Xue Chen,Shiyuan Xu,Shang Gao,Yu Guo,Siu-Ming Yiu,Bin Xiao

DOI: https://doi.org/10.1109/tifs.2024.3455772

2024-01-01

Abstract:Ring signatures have been extensively researched for Cloud-assisted Electronic Medical Records (EMRs) sharing, aiming to address the challenge of “medical information silos” while safeguarding the privacy of patients’ personal information and the security of EMRs. However, most existing EMRs sharing systems that utilize ring signatures are vulnerable to quantum attacks, posing a severe challenge for the e-health scenario. To alleviate this issue, some studies have been conducted on latticebased ring signatures. Nevertheless, there still exist two challenges. Firstly, current schemes fail to verify if multiple EMRs come from the same signer, undermining e-health reliability. Additionally, adversaries can exploit weaknesses in the network security of signers’ secret keys to forge signatures. In this paper, we propose an efficient lattice-based linkable ring signature (LLRS) for EMRs sharing to ensure patient privacy through anonymity, EMRs security through unforgeability, and checking the linkability for multiple signatures. We then present an enhancement scheme, called FS-LLRS, to additionally offer forward security, ensuring the security of previous ring signatures even if the current key has been compromised. To achieve this, we introduce a binary tree structure to divide time periods and leverage lattice basis algorithms for one-way secret key evolution, allowing users to update the secret keys periodically. Ultimately, we conduct a rigorous security analysis and compare our primitives with prior arts. In computational cost, the best performance of our LLRS and FS-LLRS schemes are just 0.17 and 0.34 times compared to others, respectively. Our LLRS scheme only incurs 0.08 times the communication overhead of others.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Chin-Ling Chen,Po-Tsun Huang,Yung-Yuan Deng,Hsing-Chung Chen,Yun-Ciao Wang

DOI: https://doi.org/10.1186/s13673-020-00221-1

2020-05-07

Abstract:Abstract As cloud computing technology matures, along with an increased application of distributed networks, increasingly larger amounts of data are being stored in the cloud, and are thus available for pervasive application. At the same time, current independent medical record systems tend to be inefficient, and most previous studies in this field fail to meet the security requirements of anonymity and unlinkability. Some proposed schemes are even vulnerable to malicious impersonation attacks. The scheme proposed in this study, therefore, combines public and private clouds in order to more efficiently and securely preserve and manage electronic medical records (EMR). In this paper, a new secure EMR authorization system is proposed, which uses elliptic curve encryption and public-key encryption, providing a health care system with both public and private cloud environments with a message authentication mechanism, allowing the secure sharing of medical resources. The analysis shows that the proposed scheme prevents known attacks, such as replay attacks, man-in-the-middle attacks and impersonation attacks, and provides user anonymity, unlinkability, integrity, non-repudiation, forward and backward security.

computer science, information systems

Zhiyan Xu,Debiao He,Pandi Vijayakumar,Kim-Kwang Raymond Choo,Li Li

DOI: https://doi.org/10.1007/s10916-020-1527-7

IF: 4.92

2020-03-18

Journal of Medical Systems

Abstract:An electronic health (e-health) system, such as a medical cyber-physical system, offers a number of benefits (e.g. inform medical diagnosis). There are, however, a number of considerations in the implementation of the medical cyber-physical system, such as the integrity of medical / healthcare data (e.g. manipulated data can result in misdiagnosis). A number of digital signature schemes have been proposed in recent years to mitigate some of these challenges. However, the security of existing signatures is mostly based on conventional difficult mathematical problems, which are known to be insecure against quantum attacks. In this paper, we propose a certificateless signature scheme, based on NTRU lattice. The latter is based on the difficulty of small integer solutions on the NTRU lattice, and is known to be quantum attack resilience. Security analysis and performance evaluations demonstrate that our proposed scheme achieves significantly reduced communication and computation costs in comparison to two other competing quantum resilience schemes, while being quantum attack resilience.

health care sciences & services,medical informatics

Shengmin Xu,Jianting Ning,Yingjiu Li,Yinghui Zhang,Guowen Xu,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tdsc.2021.3126532

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:To reduce the cost of human and material resources and improve the collaborations among medical systems, research laboratories and insurance companies for healthcare researches and commercial activities, electronic medical records (EMRs) have been proposed to shift from paperwork to friendly shareable electronic records. To take advantage of EMRs efficiently and reduce the cost of local storage, EMRs are usually outsourced to the remote cloud for sharing medical data with authorized users. However, cloud service providers are untrustworthy. In this paper, we propose an efficient, secure, and flexible EMR sharing system by introducing a novel cryptosystem called dual-policy revocable attribute-based encryption and tamper resistance blockchain technology. Our proposed system enables EMRs to be shared at a fine-grained level and allows data users to detect any unauthorized manipulation. Moreover, the key generation center can revoke malicious users without affecting the honest users. We provide the formal security model as well as the concrete scheme with security analysis. The experimental simulation and experimental analysis of our proposed scheme demonstrate that our proposed system has superior performances to the most relevant solutions.

Faguo Wu,Xiao Zhang,Wang Yao,Zhiming Zheng,Lipeng Xiang,Wanpeng Li

DOI: https://doi.org/10.3970/cmc.2018.02664

2018-01-01

Abstract:Signature, widely used in cloud environment, describes the work as readily identifying its creator. The existing signature schemes in the literature mostly rely on the Hardness assumption which can be easily solved by quantum algorithm. In this paper, we proposed an advanced quantum-resistant signature scheme for Cloud based on Eisenstein Ring (ETRUS) which ensures our signature scheme proceed in a lattice with higher density. We proved that ETRUS highly improve the performance of traditional lattice signature schemes. Moreover, the Norm of polynomials decreases significantly in ETRUS which can effectively reduce the amount of polynomials convolution calculation. Furthermore, storage complexity of ETRUS is smaller than classical ones. Finally, according to all convolution of ETRUS enjoy lower degree polynomials, our scheme appropriately accelerate 56.37% speed without reducing its security level.

Chin-Ling Chen,Tsai-Tung Yang,Mao-Lun Chiang,Tzay-Farn Shih

DOI: https://doi.org/10.1007/s10916-014-0143-9

IF: 4.92

2014-10-15

Journal of Medical Systems

Abstract:With the rapid development of the information technology, the health care technologies already became matured. Such as electronic medical records that can be easily stored. However, how to get medical resources more convenient is currently concerning issue. In spite of many literatures discussed about medical systems, these literatures should face many security challenges. The most important issue is patients’ privacy. Therefore, we propose a privacy authentication scheme based on cloud environment. In our scheme, we use mobile device’s characteristics, allowing peoples to use medical resources on the cloud environment to find medical advice conveniently. The digital signature is used to ensure the security of the medical information that is certified by the medical department in our proposed scheme.

health care sciences & services,medical informatics

Shtwai Alsubai,Abdullah Alqahtani,Harish Garg,Mohemmed Sha,Abdu Gumaei

DOI: https://doi.org/10.1007/s40747-024-01477-1

IF: 6.7

2024-05-31

Complex & Intelligent Systems

Abstract:Abstract Electronic health records (EHRs) are important for the efficient management of healthcare data. However, Healthcare data travels across an open route, i.e., the Internet, making EHR security a difficult process to do. This puts healthcare data vulnerable to cyber assaults. A possible method for protecting EHRs is blockchain technology. In this work, we develop an EHR architecture based on blockchain, which ensures all stakeholder's safety and privacy. We analyze various security architectures used for EHRs and the standard encryption system is integrated with quantum computing (QC). To safeguard the conventional traditional encrypting system against quantum assaults, we provide a hybrid signature technique that combines the Elliptic Curve Digital Signature Algorithm (ECDSA) and Dilithium within the anti-quantum lattice-based blind signature. Based on the difficulty of lattice problems over finite fields, Dilithium is a lattice-based signature method that is substantially safe against selected message assaults. The developed technique creates high entropy secret keys using the lattice basis delegation mechanism. The combination of ECDSA and Dilithium provides an efficient and secure signature system that is resilient to quantum attacks. The proposed scheme ensures that only authorized users with a defined role can use the database to access the data. We evaluate the efficiency of our scheme by comparing its performance to other state-of-the-art solutions in terms of transaction throughput, resource utilization, and communication cost. Results demonstrate that the developed technique outperforms the existing techniques in terms of efficiency and security.

computer science, artificial intelligence

Songshou Dong,Yanqing Yao,Yihua Zhou,Yuguang Yang

DOI: https://doi.org/10.1007/s12083-023-01588-5

IF: 3.488

2023-01-01

Peer-to-Peer Networking and Applications

Abstract:Certificateless aggregate signature (CLAS) protocols mitigate the reliance upon the key-generating center of identity-rooted signatures. Consequently, they partly resolve the intrinsic key escrow issue found in identity-based encryption systems while upholding their implementation efficiency advantage. Over recent years, a range of new CLAS protocols has emerged aiming to transcend the communication and computation constraints of sensors. This is to ensure the integrity, validity, and accessibility of patients' health data within cloud-based healthcare monitoring systems (c-HMS). However, a number of these protocols fail to offer sufficient security guarantees—they are not secured for the post-quantum era, cannot repel collusion attacks, and require signing order, rendering them pseudo-aggregate schemes. Thus, this paper introduces a lattice-based unordered certificateless aggregate signature scheme (L-UCASS) specifically designed for cloud medical health monitoring systems. Additionally, our scheme leverages lattice architecture to guarantee security in the post-quantum era; adopts a certificateless structure to withstand attacks from untrustworthy key generation centers (KGC) and avoid key escrow; implements a bimodal Gaussian distribution to enhance efficiency; and utilizes an intersection technique to accomplish a true aggregate scheme and avert collusion attacks commonly occurring when more than two signers compute another signer’s private key. Finally, a comparative study reveals that our scheme successfully enhances protocol security without imposing significant spatial or temporal overhead. We also demonstrate that our scheme is existentially unforgeable in the context of adaptive chosen message attacks (EUF-CMA) against type I and type II adversaries in the random oracle model (ROM).

Huixian Shi,Rui Guo,Chunming Jing,Shaocong Feng

DOI: https://doi.org/10.1109/access.2019.2918639

IF: 3.9

2019-01-01

IEEE Access

Abstract:Electronic Medical Records (EMRs) are the collection of patient's health data systematically in a digital format. They eliminate the complicated paper-based medical records and ensure the accuracy and legibility of health data to improve quality care. As the amount of the EMRs explosion, the traditional medical system is unable to equip with sufficient storage and computing capacities. Therefore, it is crucial to outsourcing this EMRs to the cloud server, which is a flexible and cost-effective mode in data management. However, the loss of control over the patient's EMRs makes it a severe challenge in the integrity of outsourced data. In this paper, we propose an efficient certificateless provable data possession (CL-PDP) scheme without bilinear pairing for the EMRs stored in the cloud medical server. A formal security proof on the random oracle model demonstrates the security of our proposal. In addition, our CL-PDP protocol satisfies the following properties: unconditionally anonymous, privacy preservation, public verifiability, and reliability of the trusted third party. At last, an elaborate performance evaluation with other related schemes shows that this proposal is efficient and practical.

Song Luo,N. Han,Tan Hu,YuHua Qian

DOI: https://doi.org/10.1155/2024/5569121

IF: 1.938

2024-02-03

International Journal of Distributed Sensor Networks

Abstract:As network technology advances and more people use devices, data storage has become a significant challenge due to the explosive growth of information and the threat of data leaks. In traditional medical institutions, most medical data is stored centrally through cloud computing technology in the institution’s data center. This centralized storage method has many security risks, and once the central server is attacked, it will lead to the loss of medical data, which will lead to the leakage of patients’ private data. At the same time, electronic medical records are the most critical data in the current medical field. In the traditional centralized healthcare service system (HSS), there are data leakage problems and tampering with electronic medical records due to human factors. At the same time, each hospital is built independently, resulting in the current centralized healthcare service system having a data silo problem, making it difficult to share medical data between institutions securely. With the increase in the number of users in the system, the electronic medical record data in the system also increases gradually, resulting in the increasing overhead of decryption calculation. Therefore, this paper proposes a blockchain-based access control scheme with multiparty authorization to ensure the security of electronic medical records. The scheme uses an SM encryption algorithm to encrypt the medical data in the system. It adds the patient’s signature to ensure the confidentiality and security of the data, and the encrypted electronic medical records (EMRs) are stored in the InterPlanetary File System (IPFS) to realize the distributed storage of EMR. In addition, role-based multiauthorization access control is implemented through smart contract-based to ensure the security of EMR. We have analyzed the security of this paper’s solution and compared its performance with the existing schemes based on other cryptographic algorithms. The experimental results show that the proposed solution significantly improves the secure sharing of EMR and provides system performance.

computer science, information systems,telecommunications

Chengzhe Lai,Zhe Ma,Rui Guo,Dong Zheng

DOI: https://doi.org/10.1007/s12083-022-01303-w

2022-03-08

Abstract:In order to solve the problem of medical data sharing difficulties among medical institutions, we propose a secure medical data sharing scheme based on traceable ring signature and blockchain. Firstly, a certificateless traceable ring signature algorithm based on distributed key generation is proposed to provide data integrity with privacy preservation. Secondly, the smart contract combined with access control and Self-Controlling Object (SCO) can realize the decryption outsourcing and data sharing. In addition, the proposed scheme uses the InterPlanetary File System (IPFS) to store the oceans of medical privacy data, and encrypts the hash index to store, which improves the efficiency of data sharing. Finally, integrated with the blockchain, we can select the proxy node and upload the SCO package to the blockchain node for data sharing by using consensus mechanism. The security analysis shows that the scheme can realize the electronic health record (EHR) source tracking while achieving secure data sharing and privacy protection. In the performance evaluation, we compare the functionality with other schemes and conclude that our scheme is well-functional. Also, the time-consuming simulation of the algorithms in our scheme using the PBC library reflects a high practicality. The results show that the proposed scheme is secure in terms of medical data sharing and privacy protection, and feasible for data source tracking.

computer science, information systems,telecommunications

Shufen Niu,Wenke Liu,Song Han,Lizhi Fang

DOI: https://doi.org/10.1371/journal.pone.0244979

IF: 3.7

2021-01-07

PLoS ONE

Abstract:As cloud storage technology develops, data sharing of cloud-based electronic medical records (EMRs) has become a hot topic in the academia and healthcare sectors. To solve the problem of secure search and sharing of EMR in cloud platforms, an EMR data-sharing scheme supporting multi-keyword search is proposed. The proposed scheme combines searchable encryption and proxy re-encryption technologies to perform keyword search and achieve secure sharing of encrypted EMR. At the same time, the scheme uses a traceable pseudo identity to protect the patient's private information. Our scheme is proven secure based on the modified Bilinear Diffie-Hellman assumption and Quotient Decisional Bilinear Diffie-Hellman assumption under the random oracle model. The performance of our scheme is evaluated through theoretical analysis and numerical simulation.

Dexin Zhu,Yu Sun,Nianfeng Li,Lijun Song,Jun Zheng

DOI: https://doi.org/10.1007/s10586-023-04110-x

2024-01-01

Abstract:Electronic medical records have the advantages of large storage capacity, convenience, improved efficiency, etc. However, since electronic medical records contain a large amount of patient’s private information, if they are stored directly in the cloud server, patients may face the risk of privacy data leakage and electronic medical record data tampering. To solve the above problems, this paper proposes a secure sharing scheme of electronic medical records combining quantum key and blockchain. Based on the true randomness of quantum keys, the multi-user secure forwarding mechanism of quantum keys is designed using proxy re-encryption technology and blockchain. A fine-grained access control scheme for electronic medical records by users with different roles was proposed using data desensitization technology. To facilitate secure retrieval from the cloud server, searchable encryption technology is used. This paper analyzes the comprehensive performance level of the proposed scheme through blockchain performance testing and system efficiency testing.

LI Lei,XU Chungen,XU Lei,ZHAO Zemao

DOI: https://doi.org/10.3778/j.issn.1002-8331.1806-0400

2019-01-01

Abstract:The development of information technology and big data has promoted the informatization of medical records. As one of the representatives, the Electronic Medical Record(EMR)system has changed the mode of traditional medical data management, but there remains some problems such as identity authentication and privacy protection. To solve these problems, this paper proposes an identity based authenticated key agreement protocol. The key agreement server follows this protocol and fetches a session key, which will be used to encrypt the data. Secure and efficient signature algorithm is also used to guarantee the authenticity of data. Finally, the secure data management can be achieved. It is proved that this scheme has perfect forward security and is able to resist the unknown key sharing attack and key-compromise imperson-ation under the e-CK model. In addition, the core key agreement protocol in this scheme is designed to support sharing key confirmation property with an implicit authentication algorithm.

Jinhui Liu,Yong Yu,Houzhen Wang,Huanguo Zhang

DOI: https://doi.org/10.1155/2022/8995704

IF: 1.968

2022-02-09

Security and Communication Networks

Abstract:Healthcare cyber-physical system significantly facilitates healthcare services and patient treatment effectiveness by analyzing patients’ health information data conveniently. Nevertheless, it also develops the threats to the confidentiality of health information, patients’ privacy, and decidability of medical disputes. And, with the advances of quantum computing technology, most existing anonymous authentication schemes are becoming a growing threat to traditional cryptosystems. To address these problems, for healthcare cyber-physical systems, we propose a new lattice-based self-enhancement authorized accessible privacy authentication scheme by using a strong designated verifier double-authentication-preventing signature technique, called SEAPA. The SEAPA achieves three security and privacy requirements including unforgeability, anonymity for patients’ information, and self-enhancement for patients themselves. A detailed security proof shows our proposal achieves those required security goals. Finally, our construction is demonstrated by parameter analysis and performance evaluation to have reasonable efficiency.

computer science, information systems,telecommunications

Yonghua Zhan,Bixia Yi,Yang Yang,Rui Shi,Chen Dong,Minming Huang

DOI: https://doi.org/10.1016/j.sysarc.2023.102939

IF: 5.836

2023-07-13

Journal of Systems Architecture

Abstract:Electronic health record (EHR) sharing schemes are widely used in healthcare, medical, and research. However, privacy may be a concern for patients with EHRs. In this paper, a secure EHR sharing scheme with sanitizable signature is proposed to protect patients' privacy and enhance accountability. Our proposed scheme makes the following contributions: (1) doctors can specify patients to modify some fields before the expiration time; (2) patients can convert the original signature into a new and unlinkable signature for the modified record without interacting with the doctor; (3) the scheme satisfies traceability and can distinguish the generator of a given signature. In contrast to existing approaches, we introduce a new limited sanitizable signature scheme as the main ingredient, which allows the signer not only to decide which message blocks can be modified, but also to determine the maximum number of modifiable blocks and the expiration time for sanitization. Finally, the security analysis and experimental results show that the security and efficiency of our scheme can be approved.

computer science, software engineering, hardware & architecture

Wenjin Lei,Yidong Li,Yingpeng Sang,Hong Shen

DOI: https://doi.org/10.1109/icebe.2016.019

2016-01-01

Abstract:Based on smart devices and wireless communication infrastructure, the Electronic Medical Records (EMR) systems become more and more popular in hospitals by reason of its convenient operation, remote access, data integrity, facilitated resources sharing, statistical analysis and many other advantages. When entering an EMR system, patients can be treated by many kinds of services and also leave their privacy to the providers. It is a viable method to protect a patient's privacy in EMR by anonymous authentication, where identity of the patient is verified without demonstrating the true identity to the authenticator. This paper proposes an enhanced secure anonymous authentication scheme, based on smart card and biometrics with key agreement. According to security analysis, our scheme is secure against many types of attacks, including those not prevented by previous work, such as the smart card loss attack and impersonation attack. The performance of our scheme is also analyzed and compared with previous work, which shows that our scheme is more efficient in the computation cost.

Yang Yang,Bixia Yi,Yonghua Zhan,Minming Huang

DOI: https://doi.org/10.1007/978-981-19-8445-7_19

2022-01-01

Abstract:Many sanitizable signature schemes have been proposed to facilitate and secure the secondary use of medical data. These schemes allow a patient, authorized by the doctor, to modify and re-sign his/her electronic health record (EHR) to hide sensitive information and the new signature can be verified successfully. However, this may lead to fraud because patients may forge medical records for profit. To further standardize sanitization and reduce the sanitizers power, this paper proposes a new limited sanitizable signature scheme, which allows the signer to not only decide which message blocks can be modified but also determine the maximum of modifiable blocks and the expiration time for sanitization. We also propose a secure EHR sharing scheme suitable for medical scenarios based on the above limited sanitizable signature to realize privacy preserving medical data sharing. Finally, the security analysis and experimental results show that the security and efficiency of our scheme can be accepted.

Hui Ma,Rui Zhang,Guomin Yang,Zishuai Song,Kai He,Yuting Xiao

DOI: https://doi.org/10.1109/tdsc.2018.2844814

2020-01-01

Abstract:Sharing digital medical records on public cloud storage via mobile devices facilitates patients (doctors) to get (offer) medical treatment of high quality and efficiency. However, challenges such as data privacy protection, flexible data sharing, efficient authority delegation, computation efficiency optimization, are remaining toward achieving practical fine-grained access control in the Electronic Medical Record (EMR) system. In this work, we propose an innovative access control model and a fine-grained data sharing mechanism for EMR, which simultaneously achieves the above-mentioned features and is suitable for resource-constrained mobile devices. In the model, complex computation is outsourced to public cloud servers, leaving almost no complex computation for the private key generator (PKG), sender and receiver. Additionally, the communication cost of the PKG and users is optimized. Moreover, we develop an extensible library called libabe that is compatible with Android devices, and the access control mechanism is actually deployed on realistic environment, including public cloud servers, a laptop and an inexpensive mobile phone with constrained resources. The experimental results indicate that the mechanism is efficient, practical and economical.