Xiaojun Zhang,Jie Zhao,Liming Mu,Yao Tang,Chunxiang Xu

DOI: https://doi.org/10.1016/j.pmcj.2019.03.004

IF: 3.848

2019-01-01

Pervasive and Mobile Computing

Abstract:Cloud-based medical cyber–physical system (MCPS) relies on cloud computing to provide powerful data storage and computing services. Based on the vital outsourced medical data, doctors can perform precise medical diagnosis for patients, thus the integrity verification of medical data has become increasingly important. In this paper, we propose an identity-based proxy-oriented outsourcing with public auditing scheme in cloud-based MCPS using elliptic curve cryptography. Our scheme enables a patient to authorize the proxy to generate and upload the signatures of medical data and corresponding encrypted medical data to cloud-based MCPS. Any third party auditor (TPA) can audit the medical data efficiently, without retrieving the entire medical data set. We provide the security proof of the proposed scheme, including the storage correctness guarantee and proxy-oriented privacy-preserving property. Moreover, our scheme is designed on identity-based systems, which can avoid complex certificates management. The efficiency comparison shows that our scheme is much more light-weight, and more suitable in cloud-based MCPS.

Jie Zhao,Yifeng Zheng,Hejiao Huang,Jing Wang,Xiaojun Zhang,Daojing He

DOI: https://doi.org/10.1016/j.sysarc.2023.102860

IF: 5.836

2023-03-23

Journal of Systems Architecture

Abstract:Cloud-assisted medical cyber–physical systems (MCPSs) leverage the power of cloud computing for scalable storage and management of outsourced medical data. Based on the crucial outsouced medical data, guardians could know patient's health condition timely, doctors can make accurate diagnoses of patients, and medical research centers could also conduct medical big data analysis. However, medical data is highly sensitive and demands strong protection. Meanwhile, the integrity of outsourced medical data is vulnerable to hardware failures, software bugs or human errors. To date, a large number of data privacy-preserving integrity auditing schemes have been presented, but most of them suffer from the burden of complex public key certificate management or the key escrow problem of identity-based cryptography. In this paper, we propose a lightweight certificateless privacy-preserving integrity verification scheme (LCPPIV) with conditional anonymity for cloud-assisted MCPSs by developing an elliptic-curve digital signature and a key exchange mechanism, which can achieve the functionalities of medical data privacy protection, integrity verification of outsourced medical data, conditional anonymity, batch auditing, and secure compensation mechanism, simultaneously. Theoretical security analysis demonstrates that our scheme is provably secure in the random oracle model, with resistance to the public key replacement attack, malicious-but-passive-KGC attack, and response auditing proofs forgery. The performance evaluations indicate that LCPPIV is much more practical for cloud-assisted MCPSs compared with state-of-art data auditing schemes.

computer science, software engineering, hardware & architecture

Xiong Li,Shanpeng Liu,Rongxing Lu,Muhammad Khurram Khan,Ke Gu,Xiaosong Zhang

DOI: https://doi.org/10.1109/JBHI.2022.3140831

IF: 7.7

2022-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:The booming Internet of Things makes smart healthcare a reality, while cloud-based medical storage systems solve the problems of large-scale storage and real-time access of medical data. The integrity of medical data outsourced in cloud-based medical storage systems has become crucial since only complete data can make a correct diagnosis, and public auditing protocol is a key technique to solve this problem. To guarantee the integrity of medical data and reduce the burden of the data owner, we propose an efficient privacy-preserving public auditing protocol for the cloud-based medical storage systems, which supports the functions of batch auditing and dynamic update of data. Detailed security analysis shows that our protocol is secure under the defined security model. In addition, we have conducted extensive performance evaluations, and the results indicate that our protocol not only remarkably reduces the computational costs of both the data owner and the third-party auditor (TPA), but also significantly improves the communication efficiency between the TPA and the cloud server. Specifically, compared with other related work, the computational cost of the TPA in our protocol is negligible and the data owner saves more than 2/3 of computational cost. In addition, as the number of challenged blocks increases, our protocol saves nearly 90% of communication overhead between the TPA and the cloud server.

Chunxiang Xu,Yuan Zhang,Yong Yu,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.3837/tiis.2014.11.032

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

ZHAO Yang,WANG Shi-yu,WU Song-yang,XIONG Hu

DOI: https://doi.org/10.3969/j.issn.1001-0548.2016.01.013

2016-01-01

Abstract:With the rapid development of cloud computing technology, more users will store their data on a remote cloud server. To ensure that the user’s data is correctly stored on the cloud server, remote data integrity checking has attracted widespread attention by academia and industry. By considering limited computing resources and communication bandwidth on the client side, users can delegate the auditing task of remote data integrity to a professional proxy. Currently, the proxy auditing scheme of remote data integrity can only support storing static data. But in this paper, we propose a proxy auditing scheme of remote data integrity for dynamics, which is based on Merkle Hash Tree and bilinear pairings technology. The proposed scheme can not only meet the security requirements of auditing protocol for the remote data, but also support the dynamic operations, such as inserting, deleting and appending. Security proof and performance analysis show that the proposed scheme is safe and effective.

Caiyuan Tang,Feng Wang,Chenbin Zhao,Xiuqiang Chen

DOI: https://doi.org/10.1002/ett.4816

IF: 3.6

2023-06-21

Transactions on Emerging Telecommunications Technologies

Abstract:This image is the system model of our proposed scheme (IPAPS) and shows that our scheme includes three entires: data owner (DO), medical cloud storage server (MCSS), and third‐party auditor (TPA). In order to verify the integrity of data outsourced to the server, DO authorizes TPA to achieve the public auditing, then the authorized TPA sends verification requests to the MCSS. Finally, TPA verifies the responses returned from the MCSS and sends the result of the verification to the DO. Cloud‐based medical storage system is becoming popular. Cloud server is curious about the private information of stored cases, and the integrity of outsourced data has become increasingly concerned. Numerous public auditing protocols for the outsourced data into the cloud server were proposed. Unfortunately, in the existing protocols, some of them may neglect security to improve efficiency. Recently, Li et al. proposed an efficient privacy‐preserving public auditing protocol for cloud‐based medical storage system (EPPAP), which improved the communication efficiency by storing some of data owner's data in third part auditors, however we find that the protocol is vulnerable to collusion attack and replace attack. In this paper, we analyze the security attacks of the existing protocol, and further propose an improved public auditing protocol for secure data storage in cloud‐based medical storage system (IPAPS). In addition, we give the formal security proof and analyze the performance of our proposed protocol. The security proof shows our protocol takes into account integrity, collusion attack and replace attack at the same time. The simulation experiments in our performance analysis show that the proposed protocol is practical.

telecommunications

Haibin Yang,Zhengge Yi,Xu An Wang,Yunxuan Su,Zheng Tu,Xiaoyuan Yang

DOI: https://doi.org/10.1155/2021/8886763

2021-01-01

Wireless Communications and Mobile Computing

Abstract:Now, it is common for patients and medical institutions to outsource their data to cloud storage. This can greatly reduce the burden of medical information management and storage and improve the efficiency of the entire medical industry. In some cases, the group-based cloud storage system is also very common to be used. For example, in an medical enterprise, the employees outsource the working documents to the cloud storage and share them to the colleagues. However, when the working documents are outsourced to the cloud servers, how to ensure their security is a challenge problem for they are not controlled physically by the data owners. In particular, the integrity of the outsourced data should be guaranteed. And the secure cloud auditing protocol is designed to solve this issue. Recently, a lightweight secure auditing scheme for shared data in cloud storage is proposed. Unfortunately, we find this proposal not secure in this paper. It’s easy for the cloud server to forge the authentication label, and thus they can delete all the outsourced data when the cloud server still provide a correct data possession proof, which invalidates the security of the cloud audit protocol. On the basis of the original security auditing protocol, we provide an improved one for the shared data, roughly analysis its security, and the results show our new protocol is secure.

Jining Zhao,Chunxiang Xu,Kefei Chen

DOI: https://doi.org/10.1016/j.jisa.2019.04.002

2018-01-01

Abstract:In big data age, flexible cloud service greatly enhances productivity for enterprises and individuals in different applications. When cloud access is restricted, data owner could authorize a proxy to process the data, and upload them to enjoy the powerful cloud storage service. Meanwhile, outsourced data integrity breach becomes a serious security issue for cloud storage. Identity Based Provable Data Possession (PDP) as a critical technology, could enable each data owner to efficiently verify cloud data integrity, without downloading entire copy and complicated public key certificate management issue. But it remains a great challenge for multiple data owners to efficiently and securely perform batch data integrity checking on huge data on different storage clouds, with proxy processing. Yu et al. recently proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing ( https://doi.org/10.3837/tiis.2017.10.019 ), which tried to address this problem. In this article, we first demonstrate that this scheme is insecure since malicious clouds could pass integrity auditing without original data. Additionally, malicious clouds are able to recover the proxys private key and thus impersonate proxy to arbitrarily forge tags for any modified data. Secondly, in order to repair these security flaws, we propose an improved scheme to enable secure identity based batch public auditing with proxy processing. Thirdly, the security of our improved scheme is proved under CDH hard problem in the random oracle model. The complexity analysis of its performance shows better efficiency over identity-based proxy-oriented data uploading and remote data integrity checking in public cloud on single owner effort on a single cloud, which will benefit big data storage if it is extrapolated in real application.

Hui Tian,Weiping Ye,Jia Wang,Hanyu Quan,Chin-Chen Chang

DOI: https://doi.org/10.1155/2023/3375823

IF: 8.993

2023-11-27

International Journal of Intelligent Systems

Abstract:In the context of healthcare 4.0, cloud-based eHealth is a common paradigm, enabling stakeholders to access medical data and interact efficiently. However, it still faces some serious security issues that cannot be ignored. One of the major challenges is the assurance of the integrity of medical data remotely stored in the cloud. To solve this problem, we propose a novel certificateless public auditing for medical data in the cloud (CPAMD), which can achieve efficient batch auditing without complicated certificate management and key escrow. Specifically, in our CPAMD, a new secure certificateless signature method is designed to generate tamper-proof data block tags; a manageable delegated data outsourcing mechanism is presented to reduce the burden of data maintenance on patients and achieve auditability of outsourcing behavior; and a privacy-preserving augmented verification strategy is proposed to provide comprehensive auditing of both medical data and its source information without compromising privacy. We perform formal security analysis and comprehensive performance evaluation for CPAMD. The results demonstrate that the presented scheme can provide better auditing security and more comprehensive auditing capabilities while achieving good performance comparable to state-of-the-art ones.

computer science, artificial intelligence

Song Li,Jie Cui,Hong Zhong,Lu Liu

DOI: https://doi.org/10.3390/s17051032

IF: 3.9

2017-05-05

Sensors

Abstract:Wireless Body Sensor Networks (WBSNs) are gaining importance in the era of the Internet of Things (IoT). The modern medical system is a particular area where the WBSN techniques are being increasingly adopted for various fundamental operations. Despite such increasing deployments of WBSNs, issues such as the infancy in the size, capabilities and limited data processing capacities of the sensor devices restrain their adoption in resource-demanding applications. Though providing computing and storage supplements from cloud servers can potentially enrich the capabilities of the WBSNs devices, data security is one of the prevailing issues that affects the reliability of cloud-assisted services. Sensitive applications such as modern medical systems demand assurance of the privacy of the users' medical records stored in distant cloud servers. Since it is economically impossible to set up private cloud servers for every client, auditing data security managed in the remote servers has necessarily become an integral requirement of WBSNs' applications relying on public cloud servers. To this end, this paper proposes a novel certificateless public auditing scheme with integrated privacy protection. The multi-user model in our scheme supports groups of users to store and share data, thus exhibiting the potential for WBSNs' deployments within community environments. Furthermore, our scheme enriches user experiences by offering public verifiability, forward security mechanisms and revocation of illegal group members. Experimental evaluations demonstrate the security effectiveness of our proposed scheme under the Random Oracle Model (ROM) by outperforming existing cloud-assisted WBSN models.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jun Zhou,Xiaodong Lin,Xiaolei Dong,Zhenfu Cao

DOI: https://doi.org/10.1109/TPDS.2014.2314119

2015-01-01

Abstract:Distributed m-healthcare cloud computing system significantly facilitates efficient patient treatment for medical consultation by sharing personal health information among healthcare providers. However, it brings about the challenge of keeping both the data confidentiality and patients' identity privacy simultaneously. Many existing access control and anonymous authentication schemes cannot be straightforwardly exploited. To solve the problem, in this paper, a novel authorized accessible privacy model (AAPM) is established. Patients can authorize physicians by setting an access tree supporting flexible threshold predicates. Then, based on it, by devising a new technique of attribute-based designated verifier signature, a patient self-controllable multi-level privacy-preserving cooperative authentication scheme (PSMPA) realizing three levels of security and privacy requirement in distributed m-healthcare cloud computing system is proposed. The directly authorized physicians, the indirectly authorized physicians and the unauthorized persons in medical consultation can respectively decipher the personal health information and/or verify patients' identities by satisfying the access tree with their own attribute sets. Finally, the formal security proof and simulation results illustrate our scheme can resist various kinds of attacks and far outperforms the previous ones in terms of computational, communication and storage overhead.

Baoyuan Kang,Jiaqiang Wang,Dongyang Shao

DOI: https://doi.org/10.1155/2017/2925465

2017-01-01

Mobile Information Systems

Abstract:With cloud computing being integrated with wireless body area networks, the digital ecosystem called cloud-assisted WBAN was proposed. In cloud-assisted medical systems, the integrity of the stored data is important. Recently, based on certificateless public key cryptography, He et al. proposed a certificateless public auditing scheme for cloud-assisted WBANs. But He et al.’s scheme is not a scheme with privacy preserving. After many checks on some of the same data blocks, the auditor can derive these data blocks. In this paper, we propose a certificateless public auditing scheme with privacy preserving for cloud-assisted WBANs. In the proof phase of the proposed scheme, the proof information is protected from being directly exposed to the auditor. So, the curious auditor could not derive the data blocks. We also prove that the proposed scheme is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard, and we give a comparison of the proposed scheme with He et al.’s scheme in terms of security and computation cost.

computer science, information systems,telecommunications

Yilun Wu,Xinye Lin,Xicheng Lu,Jinshu Su,Peixin Chen

DOI: https://doi.org/10.1587/transinf.2016EDL8079

2016-01-01

IEICE Transactions on Information and Systems

Abstract:Public auditing is a new technique to protect the integrity of outsourced data in the remote cloud. Users delegate the ability of auditing to a third party auditor (TPA), and assume that each result from the TPA is correct. However, the TPA is not always trustworthy in reality. In this paper, we consider a scenario in which the TPA may lower the reputation of the cloud server by cheating users, and propose a novel public auditing scheme to address this security issue. The analyses and the evaluation prove that our scheme is both secure and efficient.

Solomon Guadie Worku,Chunxiang Xu,Jining Zhao,Xiaohu He

DOI: https://doi.org/10.1016/j.compeleceng.2013.10.004

2014-01-01

Abstract:Cloud computing poses many challenges on integrity and privacy of users' data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.

Xiaojun Zhang,Jie Zhao,Liming Mu,Xinpeng Zhang

DOI: https://doi.org/10.1504/ijesdf.2019.102566

2019-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Medical big data have recently received considerable attention in the modern medical systems, since they give great opportunities to mine new medical knowledge. In the wireless medical sensor networks (WMSNs), medical big data can be generated and processed everywhere at any time. With the rapid development of cloud computing, cloud-based WMSNs can provide more efficient processing of patients' physiology parameters and support richer storage services. Meanwhile, the integrity of medical big data becomes significant, since medical big data will be employed to provide the medical diagnosis and other medical treatments. In this paper, we propose a cost-effective self-auditing scheme for cloud storage medical big data without pairings. In the proposed scheme, a patient can personally check the medical big data integrity effectively, without retrieving the entire medical big data, and thus dramatically reduces the communication overhead. Moreover, we extend the proposed scheme to a batch self-auditing scheme, such that a patient can efficiently perform self-auditing for multiple different medical big data files simultaneously. The performance comparison shows that the proposed scheme is much more light-weight, and more practical in WMSNs.

Jining Zhao,Chunxiang Xu,Kefei Chen

DOI: https://doi.org/10.3837/tiis.2019.02.030

2019-01-01

KSII Transactions on Internet and Information Systems

Abstract:With delegating proxy to process data before outsourcing, data owners in restricted access could enjoy flexible and powerful cloud storage service for productivity, but still confront with data integrity breach. Identity-based data auditing as a critical technology, could address this security concern efficiently and eliminate complicated owners' public key certificates management issue. Recently, Yu et al. proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019) It aims to offer identity-based, privacy-preserving and batch auditing for multiple owners' data on different clouds, while allowing proxy processing. In this article, we first demonstrate this scheme is insecure in the sense that malicious cloud could pass integrity auditing without original data. Additionally, clouds and owners are able to recover proxy's private key and thus impersonate it to forge tags for any data. Secondly, we propose an improved scheme with provable security in the random oracle model, to achieve desirable secure identity based privacy-preserving batch public auditing with proxy processing. Thirdly, based on theoretical analysis and performance simulation, our scheme shows better efficiency over existing identity-based auditing scheme with proxy processing on single owner and single cloud effort, which will benefit secure big data storage if extrapolating in real application.

Jianhong Zhang,Zhibin Sun,Jian Mao

DOI: https://doi.org/10.1155/2018/9638680

2018-01-01

Journal of Healthcare Engineering

Abstract:Cloud storage has attracted more and more concern since it permits cloud users to save and employ the corresponding outsourced files at arbitrary time, with arbitrary facility and from arbitrary place. To make sure data integrality, numerous public auditing constructions have been presented. However, existing constructions mainly have built on the PKI. In these constructions, to achieve data integrality, the auditor first must authenticate the legality of PKC, which leads to a great burden for the auditor. To eliminate the verification of time-consuming certificate, in this work, we present an efficient identity-based public auditing proposal. Our construction is an identity-based data auditing system in the true sense in that the algorithm to calculate authentication signature is an identity-based signature algorithm. By extensive security evaluation and experimental testing, the consequences demonstrate that our proposal is safe and effective; it can efficiently hold back forgery attack and replay attack. Finally, compared with the two identity-based public auditing proposals, our proposal outperforms the two proposals under the condition of overall considering computational cost, communication overhead, and security strength.

Chin-Ling Chen,Tsai-Tung Yang,Mao-Lun Chiang,Tzay-Farn Shih

DOI: https://doi.org/10.1007/s10916-014-0143-9

IF: 4.92

2014-10-15

Journal of Medical Systems

Abstract:With the rapid development of the information technology, the health care technologies already became matured. Such as electronic medical records that can be easily stored. However, how to get medical resources more convenient is currently concerning issue. In spite of many literatures discussed about medical systems, these literatures should face many security challenges. The most important issue is patients’ privacy. Therefore, we propose a privacy authentication scheme based on cloud environment. In our scheme, we use mobile device’s characteristics, allowing peoples to use medical resources on the cloud environment to find medical advice conveniently. The digital signature is used to ensure the security of the medical information that is certified by the medical department in our proposed scheme.

health care sciences & services,medical informatics

Xiaojun Zhang,Ziyu Zhou,Jingwei Zhang,Chunxiang Xu,Xinpeng Zhang

DOI: https://doi.org/10.1504/ijesdf.2020.106301

2020-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:With the rapid development of cloud computing, cloud-based wireless body area networks (WBANs) provide powerful storage services, and process massive medical data efficiently. As the medical data are exploited to perform the clinical diagnosis and other special medical treatments, the integrity of the medical data stored in the cloud server is increasingly important. In this paper, based on the elliptic curve digital signature algorithm (ECDSA), we propose an efficient light-weight cloud storage private auditing scheme for medical data in WBANs. Our scheme enables a data owner to check the medical data integrity effectively personally, and does not need to retrieve the entire medical dataset, thereby dramatically reducing the communication overhead. Moreover, we further extend our private auditing scheme to private batch auditing. Thus, the data owner can perform auditing task for multiple different medical data files simultaneously. The performance comparison demonstrates that our scheme is much more light-weight, and more practical in cloud-based wireless body area networks.

Wenmin Li,Shuo Zhang,Qi Su,Qiaoyan Wen,Yang Chen

DOI: https://doi.org/10.1155/2018/8131367

2018-01-01

Abstract:Telecare medical information systems (TMIS) enable patients to access healthcare delivery services conveniently. With the explosive development occurring in cloud computing and services, storage of personal medical and health information outsourcing to cloud infrastructure has been a potential alternative. However, this has entailed many considerable security and privacy issues. In order to address the security loopholes, we propose a promising solution satisfying the requirements of cloud computing scenarios for telemedical systems. The proposed scheme could provide both data confidentiality and message authenticity while preserving anonymity. Furthermore, the formal security proof demonstrates that the proposed scheme is resistant to various attacks. The performance comparisons show the proposal's workability and it is well suited to adoption in telemedical services.