Lingling Xu,Xiaofeng Chen,Fangguo Zhang,Wanhua Li,Hao-Tian Wu,Shaohua Tang,Yang Xiang

DOI: https://doi.org/10.1109/tdsc.2020.2970928

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:With the growth of public demand for online access to health services, many efforts have been devoted to personal health records (PHR) in cloud computing. It enables patients to manage their personal health information (PHI) in cloud servers, which greatly facilitates the collection, access and sharing of PHI. Since cloud servers are not fully trusted, it is desirable that the PHI can be encrypted for privacy protection before uploaded to the cloud. Besides the privacy of PHI, fine-grained and flexible search control is also strongly desired for a secure PHR system. In this article, we first present attribute set based keyword search (ASBKS) which can realize fine-grained keyword search of encrypted PHR. Compared with the existing searchable encryption with access control, the proposed ASBKS can achieve more flexibility in user attributes organization and more efficiency in specifying policies. Furthermore, we present a hierarchical ASBKS scheme to improve scalability by extending ASBKS with a hierarchical structure of users. We implement our ASBKS scheme and the experimental results demonstrate that it is both efficient and flexible for encrypted PHR in cloud computing.

Fei Tang,Xujun Zhou,Haining Luo,Guowei Ling,Jinyong Shan,Yunpeng Xiao

DOI: https://doi.org/10.1109/tsc.2024.3436573

IF: 11.019

2024-10-11

IEEE Transactions on Services Computing

Abstract:In cloud-assisted electronic health (eHealth) systems, the exponential growth of electronic health records (EHRs) has prompted healthcare organizations to move it to the cloud. However, EHRs are encrypted before being outsourced for privacy. Although searchable encryption schemes for EHRs have been proposed, their search efficiency and functionality for massive EHRs with high-dimensional are still insufficient. In this paper, we adopt an attribute hierarchy structure for medical datasets, enabling efficient multi-dimensional range search and reducing high-dimensional EHRs to low-dimensional vectors. To further improve search efficiency, we design an index tree that require no additional storage and computational overhead, significantly improving efficiency in search, trapdoor generation, and index building. Our scheme is well-suited for large-scale medical data scenarios, especially in dealing with high-dimensional and massive datasets. Extensive experiments demonstrate the superiority of our scheme over existing solutions, particularly in large-scale medical data scenarios. Compared to the classic EDMRS scheme, our scheme has a computational overhead in index building and search that is only about 1/500 and 1/10 of EDMRS when the number of keywords and electronic health records is 3,000 and 6,000, respectively. Moreover, as medical data and keywords increase, our scheme shows slower computational overhead growth compared to EDMRS.

computer science, information systems, software engineering

Xuejiao Liu,Yingjie Xia,Wei Yang,Fengli Yang

DOI: https://doi.org/10.1016/j.neucom.2016.06.100

IF: 6

2018-01-01

Neurocomputing

Abstract:Information seeking is becoming an indispensable activity in daily life, especially in the medical cloud. Body Area Network (BAN) is becoming more and more popular with respect to the development and popularity of mobile devices. People are starting to back up the medical data to cloud, make data accessible by the doctors from almost anywhere using mobile terminals. In this paper, we present an efficient and secure fine-grained access control scheme which not only achieves authorized users to access the records in cloud storage, but also supports a small set of physicians to write on the records. In order to improve the efficiency, we put forward a novel technique called match-then-decrypt, which is used to perform the decryption test without decryption. Also, the scheme outsources bilinear pairing operations to a gateway without revealing the data content, and thus largely eliminates this overhead for users to a great extent. The performance assessments demonstrate the efficiency of our proposed solution in terms of computation, communication, and storage.

Mamta,Brij B. Gupta,Kuan-Ching Li,Victor C. M. Leung,Kostas E. Psannis,Shingo Yamaguchi

DOI: https://doi.org/10.1109/jas.2021.1004003

2021-12-01

IEEE/CAA Journal of Automatica Sinica

Abstract:The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality. The privacy of health data can only be preserved by keeping it in an encrypted form, but it affects usability and flexibility in terms of effective search. Attribute-based searchable encryption (ABSE) has proven its worth by providing fine-grained searching capabilities in the shared cloud storage. However, it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations. In a healthcare cloud-based cyber-physical system (CCPS), the data is often collected by resource-constraint devices; therefore, here also, we cannot directly apply ABSE schemes. In the proposed work, the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network. Thus, it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS. With the assistance of blockchain technology, the proposed scheme offers two main benefits. First, it is free from a trusted authority, which makes it genuinely decentralized and free from a single point of failure. Second, it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network. Specifically, the task of initializing the system, which is considered the most computationally intensive, and the task of partial search token generation, which is considered as the most frequent operation, is now the responsibility of the consensus nodes. This eliminates the need of the trusted authority and reduces the burden of data users, respectively. Further, in comparison to existing decentralized fine-grained searchable encryption schemes, the proposed scheme has achieved a significant reduction i- storage and computational cost for the secret key associated with users. It has been verified both theoretically and practically in the performance analysis section.

Lu Liu,Jingchao Sun,Jianqiang Li,Rong Li,Juan Li,Xi Meng,Huifang Li,Jijiang Yang

DOI: https://doi.org/10.1109/SmartCity.2015.205

2015-01-01

Abstract:With the development of healthcare industry, healthcare informatization provides great potential for the health-care improvement. The cloud computing platform, which is an important infrastructure for the inter( intra)-organization collaboration, provides a shared storage space to the medical data sharing. For the privacy protection of medical data, sensitive data has to be encrypted before being transmitted to the cloud, which makes it more challenging to use these data in the cloud. For strengthening the utilization of encrypted cloud data, various encrypted search technologies are widely studied. However, these existing searchable encryption schemes may not enforce users' demands well. This paper proposes a privacy enhanced search approach for cloud-based medical data sharing. The proposed solution implements a hybrid search approach, where the search process is conducted across plaintext and ciphertext. Moreover, the enhanced access control can ensure the privacy protection of cloud data. The empirical experiments illustrate the effectiveness of our solution.

Na Wang,Shancheng Zhang,Zheng Zhang,Junsong Fu,Jianwei Liu,Ruijin Wang

DOI: https://doi.org/10.1109/jbhi.2022.3212684

IF: 7.7

2023-02-01

IEEE Journal of Biomedical and Health Informatics

Abstract:The Internet of Medical Things (IoMT) is an important application of the Internet of Things in health care. In IoMT, efficiency and user privacy are crucial for cloud storage and retrieval of healthcare data documents. Existing schemes, however, often suffer from inefficient retrieval and increased risk of privacy disclosure when dealing with massive data. We propose here a new Efficient Encrypted Parallel Ranking (EEPR) search system, block-based and privacy-preserved, for encrypted cloud healthcare data. We design a parallel binary search tree structure in block and propose a parallel retrieval algorithm adaptable to such a structure. A quantitative analysis through the information retention index shows that our scheme demonstrates better search performance. In addition, feature vectors generated from our scheme are difficult to be reversely analyzed due to unexplainability, enhancing privacy protection for patients and researchers. A formal security analysis shows that our EEPR scheme is resistable to known background attack, and yields a lower time complexity and significantly improves search efficiency as well as accuracy over existing schemes.

computer science, interdisciplinary applications,mathematical & computational biology,medical informatics, information systems

Shufen Niu,Wenke Liu,Song Han,Lizhi Fang

DOI: https://doi.org/10.1371/journal.pone.0244979

IF: 3.7

2021-01-07

PLoS ONE

Abstract:As cloud storage technology develops, data sharing of cloud-based electronic medical records (EMRs) has become a hot topic in the academia and healthcare sectors. To solve the problem of secure search and sharing of EMR in cloud platforms, an EMR data-sharing scheme supporting multi-keyword search is proposed. The proposed scheme combines searchable encryption and proxy re-encryption technologies to perform keyword search and achieve secure sharing of encrypted EMR. At the same time, the scheme uses a traceable pseudo identity to protect the patient's private information. Our scheme is proven secure based on the modified Bilinear Diffie-Hellman assumption and Quotient Decisional Bilinear Diffie-Hellman assumption under the random oracle model. The performance of our scheme is evaluated through theoretical analysis and numerical simulation.

Zhuolin Mei,Huilai Zou,Jinzhou Huang,Caicai Zhang,Bin Wu,Jiaoli Shi,Zhengxiang Cheng

DOI: https://doi.org/10.4018/ijwsr.340391

2024-03-12

International Journal of Web Services Research

Abstract:In recent years, more and more data has been stored on the cloud to provide various services. These data often contain users' private information, which inevitably raises concerns about data security. Encryption before outsourcing is a direct solution to mitigate these concerns. However, traditional encryption schemes such as block encryption make basic data services hard to support. Therefore, this paper proposes a secure and fast range query scheme for encrypted multi-dimensional data, called SFRQ. The scheme constructs a secure index over the ciphertexts of multi-dimensional data, utilizing the R-tree index, Bloom filter, and 0-1 encoding techniques. This secure index enables the cloud to provide fast range query services over the ciphertexts of multi-dimensional data. The authors have evaluated SFRQ through extensive experiments, which demonstrate its high efficiency. Additionally, the security analysis shows that no external entity, including the cloud, can obtain additional information during the entire query process.

computer science, information systems, software engineering

Boyu Zhang,Wenjie Yang,Futai Zhang,Jianting Ning

DOI: https://doi.org/10.1109/tdsc.2024.3432769

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Due to the introduction of cloud computing in healthcare services, personal health records (PHRs) have being uploaded to cloud servers in increasing numbers. Since data confidentiality requirements exist, data owners should encrypt their PHRs in advance of transmitting them to a cloud server. Attribute-based encryption with keyword search (ABKS) technique ensures that the encrypted PHRs are able to retrieved by other data users whose attributes match access polices granted by data owners. However, access polices are public in most existing ABKS schemes, which can reveal sensitive information contained in PHRs. In this article, we provide an efficient ABKS scheme with policy hiding for PHRs that implements the following features: (1) The fine-grained access control is achieved where data owners can authorize which data users can retrieve encrypted PHRs. (2) The access policy is hidden to safeguard sensitive information from being leaked. (3) The costs of storage and computation do not grow linearly as the number of attributes increases. The security of the presented ABKS scheme is reduced to the truncated q-DABDHE assumption and the DDH assumption. Its performance is also demonstrated by our extensive simulation experiments.

Chang Xu,Ningning Wang,Liehuang Zhu,Kashif Sharif,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2019.2917186

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:The integration of wearable wireless devices and cloud computing in e-health systems has significantly improved their effectiveness and availability. Patients can upload their personal health information (PHI) files to the cloud, from where the health service providers (HSPs) can obtain appropriate information to determine the health state. This system not only reduces the costs associated to healthcare but also provides timely diagnosis to save lives. However, a number of privacy concerns arise while sharing sensitive information. In this paper, we propose a novel privacy-preserving patient health information sharing scheme, which allows HSPs to access and search PHI files in a secure yet efficient manner. We make use of the searchable encryption technique with keyword range search and multikey-word search. The proposed privacy-preserving equality test protocol allows different types of numeric comparison searches on encrypted data. We also use a variant of bloom filter and message authentication code to classify PHI files, filter false data, and check integrity of search results. The simulations on real-world and synthetic data show the feasibility and efficiency of the system, and security analysis proves the privacy-preservation properties.

Hancheng Gao,Haiping Huang,Lingyan Xue,Fu Xiao,Qi Li

DOI: https://doi.org/10.1109/jiot.2023.3279893

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The integration of Internet of Things (IoT) with cloud-edge computing in cyber-physical systems has revolutionized the way healthcare enterprises manage electronic health records (EHRs). With more healthcare enterprises outsourcing encrypted EHRs to the cloud, searchable encryption is utilized to retrieve encrypted data, especially attribute-based searchable encryption (ABSE) can achieve fine-grained access control. However, ABSE usually requires a lot of computation, which imposes a serious burden on resource-limited devices. Moreover, ensuring fairness in data access is crucial in the healthcare domain, where both data users and owners may have conflicting interests. In order to overcome these problems, this paper proposes a searchable encryption scheme with fine-grained access control for cloud-based EHRs sharing assisted by blockchain. It transfers computing tasks to edge servers and enables users to control who has access to their EHRs. The adoption of blockchain and smart contracts guarantees data integrity and transaction fairness. Moreover, a consensus algorithm is designed for the higher efficiency of the proposed scheme. Finally, security analysis proves the proposed scheme resists adaptive chosen keyword attacks (CKA). Performance analysis further confirms it has more functionalities and is efficient for smart healthcare.

computer science, information systems,telecommunications,engineering, electrical & electronic

Haijiang Wang,Jianting Ning,Xinyi Huang,Guiyi Wei,Geong Sen Poh,Ximeng Liu

DOI: https://doi.org/10.1109/tdsc.2019.2916569

2019-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:E-Healthcare systems are increasingly popular due to the introduction of wearable healthcare devices and sensors. Personal health records (PHRs) are collected by these devices and stored in a remote cloud. Due to privacy concern, these records should not be accessible by any unauthorized party, and the cloud providers should not be able to learn any information from the stored records. To address the above issues, one promising solution is to employ attribute based encryption (ABE) for fine-grained access control and searchable encryption for keyword search on encrypted data. However, most of existing ABE schemes leak the privacy of access policy which may also contain sensitive information. On the other hand, for users' devices with limited computing power and bandwidth, the mechanism should enable them to be able to search the PHRs efficiently. Unfortunately, most existing works on ABE do not support efficient keyword search on encrypted data. In this work, we propose an efficient hidden policy ABE scheme with keyword search. Our scheme enables efficient keyword search with constant computational overhead and constant storage overhead. Moreover, we enhance the recipient's privacy which hides the access policy. As of independent interest, we present a trapdoor malleability attack and demonstrate that some of previous schemes may suffer from such attack.

Wei Yang,Yang Xu,Yiwen Nie,Yao Shen,Liusheng Huang

DOI: https://doi.org/10.1007/978-3-319-91458-9_8

2018-01-01

Abstract:With the prevalence of cloud computing, data owners are motivated to outsource their databases to the cloud. However, sensitive information has to be encrypted to preserve the privacy, which inevitably makes effective data utilization a challenging task. Existing work either focuses on keyword searches, or suffers from inadequate security guarantees or inefficiency. In this paper, we focus on the problem of multi-dimensional range queries over dynamic encrypted cloud data. We propose a Tree-based private Range Query scheme over dynamic Encrypted cloud Data (TRQED), which enables faster-than-linear range queries and supports data dynamics while preserving the query privacy and single-dimensional privacy simultaneously. TRQED achieves provable security against semi-honest adversaries under known background model. Extensive experiments on real-world datasets show that the overhead of TRQED is desirable, and TRQED is more efficient compared with existing work.

Dequan Xu,Changgen Peng,Weizheng Wang,Hai Liu,Shoaib Ahmed Shaikh,Youliang Tian

DOI: https://doi.org/10.1109/tce.2023.3269045

2023-01-01

IEEE Transactions on Consumer Electronics

Abstract:With the rapid development of consumer electronics in Industry 5.0, personalized service supplement based on the cloud infrastructure for the Internet of Things (IoT) has been a promising requirement pushed to consumers. During the massive and frequent IoT data interaction from the consumer-centric in Industry 5.0, efficiently searchable encryption for multiple consumers are indispensable. Existing multi-user searchable encryption is based on attribute and predicate encryption technology to realize one-to-many rather than realistic many-to-many scenarios. Moreover, multi-keyword ranked search, dynamic update, and search pattern hiding have not been implemented in the multi-user scenario. In this paper, to address the above problems for consumer electronics in Industry 5.0, we present a privacy-preserving dynamic multi-keyword ranked search scheme over encrypted cloud data to accomplish pay-as-you-consume cloud data security sharing. Our scheme designs a specific tree-based index structure and a “Greedy Breadth-First Search” algorithm to achieve the sub-linear search. To support dynamic updates in the cloud, a novel secure maximum generation protocol is proposed. Finally, the security analysis and experiment evaluation prove our scheme cannot only preserve the privacy of index and search patterns but also support dynamic update operations under the multi-writer/multi-reader setting at an acceptable cost.

telecommunications,engineering, electrical & electronic

Kai Fan,Nana Huang,Yue Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/cscloud.2015.40

2015-01-01

Abstract:With the rapid development of the cloud computing, personal health record (PHR) has attracted great attention of many researchers all over the world recently. However, PHR, which is often outsourced to be stored at a third party, has many security and efficiency issues. Therefore, the study of secure and efficient Personal Health Record Scheme to protect users' privacy in PHR files is of great significance. In this paper, we present a secure and efficient Personal Health Record scheme called SE-PHR. In the SE-PHR scheme, we divide the users into personal domain (PSD) and public domain (PUD) logically. In the PSD, the Key-Aggregate Encryption called KAE is exploited. For the users of PUD, we use outsource-able multi-authority attribute-based encryption (MA-ABE) to largely eliminate the overhead for users and support efficient attribute revocation without updating the user's private key. Our scheme also presents a new algorithm which enables dynamic modification of access policies. Function and performance testing results show the security and efficiency of the proposed SE-PHR.

Kaiping Xue,Shaohua Li,Jianan Hong,Yingjie Xue,Nenghai Yu,Peilin Hong

DOI: https://doi.org/10.1109/TIFS.2017.2675864

2017-01-01

Abstract:Industries and individuals outsource database to realize convenient and low-cost applications and services. In order to provide sufficient functionality for SQL queries, many secure database schemes have been proposed. However, such schemes are vulnerable to privacy leakage to cloud server. The main reason is that database is hosted and processed in cloud server, which is beyond the control of data owners. For the numerical range query (“>,” “<,” and so on), those schemes cannot provide sufficient privacy protection against practical challenges, e.g., privacy leakage of statistical properties, access pattern. Furthermore, increased number of queries will inevitably leak more information to the cloud server. In this paper, we propose a two-cloud architecture for secure database, with a series of intersection protocols that provide privacy preservation to various numeric-related range queries. Security analysis shows that privacy of numerical information is strongly protected against cloud providers in our proposed scheme.

Ye Xiong,Dawu Gu,Haining Lu

DOI: https://doi.org/10.2991/ccis-13.2013.115

2013-01-01

Abstract:With the prevalence of cloud computing, more and more data are outsourced to the untrusted cloud servers, which raises a security issue that how can data owners ensure the privacy of their data in cloud. A straightforward way is to encrypt the data before uploading, but it will face new challenge when data owners need to search on their encrypted data.Searchable encryption will help to solve this problem by enabling the cloud servers to perform searching for the data owners while not learning any information about the data and the searching criteria.Range query on large encrypted data set is one of the most difficult parts of searchable encryption. In this paper, we proposed a novel scheme which improves the security and avoids any false positive. And the evaluation shows that our scheme reduces client storage and remain efficiency compared with the existing schemes.

Wentao Wang,Yuxuan Jin,Bin Cao

DOI: https://doi.org/10.1109/pst55820.2022.9851989

2022-01-01

Abstract:The growing power of cloud computing prompts data owners to outsource their databases to the cloud. In order to meet the demand of multi-dimensional data processing in big data era, multi-dimensional range queries, especially over cloud platform, have received extensive attention in recent years. However, since the third-party clouds are not fully trusted, it is popular for the data owners to encrypt sensitive data before outsourcing. It promotes the research of encrypted data retrieval. Nevertheless, most existing works suffer from single-dimensional privacy leakage which would severely put the data at risk. Up to now, although a few existing solutions have been proposed to handle the problem of single-dimensional privacy, they are unsuitable in some practical scenarios due to inefficiency, inaccuracy, and lack of support for diverse data. Aiming at these issues, this paper mainly focuses on the secure range query over encrypted data. We first propose an efficient and private range query scheme for encrypted data based on homomorphic encryption, which can effectively protect data privacy. By using the dual-server model as the framework of the system, we not only achieve multi-dimensional privacy-preserving range query but also innovatively realize similarity search based on MinHash over ciphertext domains. Then we perform formal security analysis and evaluate our scheme on real datasets. The result shows that our proposed scheme is efficient and privacy-preserving. Moreover, we apply our scheme to a shopping website. The low latency demonstrates that our proposed scheme is practical.

Abdalla Hadabi,Zheng Qu,Mohammed Amoon,Chien-Ming Chen,Saru Kumari,Hu Xiong

DOI: https://doi.org/10.1016/j.compeleceng.2024.109373

IF: 4.152

2024-06-22

Computers & Electrical Engineering

Abstract:The security of Personal Health Records (PHRs) within the Internet of Medical Things (IoMT) infrastructure is a pressing issue in the healthcare sector. Edge-based IoMT devices like smart wearables and implantables often acquire PHRs. Cloud computing plays a vital role in handling computing and storage tasks for edge-based IoMT devices. However, concerns about trust with cloud servers require the use of encryption, which may complicate the retrieval of encrypted PHRs from the cloud. This paper presents certificateless public key encryption with plaintext-checkable encryption (CL-PKE-PCE). CL-PKE-PCE enables searching for encrypted data using plaintext keywords while eliminating key escrow and certificate management issues. The CL-PKE-PCE scheme facilitates the verification of ciphertexts against plaintexts without the need for decryption, thereby maintaining data privacy. Furthermore, the security of the proposed CL-PKE-PCE scheme has been substantiated under the bilinear Diffie–Hellman assumption. Compared to similar work, it efficiently lowers calculation costs for encryption, decryption, and search algorithms by 63.66%, 51.17%, and 61.62%, respectively. The findings demonstrate that the CL-PKE-PCE is simultaneously secure and efficient, affirming its suitability for edge-based IoMT scenarios.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture