Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Fan Wu,Lili Xu,Saru Kumari,Xiong Li,Ashok Kumar Das,Jian Shen

DOI: https://doi.org/10.1007/s12652-017-0485-5

IF: 3.662

2017-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:As an important part of Internet of Things, Radio Frequency Identification (RFID) system employs low-cost RFID tag to communicate with everything containing animate and inanimate objects. This technology is widely used in the e-healthcare applications. However, the malicious communication environment makes people more and more worried. In order to overcome the hazards in the network, RFID authentication schemes for e-healthcare have been proposed by researchers. But since the computation ability of the tag is relatively weak, it is necessary to put forward a lightweight and secure scheme for medical systems. Moreover, cloud is widely accepted by people and used in many kinds of systems. So we propose a novel and lightweight RFID authentication scheme with cloud for e-healthcare applications. We use an enhanced formal security model to prove the security of our scheme. In this model the channel between the server and the reader is considered to be insecure and informal analysis is used to prove the security of the proposed scheme. Through the formal and informal analysis, our scheme not only resists the common attacks, but also keeps mutual authentication, information integrity, forward untraceability and backward untraceability. Moreover, both the tag and the reader can reach the anonymity. Our scheme is only hash-based and suitable to realize various security requirements. Compared to recent schemes of the same sort, it is more applicable in e-healthcare.

Kai Fan,Shanshan Zhu,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/mnet.2019.1800225

IF: 10.294

2019-01-01

IEEE Network

Abstract:Cloud-based RFID provides a new solution for the smart healthcare environment, and cloudbased RFID healthcare systems have many advantages over traditional healthcare systems, such as efficient medical assets management and medical information sharing. However, in the cloudbased RFID healthcare system, the untrusted cloud server manages private medical information, and these private data are transmitted on the public wireless channel, which exposes them to a high risk of leakage. Furthermore, attacks on the system may lead to serious consequences. Assuming a tag is implanted in an artificial organ and doctors use readers to monitor and control it, an attacker's tampering with these data may pose a risk to the life of this patient Thus, privacy and security issues need to be considered in the cloud-based RFID healthcare environment. In this article, we propose a lightweight authentication scheme based on quadratic reSIDuals and pseudo random number generator to guarantee the security of the cloud-based RFID healthcare system. It ensures data privacy and is resistant to typical attacks in mobile communication. Compared to other RFID authentication schemes, the proposed scheme provides strong security with fewer resources, thereby achieving a compromise between costs and security requirements of the smart healthcare system.

Kai Fan,Wei Jiang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/tii.2018.2794996

IF: 12.3

2018-01-01

IEEE Transactions on Industrial Informatics

Abstract:Traditional medical privacy data are at a serious risk of disclosure, and many related cases have occurred over the years. For example, personal medical privacy data can be easily leaked to insurance companies, which not only compromises the privacy of individuals, but also hinders the healthy development of the medical industry. With the continuous improvement of cloud computing and big data technologies, the Internet of Things technology has been rapidly developed. Radio frequency identification (RFID) is one of the core technologies of the Internet of Things. The application of the RFID system to the medical system can effectively solve this problem of medical privacy. RFID tags in the system can collect useful information and conduct data exchange and processing with a back-end server through the reader. The whole process of information interaction is mainly in the form of ciphertext. In the context of the Internet of Things, the paper presents a lightweight RFID medical privacy protection scheme. The scheme ensures security privacy of the collected data via secure authentication. The security analysis and evaluation of the scheme indicate that the protocol can effectively prevent the risk of medical privacy data being easily leaked.

Wei Xie,Lei Xie,Chen Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.1109/RFID.2013.6548151

2013-01-01

Abstract:Along with the development of cloud computing, cloud-based RFID is receiving more and more attentions of researchers and engineers. However, there is no research in which cloud computing is applied to RFID authentication schemes. Most current works lay emphasis on functionalities, lacking considerations about security and privacy. Classical RFID authentication schemes fail to meet the special security and privacy requirements of cloud-based RFID. The basic postulates of traditional backend-sever-based RFID authentication, i.e. secure backend channel and entirely trustworthy database, are no longer natively tenable in cloud-based RFID scenarios. In this paper, a virtual private network agency is suggested to build secure backend channels and to provide readers with anonymous access to the cloud. The cloud database is structured as an encrypted hash table. The first cloud-based RFID authentication protocol preserving tag/reader privacy to database keepers is proposed. Comparing with classical schemes, the proposed scheme has advantages in deployment cost saving, pervasiveness of authentication, scalability of O(1) complexity to verify a tag, mobile reader holders' privacy preserving, and database security.

Xingmiao Wang,Kai Fan,Kan Yang,Xiaochun Cheng,Qingkuan Dong,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.comcom.2022.01.014

IF: 5.047

2022-03-01

Computer Communications

Abstract:The widespread application of Radio Frequency Identification (RFID) technology in smart living, especially in smart healthcare, has greatly facilitated patient management, reduced the labour cost of medical services, and provided patients with better medical services. However, improper use of RFID tags is highly likely to threaten the safety and privacy of hospitals and even patients, which may not only cause physical and mental harm to patients but also damage the reputation of hospitals. Medical monitoring system based on RFID technology plays a significant role in guaranteeing the security of medical records as well as the privacy of patients. Nevertheless, due to the resource constraint of RFID tags/readers, it is also challenging to design an efficient and effective authentication protocol for RFID medical monitoring system. Aiming to reduce the resource overhead and meet security requirements of the RFID system, in this paper, we propose an ultra-lightweight RFID security authentication protocol utilizing a cloud server named CRUSAP, which is based on Bit-Crossing XOR rearrangement operations that can effectively resist forgery attacks, replay attacks, desynchronization attacks, and denial of service attacks while certifying the cloud server. The formal logic of BAN proves the safety and feasibility of the protocol. Additionally, the security analysis and experimental results show that the proposed authentication protocol can realize higher security goals at a lower cost and is more suitable for scaling to large-scale authentication.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kai Fan,Qi Luo,Kuan Zhang,Yintang Yang

DOI: https://doi.org/10.1016/j.ins.2019.08.006

2017-01-01

Abstract:Radio Frequency Identification (RFID) makes it a supporting technology for the Internet of things (IoT). While RFID has been widely used and developed rapidly, its security and privacy issues cannot be ignored. With the development of cloud computing, cloud based RFID system has become a new solution. Protecting the security of RFID system in cloud environment is particularly important. Not verifying the tag or reader when reading message will have serious consequences, which may suffer many secure issues, such as intercept, modifying, replaying, DoS and synchronization. This paper puts forward an efficient and reliable RFID security authentication scheme in cloud environment. The protocol combines the logic encryption operation with timestamp, which can resist DoS attacks and anti-synchronization attacks. The proposed protocol not only can well solve the RFID security and privacy issues, but also can use the powerful cloud computing capabilities to process data.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Chin-Ling Chen,Tsai-Tung Yang,Mao-Lun Chiang,Tzay-Farn Shih

DOI: https://doi.org/10.1007/s10916-014-0143-9

IF: 4.92

2014-10-15

Journal of Medical Systems

Abstract:With the rapid development of the information technology, the health care technologies already became matured. Such as electronic medical records that can be easily stored. However, how to get medical resources more convenient is currently concerning issue. In spite of many literatures discussed about medical systems, these literatures should face many security challenges. The most important issue is patients’ privacy. Therefore, we propose a privacy authentication scheme based on cloud environment. In our scheme, we use mobile device’s characteristics, allowing peoples to use medical resources on the cloud environment to find medical advice conveniently. The digital signature is used to ensure the security of the medical information that is certified by the medical department in our proposed scheme.

health care sciences & services,medical informatics

Feng Zhu,Peng Li,He Xu,Ruchuan Wang

DOI: https://doi.org/10.3390/s20174846

IF: 3.9

2020-08-27

Sensors

Abstract:The Internet of Things (IoT) has been integrated into legacy healthcare systems for the purpose of improving healthcare processes. As one of the key technologies of IoT, radio frequency identification (RFID) technology has been applied to offer services like patient monitoring, drug administration, and medical asset tracking. However, people have concerns about the security and privacy of RFID-based healthcare systems, which require a proper solution. To solve the problem, recently in 2019, Fan et al. proposed a lightweight RFID authentication scheme in the IEEE Network. They claimed that their scheme can resist various attacks in RFID systems with low implementation cost, and thus is suitable for RFID-based healthcare systems. In this article, our contributions mainly consist of two parts. First, we analyze the security of Fan et al.’s scheme and find out its security vulnerabilities. Second, we propose a novel lightweight authentication scheme to overcome these security weaknesses. The security analysis shows that our scheme can satisfy the necessary security requirements. Besides, the performance evaluation demonstrates that our scheme is of low cost. Thus, our scheme is well-suited for practical RFID-based healthcare systems.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Kai Fan,Wei Jiang,Qi Luo,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.jfranklin.2019.02.023

IF: 4.246

2019-01-01

Journal of the Franklin Institute

Abstract:With the continuous development of comprehensive technologies in various fields, the cyber-physical systems has been successfully applied in many fields in a large scale. The privacy and security issues in the system have gradually become the focus of attention. This article focuses on privacy protection issues in the area of Internet of Vehicles (IoV). IoV has developed rapidly and come into public consciousness quickly. Radio Frequency Identification (RFID) technology is a safe and reliable sensor data processing system, which is widely used in IoV. However, RFID system often suffers some risks of privacy disclosure. For example the owners are reluctant to disclose their private information such as their precise location information to the public network. Faced with those security risks, it is of great importance for the RFID system applied to IoV to protect private information. In this paper, we propose a cloud-based mutual authentication protocol aiming at ensuring efficient privacy preserving in IoV system, which enables people the efficiently and intelligently travel mode while protecting their privacy from divulging. Moreover, that the anonymity of tag is implemented not only protects the privacy data of the owners, but also prevents the malicious tracking from outside attackers. As to the proposed scheme, the proof based on BAN logic indicates it is of logic security. Security analysis and performance evaluation show that the scheme can be a good security solution for IoV with the feature of good safety and reliability.

Wei Xie,Chen Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.48550/arxiv.1301.6837

2013-01-01

Abstract:Along with the development of internet of things and pervasive computing, researchers are increasingly focusing on server-less RFID authentication and searching protocols, which utilize mobile RFID readers. However, revealing privacy of mobile reader holders is a widely neglected problem in current research. This paper concentrates on preserving privacy of mobile reader holders in server-less RFID authentication and searching protocols. We propose a detailed requirement as a principle for future protocol designs, and a scheme to enhance most current protocols. We apply our scheme to two classical protocols. The comparisons between the original and our enhanced protocols show that our scheme is secure and effective.

Lei Yang,Qingji Zheng,Xinxin Fan

DOI: https://doi.org/10.1109/infocom.2017.8056954

2017-05-01

Abstract:The integration of cloud computing and Internet of Things (IoT) is quickly becoming the key enabler for the digital transformation of the healthcare industry by offering comprehensive improvements in patient engagements, productivity and risk mitigation. This paradigm shift, while bringing numerous benefits and new opportunities to healthcare organizations, has raised a lot of security and privacy concerns. In this paper, we present a reliable, searchable and privacy-preserving e-healthcare system, which takes advantage of emerging cloud storage and IoT infrastructure and enables healthcare service providers (HSPs) to realize remote patient monitoring in a secure and regulatory compliant manner. Our system is built upon a novel dynamic searchable symmetric encryption scheme with forward privacy and delegated verifiability for periodically generated healthcare data. While the forward privacy is achieved by maintaining an increasing counter for each keyword at an IoT gateway, the data owner delegated verifiability comes from the combination of the Bloom filter and aggregate message authentication code. Moreover, our system is able to support multiple HSPs through either data owner assistance or delegation. The detailed security analysis as well as the extensive simulations on a large data set with millions of records demonstrate the practical efficiency of the proposed system for real world healthcare applications.

Jianghua Liu,Jian Yang,Wei Wu,Xinyi Huang,Yang Xiang

DOI: https://doi.org/10.1109/tc.2022.3207138

IF: 3.183

2023-04-08

IEEE Transactions on Computers

Abstract:Recent advancements in the Internet of Things (IoT) and cloud computing technologies have accelerated the development of various practical applications, including healthcare systems. Adequately revealing the collected healthcare data in a cloud-assisted healthcare IoT system brings a huge potential for improving the safety, quality, and efficiency of healthcare services. However, often the data collected in a healthcare IoT system is vital and sensitive. The dissemination of such data is also vulnerable to malicious attacks such as tampering, eavesdropping, and forgery. Thus, disseminated data's integrity, authenticity, and privacy are elementary security demands to end-users and owners. Also, the resource-constrained nature of healthcare IoT devices invalidates the existing solutions. To address the above challenges, we propose a lightweight and secure redactable signature scheme with coarse-grained additional redaction control (CRS) for secure dissemination of healthcare data in a cloud-assisted healthcare IoT system. The security analysis indicates our CRS is secure against signature forgery, additional redaction attacks, and redacted version linkability. Compared to other existing solutions, our scheme can achieve some level of security but less computational complexity and communication overhead.

engineering, electrical & electronic,computer science, hardware & architecture

Wenmin Li,Shuo Zhang,Qi Su,Qiaoyan Wen,Yang Chen

DOI: https://doi.org/10.1155/2018/8131367

2018-01-01

Abstract:Telecare medical information systems (TMIS) enable patients to access healthcare delivery services conveniently. With the explosive development occurring in cloud computing and services, storage of personal medical and health information outsourcing to cloud infrastructure has been a potential alternative. However, this has entailed many considerable security and privacy issues. In order to address the security loopholes, we propose a promising solution satisfying the requirements of cloud computing scenarios for telemedical systems. The proposed scheme could provide both data confidentiality and message authenticity while preserving anonymity. Furthermore, the formal security proof demonstrates that the proposed scheme is resistant to various attacks. The performance comparisons show the proposal's workability and it is well suited to adoption in telemedical services.

Wei Xie,Chen Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.48550/arXiv.1304.1318

2013-04-04

Cryptography and Security

Abstract:This paper address a new problem in RFID authentication research for the first time. That is, existing RFID authentication schemes generally assume that the backend server is absolutely secure, however, this assumption is rarely tenable in practical conditions. It disables existing RFID authentication protocols from being safely applied to a reallife scenario in which the backend server is actually vulnerable, compromised or even malicious itself. We propose an RFID authentication scheme against an unsecure backend server. It is based on hash chain, searching over encrypted data, and coprivacy, defending against the privacy revealing to the backend server. The proposed scheme is scalable, resistant to desynchronization attacks, and provides mutual authentication in only three frontend communication steps. Moreover, it is the first scheme meeting the special security and privacy requirement for a cloud-based RFID authentication scenario in which the backend server is untrustworthy to readers held by cloud clients.

Shengmin Xu,Jianting Ning,Xinyi Huang,Yingjiu Li,Guowen Xu

DOI: https://doi.org/10.1109/tdsc.2021.3106393

2022-01-01

Abstract:Healthcare Internet-of-Things (IoT) enables lightweight devices to observe patients’ vital signals and outsource them to a remote cloud to enjoy flexible data sharing. However, it faces many security threats as the outsourced data is no longer physically controlled by data owners, and the cloud that hosts the outsourced data is not fully trusted. Many privacy protection technologies have been adopted to solve this problem, among which cryptographic mechanisms have become one of the most promising tools. Unfortunately, current cryptographic mechanisms in healthcare IoT mainly suffer from the following challenges: 1) dynamic user groups for managing users’ accessibility; 2) efficient revocation mechanism to mitigate the burden during user revocation; 3) forward and backward secrecy to ensure session independence in the presence of session key leakage; 4) revocable storage to prevent data users from learning any unauthorized data even the data is authorized before; and 5) information manipulation during data transmission. In this article, we introduce a practical and secure system to address the above problems. Our system provides fine-grained access control with dynamic user groups for optimizing scalability and functionality. We prove that our system is secure against numerous real-world threats. Extensive comparison and experimental analysis demonstrate that our system enjoys superior performance than the state-of-the-art solutions.

Yan Wang,Feng Shu,Xuemei Lei,Xuehui Wang,Rongen Dong,Qiankun Cheng

DOI: https://doi.org/10.1109/cbd63341.2023.00021

2023-01-01

Abstract:In this paper, a new protocol is proposed to improve the security of mobile RFID smart medical system based on three existing RFID security authentication protocols. Through security analysis, BAN logic analysis and Scyther tool test, it is shown that the proposal protocol can effectively resist many typical attacks that RFID system is vulnerable to, such as location privacy leakage, impersonation attack and desynchronization attack. In addition, the time cost of tag, reader and server is 0.042 ms, 0.084 ms and 0.042 ms respectively in the process of protocol mutual authentication. The storage cost of the tag is 96 bits, and the communication cost of the protocol is 864 bits. Therefore, the results of security and performance analysis show that the protocol is low cost and high security, and can meet to the EPC C1G2 standard.

Shuai-Min Chen,Mu-En Wu,Hung-Min Sun,King-Hang Wang

DOI: https://doi.org/10.1016/j.future.2013.05.004

IF: 7.307

2014-01-01

Future Generation Computer Systems

Abstract:Radio-frequency identification (RFID) systems can benefit from cloud databases since information on thousands of tags is queried at the same time. If all RFID readers in a system query a cloud database, data consistency can easily be maintained by cloud computing. Privacy-preserving authentication (PPA) has been proposed to protect RFID security. The time complexity for searching a cloud database in an RFID system is O(N), which is obviously inefficient. Fortunately, PPA uses tree structures to manage tags, which can reduce the complexity from a linear search to a logarithmic search. Hence, tree-based PPA provides RFID scalability. However, in tree-based mechanisms, compromise of a tag may cause other tags in the system to be vulnerable to tracking attacks. Here we propose a secure and efficient privacy-preserving RFID authentication protocol that uses a cloud database as an RFID server. The proposed protocol not only withstands desynchronizing and tracking attacks, but also provides scalability with O(logN) search complexity.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.