Cheng Guo,Ruhan Zhuang,Yingmo Jie,Yizhi Ren,Ting Wu,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1007/s10916-016-0588-0

IF: 4.92

2016-01-01

Journal of Medical Systems

Abstract:An effectively designed e-healthcare system can significantly enhance the quality of access and experience of healthcare users, including facilitating medical and healthcare providers in ensuring a smooth delivery of services. Ensuring the security of patients’ electronic health records (EHRs) in the e-healthcare system is an active research area. EHRs may be outsourced to a third-party, such as a community healthcare cloud service provider for storage due to cost-saving measures. Generally, encrypting the EHRs when they are stored in the system (i.e. data-at-rest) or prior to outsourcing the data is used to ensure data confidentiality. Searchable encryption (SE) scheme is a promising technique that can ensure the protection of private information without compromising on performance. In this paper, we propose a novel framework for controlling access to EHRs stored in semi-trusted cloud servers (e.g. a private cloud or a community cloud). To achieve fine-grained access control for EHRs, we leverage the ciphertext-policy attribute-based encryption (CP-ABE) technique to encrypt tables published by hospitals, including patients’ EHRs, and the table is stored in the database with the primary key being the patient’s unique identity. Our framework can enable different users with different privileges to search on different database fields. Differ from previous attempts to secure outsourcing of data, we emphasize the control of the searches of the fields within the database. We demonstrate the utility of the scheme by evaluating the scheme using datasets from the University of California, Irvine.

Jie Zhao,Hejiao Huang,Yongliang Xu,Xiaojun Zhang,Hongwei Du,Chao Huang

DOI: https://doi.org/10.1016/j.tcs.2024.114895

IF: 1.002

2024-10-05

Theoretical Computer Science

Abstract:Cloud-assisted e-healthcare sharing systems (EHSSs) play an increasingly pivotal role in the contemporary healthcare field. By outsourcing electronic medical records (EMRs) to the cloud, hospitals can alleviate local storage and management burdens while facilitating data sharing. Due to the highly sensitive nature of EMRs, encryption is necessary before storing them on the cloud. Attribute-based keyword search (ABKS) enables the privacy protection of EMRs with efficient search services. However, there remain some limitations in practical application. Firstly, most ABKS schemes only support single keyword queries, resulting in inaccurate results and wastage of computing and bandwidth resources. Secondly, since sensitive information within EMRs is encrypted as a whole, different data users (including internal doctors and external researchers) should have varying access rights to prevent leakage of this sensitive information. Thirdly, incorrect search results could lead to misdiagnosis or endanger patients' lives and affect researchers' decision-making processes. To effectively tackle these challenges, this paper proposes a verifiable attribute-based multi-keyword search scheme with sensitive information hiding (VABMKS-SIH) for cloud-assisted EHSSs, where we present a secure model for multi-keyword search with two-level access structure by incorporating an improved blindness filtering technique into ciphertext-policy attribute-based encryption (CP-ABE) within existing keyword search framework. Our scheme employs a super-increasing sequence to aggregate multiple filtered data blocks into one unified ciphertext, thereby greatly reducing communication overhead during the transmission phases of ciphertext. To check the correctness of returned results, we introduce a lightweight algebraic signature algorithm based on fundamental algebraic operations. A security analysis demonstrates that VABMKS-SIH is provably secure under the random oracle mode. Additionally, we also evaluate the proposed scheme's performance to demonstrate its utility in cloud-assisted EHSSs.

computer science, theory & methods

Fan Zhao,Changgen Peng,Dequan Xu,Yicen Liu,Kun Niu,Hanlin Tang

DOI: https://doi.org/10.1016/j.comcom.2023.04.003

2023-05-01

Abstract:With the outbreak of COVID-19, the government has been forced to collect a large amount of detailed information about patients in order to effectively curb the epidemic of the disease, including private data of patients. Searchable encryption is an essential technology for ciphertext retrieval in cloud computing environments, and many searchable encryption schemes are based on attributes to control user's search permissions to protect their data privacy. The existing attribute-based searchable encryption (ABSE) scheme can only implement the situation where the search permission of one person meets the search policy and does not support users to obtain the search permission through collaboration. In this paper, we proposed a new attribute-based collaborative searchable encryption scheme in multi-user setting (ABCSE-MU), which takes the access tree as the access policy and introduces the translation nodes to implement collaborative search. The cooperation can only be reached on the translation node and the flexibility of search permission is achieved on the premise of data security. ABCSE-MU scheme solves the problem that a single user has insufficient search permissions but still needs to search, making the user's access policy more flexible. We use random blinding to ensure the confidentiality and security of the secret key, further prove that our scheme is secure under the Decisional Bilinear Diffie-Hellman (DBDH) assumption. Security analysis further shows that the scheme can ensure the confidentiality of data under chosen-keyword attacks and resist collusion attacks.

Haijiang Wang,Jianting Ning,Xinyi Huang,Guiyi Wei,Geong Sen Poh,Ximeng Liu

DOI: https://doi.org/10.1109/tdsc.2019.2916569

2019-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:E-Healthcare systems are increasingly popular due to the introduction of wearable healthcare devices and sensors. Personal health records (PHRs) are collected by these devices and stored in a remote cloud. Due to privacy concern, these records should not be accessible by any unauthorized party, and the cloud providers should not be able to learn any information from the stored records. To address the above issues, one promising solution is to employ attribute based encryption (ABE) for fine-grained access control and searchable encryption for keyword search on encrypted data. However, most of existing ABE schemes leak the privacy of access policy which may also contain sensitive information. On the other hand, for users' devices with limited computing power and bandwidth, the mechanism should enable them to be able to search the PHRs efficiently. Unfortunately, most existing works on ABE do not support efficient keyword search on encrypted data. In this work, we propose an efficient hidden policy ABE scheme with keyword search. Our scheme enables efficient keyword search with constant computational overhead and constant storage overhead. Moreover, we enhance the recipient's privacy which hides the access policy. As of independent interest, we present a trapdoor malleability attack and demonstrate that some of previous schemes may suffer from such attack.

Fanfan Shen,Lin Shi,Jun Zhang,Chao Xu,Yong Chen,Yanxiang He

DOI: https://doi.org/10.1016/j.csi.2023.103824

IF: 3.721

2023-12-21

Computer Standards & Interfaces

Abstract:The storage of electronic medical records (EMRs) is an area of extensive research, and healthcare systems often delegate this task to cloud service providers (CSP). Typically, CSP transmits the encrypted EMRs to a cloud server with a searchable encryption scheme for easy retrieval. However, the enormous power held by centralized CSP poses a potential threat to patients' personal privacy, as it can lead to unauthorized access and misuse of medical data by both CSP and data users, such as doctors. This paper proposes a blockchain-based multi-keyword searchable encryption (BMSE) electronic medical record solution. The scheme consists of two parts. On the one hand, our solution involves the integration of blockchain technology and the utilization of advanced encryption standard (AES) for symmetric data encryption. Additionally, we employ attribute-based encryption (ABE) to encrypt the search index. This approach aims to address the issue of excessive power held by centralized CSP, which can potentially result in the compromise of patients' privacy. On the other hand, we use the K-means algorithm to cluster the documents, and use the relevance score of keywords and documents as the search index to solve the problem of low efficiency of the existing multi-keyword searchable encryption schemes. Finally, we verify the safety of BMSE through safety analysis, and the experimental analysis shows that BMSE improves the search efficiency.

computer science, software engineering, hardware & architecture

Qiang Cao,Yanping Li,Zhenqiang Wu,Yinbin Miao,Jianqing Liu

DOI: https://doi.org/10.1007/s11280-019-00671-3

2019-01-01

World Wide Web

Abstract:Cloud storage over the internet gives opportunities for easy data sharing. To preserve the privacy of sharing data, the outsourced data is usually encrypted. The searchable encryption technique provides a solution to find the target data in the encrypted form. And the public-key encryption with keyword search is regarded as a major approach for the searchable encryption technique. However, there are still several privacy leakage challenges for the further adoption of these major schemes. One is how to resist the keyword guessing attack which still leaks data user’s keywords privacy. Another is how to construct the access control policy to prevent illegal access of outsourced data sharing since illegal access always leak the privacy of user’s attribute. In our paper, we firstly try to design a novel secure keyword index to resist the keyword guessing attack from access pattern and search pattern. Second, we propose an attribute-based encryption scheme which supports an enhanced fine-grained access control search. This allows the authenticated users to access different data although their searching request contains the same queried keywords, and meanwhile unauthenticated users cannot get any attribute privacy information. Third, we give security proofs to show that the construction of keyword index is against keyword guessing attack from the access pattern and search pattern, and our scheme is proved to be IND-CPA secure (the indistinguishability under chosen plaintext attack) under the standard model. Finally, theoretical analyses and a series of experiments are conducted to demonstrate the efficiency of our scheme.

Wu Chuxin,Zhang Peng,Liu Hongwei,Chen Zehong,Zoe L. Jiang

DOI: https://doi.org/10.1007/978-3-030-05063-4_30

2018-01-01

Abstract:Due to the strong storage capacity and calculating power of cloud computing, more and more users outsource their data to the cloud. To avoid users’ data exposed to cloud, searchable encryption which can search over the encrypted data is studied. In this paper, based on the multi-keyword searchable encryption proposed by Cash et al., through enforcing access control for users, we present an efficient multi-keyword searchable encryption supporting multi-user access control(MMSE). MMSE supports multi-user scenarios, and only the users whose attributes satisfy the policy can generate the search token, no matter the data owner is online or not. The security and performance analysis shows that the proposed MMSE is secure and efficient. © Springer Nature Switzerland AG 2018.

Shufen Niu,Wenke Liu,Song Han,Lizhi Fang

DOI: https://doi.org/10.1371/journal.pone.0244979

IF: 3.7

2021-01-07

PLoS ONE

Abstract:As cloud storage technology develops, data sharing of cloud-based electronic medical records (EMRs) has become a hot topic in the academia and healthcare sectors. To solve the problem of secure search and sharing of EMR in cloud platforms, an EMR data-sharing scheme supporting multi-keyword search is proposed. The proposed scheme combines searchable encryption and proxy re-encryption technologies to perform keyword search and achieve secure sharing of encrypted EMR. At the same time, the scheme uses a traceable pseudo identity to protect the patient's private information. Our scheme is proven secure based on the modified Bilinear Diffie-Hellman assumption and Quotient Decisional Bilinear Diffie-Hellman assumption under the random oracle model. The performance of our scheme is evaluated through theoretical analysis and numerical simulation.

Yinbin Miao,Feng Li,Xinghua Li,Zhiquan Liu,Jianting Ning,Hongwei Li,Kim-Kwang Raymond Choo,Robert H. Deng

DOI: https://doi.org/10.1109/tmc.2023.3277702

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Electronic health (e-health) systems may outsource data such as patient e-health records to mobile cloud servers for efficiency gains (e.g., minimizing local storage and computation costs). However, such a move may result in privacy implications in the presence of semi-honest cloud servers. Searchable Encryption (SE) can potentially facilitate privacy-preserving searches based on keywords for encrypted data stored in the mobile cloud, but most existing SE solutions do not support temporal access control (i.e., a mechanism that grants access permissions to users for specified time ranges). Hence, in this paper we design a time-controllable keyword search scheme by using an attribute-based comparable access control. This allows users to match indexes encrypted at specified time intervals. Then, we improve the basic framework to support efficient user revocation using secret sharing. We then formally prove the security of our proposed frameworks against chosen-keyword attack and key collusion attack, as well as achieving keyword secrecy. We also evaluate the performance of our proposed approach using a real-world dataset to demonstrate their practical utility.

Lingling Xu,Zhiwei Sun,Wanhua Li,Hongyang Yan

DOI: https://doi.org/10.1007/s11276-020-02410-3

IF: 2.701

2024-01-01

Wireless Networks

Abstract:With the development of big data and cloud computing, more and more data owners store their data with encrypted form in the cloud server. To retrieve some data they are interested in, an important technology called searchable encryption can be adopted. Sometimes, the encrypted data are desired to be shared to some users by the data owners without destroying the user privacy. To address this problem, many works of delegated searchable encryption (DSE) have been studied. However, in the existing DSE schemes, the delegated users can make keyword search over the encrypted data without any restrictions. In some systems such as E-health record system in which the data are sensitive, it is desired that the delegated users can only make search with some specified keywords designated by the data owners. In this work, we present an efficient solution to this problem and give a concrete construction. Then we show that our construction is efficient and practical for real applications by experimental results.

Qian Wang,Chengzhe Lai,Rongxing Lu,Dong Zheng

DOI: https://doi.org/10.1109/tcc.2021.3120110

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:Outsourcing medical data to healthcare cloud has become a popular trend. Since medical data of patients contain sensitive personal information, they should be encrypted before outsourcing. However, information retrieval methods based on plaintext cannot be directly applied to encrypted data. In this article, we present a new cryptographic primitive named conjunctive keyword search with secure channel free and autonomous path delegation function (AP-SCF-PECKS), which can be applied in scenarios where patients want to search for and autonomous delegate their private medical information without revealing their private key. Particularly, the proposed solution allows patients to set up multi-hop delegation path with their preferences, and the delegated doctors in the path can search for and access the patient’s private medical information with priority from high to low. Patients can ensure that authorized doctors are always trustworthy, and unauthorized users cannot obtain the private medical information of patients. Moreover, the scheme supports the conjunctive keyword search, secure channel free, and is secure against chosen keyword attack, chosen ciphertext attack, and keyword guessing attack. The security of proposed scheme has been formally proved in the standard model. Finally, the performance evaluations demonstrate that the overhead of proposed scheme are modest for healthcare cloud scenarios.

computer science, information systems, theory & methods

Hongjian Yin,Yiming Zhao,Lei Zhang,Baojun Qiao,Wenbo Chen,Huaqing Wang

DOI: https://doi.org/10.1016/j.sysarc.2024.103081

IF: 5.836

2024-03-01

Journal of Systems Architecture

Abstract:In this paper, we address the secure sharing of sensitive healthcare data in blockchain-based healthcare. As a form of sensitive information, healthcare data is often encrypted before being uploaded to cloud servers. Extensive research has been conducted on Attribute-Based Searchable Encryption (ABSE) to achieve fine-grained searchability of encrypted sensitive healthcare data. However, the existing ABSE schemes rely on a single authoritative center for managing the master key, resulting in a single point of failure. Additionally, there has been limited research focusing on the privacy concerns of user identity during the key generation process. To tackle these challenges, we propose a novel decentralized ciphertext-policy attribute-based encryption (DCP-ABSE) scheme. In this scheme, the master key is jointly managed by all attribute nodes on the blockchain. This ensures the smooth operation of the system even if some nodes are compromised. In addition, the user’s private key fragments are generated through interactions with all attribute nodes, in this process, the user’s identity information is not disclosed to attribute nodes. In addition, we prove that the proposed scheme is secure against chosen keyword attacks and chosen plaintext attacks under the Decisional Bilinear Diffie–Hellman assumption. The performance evaluation shows that the proposed scheme has high efficiency.

computer science, software engineering, hardware & architecture

Zhen Li,Minghao Zhao,Han Jiang,Qiuliang Xu

DOI: https://doi.org/10.1007/s12243-017-0571-x

2017-01-01

Abstract:Multi-user searchable encryption (MSE) enables authorized users to search over encrypted documents in the cloud. Generally, security problems in existing MSE schemes are solved as follows: (1) transmitting authority values and search tokens through secure channels to resist keyword guessing attack; (2) involving a trusted third party (TTP) to manage users and (3) relying on online users to distribute the decryption keys. However, these methods result in extra overhead and heavily restrict the scalability of the systems. In this paper, we propose a secure channel-free and TTP-free MSE scheme. It is secure against keyword guessing attack by introducing a designated server. And it achieves fine-grained access control to grant and revoke the privileges of users without TTP. More specifically, each document is encrypted with a unique and independent key, where the key distribution is integrated with user authorization and search procedures. We provide a concrete construction of the scheme and give formal proofs of its security in the random oracle model.

Jian Su,Leyou Zhang,Yi Mu

DOI: https://doi.org/10.1016/j.future.2022.01.021

IF: 7.307

2022-07-01

Future Generation Computer Systems

Abstract:Due to the popularity of electronic medical technology and the rapid rise of cloud storage technology, how to securely share medical data has become a research hotspot at present. Fast and efficient keywords search in medical cloud is the key first step to achieve it. However, untrusted servicer may return the false search results or the results related to some special commercial purpose. Additionally, privacy leakage in medical data will also damage the benefits of the users and primary data owners. Ensuring fair and accurate searching of shared data and protecting the privacy of medical data have become important in the medical sharing system. This paper aims at solving these problems and a search framework for smart health system is proposed. In the framework, two smart contracts, named search smart contract(SSC) and verify smart contract(VSC), are constructed based on Ethereum blockchain, which are used to match the user’s trapdoor with index and check the correctness of search results. To improve the search accuracy, we realizes a ranking multi-keyword search where it only returns the top- k documents which best meet the user’s needs. Additionally, a new attribute-based encryption(ABE) is introduced to keep confidentiality and access authority of the sharing data. And the proposed ABE supports the hiding policy which solves the privacy protection during the data share. For reducing the computing burden of the data user, the decrypted-cloud service assistant system is proposed. Security proof and performance comparisons prove the security and efficiency of the scheme.

Xueyan Liu,Xiaotao Yang,Yukun Luo,Qiang Zhang

DOI: https://doi.org/10.1109/jiot.2021.3056116

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The development of the Internet of Things (IoT) has given birth to new applications and services. Accordingly, because the IoT application system collects a large amount of data containing sensitive information, there are also new challenges in data security and privacy preservation. To locate the medical IoT (mIoT), this article proposes a multikeyword searchable encryption scheme based on attributes supporting the data privacy preservation and integrity verification of the electronic health files stored on the IoT cloud platform on the basis of ensuring the application business functions of mIoT: 1) to ensure data confidentiality and fine-grained search authorization, the attribute-based encryption mechanism is introduced to encrypt the symmetric key. Moreover, anonymous key generation tampers semitrusted center authority’s (CA) decryption of all ciphertexts of users and access policy is hidden to prevent access policy from leaking; 2) the convergence key is adopted to encrypt electronic health records (EHRs), thereby providing double verification of the correctness of the search results and partial decryption results; 3) a time-division mechanism is also established to provide the access validity of shared EHRs; and 4) fixed length ciphertext and outsourcing decryption mechanisms are used to reduce the calculation on the user side, in which the majority of the decryption calculations are done by the cloud server. Formal proofs and performance evaluation show that the proposed scheme can achieve data security, keyword security, integrity verification, hidden policy, and collusion resistance, and has high computational efficiency and search efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zuojie Deng,Kenli Li,Keqin Li,Jingli Zhou

DOI: https://doi.org/10.1016/j.future.2016.05.017

IF: 7.307

2017-01-01

Future Generation Computer Systems

Abstract:Multi-user searchable encryption (MSE) allows a user to encrypt its files in such a way that these files can be searched by other users that have been authorized by the user. The most immediate application of MSE is to cloud storage, where it enables a user to securely outsource its files to an untrusted cloud storage provider without sacrificing the ability to share and search over it. Any practical MSE scheme should satisfy the following properties: concise indexes, sublinear search time, security of data hiding and trapdoor hiding, and the ability to efficiently authorize or revoke a user to search over a file. Unfortunately, there exists no MSE scheme to achieve all these properties at the same time. This seriously affects the practical value of MSE and prevents it from deploying in a concrete cloud storage system. To resolve this problem, we propose the first MSE scheme to satisfy all the properties outlined above. Our scheme can enable a user to authorize other users to search for a subset of keywords in encrypted form. We use asymmetric bilinear map groups of Type-3 and keyword authorization binary tree (KABtree) to construct this scheme that achieves better performance. We implement our scheme and conduct performance evaluation, demonstrating that our scheme is very efficient and ready to be deployed.

Xiaodong Yang,Tian Tian,Jiaqi Wang,Caifen Wang

DOI: https://doi.org/10.1007/s12083-022-01345-0

2022-07-25

Abstract:Nowadays, with the rapid development of smart health-care based on electronic health records, it remarkably supplies a promising way to alleviate the shortage of medical resources and improve medical efficiency. Meanwhile, data in electronic health records are sensitive and require protection against unauthorized access. However, most previous electronic health records sharing schemes are vulnerable to data leakage and forgery. To address these challenging problems, we propose a new electronic health record sharing scheme. We use the certificateless cryptosystem to encrypt keywords, which solves the certificate management problem and key escrow problem. The proposed scheme also supports multi-user search and the user authorization table can be used to modify access permissions of medical data users. Besides, the root values of the Merkle trees are written into the blockchain to ensure anti-tampering, integrity and traceability of search results. Moreover, a smart contract enables a fair transaction between cloud server provider and medical data users without trusted third parties. We prove that the proposed scheme is secure against the keyword guessing attack in the random oracle model. Furthermore, performance analysis demonstrates that our scheme has greater computational efficiency compared with other related schemes.

computer science, information systems,telecommunications

Pan Yang,Hongbo Li,Jianye Huang,Hao Zhang,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.1016/j.future.2023.03.002

IF: 7.307

2023-01-01

Future Generation Computer Systems

Abstract:Public-key Authenticated Encryption with Keyword Search (PAEKS) is a cryptographic primitive that can resist inside keyword guessing attack (KGA). However, most of the previously proposed PAEKS frameworks suffered from certificate management problem and key escrow problem. Inspired by the ideas of certificate-based cryptography, we propose a secure-channel free certificateless searchable public key authenticated encryption with keyword search (SCF-CLPAEKS) scheme which sloves the key escrow problem in identity-based cryptosystems and the cumbersome certificate problem in conventional public key cryptosystems. Our scheme achieves security against keyword guessing attacks are performed by both inside and outside adversaries. Moreover, our scheme satisfies ciphertext indistinguishability (CI), trapdoor indistinguishability (TI), and designated testability simultaneously. The comparisons indicate that our SCF-CLPAEKS scheme enjoys a better performance compared with related schemes.

Hua Shen,Jian Zhou,Ge Wu,Mingwu Zhang

DOI: https://doi.org/10.1109/access.2023.3334733

IF: 3.9

2023-12-20

IEEE Access

Abstract:The convenience and efficient management of cloud servers have resulted in an increasing number of users opting to store their data in the cloud. Consequently, data-outsourcing services relying on cloud servers have been extensively deployed and utilized. In this case, before outsourcing the data to cloud storage, we should ensure unauthorized users cannot access the data. In this article, we present a scheme termed MKSABE-VaAR (multi-keyword searchable attribute-based encryption with verification and attribute revocation). Aiming at the problems of inefficiency, excessive computation in the search process, and only supporting single-keyword search in most attribute-based searchable encryption schemes, first, we package multiple keywords into a polynomial to realize multi-keyword search. Based on this polynomial, MKSABE-VaAR can reduce the amount of search calculation for keyword ciphertext and improve search efficiency by reducing the number of bilinear pairing operations. At the same time, we have made some special constructs for indexing to add verification of user attributes in the keyword search process, which improves the search accuracy. Moreover, we adopt a linear secret-sharing technique to construct the attribute revocation function of MKSABE-VaAR, making a lower computational cost of attribute revocation. Furthermore, the mechanism of storing data and indexes separately greatly reduces the risk of data leakage of MKSABE-VaAR.

computer science, information systems,telecommunications,engineering, electrical & electronic