10.1109/infocom.2017.8056954

2017-05-01

Abstract:The integration of cloud computing and Internet of Things (IoT) is quickly becoming the key enabler for the digital transformation of the healthcare industry by offering comprehensive improvements in patient engagements, productivity and risk mitigation. This paradigm shift, while bringing numerous benefits and new opportunities to healthcare organizations, has raised a lot of security and privacy concerns. In this paper, we present a reliable, searchable and privacy-preserving e-healthcare system, which takes advantage of emerging cloud storage and IoT infrastructure and enables healthcare service providers (HSPs) to realize remote patient monitoring in a secure and regulatory compliant manner. Our system is built upon a novel dynamic searchable symmetric encryption scheme with forward privacy and delegated verifiability for periodically generated healthcare data. While the forward privacy is achieved by maintaining an increasing counter for each keyword at an IoT gateway, the data owner delegated verifiability comes from the combination of the Bloom filter and aggregate message authentication code. Moreover, our system is able to support multiple HSPs through either data owner assistance or delegation. The detailed security analysis as well as the extensive simulations on a large data set with millions of records demonstrate the practical efficiency of the proposed system for real world healthcare applications.

Wenjin Lei,Yidong Li,Yingpeng Sang,Hong Shen

DOI: https://doi.org/10.1109/icebe.2016.019

2016-01-01

Abstract:Based on smart devices and wireless communication infrastructure, the Electronic Medical Records (EMR) systems become more and more popular in hospitals by reason of its convenient operation, remote access, data integrity, facilitated resources sharing, statistical analysis and many other advantages. When entering an EMR system, patients can be treated by many kinds of services and also leave their privacy to the providers. It is a viable method to protect a patient's privacy in EMR by anonymous authentication, where identity of the patient is verified without demonstrating the true identity to the authenticator. This paper proposes an enhanced secure anonymous authentication scheme, based on smart card and biometrics with key agreement. According to security analysis, our scheme is secure against many types of attacks, including those not prevented by previous work, such as the smart card loss attack and impersonation attack. The performance of our scheme is also analyzed and compared with previous work, which shows that our scheme is more efficient in the computation cost.

Chang Xu,Ningning Wang,Liehuang Zhu,Kashif Sharif,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2019.2917186

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:The integration of wearable wireless devices and cloud computing in e-health systems has significantly improved their effectiveness and availability. Patients can upload their personal health information (PHI) files to the cloud, from where the health service providers (HSPs) can obtain appropriate information to determine the health state. This system not only reduces the costs associated to healthcare but also provides timely diagnosis to save lives. However, a number of privacy concerns arise while sharing sensitive information. In this paper, we propose a novel privacy-preserving patient health information sharing scheme, which allows HSPs to access and search PHI files in a secure yet efficient manner. We make use of the searchable encryption technique with keyword range search and multikey-word search. The proposed privacy-preserving equality test protocol allows different types of numeric comparison searches on encrypted data. We also use a variant of bloom filter and message authentication code to classify PHI files, filter false data, and check integrity of search results. The simulations on real-world and synthetic data show the feasibility and efficiency of the system, and security analysis proves the privacy-preservation properties.