Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Fuhu Deng,Yali Wang,Li Peng,Hu Xiong,Ji Geng,Zhiguang Qin

DOI: https://doi.org/10.1109/access.2018.2843778

IF: 3.9

2018-01-01

IEEE Access

Abstract:Personal health record (PHR) is a patient-centric model of health information exchange, which greatly facilitates the storage, access, and share of personal health information. In order to share the valuable resources and reduce the operational cost, the PHR service providers would like to store the PHR applications and health information data in the cloud. The private health information may be exposed to unauthorized organizations or individuals since the patient lost the physical control of their health information. Ciphertext-policy attribute-based signcryption is a promising solution to design a cloud-assisted PHR secure sharing system. It provides fine-grained access control, confidentiality, authenticity, and sender privacy of PHR data. However, a large number of pairing and modular exponentiation computations bring heavy computational overhead during designcryption process. In order to reconcile the conflict of high computational overhead and low efficiency in the designcryption process, an outsourcing scheme is proposed in this paper. In our scheme, the heavy computations are outsourced to ciphertext transformed server, only leaving a small computational overhead for the PHR user. At the same time, the extra communication overhead in our scheme is actually tolerable. Furthermore, theoretical analysis and the desired securing properties including confidentiality, unforgeability, and verifiability have been proved formally in the random oracle model. Experimental evaluation indicates that the proposed scheme is practical and feasible.

Rui Guo,Xiong Li,Dong Zheng,Yinghui Zhang

DOI: https://doi.org/10.1007/s11227-018-2644-7

2018-01-01

Abstract:In the personal health record (PHR) system, the patient’s health records are usually outsourced to a large database, such as the cloud service provider. In order to guarantee the confidentiality of this data , achieve access control with flexibility and fine-grained property, it usually employs ciphertext-policy attribute-based encryption (CP-ABE) scheme in cloud computing. However, the outsourced data have the characteristic of multi-level hierarchy, and the general CP-ABE is inappropriate for being applied in distributed cloud service systems directly to provide the security of hierarchy structure of outsourced data. In this paper, to overcome this challenge, a PHR hierarch CP-ABE scheme with multiple authorities is presented. This protocol integrated some different access structures into a single one, which the hierarchical PHR is encrypted based on. There are multiple authorities to generate and distribute user’s private key all together. According to this mode, it enables to avoid the problem of key escrow and conform to the distributed characteristic of cloud service systems. However, it has no trusted single or central one in these authorities. Moreover, this proposed scheme resists ( N - 1 ) corrupted authorities out of N authorities in the collusion attack. Based on the intractability of the standard decisional bilinear Diffie–Hellman problem, the security of this protocol is proven to be semantic secure. Finally, by comparison analysis, this protocol exhibits a better performance.

Man Ho Au,Tsz Hon Yuen,Joseph K. Liu,Willy Susilo,Xinyi Huang,Yang Xiang,Zoe L. Jiang

DOI: https://doi.org/10.1016/j.jcss.2017.03.002

IF: 1.043

2017-01-01

Journal of Computer and System Sciences

Abstract:Personal Health Record (PHR) has been developed as a promising solution that allows patient–doctors interactions in a very effective way. Cloud technology has been seen as the prominent candidate to store the sensitive medical record in PHR, but to date, the security protection provided is yet inadequate without impacting the practicality of the system. In this paper, we provide an affirmative answer to this problem by proposing a general framework for secure sharing of PHRs. Our system enables patients to securely store and share their PHR in the cloud server (for example, to their carers), and furthermore the treating doctors can refer the patients' medical record to specialists for research purposes, whenever they are required, while ensuring that the patients' information remain private. Our system also supports cross domain operations (e.g., with different countries regulations).

Z. Wu,Cho-Pu Lin,Chia-Hui Liu

DOI: https://doi.org/10.1109/ECEI57668.2023.10105420

2023-02-03

Abstract:With the advancement and popularization of science and technology, much research explores the provision of health care services or health management with the assistance of information technology in addition to traditional clinical diagnosis. Personal Health Records (PHR) are available for personalized health record information in the autonomous management system. The personal health record system is to improve disease management or strengthen personal health management. However, users are concerned about the safety and confidentiality of PHR in healthcare systems. In 2008, the blockchain architecture was proposed by Satoshi as a peer-to-peer network architecture that contains a Distributed Ledger Technology (DLT). In this study, we proposed a blockchain-based PHR system using the homomorphic encryption to improve the privacy and security of the users. It allows a third party to perform operations on the ciphertext which can be retrieved correctly later, while the privacy and security of the nodes on the chain are ensured and provided for multiple users to protect the security of their information.

Medicine,Computer Science

Leyou Zhang,Tianshuai Zhang,Qing Wu,Yi Mu,Fatemeh Rezaeibagha

DOI: https://doi.org/10.1109/jiot.2021.3137240

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Personal health records (PHRs) are located in a patient-centered electronic health system in which users can store and share medical information. However, PHRs have recently been plagued by security issues, such as the leakage of personal health information, illegal access to patient data, and data tampering. Recent security developments, such as introducing an access control policy with attribute-based encryption (ABE) or utilizing blockchain, have only been partially successful in solving these issues. Ongoing challenges to PHR sharing include single points of failure, node cheating attacks, and fair keyword search issues. In this article, we tackle these challenges by introducing a distributed PHR-sharing scheme based on blockchain and ciphertext policy ABE (CP-ABE), which allows for fast and efficient encryption and decryption. Blockchain maintains the integrity and the tracing source of the data while also recording all operations on the data in the form of transactions. In addition, the blockchain nodes act as attribute authorities to construct the CP-ABE cryptosystem. The tracing of malicious blockchain nodes is realized by tracing cryptography algorithms. Furthermore, the fair retrieval of ciphertext is achieved by employing smart contracts. To overcome the limited storage capacity of blockchain, we adopt both the on-chain and off-chain storage modes in our new system. Security analysis indicates that our new scheme remains intact when threatened by an indistinguishable chosen plaintext attack (IND-CPA) and an indistinguishable chosen keywords attack (IND-CKA). As such, we conclude that our proposed approach is feasible and efficient.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kai Fan,Nana Huang,Yue Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/cscloud.2015.40

2015-01-01

Abstract:With the rapid development of the cloud computing, personal health record (PHR) has attracted great attention of many researchers all over the world recently. However, PHR, which is often outsourced to be stored at a third party, has many security and efficiency issues. Therefore, the study of secure and efficient Personal Health Record Scheme to protect users' privacy in PHR files is of great significance. In this paper, we present a secure and efficient Personal Health Record scheme called SE-PHR. In the SE-PHR scheme, we divide the users into personal domain (PSD) and public domain (PUD) logically. In the PSD, the Key-Aggregate Encryption called KAE is exploited. For the users of PUD, we use outsource-able multi-authority attribute-based encryption (MA-ABE) to largely eliminate the overhead for users and support efficient attribute revocation without updating the user's private key. Our scheme also presents a new algorithm which enables dynamic modification of access policies. Function and performance testing results show the security and efficiency of the proposed SE-PHR.

Ming Li,Shucheng Yu,Yao Zheng,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tpds.2012.97

IF: 5.3

2013-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthorized parties. To assure the patients' control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key management, flexible access, and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semitrusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage attribute-based encryption (ABE) techniques to encrypt each patient's PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multiauthority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability, and efficiency of our proposed scheme.

Shu Wu,Aiqing Zhang,Ya Gao,Xiaojuan Xie

DOI: https://doi.org/10.1016/j.csi.2024.103833

IF: 3.721

2024-01-21

Computer Standards & Interfaces

Abstract:Personal health records (PHR) offer significant benefit for patients, such as reducing medical cost and improving the quality of medical care. Majority of the current schemes lack provisions for tracking and revoking malicious doctors. The explicit access policies are prone to leaking patient private information. What's more, owning to the uneven distribution of medical supplies, shocking computational overhead during decryption is a burden that can't be ignored for busy medical workers. This paper proposed a patient-centric medical service matching scheme that supports policy hiding, attribute matching, fine-grained access control, and user dynamic management. The scheme uses ciphertext policy-based attribute encryption (CP-ABE) to achieve fine-grained access control and supports policy hiding. It utilizes white-box tracking technology and binary tree structure to achieve malicious doctor tracking. Revocation information is ciphertext to achieve dynamic management of doctors. From the experimental results, it can be concluded that our protocol achieves both patient-centric security and performance advantages.

computer science, software engineering, hardware & architecture

Chin-Ling Chen,Po-Tsun Huang,Yung-Yuan Deng,Hsing-Chung Chen,Yun-Ciao Wang

DOI: https://doi.org/10.1186/s13673-020-00221-1

2020-05-07

Abstract:Abstract As cloud computing technology matures, along with an increased application of distributed networks, increasingly larger amounts of data are being stored in the cloud, and are thus available for pervasive application. At the same time, current independent medical record systems tend to be inefficient, and most previous studies in this field fail to meet the security requirements of anonymity and unlinkability. Some proposed schemes are even vulnerable to malicious impersonation attacks. The scheme proposed in this study, therefore, combines public and private clouds in order to more efficiently and securely preserve and manage electronic medical records (EMR). In this paper, a new secure EMR authorization system is proposed, which uses elliptic curve encryption and public-key encryption, providing a health care system with both public and private cloud environments with a message authentication mechanism, allowing the secure sharing of medical resources. The analysis shows that the proposed scheme prevents known attacks, such as replay attacks, man-in-the-middle attacks and impersonation attacks, and provides user anonymity, unlinkability, integrity, non-repudiation, forward and backward security.

computer science, information systems

Xuejiao Liu,Yingjie Xia,Wei Yang,Fengli Yang

DOI: https://doi.org/10.1016/j.neucom.2016.06.100

IF: 6

2018-01-01

Neurocomputing

Abstract:Information seeking is becoming an indispensable activity in daily life, especially in the medical cloud. Body Area Network (BAN) is becoming more and more popular with respect to the development and popularity of mobile devices. People are starting to back up the medical data to cloud, make data accessible by the doctors from almost anywhere using mobile terminals. In this paper, we present an efficient and secure fine-grained access control scheme which not only achieves authorized users to access the records in cloud storage, but also supports a small set of physicians to write on the records. In order to improve the efficiency, we put forward a novel technique called match-then-decrypt, which is used to perform the decryption test without decryption. Also, the scheme outsources bilinear pairing operations to a gateway without revealing the data content, and thus largely eliminates this overhead for users to a great extent. The performance assessments demonstrate the efficiency of our proposed solution in terms of computation, communication, and storage.

Jinyuan Sun,Xiaoyan Zhu,Chi Zhang,Yuguang Fang

DOI: https://doi.org/10.1109/icdcs.2011.83

2011-01-01

Abstract:Privacy concern is arguably the major barrier that hinders the deployment of electronic health record (EHR) systems which are considered more efficient, less error-prone, and of higher availability compared to traditional paper record systems. Patients are unwilling to accept the EHR system unless their protected health information (PHI) containing highly confidential data is guaranteed proper use and disclosure, which cannot be easily achieved without patients' control over their own PHI. However, cautions must be taken to handle emergencies in which the patient may be physically incompetent to retrieve the controlled PHI for emergency treatment. In this paper, we propose a secure EHR system, HCPP (Healthcare system for Patient Privacy), based on cryptographic constructions and existing wireless network infrastructures, to provide privacy protection to patients under any circumstances while enabling timely PHI retrieval for life-saving treatment in emergency situations. Furthermore, our HCPP system restricts PHI access to authorized (not arbitrary) physicians, who can be traced and held accountable if the accessed PHI is found improperly disclosed. Last but not least, HCPP leverages wireless network access to support efficient and private storage/retrieval of PHI, which underlies a secure and feasible EHR system.

Fatos Xhafa,Jingwei Li,Gansen Zhao,Jin Li,Xiaofeng Chen,Duncan S. Wong

DOI: https://doi.org/10.1007/s11042-013-1829-6

IF: 2.577

2014-01-01

Multimedia Tools and Applications

Abstract:With the development of cloud computing, electronic health record (EHR) system has appeared in the form of patient-centric, in which patients store their personal health records (PHRs) at a remote cloud server and selectively share them with physicians for convenient medical care. Although the newly emerged form has many advantages over traditional client-server model, it inevitably introduces patients’ concerns on the privacy of their PHRs due to the fact that cloud servers are very likely to be in a different trusted domain from that of the patients. In this paper, aiming at allowing for efficient storing and sharing PHRs and also eliminating patients’ worries about PHR privacy, we design a secure cloud-based EHR system, which guarantees security and privacy of medical data stored in the cloud, relying on cryptographic primitive but not the full trust over cloud servers. Based on our proposed basic EHR system, we provide several extensions including adding searchability, supporting revocation functionality and enabling efficient local decryption, which fills the gap between theoretical proposal and practical application.

Yang Zhao,Feng Yue,Songyang Wu,Hu Xiong,Zhiguang Qin

DOI: https://doi.org/10.6633/ijns.201511.17(6).15

2015-01-01

Abstract:In 2014, a patient self-controllable multi-level privacy-preserving cooperative authentication scheme (PSMPA) was proposed for attempting to address the issue of data confidentiality and patients' identity privacy simultaneously when the personal healthcare record (PHR) is shared in the distributed m-healthcare cloud computing system. In this paper, we show the PSMPA scheme fails to achieve the two goals under the collusion attack. Furthermore, the scheme also suffers from forgery attack because of a awed design in the transcript simulation phase. In order to avoid the attacks, we propose an improved PHR sharing scheme by incorporating ciphertext policy attribute-based encryption (CP-ABE) and attribute-based signature (ABS) as a possible solution.

Rui Guo,Xiong Li,Dong Zheng

DOI: https://doi.org/10.1007/978-3-319-68542-7_22

2017-01-01

Abstract:In the Medical Information Systems (MIS), the patient out-sources his e-health records, a dramatically huge amount of health data, to a third party like cloud service provider. The Internet providing host-to-host communication using TCP/IP network topology has not satisfied the growing demands of data processing in MIS. Based on the content-to-consumer paradigm, content-centric networking architecture was proposed for simple easy-to-manage caching features to users. In this paper, we proposed a privacy-preserving e-health records scheme that protects name and content simultaneously. Our proposal has multi-authority without a trusted single or central authority to distribute secret keys, which avoids the key escrow problem and meets the distributed features of MIS. As we know, this scheme is the first multi-authority content-based encryption (MA-CBE). Furthermore, this MA-CBE resists up to (N-1) corrupted authorities collusion attack, and the security is proven to be semantically secure based on the standard decisional bilinear Diffie-Hellman assumption. Our comparison analysis reports that the proposal gives a better performance than other related schemes.

Yihao Hu,Chunguang Huang,Hai Cheng

DOI: https://doi.org/10.1016/j.comcom.2024.02.020

IF: 5.047

2024-02-28

Computer Communications

Abstract:Smart healthcare overcomes the limitations of time and space, allowing users to access medical and health services anywhere and anytime, thus improving the quality and efficiency of these services. However, due to its excessive reliance on wireless public networks, smart healthcare faces challenges and issues related to communication security. As a result, authentication and key agreement are critical as the first line of defense for smart healthcare communications. Over the past few years, numerous authentication and key agreement schemes have been proposed by experts and scholars, but most of these schemes are not applicable to practical scenarios due to their lack of security and efficiency. To address these issues, we propose an elliptic curve-based certificateless conditional privacy-preserving authentication and key agreement scheme. This scheme does not require endorsement from a Certificate Authority (CA) and features lightweight and secure properties, making it suitable for resource-limited smart healthcare communication. In addition, the security of the proposed scheme is proven under the random oracle model, and its safety is supplemented using BAN logic. Finally, performance analysis reveals that the proposed scheme not only satisfies security property and can withstand general attacks but also offers certain advantages in communication efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hassan Mansur Hussien,Sharifah Md Yasin,Nur Izura Udzir,Mohd Izuan Hafez Ninggal

DOI: https://doi.org/10.3390/s21072462

2021-04-02

Abstract:Blockchain technology provides a tremendous opportunity to transform current personal health record (PHR) systems into a decentralised network infrastructure. However, such technology possesses some drawbacks, such as issues in privacy and storage capacity. Given its transparency and decentralised features, medical data are visible to everyone on the network and are inappropriate for certain medical applications. By contrast, storing vast medical data, such as patient medical history, laboratory tests, X-rays, and MRIs, significantly affect the repository storage of blockchain. This study bridges the gap between PHRs and blockchain technology by offloading the vast medical data into the InterPlanetary File System (IPFS) storage and establishing an enforced cryptographic authorisation and access control scheme for outsourced encrypted medical data. The access control scheme is constructed on the basis of the new lightweight cryptographic concept named smart contract-based attribute-based searchable encryption (SC-ABSE). This newly cryptographic primitive is developed by extending ciphertext-policy attribute-based encryption (CP-ABE) and searchable symmetric encryption (SSE) and by leveraging the technology of smart contracts to achieve the following: (1) efficient and secure fine-grained access control of outsourced encrypted data, (2) confidentiality of data by eliminating trusted private key generators, and (3) multikeyword searchable mechanism. Based on decisional bilinear Diffie-Hellman hardness assumptions (DBDH) and discrete logarithm (DL) problems, the rigorous security indistinguishability analysis indicates that SC-ABSE is secure against the chosen-keyword attack (CKA) and keyword secrecy (KS) in the standard model. In addition, user collusion attacks are prevented, and the tamper-proof resistance of data is ensured. Furthermore, security validation is verified by simulating a formal verification scenario using Automated Validation of Internet Security Protocols and Applications (AVISPA), thereby unveiling that SC-ABSE is resistant to man-in-the-middle (MIM) and replay attacks. The experimental analysis utilised real-world datasets to demonstrate the efficiency and utility of SC-ABSE in terms of computation overhead, storage cost and communication overhead. The proposed scheme is also designed and developed to evaluate throughput and latency transactions using a standard benchmark tool known as Caliper. Lastly, simulation results show that SC-ABSE has high throughput and low latency, with an ultimate increase in network life compared with traditional healthcare systems.

Shengmin Xu,Jianting Ning,Xiaoguo Li,Jiaming Yuan,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tsc.2024.3356595

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Blockchain as an open and immutable ledger is being posited as the next frontier in healthcare that will help solve the industry's interoperability challenges. However, immutability in processing personal data is no longer legal since the General Data Protection Regulation (GDPR) requires the “right to be forgotten” as a critical data subject right. To observe such data regulation, it is desirable to build a healthcare blockchain with data redaction in a controlled way. Moreover, electronic health records (EHRs) usually are sensitive and the conventional blockchain lacks systematic and formal security analysis of data confidentiality, especially in the multi-user setting. Furthermore, EHRs are typically helpful in medical research for predicting epidemic diseases and valuable in insurance agencies making business plans. Hence, in healthcare blockchain systems, data confidentiality and flexible key distribution have become the most challenging issues that should be urgently resolved. In this article, we propose a privacy-preserving and redactable healthcare blockchain system (PRHBS). Our solution offers fine-grained block-level data reduction and secure data sharing with flexible key distribution mechanisms. We give the formal definition and security models of PRHBS, and propose a generic construction based on trapdoor-based chameleon-hash function, attribute-based encryption, and puncturable encryption. We present formal security analysis and give an instantiation based on our proposed generic construction. The comprehensive comparison and experimental simulation demonstrate that our implementation exhibits comparable performance, while surpassing the most relevant solutions in terms of functionality.

computer science, information systems, software engineering

Abdelrhman Hassan,Yong Wang,Rashad Elhabob,Nabeil Eltayieb,Fagen Li

DOI: https://doi.org/10.1016/j.sysarc.2020.101776

IF: 5.836

2020-01-01

Journal of Systems Architecture

Abstract:The challenges confronting the privacy of outsourcing medical data have become a significant concern for patients and healthcare providers. The encryption of this sensitive data before outsourcing to the healthcare server present an effective solution for protection. However, searching on different ciphertexts while protecting the privacy of data remains a research challenge. Indeed, most of the existing schemes are inefficient, particularly for deployment on mobile devices due to limited resources (e.g. computing power, battery lifetime, and storage capacity). In this paper, we propose a CertificateLess Public-Key Encryption with Authorized Equality Test (CLPKE-AET) scheme. With the CLPKE-AET scheme, an authorized cloud server is permitted to check the equivalence of two different ciphertexts consisting of the same messages. Moreover, We provide four types of authorizations, base on which an authorized user can directly search on different user's ciphertext using different methods while enhancing the privacy of the user's data. We present our construction from bilinear pairing and demonstrate its security under modified Bilinear Diffie-Hellman (mBDHI) assumption in the Random Oracle Model (ROM). Finally, compared with other's similar schemes, the performance analysis shows that our CLPKE-AET scheme is practical and more suitable for healthcare environments.