Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Yuyang Zhou,Liang Zhao,Yuqiao Jin,Fagen Li

DOI: https://doi.org/10.1016/j.ins.2022.05.007

IF: 8.1

2022-08-01

Information Sciences

Abstract:The wireless body area network (WBAN) provides users with real-time medical services. Meanwhile, the cloud technology provides greater storage space and computing power for medical data. Both of them have contribute to the development of telemedicine. In a cloud-assisted WBAN, the open network environment and the semi-trust cloud service providers expose the user’s private medical data to backdoor adversaries who can make exfiltration attacks, such as the algorithm substitution attack (ASA) through the process of data sharing. Therefore, it is necessary to find a secure and efficient medical data sharing scheme for the huge amount of medical data. In this paper, we first design an identity-based proxy re-encryption scheme with cryptographic reverse firewall (IBPRE-CRF), then show the application in a multiple-access telemedicine data sharing scenario. Security analysis shows that the IBPRE-CRF scheme provides chosen plaintext attack security and resists exfiltration attacks. Performance analysis shows that the IBPRE-CRF scheme has a significant communication and computational cost advantage while being resistant to exfiltration attacks in clouds. Therefore, our IBPRE-CRF scheme is suitable for telemedicine data sharing in a cloud-assisted WBAN.

computer science, information systems

Mehedi Masud,Gurjot Singh Gaba,Karanjeet Choudhary,Roobaea Alroobaea,M Shamim Hossain

DOI: https://doi.org/10.1007/s12083-021-01162-x

Abstract:Traditional healthcare services have transitioned into modern healthcare services where doctors remotely diagnose the patients. Cloud computing plays a significant role in this change by providing easy access to patients' medical records to all stakeholders, such as doctors, nurses, patients, life insurance agents, etc. Cloud services are scalable, cost-effective, and offer a broad range of mobile access to patients' electronic health record (EHR). Despite the cloud's enormous benefits like real-time data access, patients' EHR security and privacy are major concerns. Since the information about patients' health is highly sensitive and crucial, sharing it over the unsecured wireless medium brings many security challenges such as eavesdropping, modifications, etc. Considering the security needs of remote healthcare, this paper proposes a robust and lightweight, secure access scheme for cloud-based E-healthcare services. The proposed scheme addresses the potential threats to E-healthcare by providing a secure interface to stakeholders and prohibiting unauthorized users from accessing information stored in the cloud. The scheme makes use of multiple keys formed through the key derivation function (KDF) to ensure end-to-end ciphering of information for preventing misuse. The rights to access the cloud services are provided based on the identity and the association between stakeholders, thus ensuring privacy. Due to its simplicity and robustness, the proposed scheme is the best fit for protecting data security and privacy in cloud-based E-healthcare services.

Cheng Hongbing,Rong Chunming,Tan Zhenghua,Zeng Qingkai

2012-01-01

Abstract:Cloud computing will be a main information infrastructure in the future; it consists of many large datacenters which are usually geographically distributed and heterogeneous. How to design a secure data access for cloud computing platform is a big challenge. In this paper, we propose a secure data access scheme based on identity-based encryption and biometric authentication for cloud computing. Firstly, we describe the security concern of cloud computing and then propose an integrated data access scheme for cloud computing, the procedure of the proposed scheme include parameter setup, key distribution, feature template creation, cloud data processing and secure data access control. Finally, we compare the proposed scheme with other schemes through comprehensive analysis and simulation. The results show that the proposed data access scheme is feasible and secure for cloud computing.

Zhen Yan,Haipeng Qu,Xiaoshuai Zhang,Jian-Liang Xu,Xi-Jun Lin

DOI: https://doi.org/10.1016/j.sysarc.2023.102950

IF: 5.836

2023-07-22

Journal of Systems Architecture

Abstract:Cloud-based anonymous messaging systems have been widely utilized in covert conversations to enable people to anonymously exchange encrypted data in public using cryptographic techniques. Recently, Ateniese et al . proposed the identity-based matchmaking encryption (IB-ME) which provides confidentiality, anonymity and authenticity in a logical single step for such systems. However, there are two crucial and practical issues in IB-ME. On the one hand, the existing IB-MEs only achieve indistinguishability under adaptive chosen identity and plaintext attacks (IND-ID-CPA). How to structure the IB-ME with indistinguishability under adaptive chosen identity and ciphertext attacks (IND-ID-CCA) is still an open problem. On the other hand, the computational cost of the receiver is considerable when using IB-ME since the ciphertext leaks no information about its sender's and specified receiver's identities. Thus, the receiver has to attempt to match "all" ciphertexts one by one with its own decryption key and "all" potential senders' identities. To reduce such a cost of the receiver in IB-ME, it is desired for the receiver to delegate the decryption ability with respect to the potential senders to some proxies. With the proxy keys, these proxies can match the ciphertexts parallelly. Nonetheless, an obvious challenge is how to delegate such ability to a proxy without losing anonymity and authenticity to protect the privacy of both the sender and the receiver. In this paper, we propose a novel CCA-secure solution, called identity-based proxy matchmaking encryption (IB-PME) for cloud-based anonymous messaging systems, to address the foregoing issues. The security analysis and the performance evaluation demonstrate that our proposed IB-PME is highly practical.

computer science, software engineering, hardware & architecture

Xian Yong Meng,Zhong Chen,Xiang Yu Meng,Bing Sun

DOI: https://doi.org/10.4028/www.scientific.net/amm.571-572.74

2014-01-01

Applied Mechanics and Materials

Abstract:In this paper, an identity-based conditional proxy re-encryption (PRE) scheme is proposed, where a delegator provides a re-encryption key satisfying one condition to a semi-trusted proxy who can convert a ciphertext encrypted under the delegator’s public key into one that can be decrypted using the delegatee’s private key. We address the identity-based proxy re-encryption scheme, where the delegator and the delegatee request keys from a trusted party known as a key generator center (KGC), who generates private keys for delegator and delegatee based on their identities. Meanwhile, the identity-based conditional proxy re-encryption scheme satisfies the properties of PRE including unidirectionality, non-interactivity and multi-hop. Additionally, the identity-based conditional proxy re-encryption scheme is efficient in terms of both the communication cost and the computing cost, and can realize security secret sharing in cloud computing environments.

Yilei Wang,Dongjie Yan,Fagen Li,Hu Xiong

2017-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to delegate the decryption right by re-encrypting the ciphertext under the delegator’s public key to an encryption under the public key of delegatee. Fueled by the translation ability, PRE is regarded as a promising candidate to secure data sharing in a cloud environment. However, the security of the PRE will be totally destroyed in case the secret key of the delegator or the delegatee has been exposed. Despite the key exposure seems inevitable, the PRE scheme with resistance against secret key leakage has never been presented before. To deal with this intractable problem, we propose a key-insulated proxy reencryption (KIPRE) scheme by incorporating the mechanisms of PRE and key-insulated cryptosystem. In the proposed scheme, the lifetime of the secret key associated with the user, i.e., the delegator or the delegatee, has been divided into several periods. In each time period, the user can interact with his/her physically-secure but computation-limited helper to update his/her temporary secret key. On the contrary, the public keys of the users remained unchanged during the whole lifetime of the system. We then apply our KIPRE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds with resilience to the key exposure. The performance evaluation and the security analysis demonstrate that our scheme is efficient and practical.

Irshad Ahmed Abbasi,Saeed Ullah Jan,Abdulrahman Saad Alqahtani,Adnan Shahid Khan,Fahad Algarni

DOI: https://doi.org/10.1371/journal.pone.0294429

IF: 3.7

2024-01-31

PLoS ONE

Abstract:Cloud computing is vital in various applications, such as healthcare, transportation, governance, and mobile computing. When using a public cloud server, it is mandatory to be secured from all known threats because a minor attacker's disturbance severely threatens the whole system. A public cloud server is posed with numerous threats; an adversary can easily enter the server to access sensitive information, especially for the healthcare industry, which offers services to patients, researchers, labs, and hospitals in a flexible way with minimal operational costs. It is challenging to make it a reliable system and ensure the privacy and security of a cloud-enabled healthcare system. In this regard, numerous security mechanisms have been proposed in past decades. These protocols either suffer from replay attacks, are completed in three to four round trips or have maximum computation, which means the security doesn't balance with performance. Thus, this work uses a fuzzy extractor method to propose a robust security method for a cloud-enabled healthcare system based on Elliptic Curve Cryptography (ECC). The proposed scheme's security analysis has been examined formally with BAN logic, ROM and ProVerif and informally using pragmatic illustration and different attacks' discussions. The proposed security mechanism is analyzed in terms of communication and computation costs. Upon comparing the proposed protocol with prior work, it has been demonstrated that our scheme is 33.91% better in communication costs and 35.39% superior to its competitors in computation costs.

multidisciplinary sciences

Faguo Wu,Wang Yao,Xiao Zhang,Zhiming Zheng,Wenhua Wang

DOI: https://doi.org/10.1007/978-3-030-00012-7_7

2018-01-01

Abstract:In recent years, great progress has been made in global digital construction, various kinds of methods, such as encryption, isolated storage and firewall, are used to prevent information from stealing. However, the above mentioned technologies severely hinder information sharing, especially in some special areas, such as medical industries in which doctors need to share similar patient's information to improve the effectiveness of treatment. The premise of sharing information is to find the desired information on encrypted data, although identity based encryption scheme with equality test (IBEET) has been defined as a viable solution, it can only search for the ciphertext formed by the exact same plaintext. In this paper, we firstly propose an efficient identity based privacy information sharing with similarity test in cloud environment. Our scheme can search out similar data of the target data on encrypted content. Besides, we use advanced Locality-Sensitive Hashing function to generate index for data to protect the privacy information of users.

Lu Yan,Haozhe Qin,Kexin Yang,Heye Xie,Xu An Wang,Shuanggen Liu

DOI: https://doi.org/10.3390/electronics13030534

IF: 2.9

2024-01-29

Electronics

Abstract:The popularity of secure cloud data sharing is on the rise, but it also comes with significant concerns about privacy violations and data tampering. While existing Proxy Re-Encryption (PRE) schemes effectively protect data in the cloud, challenges persist with certificate administration and key escrow. Moreover, the increasing number of users and prevalence of lightweight devices demand functional and cost-effective solutions. To address these issues, this paper presents a novel Pairing-free Certificate-Based Proxy Re-Encryption Plus scheme that leverages elliptic curve groups for improved effectiveness and performance. This scheme successfully resolves challenges related to certificate management and key escrow in traditional PRE schemes, while also introducing non-transferable and message-level fine-grained control characteristics. These enhancements bolster data security during sharing and minimize the risk of malicious information leakage. Our proposed scheme's correctness, security, and effectiveness are rigorously verified and analyzed. The results demonstrate that the scheme achieves the chosen ciphertext security in the random oracle model. Compared to current PRE schemes, our approach offers greater advantages, lower computational overhead, and enhanced suitability for practical cloud computing applications.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103759

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:It is tricky to determine whether two ciphertexts contain the same message when the messages are encrypted with different public keys. public key encryption with equality test (PKEET) addresses this problem without decryption. By integrating PKEET with identity-based encryption, identity-based encryption with equality test (IBEET) simplifies the certificate management in PKEET. In this paper, we first propose an IBEET scheme that can resist offline message recovery attacks (OMRA) and requires neither the dual-tester setting nor the group mechanism. With the help of some mathematical assumptions, we demonstrate the security of our scheme. Experiment results reveal that our scheme is efficient. From the perspective of usability, we explain why our scheme is more appropriate to be applied in healthcare social Apps than other OMRA-resistant schemes.

Ling Liu,Yuqing Zhang,Xuejun Li

DOI: https://doi.org/10.1109/tcc.2018.2869333

IF: 5.697

2021-04-01

IEEE Transactions on Cloud Computing

Abstract:Deduplication, which can save storage cost by enabling us to store only one copy of identical data, becomes unprecedentedly significant with the dramatic increase in data stored in the cloud. For the purpose of ensuring data confidentiality, they are usually encrypted before outsourced. Traditional encryption will inevitably result in multiple different ciphertexts produced from the same plaintext by different users’ secret keys, which hinders data deduplication. Convergent encryption makes deduplication possible since it naturally encrypts the same plaintexts into the same ciphertexts. One attendant problem is how to reliably and effectively manage a huge number of convergent keys. Several deduplication schemes have been proposed to deal with the convergent key management problem. However, they either need to introduce key management servers or require interaction between data owners. In this paper, we design a novel client-side deduplication protocol named KeyD without such an independent key management server by utilizing the identity-based broadcast encryption (IBBE) technique. Users only interact with the cloud service provider (CSP) during the process of data upload and download. Security analysis demonstrates that KeyD ensures data confidentiality and convergent key security, and well protects the ownership privacy simultaneously. A thorough and detailed performance comparison shows that our scheme makes a better tradeoff among the storage cost, communication and computation overhead.

computer science, information systems, theory & methods

Jingwei Liu,Yue Fan,Rong Sun,Lei Liu,Celimuge Wu,Shahid Mumtaz

DOI: https://doi.org/10.1109/jiot.2023.3287636

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Due to the massive applications of Internet of Things (IoT) and the prevalence of wearable devices, e-healthcare systems are widely deployed in medical institutions. As a significant carrier of medical data, electronic medical record (EMR) is convenient to be stored and retrieved, which greatly simplifies the experience of medical treatment and cuts down the trivial work of paramedics. However, EMRs usually include much sensitive information such as patients’ identification numbers or home addresses that may be easily captured by unauthorized doctors and cloud servers. Based on this concern, e-healthcare systems can make use of attribute-based encryption (ABE) to protect private information while achieving fine-grained access control of encrypted EMRs. Whereas, most ABE schemes do not support both policy hiding and keyword search. To address the above issues, we propose an inner product searchable encryption scheme with multi-keyword search (MK-IPSE) based on blockchain to provide full privacy preservation and efficient ciphertext retrieval for EMRs. Inner product encryption (IPE) can not only specify access permissions such that only users with matched attributes can get the target files, but also support access policy hiding. Besides, the proposed scheme combines searchable encryption (SE) and federated blockchain (FB) to implement efficient and stable multi-keyword search. Compared with the existing schemes, MK-IPSE shows better performance on computation and storage. Additionally, security analysis demonstrates that our scheme can resist IND-CKA and collusion attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chin-Ling Chen,Po-Tsun Huang,Yung-Yuan Deng,Hsing-Chung Chen,Yun-Ciao Wang

DOI: https://doi.org/10.1186/s13673-020-00221-1

2020-05-07

Abstract:Abstract As cloud computing technology matures, along with an increased application of distributed networks, increasingly larger amounts of data are being stored in the cloud, and are thus available for pervasive application. At the same time, current independent medical record systems tend to be inefficient, and most previous studies in this field fail to meet the security requirements of anonymity and unlinkability. Some proposed schemes are even vulnerable to malicious impersonation attacks. The scheme proposed in this study, therefore, combines public and private clouds in order to more efficiently and securely preserve and manage electronic medical records (EMR). In this paper, a new secure EMR authorization system is proposed, which uses elliptic curve encryption and public-key encryption, providing a health care system with both public and private cloud environments with a message authentication mechanism, allowing the secure sharing of medical resources. The analysis shows that the proposed scheme prevents known attacks, such as replay attacks, man-in-the-middle attacks and impersonation attacks, and provides user anonymity, unlinkability, integrity, non-repudiation, forward and backward security.

computer science, information systems

Chang Xu,Ningning Wang,Liehuang Zhu,Kashif Sharif,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2019.2917186

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:The integration of wearable wireless devices and cloud computing in e-health systems has significantly improved their effectiveness and availability. Patients can upload their personal health information (PHI) files to the cloud, from where the health service providers (HSPs) can obtain appropriate information to determine the health state. This system not only reduces the costs associated to healthcare but also provides timely diagnosis to save lives. However, a number of privacy concerns arise while sharing sensitive information. In this paper, we propose a novel privacy-preserving patient health information sharing scheme, which allows HSPs to access and search PHI files in a secure yet efficient manner. We make use of the searchable encryption technique with keyword range search and multikey-word search. The proposed privacy-preserving equality test protocol allows different types of numeric comparison searches on encrypted data. We also use a variant of bloom filter and message authentication code to classify PHI files, filter false data, and check integrity of search results. The simulations on real-world and synthetic data show the feasibility and efficiency of the system, and security analysis proves the privacy-preservation properties.

Xuhui Liu,Qin Liu,Tao Peng,Jie Wu

DOI: https://doi.org/10.1016/j.ins.2016.06.035

IF: 8.1

2017-02-01

Information Sciences

Abstract:With the development of cloud computing, an increasing number of users are using cloud-based personal health record (PHR) systems. The PHR is closely tied to patient privacy, and thus existing studies suggest encrypting PHRs before outsourcing. Comparison-based encryption (CBE) was the first to implement time comparison in an attribute-based access policy by means of the forward and backward derivation functions. However, CBE cannot be directly applied to cloud-based PHR environments for the following reasons: First, the cost of encryption grows linearly with the number of attributes in the access policy. Second, policy updating incurs high communication and computation costs for the data owner. To efficiently implement a dynamic access policy for PHRs in clouds, we first propose a hierarchical comparison-based encryption (HCBE) scheme that incorporates an attribute hierarchy into CBE. The HCBE scheme encrypts a ciphertext with a small number of generalized attributes at a higher level rather than many specific attributes at a lower level, greatly improving the encryption performance. Using the HCBE scheme as a foundation, we then develop a dynamic policy updating (DPU) scheme by utilizing the proxy re-encryption (PRE) technique. The DPU scheme can avoid the transmission of ciphertexts and minimize the computation overhead on the data owner by delegating the policy updating operations to the cloud. Extensive experiments have been conducted using a synthetic data set to verify the efficiency of our proposed schemes.

computer science, information systems

Kirtirajsinh Zala,Hiren Kumar Thakkar,Rajendrasinh Jadeja,Neel H Dholakia,Ketan Kotecha,Deepak Kumar Jain,Madhu Shukla

DOI: https://doi.org/10.1155/2022/3804553

2022-08-18

Abstract:Traditional healthcare services have changed into modern ones in which doctors can diagnose patients from a distance. All stakeholders, including patients, ward boy, life insurance agents, physicians, and others, have easy access to patients' medical records due to cloud computing. The cloud's services are very cost-effective and scalable, and provide various mobile access options for a patient's electronic health records (EHRs). EHR privacy and security are critical concerns despite the many benefits of the cloud. Patient health information is extremely sensitive and important, and sending it over an unencrypted wireless media raises a number of security hazards. This study suggests an innovative and secure access system for cloud-based electronic healthcare services storing patient health records in a third-party cloud service provider. The research considers the remote healthcare requirements for maintaining patient information integrity, confidentiality, and security. There will be fewer attacks on e-healthcare records now that stakeholders will have a safe interface and data on the cloud will not be accessible to them. End-to-end encryption is ensured by using multiple keys generated by the key conclusion function (KCF), and access to cloud services is granted based on a person's identity and the relationship between the parties involved, which protects their personal information that is the methodology used in the proposed scheme. The proposed scheme is best suited for cloud-based e-healthcare services because of its simplicity and robustness. Using different Amazon EC2 hosting options, we examine how well our cloud-based web application service works when the number of requests linearly increases. The performance of our web application service that runs in the cloud is based on how many requests it can handle per second while keeping its response time constant. The proposed secure access scheme for cloud-based web applications was compared to the Ethereum blockchain platform, which uses internet of things (IoT) devices in terms of execution time, throughput, and latency.

Chang Xu,Lvhan Zhang,Liehuang Zhu,Chuan Zhang,Kashif Sharif

DOI: https://doi.org/10.1109/trustcom53373.2021.00063

2021-01-01

Abstract:Biometrics identification has been used in a growing number of fields in recent years, since it is more secure, classified and convenient. With the development of cloud computing, database systems are able to upload large amounts of biometric data to cloud server for storage and identification to save local memory and improve computational efficiency. However, this involves potential privacy concerns because of the introduction of third-party platforms. In this paper, we achieve computational and communication efficiency in biometric identification, while preserving the privacy of data. Specifically, the database system firstly encrypts all biometric data and query data. Then, it sends the ciphertext to a cloud server to carry out matching tasks. Finally, the cloud server returns the index of final matches to the system so that it can check whether the biometric vector is legal or not. Detailed security analysis indicates that the proposed scheme can resist powerful attacks. Beyond that, Experiments show that the scheme is more efficient in computation and communication than stat of art biometric identification schemes.

Liehuang Zhu,Chuan Zhang,Chang Xu,Ximeng Liu,Cheng Huang

DOI: https://doi.org/10.1109/access.2018.2819166

IF: 3.9

2018-01-01

IEEE Access

Abstract:Biometric identification has become increasingly popular in recent years. With the development of cloud computing, database owners are motivated to outsource the large size of biometric data and identification tasks to the cloud to get rid of the expensive storage and computation costs, which, however, brings potential threats to users' privacy. In this paper, we propose an efficient and privacy-preserving biometric identification outsourcing scheme. Specifically, the biometric To execute a biometric identification, the database owner encrypts the query data and submits it to the cloud. The cloud performs identification operations over the encrypted database and returns the result to the database owner. A thorough security analysis indicates that the proposed scheme is secure even if attackers can forge identification requests and collude with the cloud. Compared with previous protocols, experimental results show that the proposed scheme achieves a better performance in both preparation and identification procedures.