Han Qiu,Meikang Qiu,Meiqin Liu,Gerard Memmi

DOI: https://doi.org/10.1109/jbhi.2020.2973467

IF: 7.7

2020-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:The recent spades of cyber attacks have compromised end-users' data security and privacy in Medical Cyber-Physical Systems (MCPS) in the era of Health 4.0. Traditional standard encryption algorithms for data protection are designed based on a viewpoint of system architecture rather than a viewpoint of end-users. As such encryption algorithms are transferring the protection on the data to the protection on the keys, data safety, and privacy will be compromised once the key is exposed. In this paper, we propose a secure data storage and sharing method consisted of a selective encryption algorithm combined with fragmentation and dispersion to protect the data safety and privacy even when both transmission media (e.g. cloud servers) and keys are compromised. This method is based on a user-centric design that protects the data on a trusted device such as the end-users' smartphone and lets the end-user control the access for data sharing. We also evaluate the performance of the algorithm on a smartphone platform to prove efficiency.

Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Yangyang Bao,Weidong Qiu,Xiaochun Cheng

DOI: https://doi.org/10.1111/exsy.13220

IF: 3.3

2023-01-01

Expert Systems

Abstract:Medical cyber-physical systems (CPS) provide the possibility for real-time health monitoring of patients and flexible diagnostic services based on expert systems by collaboratively integrating and connecting various physical devices including sensors, terminals, and cloud infrastructure. However, the ubiquitous security threats in cyberspace have raised concerns about data security and user privacy. Although related works propose to protect data security and user privacy with cryptographic protocols, their heavy computational and storage overheads incur performance and battery life challenges for resource-constrained devices in the healthcare CPS. This article proposes an energy-saving and privacy-preserving data sharing (ESPPDS) scheme to address the challenge. ESPPDS inherits the anonymous fine-grained access control from attribute-based encryption (ABE) while protecting data integrity and supporting efficient user revocation. We also eliminate the repetitive computations of ciphertext components by utilizing the online/ offline encryption technology, and design a subtle and secure trick to delegate the decryption operations to the edge device, thereby reducing the computational overheads of the resource-constrained devices. We then show the security proof, and discuss the construction in the untrusted/ compromised server setting. The comparison and experiment indicate that ESPPDS is practical and more efficient than related schemes.

Qinlong Huang,Licheng Wang,Yixian Yang

DOI: https://doi.org/10.1155/2017/6426495

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:Mobile healthcare social networks (MHSN) integrated with connected medical sensors and cloud-based health data storage provide preventive and curative health services in smart cities. The fusion of social data together with real-time health data facilitates a novel paradigm of healthcare big data analysis. However, the collaboration of healthcare and social network service providers may pose a series of security and privacy issues. In this paper, we propose a secure health and social data sharing and collaboration scheme in MHSN. To preserve the data privacy, we realize secure and fine-grained health data and social data sharing with attribute-based encryption and identity-based broadcast encryption techniques, respectively, which allows patients to share their private personal data securely. In order to achieve enhanced data collaboration, we allow the healthcare analyzers to access both the reencrypted health data and the social data with authorization from the data owner based on proxy reencryption. Specifically, most of the health data encryption and decryption computations are outsourced from resource-constrained mobile devices to a health cloud, and the decryption of the healthcare analyzer incurs a low cost. The security and performance analysis results show the security and efficiency of our scheme.

Chanying Huang,Kedong Yan,Songjie Wei,Dong Hoon Lee

DOI: https://doi.org/10.1109/pic.2017.8359554

2017-01-01

Abstract:Personal Health Records (PHR) is patient-centric healthcare system, which allows patients to control who can get access to their health records and which section of the record can be accessed. Hot issues such as access control, patients control degree, and privacy protection, etc. are still the challenging concerns while designing a secure PHR system.In this paper, we propose dsPPS, a secure integrated PHR framework(from health data collection to health data sharing) that meets patients' full control of their PHR and sufficient privacy preservation. Specifically, dsPPS provides two schemes: Biometric-Based secure health data Collection (BBC) scheme and Attribute-Based health record Accessing (ABA) scheme. While BBC scheme enables patients to collect their scattered health data from multiple typical health systems securely and efficiently, the ABA scheme allows users (health systems) access to the PHR server with their sensitive attributes being protected. Comprehensive analysis is conducted to show the security of dsPPS against typical attacks. In addition, experiments in both smart phone and PC (Intel) platforms demonstrate that dsPPS produces reasonable performance in terms of storage, communication and computational overheads.

Ovunc Kocabas,Tolga Soyata,Mehmet K Aktas

DOI: https://doi.org/10.1109/TCBB.2016.2520933

Abstract:The following decade will witness a surge in remote health-monitoring systems that are based on body-worn monitoring devices. These Medical Cyber Physical Systems (MCPS) will be capable of transmitting the acquired data to a private or public cloud for storage and processing. Machine learning algorithms running in the cloud and processing this data can provide decision support to healthcare professionals. There is no doubt that the security and privacy of the medical data is one of the most important concerns in designing an MCPS. In this paper, we depict the general architecture of an MCPS consisting of four layers: data acquisition, data aggregation, cloud processing, and action. Due to the differences in hardware and communication capabilities of each layer, different encryption schemes must be used to guarantee data privacy within that layer. We survey conventional and emerging encryption schemes based on their ability to provide secure storage, data sharing, and secure computation. Our detailed experimental evaluation of each scheme shows that while the emerging encryption schemes enable exciting new features such as secure sharing and secure computation, they introduce several orders-of-magnitude computational and storage overhead. We conclude our paper by outlining future research directions to improve the usability of the emerging encryption schemes in an MCPS.

Haoyang Wang,Kai Fan,Kuan Zhang,Zilong Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2021.3081456

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Research on mobile cyber–physical systems (MCPSs) that have the superiorities of cyber–physical systems (CPSs) and expand their application range has become a trend in recent years. The applications of MCPS in fields, such as intelligent transportation systems, smart home appliances, and mobile education, have also become increasingly mature. However, MCPS also has some shortcomings that need to be solved urgently. Sensors carried on mobile devices collect data and upload huge amounts of data to the cloud for statistics and analysis. Mobile devices need to directly interact with the cloud, causing both parties to bear huge computing and communication costs. Since the interaction process includes data sharing and storage, it is particularly important to protect the data itself and the security of sharing. Searchable encryption ensures the safety of communication among the MPEs and the cloud, while protecting the privacy of data on the cloud. However, the existing searchable encryption technology cannot provide efficient and reliable data storage and sharing services for MPEs in MCPS under the premise of ensuring security. In this article, we present a secure and efficient data sharing and privacy protection scheme in MCPS on the basis of the edge computing model (NESPS). Meanwhile, the introduction of edge computing (EC) significantly reduces the communication consumption between the device and the cloud. Furthermore, attribute-based encryption (ABE) enables the NESPS to achieve fine-grained management of device authorities. Moreover, we have carried out security analysis and simulation on the NESPS, the results demonstrate that the NESPS meets the proposed requirements.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chang Xu,Ningning Wang,Liehuang Zhu,Kashif Sharif,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2019.2917186

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:The integration of wearable wireless devices and cloud computing in e-health systems has significantly improved their effectiveness and availability. Patients can upload their personal health information (PHI) files to the cloud, from where the health service providers (HSPs) can obtain appropriate information to determine the health state. This system not only reduces the costs associated to healthcare but also provides timely diagnosis to save lives. However, a number of privacy concerns arise while sharing sensitive information. In this paper, we propose a novel privacy-preserving patient health information sharing scheme, which allows HSPs to access and search PHI files in a secure yet efficient manner. We make use of the searchable encryption technique with keyword range search and multikey-word search. The proposed privacy-preserving equality test protocol allows different types of numeric comparison searches on encrypted data. We also use a variant of bloom filter and message authentication code to classify PHI files, filter false data, and check integrity of search results. The simulations on real-world and synthetic data show the feasibility and efficiency of the system, and security analysis proves the privacy-preservation properties.

Ji-Jiang Yang,Jian-Qiang Li,Yu Niu

DOI: https://doi.org/10.1016/j.future.2014.06.004

IF: 7.307

2014-01-01

Future Generation Computer Systems

Abstract:Storing and sharing of medical data in the cloud environment, where computing resources including storage is provided by a third party service provider, raise serious concern of individual privacy for the adoption of cloud computing technologies. Existing privacy protection researches can be classified into three categories, i.e., privacy by policy, privacy by statistics, and privacy by cryptography. However, the privacy concerns and data utilization requirements on different parts of the medical data may be quite different. The solution for medical dataset sharing in the cloud should support multiple data accessing paradigms with different privacy strengths. The statistics or cryptography technology alone cannot enforce the multiple privacy demands, which blocks their application in the real-world cloud. This paper proposes a practical solution for privacy preserving medical record sharing for cloud computing. Based on the classification of the attributes of medical records, we use vertical partition of medical dataset to achieve the consideration of different parts of medical data with different privacy concerns. It mainly includes four components, i.e., (1) vertical data partition for medical data publishing, (2) data merging for medical dataset accessing, (3) integrity checking, and (4) hybrid search across plaintext and ciphertext, where the statistical analysis and cryptography are innovatively combined together to provide multiple paradigms of balance between medical data utilization and privacy protection. A prototype system for the large scale medical data access and sharing is implemented. Extensive experiments show the effectiveness of our proposed solution.

Wenjuan Tang,Ju Ren,Kuan Zhang,Deyu Zhang,Yaoxue Zhang,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1145/3341104

IF: 5

2019-01-01

ACM Transactions on Intelligent Systems and Technology

Abstract:Pervasive data collected from e-healthcare devices possess significant medical value through data sharing with professional healthcare service providers. However, health data sharing poses several security issues, such as access control and privacy leakage, as well as faces critical challenges to obtain efficient data analysis and services. In this article, we propose an efficient and privacy-preserving fog-assisted health data sharing (PFHDS) scheme for e-healthcare systems. Specifically, we integrate the fog node to classify the shared data into different categories according to disease risks for efficient health data analysis. Meanwhile, we design an enhanced attribute-based encryption method through combination of a personal access policy on patients and a professional access policy on the fog node for effective medical service provision. Furthermore, we achieve significant encryption consumption reduction for patients by offloading a portion of the computation and storage burden from patients to the fog node. Security discussions show that PFHDS realizes data confidentiality and fine-grained access control with collusion resistance. Performance evaluations demonstrate cost-efficient encryption computation, storage and energy consumption.

Cheng Guo,Pengxu Tian,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/tii.2020.2995228

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:Wearable body area network is a key component of the modern-day e-healthcare system (e.g., telemedicine), particularly as the number and types of wearable medical monitoring systems increase. The importance of such systems is reinforced in the current COVID-19 pandemic. In addition to the need for a secure collection of medical data, there is also a need to process data in real-time. In this article, we design an improved symmetric homomorphic cryptosystem and a fog-based communication architecture to support delay- or time-sensitive monitoring and other-related applications. Specifically, medical data can be analyzed at the fog servers in a secure manner. This will facilitate decision making, for example, allowing relevant stakeholders to detect and respond to emergency situations, based on real-time data analysis. We present two attack games to demonstrate that our approach is secure (i.e., chosen-plaintext attack resilience under the computational Diffie-Hellman assumption), and evaluate the complexity of its computations. A comparative summary of its performance and three other related approaches suggests that our approach enables privacy-assured medical data aggregation, and the simulation experiments using Microsoft Azure further demonstrate the utility of our scheme.

Qinlong Huang,Wei Yue,Yue He,Yixian Yang

DOI: https://doi.org/10.1109/access.2018.2852784

IF: 3.9

2018-01-01

IEEE Access

Abstract:Cloud computing and social networks are changing the way of healthcare by providing realtime data sharing in a cost-effective manner. However, data security issue is one of the main obstacles to the wide application of mobile healthcare social networks (MHSNs), since health information is considered to be highly sensitive. In this paper, we introduce a secure data sharing and profile matching scheme for the MHSN in cloud computing. The patients can outsource their encrypted health records to cloud storage with an identity-based broadcast encryption technique, and share them with a group of doctors in a secure and efficient manner. We then present an attribute-based conditional data re-encryption construction which permits the doctors who satisfy the pre-defined conditions in the ciphertext to authorize the cloud platform to convert a ciphertext into a new ciphertext of an identity-based encryption scheme for specialist without leaking any sensitive information. Furthermore, we provide a profile matching mechanism in the MHSN based on identity-based encryption with an equality test, which helps patients to find friends in a privacy-preserving way and achieves flexible authorization on the encrypted health records with resisting the keywords guessing attack. Moreover, this mechanism reduces the computation cost on the patient side. The security analysis and experimental evaluation show that our scheme is practical for protecting the data security and privacy in the MHSN.

Yinghui Zhang,Jin Li,Dong Zheng,Xiaofeng Chen,Hui Li

DOI: https://doi.org/10.1007/s00779-017-1047-8

2017-01-01

Personal and Ubiquitous Computing

Abstract:As a more ubiquitous concept, smart health (shealth) is the context-aware complement of mobile health within smart cities, and it has made an increasing number of people turn to cloud-based services. In a practical s-health system, security and privacy issues are of great importance and have to be addressed. In this paper, we propose a secure s-health system which realizes fine-grained access control on s-health cloud data and hence ensures users' privacy protection. The key technique is a promising cryptographic primitive called ciphertext-policy attributebased encryption. In order to trace malicious behaviors in the proposed s-health system, two kinds of key abuse problems are considered: malicious key sharing among colluding users and key escrow problem of the semi-trusted authority. In the proposed s-health system, any malicious behavior of a user including illegal key sharing can be traced. For the semi-trusted authority, it can be accountable for its misbehavior including illegal key re-distribution. Particularly, the proposed system supports large universe and attributes do not need to be pre-specified during the system initialization phase. Besides, our system is proven fully secure in the random oracle model and it allows any monotonic access policies. Theoretical analysis and experimental results indicate that the proposed s-health system is suitable for smart city environment.

Jihyeon Oh,Seunghwan Son,DeokKyu Kwon,Myeonghyun Kim,Yohan Park,Youngho Park

DOI: https://doi.org/10.3390/math12111717

IF: 2.4

2024-05-31

Mathematics

Abstract:Medical data sharing is pivotal in enhancing accessibility and collaboration among healthcare providers, researchers, and institutions, ultimately leading to enhanced patient outcomes and more efficient healthcare delivery. However, due to the sensitive nature of medical information, ensuring both privacy and confidentiality is paramount. Access control-based data sharing methods have been explored to address these issues, but data privacy concerns still remain. Therefore, this paper proposes a secure and privacy-preserving data sharing scheme that achieves an equilibrium between data confidentiality and privacy. By leveraging key aggregate encryption and private set intersection techniques, our scheme ensures secure data sharing while protecting against the exposure of sensitive information related to data. We conduct informal and formal security analyses, including Burrow–Abadi–Needham logic and Scyther, to demonstrate its resilience against potential adversarial attacks. We also implement the execution time for cryptographic operations using multiprecision integer and a rational arithmetic cryptographic library and perform comparative analysis with existing related schemes in terms of security, computational cost, and time complexity. Our findings demonstrate a high level of security and efficiency, demonstrating that the proposed scheme contributes to the field by providing a solution that protects data privacy while enabling secure and flexible sharing of medical data.

mathematics

Wenjuan Tang,Kuan Zhang,Ju Ren,Yaoxue Zhang,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/glocom.2017.8254989

2017-01-01

Abstract:With the advancements of electronic medical equipment, e-healthcare system becomes a promising paradigm to continuously monitor health conditions and remotely diagnose phenomena. Meanwhile, it generates a large volume of health data and poses several security challenges, such as access control and privacy leakage. In this paper, we propose a lightweight and privacy- preserving fog-assisted information sharing scheme (PFHD) for health big data. Specifically, we integrate fog computing into e-healthcare system to pre-process the raw health data and improve the efficiency of health data analysis. Furthermore, to prevent privacy leakage, we design a hierarchical attribute-based encryption method by encrypting the profile and health data with different access policies. In addition, we reduce the computation cost on devices by offloading health data encryption from devices to fog servers. Security discussions show that PFHD can achieve fine- grained health data sharing with privacy preservation. Performance evaluations demonstrate the efficiency of PFHD, especially in terms of encryption computation and storage costs.

Zhangtan Li,Liang Cheng,Yang Zhang,Dengguo Feng

DOI: https://doi.org/10.1007/978-3-030-86130-8_10

2021-01-01

Abstract:The Medical Cyber-Physical System (MCPS) holds the promise of reducing human errors and optimizing healthcare by integrating medical devices, applications and network. MCPS utilizes high-level supervisory and low-level communication middleware to enable medical devices to interoperate efficiently. Despite the benefits provided by MCPS, the integration of clinical information also brings new threats for the clinical data. In this paper, we performed a study on security and safety risks in MCPS's networks. We systematically analyzed different attack surfaces on MCPS's networks based on misuse and abuse of clinical data. We successfully performed end-to-end attacks based on OpenICE, a popular MCPS prototype, and demonstrated the clinical risks of these attacks and the design flaws in OpenICE. We further proposed a Topic-based access control model with Break-The-Glass feature to provide fine-grained access control for clinical data. We implemented the model in two MCPS prototypes, and evaluated its effectiveness and efficiency.

Liming Fang,Changchun Yin,Juncen Zhu,Chunpeng Ge,M. Tanveer,Alireza Jolfaei,Zehong Cao

DOI: https://doi.org/10.1145/3408322

2021-01-21

Abstract:In virtue of advances in smart networks and the cloud computing paradigm, smart healthcare is transforming. However, there are still challenges, such as storing sensitive data in untrusted and controlled infrastructure and ensuring the secure transmission of medical data, among others. The rapid development of watermarking provides opportunities for smart healthcare. In this article, we propose a new data-sharing framework and a data access control mechanism. The applications are submitted by the doctors, and the data is processed in the medical data center of the hospital, stored in semi-trusted servers to support the selective sharing of electronic medical records from different medical institutions between different doctors. Our approach ensures that privacy concerns are taken into account when processing requests for access to patients’ medical information. For accountability, after data is modified or leaked, both patients and doctors must add digital watermarks associated with their identification when uploading data. Extensive analytical and experimental results are presented that show the security and efficiency of our proposed scheme.

Shunrong Jiang,Xiaoyan Zhu,Liangmin Wang

DOI: https://doi.org/10.3390/s150922419

IF: 3.9

2015-01-01

Sensors

Abstract:Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients’ full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs.

Shu-Di Bao,Yang Lu,Yan-Kai Yang,Chun-Yan Wang,Meng Chen,Guang-Zhong Yang

DOI: https://doi.org/10.1109/ICC.2015.7248367

2015-01-01

Abstract:With increasing use of cloud storage for healthcare applications, potential security risks and the need for enhanced security solutions are becoming a pressing issue for clinical adoption. In this paper, a data partitioning and scrambling method at the application layer is proposed for healthcare data, where a tiny part of the original data is used to scramble the remaining data without any cryptographic key, and the former is kept locally while the latter under extra protection is sent to cloud platforms. Theoretical and experimental analyses have been carried out to demonstrate the security performance of the proposed method, which can be easily deployed in any existing communication systems as an add-on for security.

Jinyuan Sun,Xiaoyan Zhu,Chi Zhang,Yuguang Fang

DOI: https://doi.org/10.1109/icdcs.2011.83

2011-01-01

Abstract:Privacy concern is arguably the major barrier that hinders the deployment of electronic health record (EHR) systems which are considered more efficient, less error-prone, and of higher availability compared to traditional paper record systems. Patients are unwilling to accept the EHR system unless their protected health information (PHI) containing highly confidential data is guaranteed proper use and disclosure, which cannot be easily achieved without patients' control over their own PHI. However, cautions must be taken to handle emergencies in which the patient may be physically incompetent to retrieve the controlled PHI for emergency treatment. In this paper, we propose a secure EHR system, HCPP (Healthcare system for Patient Privacy), based on cryptographic constructions and existing wireless network infrastructures, to provide privacy protection to patients under any circumstances while enabling timely PHI retrieval for life-saving treatment in emergency situations. Furthermore, our HCPP system restricts PHI access to authorized (not arbitrary) physicians, who can be traced and held accountable if the accessed PHI is found improperly disclosed. Last but not least, HCPP leverages wireless network access to support efficient and private storage/retrieval of PHI, which underlies a secure and feasible EHR system.