Wenjuan Tang,Kuan Zhang,Ju Ren,Yaoxue Zhang,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/glocom.2017.8254989

2017-01-01

Abstract:With the advancements of electronic medical equipment, e-healthcare system becomes a promising paradigm to continuously monitor health conditions and remotely diagnose phenomena. Meanwhile, it generates a large volume of health data and poses several security challenges, such as access control and privacy leakage. In this paper, we propose a lightweight and privacy- preserving fog-assisted information sharing scheme (PFHD) for health big data. Specifically, we integrate fog computing into e-healthcare system to pre-process the raw health data and improve the efficiency of health data analysis. Furthermore, to prevent privacy leakage, we design a hierarchical attribute-based encryption method by encrypting the profile and health data with different access policies. In addition, we reduce the computation cost on devices by offloading health data encryption from devices to fog servers. Security discussions show that PFHD can achieve fine- grained health data sharing with privacy preservation. Performance evaluations demonstrate the efficiency of PFHD, especially in terms of encryption computation and storage costs.

Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Lintao Dang,Mianxiong Dong,Kaoru Ota,Jun Wu,Jianhua Li,Gaolei Li

DOI: https://doi.org/10.1109/icc.2018.8422844

2018-01-01

Abstract:Recently, an accelerating number of studies are dedicated to deploying various IoT applications in the information centric network paradigm which has lower system complexity than traditional network architectures. However, such a paradigm poses a number of security challenges especially when it is applied in real-time e-health applications. Firstly, it is difficult to ensure security of sensitive data in such a distributed data caching environment because after the data is published in the form of a packet to the information centric network (ICN), it is no longer controlled by the data publisher. Secondly, in some real-time e-health applications, terminal medical sensors are usually resource-constrained, limiting the direct adoption of expensive cryptographic primitives. In order to address these challenges, a resource-efficient secure data sharing scheme in information centric e-health system is proposed, one that utilizes ciphertext-policy attribute based encryption (CP-ABE) and adapts it to the above-mentioned system with respect to necessary security requirements. It also exploits computation resources of fog nodes and employs outsourcing cryptography to improve system efficiency.The evaluation demonstrates that the scheme can significantly reduce the computation overheads of the resource-constrained terminal medical devices, and can better support the real-time e-health applications.

Cheng Guo,Pengxu Tian,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/tii.2020.2995228

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:Wearable body area network is a key component of the modern-day e-healthcare system (e.g., telemedicine), particularly as the number and types of wearable medical monitoring systems increase. The importance of such systems is reinforced in the current COVID-19 pandemic. In addition to the need for a secure collection of medical data, there is also a need to process data in real-time. In this article, we design an improved symmetric homomorphic cryptosystem and a fog-based communication architecture to support delay- or time-sensitive monitoring and other-related applications. Specifically, medical data can be analyzed at the fog servers in a secure manner. This will facilitate decision making, for example, allowing relevant stakeholders to detect and respond to emergency situations, based on real-time data analysis. We present two attack games to demonstrate that our approach is secure (i.e., chosen-plaintext attack resilience under the computational Diffie-Hellman assumption), and evaluate the complexity of its computations. A comparative summary of its performance and three other related approaches suggests that our approach enables privacy-assured medical data aggregation, and the simulation experiments using Microsoft Azure further demonstrate the utility of our scheme.

Yinjin Fu,Nong Xiao,Tao Chen,Jian Wang

DOI: https://doi.org/10.1109/tdsc.2021.3086089

2022-01-01

Abstract:The healthcare industry faces challenges regarding the security and efficiency of data management for patient health records (PHRs). We propose SafePHR: a secure and efficient medical data service with application aware deduplication in fog-to-multicloud encrypted storage. It introduces a fog-to-multicloud cooperative storage model, which combines low-latency and high-safety local fog with unlimited capacity and built-in disaster recovery in remote multi-cloud to enhance eHealth data management. It also provides an application aware secure deduplication scheme to improve the data traffic and space efficiency of cloud storage for encrypted PHRs using variants of convergent encryption. Then, it further enhances the resiliency and security of cloud storage by striping encrypted data across multiple cloud vendors with a fault-tolerant coding scheme. Compared with the state-of-the-art of cloud-assisted eHealth systems, our experiments demonstrate that SafePHR can ensure data confidentiality of deduplication, achieve a competitive low cloud storage space overhead, and improve system performance with high fault-tolerance capability.

Ximeng Liu,Robert H. Deng,Yang,Hieu N. Iran,Shangping Zhong

DOI: https://doi.org/10.1016/j.future.2017.03.018

IF: 7.307

2017-01-01

Future Generation Computer Systems

Abstract:In this paper, we propose a framework for hybrid privacy-preserving clinical decision support system in fog–cloud computing, called HPCS. In HPCS, a fog server uses a lightweight data mining method to securely monitor patients’ health condition in real-time. The newly detected abnormal symptoms can be further sent to the cloud server for high-accuracy prediction in a privacy-preserving way. Specifically, for the fog servers, we design a new secure outsourced inner-product protocol for achieving secure lightweight single-layer neural network. Also, a privacy-preserving piecewise polynomial calculation protocol allows cloud server to securely perform any activation functions in multiple-layer neural network. Moreover, to solve the computation overflow problem, a new protocol called privacy-preserving fraction approximation protocol is designed. We then prove that the HPCS achieves the goal of patient health status monitoring without privacy leakage to unauthorized parties by balancing real-time and high-accurate prediction using simulations.

Chang Xu,Ningning Wang,Liehuang Zhu,Kashif Sharif,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2019.2917186

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:The integration of wearable wireless devices and cloud computing in e-health systems has significantly improved their effectiveness and availability. Patients can upload their personal health information (PHI) files to the cloud, from where the health service providers (HSPs) can obtain appropriate information to determine the health state. This system not only reduces the costs associated to healthcare but also provides timely diagnosis to save lives. However, a number of privacy concerns arise while sharing sensitive information. In this paper, we propose a novel privacy-preserving patient health information sharing scheme, which allows HSPs to access and search PHI files in a secure yet efficient manner. We make use of the searchable encryption technique with keyword range search and multikey-word search. The proposed privacy-preserving equality test protocol allows different types of numeric comparison searches on encrypted data. We also use a variant of bloom filter and message authentication code to classify PHI files, filter false data, and check integrity of search results. The simulations on real-world and synthetic data show the feasibility and efficiency of the system, and security analysis proves the privacy-preservation properties.

Wenjuan Tang,Ju Ren,Kun Deng,Yaoxue Zhang

DOI: https://doi.org/10.1109/jiot.2019.2923261

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:With rapid development of e-healthcare systems, patients that are equipped with resource-limited e-healthcare devices (Internet of Things) generate huge amount of health data for health management. These health data possess significant medical value when aggregated from these distributed devices. However, efficient health data aggregation poses several security and privacy issues such as confidentiality disclosure and differential attacks, as well as patients may be reluctant to contribute their health data for aggregation. In this paper, we propose a privacy-preserving heath data aggregation scheme that securely collects health data from multiple sources and guarantee fair incentives for contributing patients. Specifically, we employ signature techniques to keep fair incentives for patients. Meanwhile, we add noises into the health data for differential privacy. Furthermore, we combine Boneh-Goh-Nissim cryptosystem and Shamir's secret sharing to keep data obliviousness security and fault tolerance. Security and privacy discussions show that our scheme can resist differential attacks, tolerate healthcare centers failures, and keep fair incentives for patients. Performance evaluations demonstrate cost-efficient computation, communication and storage overhead.

Hua Deng,Zheng Qin,Letian Sha,Hui Yin

DOI: https://doi.org/10.1109/jiot.2020.2999350

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Cloud-assisted Internet of Things (IoT) has become an increasingly popular technological trend as the performance of IoT applications can be greatly improved by delegating the cloud to manage massive IoT data. To protect the confidentiality of data outsourced from IoT devices to the cloud, cryptographic mechanisms are usually employed to encrypt the data in such a way that only the user designated by the data owner can decrypt the data. However, in the IoT multiuser environment, the encrypted data may also need to be shared with more users beyond the initially designated one. In this article, we propose a flexible privacy-preserving data sharing (FPDS) scheme in cloud-assisted IoT. With the FPDS scheme, an IoT user can encrypt data to a recipient by using identity-based encryption. More importantly, the IoT user can specify a fine-grained access policy to generate a delegation credential, and then send this credential to the cloud so that it can convert all the encrypted data satisfying the access policy into new ciphertexts that are readable to a new recipient. In this way, IoT users can share the data outsourced to the cloud in a flexible and privacy-preserving manner. Detailed security analysis shows that the FPDS scheme is secure against semitrusted cloud and malicious IoT users. Thorough theoretical and experimental analyses demonstrate the high efficiency of the scheme.

Jin Sun,Xiaojing Wang,Shangping Wang,Lili Ren

DOI: https://doi.org/10.1371/journal.pone.0207543

IF: 3.7

2018-11-29

PLoS ONE

Abstract:Fog computing can extend cloud computing to the edge of the network so as to reduce latency and network congestion. However, existing encryption schemes were rarely used in fog environment, resulting in high computational and storage overhead. Aiming at the demands of local information for terminal device and the shortcomings of cloud computing framework in supporting mobile applications, by taking the hospital scene as an example, a searchable personal health records framework with fine-grained access control in cloud-fog computing is proposed. The proposed framework combines the attribute-based encryption (ABE) technology and search encryption (SE) technology to implement keyword search function and fine-grained access control ability. When keyword index and trapdoor match are successful, the cloud server provider only returns relevant search results to the user, thus achieving a more accurate search. At the same time, the scheme is multi-authority, and the key leakage problem is solved by dividing the user secret key distribution task. Moreover, in the proposed scheme, we securely outsource part of the encryption and decryption operations to the fog node. It is effective both in local resources and in resource-constrained mobile devices. Based on the decisional q-parallel bilinear Diffie-Hellman exponent (q-DBDHE) assumption and decisional bilinear Diffie-Hellman (DBDH) assumption, our scheme is proven to be secure. Simulation experiments show that our scheme is efficient in the cloud-fog environment.

Wenjuan Tang,Kuan Zhang,Deyu Zhang,Ju Ren,Yaoxue Zhang,Xuemin Sherman Shen

DOI: https://doi.org/10.1109/MCOM.2019.1800234

IF: 9.03

2019-01-01

IEEE Communications Magazine

Abstract:The rise of smart health promotes ubiquitous healthcare services with the adoption of information and communication technologies. However, increasing demands of medical services require more computing and storage resources in proximity of medical users for intelligent sensing, processing, and analysis. Fog computing emerges to enable in situ data processing and service provision for smart health i...

Yangyang Bao,Weidong Qiu,Xiaochun Cheng

DOI: https://doi.org/10.1111/exsy.13220

IF: 3.3

2023-01-01

Expert Systems

Abstract:Medical cyber-physical systems (CPS) provide the possibility for real-time health monitoring of patients and flexible diagnostic services based on expert systems by collaboratively integrating and connecting various physical devices including sensors, terminals, and cloud infrastructure. However, the ubiquitous security threats in cyberspace have raised concerns about data security and user privacy. Although related works propose to protect data security and user privacy with cryptographic protocols, their heavy computational and storage overheads incur performance and battery life challenges for resource-constrained devices in the healthcare CPS. This article proposes an energy-saving and privacy-preserving data sharing (ESPPDS) scheme to address the challenge. ESPPDS inherits the anonymous fine-grained access control from attribute-based encryption (ABE) while protecting data integrity and supporting efficient user revocation. We also eliminate the repetitive computations of ciphertext components by utilizing the online/ offline encryption technology, and design a subtle and secure trick to delegate the decryption operations to the edge device, thereby reducing the computational overheads of the resource-constrained devices. We then show the security proof, and discuss the construction in the untrusted/ compromised server setting. The comparison and experiment indicate that ESPPDS is practical and more efficient than related schemes.

Jie Xu,Zhenxing Xu,Peter Walker,Fei Wang

DOI: https://doi.org/10.1609/aaai.v34i04.6121

2020-01-01

Proceedings of the AAAI Conference on Artificial Intelligence

Abstract:Privacy concerns on sharing sensitive data across institutions are particularly paramount for the medical domain, which hinders the research and development of many applications, such as cohort construction for cross-institution observational studies and disease surveillance. Not only that, the large volume and heterogeneity of the patient data pose great challenges for retrieval and analysis. To address these challenges, in this paper, we propose a Federated Patient Hashing (FPH) framework, which collaboratively trains a retrieval model stored in a shared memory while keeping all the patient-level information in local institutions. Specifically, the objective function is constructed by minimization of a similarity preserving loss and a heterogeneity digging loss, which preserves both inter-data and intra-data relationships. Then, by leveraging the concept of Bregman divergence, we implement optimization in a federated manner in both centralized and decentralized learning settings, without accessing the raw training data across institutions. In addition to this, we also analyze the convergence rate of the FPH framework. Extensive experiments on real-world clinical data set from critical care are provided to demonstrate the effectiveness of the proposed method on similar patient matching across institutions.

G. A. Thushara,S. Mary Saira Bhanu

DOI: https://doi.org/10.1007/s42044-022-00129-2

2022-12-19

Iran Journal of Computer Science

Abstract:Secure data-sharing in fog–cloud computing is receiving greater attention in information communication systems since it provides users with efficient and effective data transmission. Data-sharing in a smart hospital management system provides a vital service that was previously unavailable or inaccessible. Sharing medical data over a centralized cloud through an insecure channel exposes insider threats and hostile attacks. Fog–cloud-based environments now offer improved data-sharing security. A secure multi-authority data-sharing technique for a smart hospital management system with attribute-based encryption, blowfish encryption, and Boneh–Lynn–Shacham signature is proposed in this paper. Data-sharing requires an additional layer of security even though Attribute-Based Encryption allows for flexible and fine-grained data access control. Hybrid encryption offers greater resistance against brute force assaults. To overcome the issue of user management and key revocation, the proposed work employs a multi-authority short signature scheme. According to the comparison and findings, the proposed approach offers secure and efficient data-sharing in a smart hospital management system.

Chengzhe Lai,Hanyue Zhang,Rongxing Lu,Dong Zheng

DOI: https://doi.org/10.1109/jiot.2024.3350029

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The conflict between data privacy and sharing among healthcare institutions creates data silos, causing wasteful duplication, incomplete information, and potential hindrances to scientific research. In this paper, we present a privacy-preserving medical data sharing scheme based on cloud-assisted private set intersection (PSI) and aggregate signature technique. Firstly, we propose a novel authenticated cloud-assisted private set intersection, named AC-PSI, which can achieve client authentication and randomized processing of private data by using Diffie-Hellman-based Oblivious Pseudorandom Function (DH-OPRF) and Vector Oblivious Linear-Function Evaluation-based Oblivious Pseudorandom Function (VOLE-OPRF), respectively. Secondly, based on the AC-PSI and locally verifiable signature (LVS), we design a privacy-preserving and secure medical data sharing scheme, which can provide enhanced security features by enabling access control of computing resources and resist pre-computation attacks from external sources. Our approach has been proven through a rigorous analysis of security. Finally, through comparative analysis with the existing schemes, it is demonstrated that the proposed AC-PSI and medical data sharing scheme has low communication and computation overhead while achieving a higher level of privacy preservation and security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Lewis Nkenyereye,S. M. Riazul Islam,Mahmud Hossain,M. Abdullah-Al-Wadud,Atif Alamri

DOI: https://doi.org/10.48550/arXiv.2011.06211

2020-11-12

Abstract:The rapid development of personal health records (PHR) systems enables an individual to collect, create, store and share his PHR to authorized entities. Health care systems within the smart city environment require a patient to share his PRH data with a multitude of institutions' repositories located in the cloud. The cloud computing paradigm cannot meet such a massive transformative healthcare systems due to drawbacks including network latency, scalability and bandwidth. Fog computing relieves the burden of conventional cloud computing by availing intermediate fog nodes between the end users and the remote servers. Aiming at a massive demand of PHR data within a ubiquitous smart city, we propose a secure and fog assisted framework for PHR systems to address security, access control and privacy concerns. Built under a fog-based architecture, the proposed framework makes use of efficient key exchange protocol coupled with ciphertext attribute based encryption (CP-ABE) to guarantee confidentiality and fine-grained access control within the system respectively. We also make use of digital signature combined with CP-ABE to ensure the system authentication and users privacy. We provide the analysis of the proposed framework in terms of security and performance.

Cryptography and Security

Jiawei Zhang,Jianfeng Ma,Yanbo Yang,Ximeng Liu,Neal N. Xiong

DOI: https://doi.org/10.1109/jiot.2021.3122949

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Fog-assisted Internet of Things (IoT) can outsource the massive data of resource-constraint IoT devices to cloud and fog nodes (FNs). Meanwhile, it enables convenient and low time-delay data-sharing services, which relies heavily on high security of data confidentiality and fine-grained access control. Many efforts have been focused on this urgent requirement by leveraging ciphertext-policy attribute-based encryption (CP-ABE). However, when deployed in fog-assisted IoT systems for secure data sharing, it remains a challenging problem of how to preserve attribute privacy of access policy, and trace-then-revoke traitors (i.e., malicious users intending to leak decryption keys for illegal profits) efficiently and securely in such a large scale and decentralized environment with resource-constraint user devices, especially in consideration of misbehaving cloud and FNs. Therefore, in this article, we propose a revocable and privacy-preserving decentralized data-sharing framework (RPDDSF) by designing a large universe and multiauthority CP-ABE scheme with fully hidden access policy for secure data sharing in IoT systems to achieve user attribute privacy preserving with unbounded attribute universe and key escrow resistance suitable for large scale and decentralized environment. Based on this, with RPDDSF, anyone can efficiently expose the traitors and punish them by forward/backward secure revocation. Besides, RPDDSF is able to guarantee data integrity for both data owners (DOs) and users to resist misbehaving cloud and FNs, alongwith low computation overhead for resource-constraint devices. Finally, RPDDSF is proven to be secure with detailed security proofs, and its high efficiency and feasibility are demonstrated by extensive performance evaluations.

Han Qiu,Meikang Qiu,Meiqin Liu,Gerard Memmi

DOI: https://doi.org/10.48550/arXiv.1904.08270

2019-04-17

Cryptography and Security

Abstract:The recent spades of cyber security attacks have compromised end users' data safety and privacy in Medical Cyber-Physical Systems (MCPS). Traditional standard encryption algorithms for data protection are designed based on a viewpoint of system architecture rather than a viewpoint of end users. As such encryption algorithms are transferring the protection on the data to the protection on the keys, data safety and privacy will be compromised once the key is exposed. In this paper, we propose a secure data storage and sharing method consisted by a selective encryption algorithm combined with fragmentation and dispersion to protect the data safety and privacy even when both transmission media (e.g. cloud servers) and keys are compromised. This method is based on a user-centric design that protects the data on a trusted device such as end user's smartphone and lets the end user to control the access for data sharing. We also evaluate the performance of the algorithm on a smartphone platform to prove the efficiency.

Hassan Mahdikhani,Samaneh Mahdavifar,Rongxing Lu,Hui Zhu,Ali A. Ghorbani

DOI: https://doi.org/10.1109/access.2019.2961270

IF: 3.9

2019-01-01

IEEE Access

Abstract:Fog-enhanced IoT (Internet of Things) is a fast-growing technology in which many firms and industries are currently investing to develop their own real-time and low latency scenarios. Compared with the traditional IoT, fog-enhanced IoT can offer a higher level of efficiency and stronger security by providing local data pre-processing, filtering, and forwarding mechanisms. However, fog-enhanced IoT faces some security and privacy challenges, since fog nodes are deployed at the network edge and may not be fully trustable. In this paper, we present a new privacy-preserving subset aggregation scheme, called PPSA, in fog-enhanced IoT scenarios, that enables a query user to gain the sum of data from a subset of IoT devices. To identify the subset, inner product similarity of the normalized vectors in the query user side and each IoT device is securely computed. If the inner product is greater than the user's specified threshold, IoT device's data will be privately aggregated to form the final response. To successfully launch privacy-preserving subset aggregation in the proposed scheme, we employ the Paillier homomorphic encryption to encrypt user's attribute vector, similarity threshold, IoT end-devices' data, as well as the intermediate results. To the best of our knowledge, this work is the first one to address the privacy-preserving subset aggregation in fog-enhanced IoT. We analyze and extensively evaluate the efficiency and security of the proposed PPSA scheme, and the detailed analysis and results indicate that our proposed PPSA scheme can practically achieve privacy-preserving subset aggregation with significant communication and computational cost saving.

Shunrong Jiang,Xiaoyan Zhu,Liangmin Wang

DOI: https://doi.org/10.3390/s150922419

IF: 3.9

2015-01-01

Sensors

Abstract:Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients’ full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs.