Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Xuejiao Liu,Yingjie Xia,Wei Yang,Fengli Yang

DOI: https://doi.org/10.1016/j.neucom.2016.06.100

IF: 6

2018-01-01

Neurocomputing

Abstract:Information seeking is becoming an indispensable activity in daily life, especially in the medical cloud. Body Area Network (BAN) is becoming more and more popular with respect to the development and popularity of mobile devices. People are starting to back up the medical data to cloud, make data accessible by the doctors from almost anywhere using mobile terminals. In this paper, we present an efficient and secure fine-grained access control scheme which not only achieves authorized users to access the records in cloud storage, but also supports a small set of physicians to write on the records. In order to improve the efficiency, we put forward a novel technique called match-then-decrypt, which is used to perform the decryption test without decryption. Also, the scheme outsources bilinear pairing operations to a gateway without revealing the data content, and thus largely eliminates this overhead for users to a great extent. The performance assessments demonstrate the efficiency of our proposed solution in terms of computation, communication, and storage.

Yong Yu,Yafang Zhang,Jianbing Ni,Man Ho Au,Lanxiang Chen,Hongyu Liu

DOI: https://doi.org/10.1016/j.future.2014.10.006

IF: 7.307

2015-01-01

Future Generation Computer Systems

Abstract:Cloud storage allows users to enjoy the on-demand and high quality data storage services without the load of local data maintenance. However, the cloud server providers are not fully trusted. Whether the data over cloud servers are intact becomes a major concern of data owners. To offer cloud users with the capacity of data integrity verification, recently, Chen proposed a remote data possession checking (RDPC) protocol from algebraic signatures which achieves many desirable features such as high efficiency, short length of challenges and responses, non-block verification. Unfortunately, in this paper, we find that the protocol is vulnerable to replay attack and deletion attack launched by a dishonest server. Specifically, the server can deceive the users to believe that their data are well hold by replaying a previous evidence or re-constructing the deleted data blocks from the corresponding tags in the integrity checking process, while their data have been partially discarded in fact. Then, we present an improved scheme to fix the security flaws of the original protocol. Both the theoretical analysis and the implementation results show that the improvement is secure and practical.

Yiteng Feng,Yi Mu,Guomin Yang,Joseph K. Liu

DOI: https://doi.org/10.1007/978-3-319-19962-7_22

2015-01-01

Abstract:With a cloud storage, users can store their data files on a remote cloud server with a high quality on-demand cloud service and are able to share their data with other users. Since cloud servers are not usually regarded as fully trusted and the cloud data can be shared amongst users, the integrity checking of the remote files has become an important issue. A number of remote data integrity checking protocols have been proposed in the literature to allow public auditing of cloud data by a third party auditor (TPA). However, user privacy is not taken into account in most of the existing protocols. We believe that preserving the anonymity (i.e., identity privacy) of the data owner is also very importa nt in many applications. In this paper, we propose a new remote integrity checking scheme which allows the cloud server to protect the identity information of the data owner against the TPA. We also define a formal security model to capture the requirement of user anonymity, and prove the anonymity as well as the soundness of the proposed scheme.

Man Ho Au,Tsz Hon Yuen,Joseph K. Liu,Willy Susilo,Xinyi Huang,Yang Xiang,Zoe L. Jiang

DOI: https://doi.org/10.1016/j.jcss.2017.03.002

IF: 1.043

2017-01-01

Journal of Computer and System Sciences

Abstract:Personal Health Record (PHR) has been developed as a promising solution that allows patient–doctors interactions in a very effective way. Cloud technology has been seen as the prominent candidate to store the sensitive medical record in PHR, but to date, the security protection provided is yet inadequate without impacting the practicality of the system. In this paper, we provide an affirmative answer to this problem by proposing a general framework for secure sharing of PHRs. Our system enables patients to securely store and share their PHR in the cloud server (for example, to their carers), and furthermore the treating doctors can refer the patients' medical record to specialists for research purposes, whenever they are required, while ensuring that the patients' information remain private. Our system also supports cross domain operations (e.g., with different countries regulations).

Ji-Jiang Yang,Jian-Qiang Li,Yu Niu

DOI: https://doi.org/10.1016/j.future.2014.06.004

IF: 7.307

2014-01-01

Future Generation Computer Systems

Abstract:Storing and sharing of medical data in the cloud environment, where computing resources including storage is provided by a third party service provider, raise serious concern of individual privacy for the adoption of cloud computing technologies. Existing privacy protection researches can be classified into three categories, i.e., privacy by policy, privacy by statistics, and privacy by cryptography. However, the privacy concerns and data utilization requirements on different parts of the medical data may be quite different. The solution for medical dataset sharing in the cloud should support multiple data accessing paradigms with different privacy strengths. The statistics or cryptography technology alone cannot enforce the multiple privacy demands, which blocks their application in the real-world cloud. This paper proposes a practical solution for privacy preserving medical record sharing for cloud computing. Based on the classification of the attributes of medical records, we use vertical partition of medical dataset to achieve the consideration of different parts of medical data with different privacy concerns. It mainly includes four components, i.e., (1) vertical data partition for medical data publishing, (2) data merging for medical dataset accessing, (3) integrity checking, and (4) hybrid search across plaintext and ciphertext, where the statistical analysis and cryptography are innovatively combined together to provide multiple paradigms of balance between medical data utilization and privacy protection. A prototype system for the large scale medical data access and sharing is implemented. Extensive experiments show the effectiveness of our proposed solution.

Xiong Li,Shanpeng Liu,Rongxing Lu,Muhammad Khurram Khan,Ke Gu,Xiaosong Zhang

DOI: https://doi.org/10.1109/JBHI.2022.3140831

IF: 7.7

2022-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:The booming Internet of Things makes smart healthcare a reality, while cloud-based medical storage systems solve the problems of large-scale storage and real-time access of medical data. The integrity of medical data outsourced in cloud-based medical storage systems has become crucial since only complete data can make a correct diagnosis, and public auditing protocol is a key technique to solve this problem. To guarantee the integrity of medical data and reduce the burden of the data owner, we propose an efficient privacy-preserving public auditing protocol for the cloud-based medical storage systems, which supports the functions of batch auditing and dynamic update of data. Detailed security analysis shows that our protocol is secure under the defined security model. In addition, we have conducted extensive performance evaluations, and the results indicate that our protocol not only remarkably reduces the computational costs of both the data owner and the third-party auditor (TPA), but also significantly improves the communication efficiency between the TPA and the cloud server. Specifically, compared with other related work, the computational cost of the TPA in our protocol is negligible and the data owner saves more than 2/3 of computational cost. In addition, as the number of challenged blocks increases, our protocol saves nearly 90% of communication overhead between the TPA and the cloud server.

Caiyuan Tang,Feng Wang,Chenbin Zhao,Xiuqiang Chen

DOI: https://doi.org/10.1002/ett.4816

IF: 3.6

2023-06-21

Transactions on Emerging Telecommunications Technologies

Abstract:This image is the system model of our proposed scheme (IPAPS) and shows that our scheme includes three entires: data owner (DO), medical cloud storage server (MCSS), and third‐party auditor (TPA). In order to verify the integrity of data outsourced to the server, DO authorizes TPA to achieve the public auditing, then the authorized TPA sends verification requests to the MCSS. Finally, TPA verifies the responses returned from the MCSS and sends the result of the verification to the DO. Cloud‐based medical storage system is becoming popular. Cloud server is curious about the private information of stored cases, and the integrity of outsourced data has become increasingly concerned. Numerous public auditing protocols for the outsourced data into the cloud server were proposed. Unfortunately, in the existing protocols, some of them may neglect security to improve efficiency. Recently, Li et al. proposed an efficient privacy‐preserving public auditing protocol for cloud‐based medical storage system (EPPAP), which improved the communication efficiency by storing some of data owner's data in third part auditors, however we find that the protocol is vulnerable to collusion attack and replace attack. In this paper, we analyze the security attacks of the existing protocol, and further propose an improved public auditing protocol for secure data storage in cloud‐based medical storage system (IPAPS). In addition, we give the formal security proof and analyze the performance of our proposed protocol. The security proof shows our protocol takes into account integrity, collusion attack and replace attack at the same time. The simulation experiments in our performance analysis show that the proposed protocol is practical.

telecommunications

Cheng Huang,Rongxing Lu,Hui Zhu,Jun Shao,Xiaodong Lin

DOI: https://doi.org/10.1145/2897845.2897870

2016-01-01

Abstract:With the evolving of ehealthcare industry, electronic health records (EHRs), as one of the digital health records stored and managed by patients, have been regarded to provide more benefits. With the EHRs, patients can conveniently share health records with doctors and build up a complete picture of their health. However, due to the sensitivity of EHRs, how to guarantee the security and privacy of EHRs becomes one of the most important issues concerned by patients. To tackle these privacy challenges such as how to make a fine-grained access control on the shared EHRs, how to keep the confidentiality of EHRs stored in cloud, how to audit EHRs and how to find the suitable doctors for patients, in this paper, we propose a fine-grained EHRs sharing scheme via similarity-based recommendation accelerated by Locality Sensitive Hashing (LSH) in cloud-assisted ehealthcare system, called FSSR. Specifically, our proposed scheme allows patients to securely share their EHRs with some suitable doctors under fine-grained privacy access control. Detailed security analysis confirms its security prosperities. In addition, extensive simulations by developing a prototype of FSSR are also conducted, and the performance evaluations demonstrate the FSSR's effectiveness in terms of computational cost, storage and communication cost while minimizing the privacy disclosure.

Lei Yang,Qingji Zheng,Xinxin Fan

DOI: https://doi.org/10.1109/infocom.2017.8056954

2017-05-01

Abstract:The integration of cloud computing and Internet of Things (IoT) is quickly becoming the key enabler for the digital transformation of the healthcare industry by offering comprehensive improvements in patient engagements, productivity and risk mitigation. This paradigm shift, while bringing numerous benefits and new opportunities to healthcare organizations, has raised a lot of security and privacy concerns. In this paper, we present a reliable, searchable and privacy-preserving e-healthcare system, which takes advantage of emerging cloud storage and IoT infrastructure and enables healthcare service providers (HSPs) to realize remote patient monitoring in a secure and regulatory compliant manner. Our system is built upon a novel dynamic searchable symmetric encryption scheme with forward privacy and delegated verifiability for periodically generated healthcare data. While the forward privacy is achieved by maintaining an increasing counter for each keyword at an IoT gateway, the data owner delegated verifiability comes from the combination of the Bloom filter and aggregate message authentication code. Moreover, our system is able to support multiple HSPs through either data owner assistance or delegation. The detailed security analysis as well as the extensive simulations on a large data set with millions of records demonstrate the practical efficiency of the proposed system for real world healthcare applications.

Jin Sun,Lili Ren,Shangping Wang,Xiaomin Yao

DOI: https://doi.org/10.1371/journal.pone.0239946

IF: 3.7

2020-10-06

PLoS ONE

Abstract:In the medical system, the verification, preservation and synchronization of electronic medical records has always been a difficult problem, and the random dissemination of patient records will bring various risks to patient privacy. Therefore, how to achieve secure data sharing on the basis of ensuring users' personal privacy becomes the key. In recent years, blockchain has been proposed to be a promising solution to achieve data sharing with security and privacy preservation due to its advantages of immutability. So, a distributed electronic medical records searchable scheme was proposed by leveraging blockchain and smart contract technology. Firstly, we perform a hash calculation on the electronic medical data and store the corresponding value on the blockchain to ensure its integrity and authenticity. Then, we encrypt the electronic medical data and store it in the interplanetary file system which is a distributed storage protocol. These operations not only can solve centralized data store of servers of several medical institutions, but also be good at lowering stress from data store and high-frequency access to blockchain. Secondly, the encrypted keyword index information of electronic medical records was stored on the Ethereum blockchain, meanwhile a smart contract deployed in the Ethereum blockchain is used to realize keyword search instead of depending on a centralized third party. Furthermore, we use attribute-based encryption scheme to ensure that only the attributes meeting the access policy can decrypt the encrypted electronic medical records. Finally, our performance analysis and security analysis show that the scheme is secure and efficient.

Sarvesh Kumar,Mohammed Abdul Wajeed,Rajashekhar Kunabeva,Nripendra Dwivedi,Prateek Singhal,Sajjad Shaukat Jamal,Reynah Akwafo

DOI: https://doi.org/10.1155/2022/3564436

2022-03-19

Abstract:It is a new online service paradigm that allows consumers to exchange their health data. Health information management software allows individuals to control and share their health data with other users and healthcare experts. Patient health records (PHR) may be intelligently examined to predict patient criticality in healthcare systems. Unauthorized access, privacy, security, key management, and increased keyword query search time all occur when personal health records (PHR) are moved to a third-party semitrusted server. This paper presents security measures for cloud-based personal health records (PHR). The cost of keeping health records on a hospital server grows. This is particularly true in healthcare. As a consequence, keeping PHRs in the cloud helps healthcare institutions save money on infrastructure. The proposed security solutions include an optimized rule-based fuzzy inference system (ORFIS) to determine the patient's criticality. Patients are classified into three groups (sometimes known as protective rings) based on their severity: very critical, less critical, and normal. In trials using the UCI machine learning archive, the new ORFIS outperformed existing fuzzy inference approaches in detecting the criticality of PHR. Using a graph-based access policy and anonymous authentication with a NoSQL database in a private cloud environment improves data storage and retrieval efficiency, granularity of data access, and response time.

Jin Sun,Xiaojing Wang,Shangping Wang,Lili Ren

DOI: https://doi.org/10.1371/journal.pone.0207543

IF: 3.7

2018-11-29

PLoS ONE

Abstract:Fog computing can extend cloud computing to the edge of the network so as to reduce latency and network congestion. However, existing encryption schemes were rarely used in fog environment, resulting in high computational and storage overhead. Aiming at the demands of local information for terminal device and the shortcomings of cloud computing framework in supporting mobile applications, by taking the hospital scene as an example, a searchable personal health records framework with fine-grained access control in cloud-fog computing is proposed. The proposed framework combines the attribute-based encryption (ABE) technology and search encryption (SE) technology to implement keyword search function and fine-grained access control ability. When keyword index and trapdoor match are successful, the cloud server provider only returns relevant search results to the user, thus achieving a more accurate search. At the same time, the scheme is multi-authority, and the key leakage problem is solved by dividing the user secret key distribution task. Moreover, in the proposed scheme, we securely outsource part of the encryption and decryption operations to the fog node. It is effective both in local resources and in resource-constrained mobile devices. Based on the decisional q-parallel bilinear Diffie-Hellman exponent (q-DBDHE) assumption and decisional bilinear Diffie-Hellman (DBDH) assumption, our scheme is proven to be secure. Simulation experiments show that our scheme is efficient in the cloud-fog environment.

Yong Yu,Jianbing Ni,Jian Ren,Wei Wu,Lanxiang Chen,Qi Xia

DOI: https://doi.org/10.1007/978-3-319-06320-1_27

2014-01-01

Abstract:Cloud storage allows cloud users to enjoy the on-demand and high quality data storage services without the burden of local data storage and maintenance. However, the cloud servers are not necessarily fully trusted. As a consequence, whether the data stored on the cloud are intact becomes a major concern. To solve this challenging problem, recently, Chen proposed a remote data possession checking (RDPC) protocol using algebraic signatures. It achieves many desirable features such as high efficiency, small challenges and responses, non-block verification. In this paper, we find that the protocol is vulnerable to replay attack and deletion attack launched by a dishonest server. Specifically, the server can either fool the user to believe that the data is well maintained but actually only a proof of the challenge is stored, or can generate a valid response in the integrity checking process after deleting the entire file of the user. We then propose an improved scheme to fix the security flaws of the original protocol without losing the desirable features of the original protocol.

Haiping Huang,Peng Zhu,Fu Xiao,Xiang Sun,Qinglong Huang

DOI: https://doi.org/10.1016/j.cose.2020.102010

Abstract:How to alleviate the contradiction between the patient's privacy and the research or commercial demands of health data has become the challenging problem of intelligent medical system with the exponential increase of medical data. In this paper, a blockchain-based privacy-preserving scheme is proposed, which realizes secure sharing of medical data between several entities involved patients, research institutions and semi-trusted cloud servers. And meanwhile, it achieves the data availability and consistency between patients and research institutions, where zero-knowledge proof is employed to verify whether the patient's medical data meets the specific requirements proposed by research institutions without revealing patients' privacy, and then the proxy re-encryption technology is adopted to ensure that research institutions can decrypt the intermediary ciphertext. In addition, this proposal can execute distributed consensus based on PBFT algorithm for transactions between patients and research institutions according to the prearranged terms. Theoretical analysis shows the proposed scheme can satisfy security and privacy requirements such as confidentiality, integrity and availability, as well as performance evaluation demonstrates it is feasible and efficient in contrast with other typical schemes.

Yong Yu,Jianbing Ni,Man Ho Au,Hongyu Liu,Hua Wang,Chunxiang Xu

DOI: https://doi.org/10.1016/j.eswa.2014.06.027

IF: 8.5

2014-01-01

Expert Systems with Applications

Abstract:Cloud storage offers the users with high quality and on-demand data storage services and frees them from the burden of maintenance. However, the cloud servers are not fully trusted. Whether the data stored on cloud are intact or not becomes a major concern of the users. Recently, Chen et al. proposed a remote data possession checking protocol to address this issue. One distinctive feature of their protocol support data dynamics, meaning that users are allowed to modify, insert and delete their outsourced data without the need to re-run the whole protocol. Unfortunately, in this paper, we find that this protocol fails to achieve its purpose since it is vulnerable to forgery attack and replace attack launched by a malicious server. Specifically, we show how a malicious cloud server can deceive the user to believe that the entire file is well-maintained by using the meta-data related to the file alone, or with only part of the file and its meta-data. Then, we propose an improved protocol to fix the security flaws and formally proved that our proposal is secure under a well-known security model. In addition, our improvement keeps all the desirable features of the original protocol.

Chin-Ling Chen,Po-Tsun Huang,Yung-Yuan Deng,Hsing-Chung Chen,Yun-Ciao Wang

DOI: https://doi.org/10.1186/s13673-020-00221-1

2020-05-07

Abstract:Abstract As cloud computing technology matures, along with an increased application of distributed networks, increasingly larger amounts of data are being stored in the cloud, and are thus available for pervasive application. At the same time, current independent medical record systems tend to be inefficient, and most previous studies in this field fail to meet the security requirements of anonymity and unlinkability. Some proposed schemes are even vulnerable to malicious impersonation attacks. The scheme proposed in this study, therefore, combines public and private clouds in order to more efficiently and securely preserve and manage electronic medical records (EMR). In this paper, a new secure EMR authorization system is proposed, which uses elliptic curve encryption and public-key encryption, providing a health care system with both public and private cloud environments with a message authentication mechanism, allowing the secure sharing of medical resources. The analysis shows that the proposed scheme prevents known attacks, such as replay attacks, man-in-the-middle attacks and impersonation attacks, and provides user anonymity, unlinkability, integrity, non-repudiation, forward and backward security.

computer science, information systems

Chang Xu,Ningning Wang,Liehuang Zhu,Kashif Sharif,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2019.2917186

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:The integration of wearable wireless devices and cloud computing in e-health systems has significantly improved their effectiveness and availability. Patients can upload their personal health information (PHI) files to the cloud, from where the health service providers (HSPs) can obtain appropriate information to determine the health state. This system not only reduces the costs associated to healthcare but also provides timely diagnosis to save lives. However, a number of privacy concerns arise while sharing sensitive information. In this paper, we propose a novel privacy-preserving patient health information sharing scheme, which allows HSPs to access and search PHI files in a secure yet efficient manner. We make use of the searchable encryption technique with keyword range search and multikey-word search. The proposed privacy-preserving equality test protocol allows different types of numeric comparison searches on encrypted data. We also use a variant of bloom filter and message authentication code to classify PHI files, filter false data, and check integrity of search results. The simulations on real-world and synthetic data show the feasibility and efficiency of the system, and security analysis proves the privacy-preservation properties.

qiuxiang dong,zhi guan,kunlun gao,zhong chen

DOI: https://doi.org/10.1155/2015/392439

IF: 1.938

2015-01-01

International Journal of Distributed Sensor Networks

Abstract:With the growing need for the remote caring at home and the everincreasing popularity of mobile devices, more and more applications are being developed to enable remote health monitoring. Combining cloud computing with mobile technologies has enabled the healthcare service provider to offer continuous health data collection and physicians to conveniently monitor and assess users' health while they are at home. However, users' health data contain highly confidential information, and servers in the cloud are out of users' trusted domain. Therefore, users may be reluctant to take advantage of remote health monitoring systems before they make sure their data are properly protected. In this paper, we propose a secure continuous remote health monitoring system named SCRHM with the main component, a searchable encryption scheme supporting range searches for remote health monitoring system. With this scheme, remote health monitoring service provider is able to detect outliers over encrypted health parameters. Using analysis, we prove the correctness and security of the proposed scheme on privacy protection of users' health data. Via simulation experiments, we validate the performance of the proposed scheme in terms of computation and communication overhead.

Wei Tang,Xiaojun Zhang,Dawu Gu,Chao Huang,Jingting Xue,Xiangyu Liang

DOI: https://doi.org/10.1109/tcc.2024.3445430

IF: 5.697

2024-01-01

IEEE Transactions on Cloud Computing

Abstract:Encrypted medical data outsourced to cloud servers can be used for personal health certification, health monitoring, and medical research. These data are essential to support the development of the medical industry. However, the traditional peer-to-peer data-sharing paradigm can lead to data abuse by malicious data analysis centers. Moreover, the encryption used to protect users' outsourced privacy restricts the flexibility of data retrieval. Based on the modified double trapdoor cryptosystem, we propose an authorized data retrieval scheme over aggregated encrypted medical data (ADR-AED) in cloud-assisted e-healthcare systems. In ADR-AED, patients can access and decrypt personal data and authorize the data analysis center (DAC) to retrieve corresponding data. Specifically, we design an authorized retrieval-test mechanism for a group of patients to DAC. This allows DAC to extract valuable information from a threshold number of authorized users. Additionally, each patient can flexibly retrieve finegrained medical data in different periods and submit them to a doctor for diagnostic analysis. The security analysis and performance evaluation demonstrate the feasibility of ADRAED in the deployment of cloud-assisted e-healthcare systems