Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Ming Li,Shucheng Yu,Yao Zheng,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tpds.2012.97

IF: 5.3

2013-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthorized parties. To assure the patients' control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key management, flexible access, and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semitrusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage attribute-based encryption (ABE) techniques to encrypt each patient's PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multiauthority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability, and efficiency of our proposed scheme.

DOI: https://doi.org/10.35940/ijrte.b3730.078219

2019-07-30

International Journal of Recent Technology and Engineering

Abstract:Preparing of therapeutic data for the foremost half incorporates operation, data storage and data sharing etc. Usual social services framework often wants the conveyance for restorative data to cloud which incorporates purchasers touchy information and cause correspondence. For intents and functions, restorative data sharing is basic and testing issue. Be that because it could, there has been protection worries as on the brink of home well-being information can be bestowed to those outsider servers, and to unapproved parties. To ensure the patient's authority over accessing their Personal Health Records (PHR), it is a promising strategy to cipher the PHR before reappropriating. However issues, as an example; danger of protection introduction, ability in key administration, adaptable access, and skillful client denial, have remained the foremost very important difficulties towards accomplishing fine-grained, typographically approved data gets to regulate. During this paper, we tend to propose a completely unique patient driven system and a set of parts for data gets regulate to PHR place away in semi confided in servers. To accomplish fine-grained and versatile data gets to regulate for PHR, we tend to influence Attribute based encryption coding (ABE) strategies to cipher each patient's PHR document. Distinctive in respect to past works in secure information redistributing, we tend to center on various data owner state of affairs, and gap the purchasers within the PHR frame-work into numerous securities areas that very lessens the key administration many sided nature for proprietors and purchasers transportable cloud let. A high-level of patient protection is ensured whereas by misusing multi-specialist ABE. Our commit to boot empowers dynamic modification of access strategies or record qualities, bolsters effective for the asking client/characteristic repudiation and break glass access below crisis things. Broad scientific and trial results as displayed that demonstrate the protection, ability, and productivity of our set up.

Kai Fan,Nana Huang,Yue Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/cscloud.2015.40

2015-01-01

Abstract:With the rapid development of the cloud computing, personal health record (PHR) has attracted great attention of many researchers all over the world recently. However, PHR, which is often outsourced to be stored at a third party, has many security and efficiency issues. Therefore, the study of secure and efficient Personal Health Record Scheme to protect users' privacy in PHR files is of great significance. In this paper, we present a secure and efficient Personal Health Record scheme called SE-PHR. In the SE-PHR scheme, we divide the users into personal domain (PSD) and public domain (PUD) logically. In the PSD, the Key-Aggregate Encryption called KAE is exploited. For the users of PUD, we use outsource-able multi-authority attribute-based encryption (MA-ABE) to largely eliminate the overhead for users and support efficient attribute revocation without updating the user's private key. Our scheme also presents a new algorithm which enables dynamic modification of access policies. Function and performance testing results show the security and efficiency of the proposed SE-PHR.

Fatos Xhafa,Jianfeng Wang,Xiaofeng Chen,Joseph K. Liu,Jin Li,Paul Krause

DOI: https://doi.org/10.1007/s00500-013-1202-8

IF: 3.732

2013-01-01

Soft Computing

Abstract:Outsourcing of personal health record (PHR) has attracted considerable interest recently. It can not only bring much convenience to patients, it also allows efficient sharing of medical information among researchers. As the medical data in PHR is sensitive, it has to be encrypted before outsourcing. To achieve fine-grained access control over the encrypted PHR data becomes a challenging problem. In this paper, we provide an affirmative solution to this problem. We propose a novel PHR service system which supports efficient searching and fine-grained access control for PHR data in a hybrid cloud environment, where a private cloud is used to assist the user to interact with the public cloud for processing PHR data. In our proposed solution, we make use of attribute-based encryption (ABE) technique to obtain fine-grained access control for PHR data. In order to protect the privacy of PHR owners, our ABE is anonymous. That is, it can hide the access policy information in ciphertexts. Meanwhile, our solution can also allow efficient fuzzy search over PHR data, which can greatly improve the system usability. We also provide security analysis to show that the proposed solution is secure and privacy-preserving. The experimental results demonstrate the efficiency of the proposed scheme.

Chunxia Leng,Huiqun Yu,Jingming Wang,Jianhua Huang

DOI: https://doi.org/10.11591/telkomnika.v11i4.2406

2013-01-01

TELKOMNIKA Indonesian Journal of Electrical Engineering

Abstract:The personal health records (PHR) always contain much health-related privacy information in different categories. When storing the PHR data in the cloud, the PHR owner loses control to the sensitive information and is confronted with potential privacy exposure. In this paper, we propose a scheme to enable the protection of the PHR data hosted in the cloud. It not only supports that the data access can be fine-grained and base on the privacy policies specified by the PHR owner, but also affords an effective encryption mechanism and flexible key management approach to enforce the privacy policies sticky to the PHR data. DOI: http://dx.doi.org/10.11591/telkomnika.v11i4.2406

Sarvesh Kumar,Mohammed Abdul Wajeed,Rajashekhar Kunabeva,Nripendra Dwivedi,Prateek Singhal,Sajjad Shaukat Jamal,Reynah Akwafo

DOI: https://doi.org/10.1155/2022/3564436

2022-03-19

Abstract:It is a new online service paradigm that allows consumers to exchange their health data. Health information management software allows individuals to control and share their health data with other users and healthcare experts. Patient health records (PHR) may be intelligently examined to predict patient criticality in healthcare systems. Unauthorized access, privacy, security, key management, and increased keyword query search time all occur when personal health records (PHR) are moved to a third-party semitrusted server. This paper presents security measures for cloud-based personal health records (PHR). The cost of keeping health records on a hospital server grows. This is particularly true in healthcare. As a consequence, keeping PHRs in the cloud helps healthcare institutions save money on infrastructure. The proposed security solutions include an optimized rule-based fuzzy inference system (ORFIS) to determine the patient's criticality. Patients are classified into three groups (sometimes known as protective rings) based on their severity: very critical, less critical, and normal. In trials using the UCI machine learning archive, the new ORFIS outperformed existing fuzzy inference approaches in detecting the criticality of PHR. Using a graph-based access policy and anonymous authentication with a NoSQL database in a private cloud environment improves data storage and retrieval efficiency, granularity of data access, and response time.

Yogesh M Gajmal,R. Udayakumar

DOI: https://doi.org/10.1080/19393555.2021.1933270

2021-06-28

Information Security Journal: A Global Perspective

Abstract:The outsourcing of Electronic Health Records (EHR) on cloud infrastructures has enabled medical data sharing among several healthcare applications. The blockchain offers security by authenticating users with encryption methods. The collaboration with the cloud provides better management but poses threats to the privacy of the patient. This paper devises a novel blockchain-assisted framework for effective data sharing and retrieval using cloud platforms. Here, the data protection model is devised in EHR application for secure transmission. The entities in the cloud platform include data user, data owner, smart agreement, transactional blockchain, and Inter-Planetary File System (IPFS). Here, the data owner includes a data protection model to secure EHR in which secured EHR is transferred to IPFS before sharing with the data user. The data protection is done by preserving data privacy using Tracy-Singh product and proposed Conditional Autoregressive Value at risk (CAViaR)-based Bird swarm algorithm (CAViaR-based BSA) combination of BSA and CAViaR for generating optimal privacy-preserving coefficients. The objective function is newly devised considering privacy and utility. The proposed CAViaR-based BSA outperformed other methods with minimal responsiveness of 251.339 s, maximal genuine user detection of 32.451%, maximal privacy of 96.5%, and minimal information loss of 3.5%.

Chang Xu,Ningning Wang,Liehuang Zhu,Kashif Sharif,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2019.2917186

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:The integration of wearable wireless devices and cloud computing in e-health systems has significantly improved their effectiveness and availability. Patients can upload their personal health information (PHI) files to the cloud, from where the health service providers (HSPs) can obtain appropriate information to determine the health state. This system not only reduces the costs associated to healthcare but also provides timely diagnosis to save lives. However, a number of privacy concerns arise while sharing sensitive information. In this paper, we propose a novel privacy-preserving patient health information sharing scheme, which allows HSPs to access and search PHI files in a secure yet efficient manner. We make use of the searchable encryption technique with keyword range search and multikey-word search. The proposed privacy-preserving equality test protocol allows different types of numeric comparison searches on encrypted data. We also use a variant of bloom filter and message authentication code to classify PHI files, filter false data, and check integrity of search results. The simulations on real-world and synthetic data show the feasibility and efficiency of the system, and security analysis proves the privacy-preservation properties.

Fatos Xhafa,Jingwei Li,Gansen Zhao,Jin Li,Xiaofeng Chen,Duncan S. Wong

DOI: https://doi.org/10.1007/s11042-013-1829-6

IF: 2.577

2014-01-01

Multimedia Tools and Applications

Abstract:With the development of cloud computing, electronic health record (EHR) system has appeared in the form of patient-centric, in which patients store their personal health records (PHRs) at a remote cloud server and selectively share them with physicians for convenient medical care. Although the newly emerged form has many advantages over traditional client-server model, it inevitably introduces patients’ concerns on the privacy of their PHRs due to the fact that cloud servers are very likely to be in a different trusted domain from that of the patients. In this paper, aiming at allowing for efficient storing and sharing PHRs and also eliminating patients’ worries about PHR privacy, we design a secure cloud-based EHR system, which guarantees security and privacy of medical data stored in the cloud, relying on cryptographic primitive but not the full trust over cloud servers. Based on our proposed basic EHR system, we provide several extensions including adding searchability, supporting revocation functionality and enabling efficient local decryption, which fills the gap between theoretical proposal and practical application.

Cheng Guo,Ruhan Zhuang,Yingmo Jie,Yizhi Ren,Ting Wu,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1007/s10916-016-0588-0

IF: 4.92

2016-01-01

Journal of Medical Systems

Abstract:An effectively designed e-healthcare system can significantly enhance the quality of access and experience of healthcare users, including facilitating medical and healthcare providers in ensuring a smooth delivery of services. Ensuring the security of patients’ electronic health records (EHRs) in the e-healthcare system is an active research area. EHRs may be outsourced to a third-party, such as a community healthcare cloud service provider for storage due to cost-saving measures. Generally, encrypting the EHRs when they are stored in the system (i.e. data-at-rest) or prior to outsourcing the data is used to ensure data confidentiality. Searchable encryption (SE) scheme is a promising technique that can ensure the protection of private information without compromising on performance. In this paper, we propose a novel framework for controlling access to EHRs stored in semi-trusted cloud servers (e.g. a private cloud or a community cloud). To achieve fine-grained access control for EHRs, we leverage the ciphertext-policy attribute-based encryption (CP-ABE) technique to encrypt tables published by hospitals, including patients’ EHRs, and the table is stored in the database with the primary key being the patient’s unique identity. Our framework can enable different users with different privileges to search on different database fields. Differ from previous attempts to secure outsourcing of data, we emphasize the control of the searches of the fields within the database. We demonstrate the utility of the scheme by evaluating the scheme using datasets from the University of California, Irvine.

Man Ho Au,Tsz Hon Yuen,Joseph K. Liu,Willy Susilo,Xinyi Huang,Yang Xiang,Zoe L. Jiang

DOI: https://doi.org/10.1016/j.jcss.2017.03.002

IF: 1.043

2017-01-01

Journal of Computer and System Sciences

Abstract:Personal Health Record (PHR) has been developed as a promising solution that allows patient–doctors interactions in a very effective way. Cloud technology has been seen as the prominent candidate to store the sensitive medical record in PHR, but to date, the security protection provided is yet inadequate without impacting the practicality of the system. In this paper, we provide an affirmative answer to this problem by proposing a general framework for secure sharing of PHRs. Our system enables patients to securely store and share their PHR in the cloud server (for example, to their carers), and furthermore the treating doctors can refer the patients' medical record to specialists for research purposes, whenever they are required, while ensuring that the patients' information remain private. Our system also supports cross domain operations (e.g., with different countries regulations).

Hassan Mansur Hussien,Sharifah Md Yasin,Nur Izura Udzir,Mohd Izuan Hafez Ninggal

DOI: https://doi.org/10.3390/s21072462

2021-04-02

Abstract:Blockchain technology provides a tremendous opportunity to transform current personal health record (PHR) systems into a decentralised network infrastructure. However, such technology possesses some drawbacks, such as issues in privacy and storage capacity. Given its transparency and decentralised features, medical data are visible to everyone on the network and are inappropriate for certain medical applications. By contrast, storing vast medical data, such as patient medical history, laboratory tests, X-rays, and MRIs, significantly affect the repository storage of blockchain. This study bridges the gap between PHRs and blockchain technology by offloading the vast medical data into the InterPlanetary File System (IPFS) storage and establishing an enforced cryptographic authorisation and access control scheme for outsourced encrypted medical data. The access control scheme is constructed on the basis of the new lightweight cryptographic concept named smart contract-based attribute-based searchable encryption (SC-ABSE). This newly cryptographic primitive is developed by extending ciphertext-policy attribute-based encryption (CP-ABE) and searchable symmetric encryption (SSE) and by leveraging the technology of smart contracts to achieve the following: (1) efficient and secure fine-grained access control of outsourced encrypted data, (2) confidentiality of data by eliminating trusted private key generators, and (3) multikeyword searchable mechanism. Based on decisional bilinear Diffie-Hellman hardness assumptions (DBDH) and discrete logarithm (DL) problems, the rigorous security indistinguishability analysis indicates that SC-ABSE is secure against the chosen-keyword attack (CKA) and keyword secrecy (KS) in the standard model. In addition, user collusion attacks are prevented, and the tamper-proof resistance of data is ensured. Furthermore, security validation is verified by simulating a formal verification scenario using Automated Validation of Internet Security Protocols and Applications (AVISPA), thereby unveiling that SC-ABSE is resistant to man-in-the-middle (MIM) and replay attacks. The experimental analysis utilised real-world datasets to demonstrate the efficiency and utility of SC-ABSE in terms of computation overhead, storage cost and communication overhead. The proposed scheme is also designed and developed to evaluate throughput and latency transactions using a standard benchmark tool known as Caliper. Lastly, simulation results show that SC-ABSE has high throughput and low latency, with an ultimate increase in network life compared with traditional healthcare systems.

Fuhu Deng,Yali Wang,Li Peng,Hu Xiong,Ji Geng,Zhiguang Qin

DOI: https://doi.org/10.1109/access.2018.2843778

IF: 3.9

2018-01-01

IEEE Access

Abstract:Personal health record (PHR) is a patient-centric model of health information exchange, which greatly facilitates the storage, access, and share of personal health information. In order to share the valuable resources and reduce the operational cost, the PHR service providers would like to store the PHR applications and health information data in the cloud. The private health information may be exposed to unauthorized organizations or individuals since the patient lost the physical control of their health information. Ciphertext-policy attribute-based signcryption is a promising solution to design a cloud-assisted PHR secure sharing system. It provides fine-grained access control, confidentiality, authenticity, and sender privacy of PHR data. However, a large number of pairing and modular exponentiation computations bring heavy computational overhead during designcryption process. In order to reconcile the conflict of high computational overhead and low efficiency in the designcryption process, an outsourcing scheme is proposed in this paper. In our scheme, the heavy computations are outsourced to ciphertext transformed server, only leaving a small computational overhead for the PHR user. At the same time, the extra communication overhead in our scheme is actually tolerable. Furthermore, theoretical analysis and the desired securing properties including confidentiality, unforgeability, and verifiability have been proved formally in the random oracle model. Experimental evaluation indicates that the proposed scheme is practical and feasible.

Mamta,Brij B. Gupta,Kuan-Ching Li,Victor C. M. Leung,Kostas E. Psannis,Shingo Yamaguchi

DOI: https://doi.org/10.1109/jas.2021.1004003

2021-12-01

IEEE/CAA Journal of Automatica Sinica

Abstract:The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality. The privacy of health data can only be preserved by keeping it in an encrypted form, but it affects usability and flexibility in terms of effective search. Attribute-based searchable encryption (ABSE) has proven its worth by providing fine-grained searching capabilities in the shared cloud storage. However, it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations. In a healthcare cloud-based cyber-physical system (CCPS), the data is often collected by resource-constraint devices; therefore, here also, we cannot directly apply ABSE schemes. In the proposed work, the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network. Thus, it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS. With the assistance of blockchain technology, the proposed scheme offers two main benefits. First, it is free from a trusted authority, which makes it genuinely decentralized and free from a single point of failure. Second, it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network. Specifically, the task of initializing the system, which is considered the most computationally intensive, and the task of partial search token generation, which is considered as the most frequent operation, is now the responsibility of the consensus nodes. This eliminates the need of the trusted authority and reduces the burden of data users, respectively. Further, in comparison to existing decentralized fine-grained searchable encryption schemes, the proposed scheme has achieved a significant reduction i- storage and computational cost for the secret key associated with users. It has been verified both theoretically and practically in the performance analysis section.

Abdalla Hadabi,Zheng Qu,Mohammed Amoon,Chien-Ming Chen,Saru Kumari,Hu Xiong

DOI: https://doi.org/10.1016/j.compeleceng.2024.109373

IF: 4.152

2024-06-22

Computers & Electrical Engineering

Abstract:The security of Personal Health Records (PHRs) within the Internet of Medical Things (IoMT) infrastructure is a pressing issue in the healthcare sector. Edge-based IoMT devices like smart wearables and implantables often acquire PHRs. Cloud computing plays a vital role in handling computing and storage tasks for edge-based IoMT devices. However, concerns about trust with cloud servers require the use of encryption, which may complicate the retrieval of encrypted PHRs from the cloud. This paper presents certificateless public key encryption with plaintext-checkable encryption (CL-PKE-PCE). CL-PKE-PCE enables searching for encrypted data using plaintext keywords while eliminating key escrow and certificate management issues. The CL-PKE-PCE scheme facilitates the verification of ciphertexts against plaintexts without the need for decryption, thereby maintaining data privacy. Furthermore, the security of the proposed CL-PKE-PCE scheme has been substantiated under the bilinear Diffie–Hellman assumption. Compared to similar work, it efficiently lowers calculation costs for encryption, decryption, and search algorithms by 63.66%, 51.17%, and 61.62%, respectively. The findings demonstrate that the CL-PKE-PCE is simultaneously secure and efficient, affirming its suitability for edge-based IoMT scenarios.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Mehedi Masud,Gurjot Singh Gaba,Karanjeet Choudhary,Roobaea Alroobaea,M Shamim Hossain

DOI: https://doi.org/10.1007/s12083-021-01162-x

Abstract:Traditional healthcare services have transitioned into modern healthcare services where doctors remotely diagnose the patients. Cloud computing plays a significant role in this change by providing easy access to patients' medical records to all stakeholders, such as doctors, nurses, patients, life insurance agents, etc. Cloud services are scalable, cost-effective, and offer a broad range of mobile access to patients' electronic health record (EHR). Despite the cloud's enormous benefits like real-time data access, patients' EHR security and privacy are major concerns. Since the information about patients' health is highly sensitive and crucial, sharing it over the unsecured wireless medium brings many security challenges such as eavesdropping, modifications, etc. Considering the security needs of remote healthcare, this paper proposes a robust and lightweight, secure access scheme for cloud-based E-healthcare services. The proposed scheme addresses the potential threats to E-healthcare by providing a secure interface to stakeholders and prohibiting unauthorized users from accessing information stored in the cloud. The scheme makes use of multiple keys formed through the key derivation function (KDF) to ensure end-to-end ciphering of information for preventing misuse. The rights to access the cloud services are provided based on the identity and the association between stakeholders, thus ensuring privacy. Due to its simplicity and robustness, the proposed scheme is the best fit for protecting data security and privacy in cloud-based E-healthcare services.

Fatos Xhafa,Jianglang Feng,Yinghui Zhang,Xiaofeng Chen,Jin Li

DOI: https://doi.org/10.1007/s11227-014-1253-3

2014-01-01

Abstract:As an emerging patient-centric model of health information exchange, personal health record (PHR) is often outsourced to be stored at a third party. The value of PHR data is its long-term cumulative record relevant with personal health which can be significant in the future when faced with disease occurrences. As a promising public key primitive, attribute-based encryption (ABE) has been used to design PHR sharing systems. However, the existing solutions fail to achieve several important security objectives, that is, no need for a single authority to issue private keys to all PHR users, user access privacy protection, and user accountability. In this paper, we propose a multi-authority ciphertext-policy ABE scheme with user accountability and apply it to design an attribute-based PHR sharing system. In the proposed solution, the access policy is hidden and hence user access privacy is protected. In particular, the global identity of a misbehaving PHR user who leaked the decryption key to other unauthorized users can be traced, and thus the trust assumptions on both the authorities and the PHR users are reduced. Extensive analysis shows that the proposed scheme is provably secure and efficient.

Yu Lin,Lingling Xu,Wanhua Li,Zhiwei Sun

DOI: https://doi.org/10.1155/2021/9023141

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:A personal health record (PHR) is an electronic application which enables patients to collect and share their health information. With the development of cloud computing, many PHR services have been outsourced to cloud servers. Cloud computing makes it easier for patients to manage their personal health records and makes it easier for doctors and researchers to share and access this information. However, due to the high sensitivity of PHR, a series of security protections are needed to protect them, such as encryption and access control. In this article, we propose an attribute set-based Boolean keyword search scheme, which can realize fine-grained access control and Boolean keyword search over encrypted PHR. Compared with the existing attribute-based searchable encryption, our solution can not only improve the flexibility in specifying access policies but also perform Boolean keyword search, which can meet the needs of large-scale PHR users. Furthermore, we simulate our scheme, and the experimental results show that our scheme is practical for PHR systems in cloud computing.