Yuanyuan Zhang,Zhihao Huang,Qilong Zhu,Lingzhe Meng

DOI: https://doi.org/10.1155/2022/1883293

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:The emergence of the E-health system has brought convenience to many chronically ill patients and elderly people with limited mobility. With the help of the E-health system, patients can upload their physiological data timely and get a diagnosis at home, which is more convenient and efficient as they do not have to line up in hospitals. In order to ensure this convenience while protecting patients’ privacy, many schemes have been proposed which can help patient and medical server authenticate each other. However, considering these patients’ inconvenience, sometimes family members need to participate in the patient’s treatment process. So, the E-health system needs to provide a secure communication platform for the family members. At present, most of the authentication schemes for the E-health system only focus on the secure communication between the patient and the medical server, while ignoring the participation of family members. Moreover, in the E-health system, the permissions of family members and patient should be different, and the medical server needs to distinguish their permissions efficiently. In order to overcome these problems, we propose a patient family binding and authentication privacy protection scheme for the E-health system. In the scheme proposed by us, the medical server can efficiently assign different permissions to the family member and patient. And our scheme can allow patient to authorize their family members freely, and the increase in the number of family members will not impose additional burden on the server. At the same time, the authentication between the family member and the medical server does not require the participation of the patient. In addition, by comparing with other related schemes, we prove that our scheme has suitable efficiency and security performance in the E-health system.

Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Qilong Zhu,Yuanyuan Zhang

DOI: https://doi.org/10.1117/12.2634503

2022-01-01

Abstract:The rapid development of E-health system brings more convenience and flexibility to patient. However, it also faces several challenges. The private information which transmitted in the E-health will be used for medical diagnosis, so during transmission the issues of data privacy are the most concerning for users of E-health systems. In order to protect the private information of patients, we present a three-factor authentication scheme for E-health system. Furthermore, fuzzy extractor is added to our scheme, which can protect the biometric information of patient. Finally, analyzing the security and performance present usability of our scheme.

Xiong Li,Jianwei Niu,Marimuthu Karuppiah,Saru Kumari,Fan Wu

DOI: https://doi.org/10.1007/s10916-016-0629-8

IF: 4.92

2016-01-01

Journal of Medical Systems

Abstract:Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.

Chun-Ta Li,Tsu-Yang Wu,Chin-Ling Chen,Cheng-Chi Lee,Chien-Ming Chen

DOI: https://doi.org/10.3390/s17071482

2017-06-23

Abstract:In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

Hailong Yao,Qiao Yan,Xingbing Fu,Zhibin Zhang,Caihui Lan

DOI: https://doi.org/10.1007/s00500-021-06512-8

IF: 3.732

2021-11-26

Soft Computing

Abstract:The E-healthcare system has a complex architecture, diverse business types, and sensitive data security. To meet the secure communication and access control requirements in the user–medical server, user–patient, patient–medical server, and other scenarios in the E-healthcare system, secure and efficient authenticated key agreement and access authorization scheme need to be studied. However, the existing multi-server solutions do not consider the authentication requirements of the Wireless Body Area Network (WBAN) and are not suitable for user–patient, patient–medical server scenarios; most of the existing WBAN authentication schemes are single-server type, which are difficult to meet the requirements of multi-server applications, and the study of user–patient real-time scenarios has not received due attention. This work first reveals the structural flaws and security vulnerabilities of the existing typical schemes and then proposes an authentication and access control architecture suitable for multiple scenarios of the E-healthcare system with separate management and business and designs a novel ECC-based multi-factor remote authentication and access control scheme for E-healthcare using physically unclonable function (PUF) and hash. Security analysis and efficiency analysis show that the new scheme has achieved improved functionality and higher security while maintaining low computational and communication overhead.

computer science, artificial intelligence, interdisciplinary applications

Qi Jiang,Muhammad Khurram Khan,Xiang Lu,Jianfeng Ma,Debiao He

DOI: https://doi.org/10.1007/s11227-015-1610-x

2016-01-01

Abstract:E-Health clouds are gaining increasing popularity by facilitating the storage and sharing of big data in healthcare. However, such an adoption also brings about a series of challenges, especially, how to ensure the security and privacy of highly sensitive health data. Among them, one of the major issues is authentication, which ensures that sensitive medical data in the cloud are not available to illegal users. Three-factor authentication combining password, smart card and biometrics perfectly matches this requirement by providing high security strength. Recently, Wu et al. proposed a three-factor authentication protocol based on elliptic curve cryptosystem which attempts to fulfill three-factor security and resist various existing attacks, providing many advantages over existing schemes. However, we first show that their scheme is susceptible to user impersonation attack in the registration phase. In addition, their scheme is also vulnerable to offline password guessing attack in the login and password change phase, under the condition that the mobile device is lost or stolen. Furthermore, it fails to provide user revocation when the mobile device is lost or stolen. To remedy these flaws, we put forward a robust three-factor authentication protocol, which not only guards various known attacks, but also provides more desired security properties. We demonstrate that our scheme provides mutual authentication using the Burrows–Abadi–Needham logic.

Xuelei Li,Qiaoyan Wen,Wenmin Li,Hua Zhang,Zhengping Jin

DOI: https://doi.org/10.1007/s10916-014-0139-5

IF: 4.92

2014-01-01

Journal of Medical Systems

Abstract:Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient’s medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

Chin-Ling Chen,Tsai-Tung Yang,Mao-Lun Chiang,Tzay-Farn Shih

DOI: https://doi.org/10.1007/s10916-014-0143-9

IF: 4.92

2014-10-15

Journal of Medical Systems

Abstract:With the rapid development of the information technology, the health care technologies already became matured. Such as electronic medical records that can be easily stored. However, how to get medical resources more convenient is currently concerning issue. In spite of many literatures discussed about medical systems, these literatures should face many security challenges. The most important issue is patients’ privacy. Therefore, we propose a privacy authentication scheme based on cloud environment. In our scheme, we use mobile device’s characteristics, allowing peoples to use medical resources on the cloud environment to find medical advice conveniently. The digital signature is used to ensure the security of the medical information that is certified by the medical department in our proposed scheme.

health care sciences & services,medical informatics

Qi Jiang,Bingyan Li,Jianfeng Ma

DOI: https://doi.org/10.1007/978-3-319-49106-6_89

2017-01-01

Abstract:Although a number of three-factor authentication schemes have been developed to ensure that sensitive medical information are only available to legal users in telecare medical information system, most of them are found to be flawed. Understanding security and privacy failures of authentication protocols is a prerequisite to both fixing existing protocols and designing future ones. In this paper, we analyze an enhanced three-factor authentication scheme of Lu et al., and reveal that it cannot achieve the claimed security and privacy goals. (1) It fails to provide anonymity and untraceability, and is susceptible to the following attacks targeting user privacy: identity revelation attack and tracking attack. (2) It is also susceptible to offline password guessing attack, user impersonation attack, and server impersonation attack.

Qi Jiang,Zhiren Chen,Bingyan Li,Jian Shen,Li Yang,Jianfeng Ma

DOI: https://doi.org/10.1007/s12652-017-0516-2

IF: 3.662

2017-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:The deployment of telecare medical information system (TMIS) over public networks gives rise to the threat of exposing sensitive medical information to illegal entities. Although a number of three-factor authentication (3FA) schemes have been developed to address this challenge, most of them are found to be flawed. Understanding security and privacy failures of authentication protocols is a prerequisite to both fixing existing protocols and designing future ones. In this paper, we investigate the 3FA protocol of Lu et al. for TMIS (J Med Syst 39:32, 2015) and reveal that it cannot achieve the claimed security and privacy goals. (1) It fails to provide anonymity and untraceability, and is susceptible to the following attacks targeting user privacy: identity revelation attack, identity guessing attack and tracking attack. (2) It is susceptible to offline password guessing attack, user impersonation attack, and server impersonation attack. Then we present an improved 3FA scheme and show that the new scheme fulfills session key secrecy and mutual authentication using the formal verification tool ProVerif. Moreover, detailed heuristic security analysis is also presented to demonstrate that our new scheme is capable of withstanding various attacks, and provides desired security features. Additionally, performance analysis shows that our proposed protocol is a practical solution for TMIS.

Yujie Hong,Liang Yang,Wei Liang,Anke Xie

DOI: https://doi.org/10.1109/tce.2023.3346459

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:The popularization of electronic health records (EHRs) effectively improves the efficiency of diagnosis and treatment of diseases, however, it also lays a hidden danger for the leakage of patients’ privacy, so it needs a stricter and more flexible access control mechanism. In addition, the medical ministry (MM) usually investigates illegal medical activities after they have already taken place and caused harm, resulting in a serious lag in regulation. To solve these problems, we propose a blockchain-based system that enables patient-leading fine-grained access control against EHRs. In contrast to the currently existing systems, this scheme uses blank EHRs as the medium, combining attribute-based encryption and blockchain to enable MM to engage in the regulation of medical activities before they taking place. In order to reduce the storage cost of the whole system, we apply the chameleon hash function to the process of calculating file storage addresses in the inter-planetary file system. Moreover, the introduction of single sign-on can improve the security and efficiency of patients’ vital signs transmission in telemedicine scenario, and the introduction of proxy re-encryption can improve the efficiency of authorization of EHRs. Theoretical analysis and experiments show that the scheme satisfies both the security and feasibility requirements.

Dongqing Xu,Jianhua Chen,Shu Zhang,Qin Liu

DOI: https://doi.org/10.1007/s10916-018-1047-x

IF: 4.92

2018-01-01

Journal of Medical Systems

Abstract:Significant development of information technologies has made Telecare Medical Information Systems (TMISs) increasingly popular. In a TMIS, patients upload their medical data through smart devices to obtain a doctor's diagnosis. However, these smart devices have limited computing and storage capacities, so it is difficult to store substantial patient information and to support time-consuming operations. Moreover, although many three-factor authentication protocols have been proposed for TMISs, the problems of privacy leaks and other security flaws are serious. In addition, authentication factors are verified at the user side in most protocols, giving users a high level of trust and resulting in a potential lack of security. In this paper, we propose a novel efficient truly three-factor authentication protocol for TMISs. In our proposed protocol, three factors (i.e., password, smart card and biometrics) are verified at the server side, which reduces the storage and computational burden of the user side. Additionally, our proposed protocol uses only lightweight operators and is thus efficient. A formal proof analysis demonstrates that our proposed protocol is provably secure in the random oracle model. The performance evaluation shows that the proposed protocol is very efficient and suitable for TMISs.

Zhi-bin ZHOU,Qin LIU,Guo-jun WANG,Wei-jia JIA

DOI: https://doi.org/10.3969/j.issn.1000-1220.2017.12.017

2018-01-01

Abstract:The RFID Technology has been widely applied in the IOT-based healthcare environment. The disclosure of the inpatient′s privacy information and the forgery of medical records are research focus in recent literatures. The real-time connection between the Reader and the Server are needed in many schemes,which give rise to the higher requirement about the network condition,will also bring some potential risks to the system security. In this paper,an ECC-based RFID mutual authentication scheme in the IOT-based Healthcare environment ( EMAH) is proposed,and the security proof is provided. In this scheme,the HIS authorizes the Reader to a-dopt the off-line mutual authentication way to ensure the legality of protocol participants. EMAH applies the ECC and the digital signa-ture to the data encryption,so as to guarantee the security and integrity of the medical records. Moreover,EMAH can preserve the pri-vacy information for the patients. According the security and performance analyses,the EMAH is more secure in terms of off-line au-thentication,location privacy and medical information protection and has the similar performance compared with existing work.

Qing Fan,Yumeng Xie,Chuan Zhang,Ximeng Liu,Liehuang Zhu

DOI: https://doi.org/10.1109/tsc.2024.3451145

IF: 11.019

2024-10-11

IEEE Transactions on Services Computing

Abstract:The e-health system enables online healthcare by supporting health data transmission services on medical platforms. Considering the frequent privacy breaches in e-health systems and the issuance of relevant regulations, it is important to ensure the authenticity and privacy of health data. Existing e-health systems either fail to provide data authenticity or neglect privacy protection after patients leave the system. In this article, we put forward a secure and efficient e-health system for data transmission, named PPED, to solve this dilemma. In PPED, we explore a regular signature and a forward-secure signature, which guarantee data authenticity and give the signature a valid period. Then, a specific epochal signature scheme is designed by combining two signature schemes with the time-lock puzzle. Since expired epochal signatures are forgeable, patients after leaving the e-health system can forge expired signatures to deny their relationship with the signed data, thus achieving privacy protection. Detailed security analysis demonstrates the PPED realizes data authenticity and user privacy. Extensive experiments evaluate our system and the results show it is practical in terms of running time.

computer science, information systems, software engineering

Qi Feng,Debiao He,Huaqun Wang,Lu Zhou,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/jsen.2019.2949717

IF: 4.3

2019-01-01

IEEE Sensors Journal

Abstract:When wireless body area network (WBAN) is playing an increasing role in modern medical systems, smart electronic health record (SEHR) system is heralded primarily as an economical and efficient way to optimize personal information or electronic health records (EHR) flowing through the inter-connected hierarchical network. Large scale, diversity and high sensitivity on EHR data collected from the personal intelligent medical sensors intrigue strong security and privacy preservation. As an authentication protocol can effectively identify the legality of the access entities, many authentication approaches for SEHR system have been proposed. However, few of them are suitable for such situation where an authentication message need to be generated by two parties, for example, doctors need to gain authenticaion from patients when accessing to EHRs. A limitation of using secret sharing scheme is the requirement of a trusted third party to recover the original private key. Therefore, we focus on the specific case of two participants (i.e., no trusted majority) and present a collaborative authentication protocol for SEHR system. Our protocol is provable secure under the hard problem assumptions and meets all the security requirements, especially private key protection. Furthermore, contract to an existing secure two-party authentication protocol that relies on heavy homomorphic encryptions and zero-knowledge proofs, our proposed protocol is tremendously faster than the previous ones shown by the performance analysis.

Yulei Chen,Jianhua Chen

DOI: https://doi.org/10.1007/s11227-020-03395-8

IF: 3.3

2020-01-01

The Journal of Supercomputing

Abstract:The rapid development of electronic healthcare (e-Health) has brought great convenience to people’s life. In order to guarantee the security of users, a large number of identity authentication protocols have been put forward. Recently, Jiang et al. proposed a privacy preserving three-factor authentication protocol for e-Health clouds. However, we find that their protocol cannot resist the replay attack, the denial of service attack and the known session-specific temporary information attack. Then we propose a secure three-factor-based authentication with key agreement protocol. The analyses show our protocol overcomes the weaknesses of Jiang et al.’s protocol. Moreover, our protocol can resist replay attack, man-in-the-middle attack and provide the user anonymity, the user untraceability, the perfect forward secrecy, etc. In addition, we prove the security of the protocol by the well-known Burrows-Abadi-Needham (BAN) logic. By comparing with the related protocols, we find that our protocol has better security and performance. Therefore, we believe our protocol is more suitable for e-Health clouds.

Alice May-Kuen Wong,Chien-Lung Hsu,Tuan-Vinh Le,Mei-Chen Hsieh,Tzu-Wei Lin

DOI: https://doi.org/10.3390/s20092511

2020-04-29

Abstract:The fifth generation (5G) mobile network delivers high peak data rates with ultra-low latency and massive network capacity. Wireless sensor network (WSN) in Internet of Thing (IoT) architecture is of prominent use in 5G-enabled applications. The electronic healthcare (e-health) system has gained a lot of research attention since it allows e-health users to store and share data in a convenient way. By the support of 5G technology, healthcare data produced by sensor nodes are transited in the e-health system with high efficiency and reliability. It helps in reducing the treatment cost, providing efficient services, better analysis reports, and faster access to treatment. However, security and privacy issues become big concerns when the number of sensors and mobile devices is increasing. Moreover, existing single-server architecture requires to store a massive number of identities and passwords, which causes a significant database cost. In this paper, we propose a three-factor fast authentication scheme with time bound and user anonymity for multi-server e-health systems in 5G-based wireless sensor networks. In our work, the three-factor authentication scheme integrating biometrics, password, and smart card ensures a high-security sensor-enabled environment for communicating parties. User anonymity is preserved during communication process. Besides, time bound authentication can be applied to various healthcare scenarios to enhance security. The proposed protocol includes fast authentication, which can provide a fast communication for participating parties. Our protocol is also designed with multi-server architecture to simplify network load and significantly save database cost. Furthermore, security proof and performance analysis results show that our proposed protocol can resist various attacks and bear a rational communication cost.

Wenjin Lei,Yidong Li,Yingpeng Sang,Hong Shen

DOI: https://doi.org/10.1109/icebe.2016.019

2016-01-01

Abstract:Based on smart devices and wireless communication infrastructure, the Electronic Medical Records (EMR) systems become more and more popular in hospitals by reason of its convenient operation, remote access, data integrity, facilitated resources sharing, statistical analysis and many other advantages. When entering an EMR system, patients can be treated by many kinds of services and also leave their privacy to the providers. It is a viable method to protect a patient's privacy in EMR by anonymous authentication, where identity of the patient is verified without demonstrating the true identity to the authenticator. This paper proposes an enhanced secure anonymous authentication scheme, based on smart card and biometrics with key agreement. According to security analysis, our scheme is secure against many types of attacks, including those not prevented by previous work, such as the smart card loss attack and impersonation attack. The performance of our scheme is also analyzed and compared with previous work, which shows that our scheme is more efficient in the computation cost.

Mengxia Shuai,Bin Liu,Nenghai Yu,Ling Xiong

DOI: https://doi.org/10.1155/2019/8145087

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:On-body wireless networks (oBWNs) play a crucial role in improving the ubiquitous healthcare services. Using oBWNs, the vital physiological information of the patient can be gathered from the wearable sensor nodes and accessed by the authorized user like the health professional or the doctor. Since the open nature of wireless communication and the sensitivity of physiological information, secure communication has always been the vital issue in oBWNs-based systems. In recent years, several authentication schemes have been proposed for remote patient monitoring. However, most of these schemes are so susceptible to security threats and not suitable for practical use. Specifically, all these schemes using lightweight cryptographic primitives fail to provide forward secrecy and suffer from the desynchronization attack. To overcome the historical security problems, in this paper, we present a lightweight and secure three-factor authentication scheme for remote patient monitoring using oBWNs. The proposed scheme adopts one-time hash chain technique to ensure forward secrecy, and the pseudonym identity method is employed to provide user anonymity and resist against desynchronization attack. The formal and informal security analyses demonstrate that the proposed scheme not only overcomes the security weaknesses in previous schemes but also provides more excellent security and functional features. The comparisons with six state-of-the-art schemes indicate that the proposed scheme is practical with acceptable computational and communication efficiency.