Jianghua Liu,Jian Yang,Xinyi Huang,Lei Xu,Yang Xiang

DOI: https://doi.org/10.1109/tsc.2023.3348497

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:The widespread application of Internet of Things technology in the medical field results in the generation of a large amount of healthcare data. Adequately learning valuable knowledge from the massive healthcare data brings a huge potential for improving the efficiency, quality, and safety of healthcare services. Online learning over the cloud offers decent training and fast inference services. However, outsourcing healthcare data learning to the cloud might cause patient privacy disclosure and data integrity and authenticity compromises. These security threats further affect the accuracy of the trained model or distort the inference results. Although researchers have tried to solve the privacy-preserving or data integrity issues with different techniques, none of them satisfy the security demands in online training of healthcare data. In this paper, we present an efficient redactable group signature scheme (RGSS) for the online learning healthcare system. The security analysis shows that our construction not only prevents privacy compromise but also provides integrity and authenticity verification. In addition to the private property of RGSS, the signer-anonymous also enhances patient privacy-preserving. Compared with other solutions, our RGSS is secure and efficient in promoting scientific research on learning large amounts of healthcare data that aim to improve healthcare services.

computer science, information systems, software engineering

Nazish Khalid,Adnan Qayyum,Muhammad Bilal,Ala Al-Fuqaha,Junaid Qadir

DOI: https://doi.org/10.1016/j.compbiomed.2023.106848

Abstract:There has been an increasing interest in translating artificial intelligence (AI) research into clinically-validated applications to improve the performance, capacity, and efficacy of healthcare services. Despite substantial research worldwide, very few AI-based applications have successfully made it to clinics. Key barriers to the widespread adoption of clinically validated AI applications include non-standardized medical records, limited availability of curated datasets, and stringent legal/ethical requirements to preserve patients' privacy. Therefore, there is a pressing need to improvise new data-sharing methods in the age of AI that preserve patient privacy while developing AI-based healthcare applications. In the literature, significant attention has been devoted to developing privacy-preserving techniques and overcoming the issues hampering AI adoption in an actual clinical environment. To this end, this study summarizes the state-of-the-art approaches for preserving privacy in AI-based healthcare applications. Prominent privacy-preserving techniques such as Federated Learning and Hybrid Techniques are elaborated along with potential privacy attacks, security challenges, and future directions.

Yuanhaur Chang,Han Liu,Evin Jaff,Chenyang Lu,Ning Zhang

2024-09-12

Abstract:The integration of technology and healthcare has ushered in a new era where software systems, powered by artificial intelligence and machine learning, have become essential components of medical products and services. While these advancements hold great promise for enhancing patient care and healthcare delivery efficiency, they also expose sensitive medical data and system integrity to potential cyberattacks. This paper explores the security and privacy threats posed by AI/ML applications in healthcare. Through a thorough examination of existing research across a range of medical domains, we have identified significant gaps in understanding the adversarial attacks targeting medical AI systems. By outlining specific adversarial threat models for medical settings and identifying vulnerable application domains, we lay the groundwork for future research that investigates the security and resilience of AI-driven medical systems. Through our analysis of different threat models and feasibility studies on adversarial attacks in different medical domains, we provide compelling insights into the pressing need for cybersecurity research in the rapidly evolving field of AI healthcare technology.

Cryptography and Security,Artificial Intelligence,Machine Learning

Lei Yang,Qingji Zheng,Xinxin Fan

DOI: https://doi.org/10.1109/infocom.2017.8056954

2017-05-01

Abstract:The integration of cloud computing and Internet of Things (IoT) is quickly becoming the key enabler for the digital transformation of the healthcare industry by offering comprehensive improvements in patient engagements, productivity and risk mitigation. This paradigm shift, while bringing numerous benefits and new opportunities to healthcare organizations, has raised a lot of security and privacy concerns. In this paper, we present a reliable, searchable and privacy-preserving e-healthcare system, which takes advantage of emerging cloud storage and IoT infrastructure and enables healthcare service providers (HSPs) to realize remote patient monitoring in a secure and regulatory compliant manner. Our system is built upon a novel dynamic searchable symmetric encryption scheme with forward privacy and delegated verifiability for periodically generated healthcare data. While the forward privacy is achieved by maintaining an increasing counter for each keyword at an IoT gateway, the data owner delegated verifiability comes from the combination of the Bloom filter and aggregate message authentication code. Moreover, our system is able to support multiple HSPs through either data owner assistance or delegation. The detailed security analysis as well as the extensive simulations on a large data set with millions of records demonstrate the practical efficiency of the proposed system for real world healthcare applications.

Jianghua Liu,Jian Yang,Wei Wu,Xinyi Huang,Yang Xiang

DOI: https://doi.org/10.1109/tc.2022.3207138

IF: 3.183

2023-04-08

IEEE Transactions on Computers

Abstract:Recent advancements in the Internet of Things (IoT) and cloud computing technologies have accelerated the development of various practical applications, including healthcare systems. Adequately revealing the collected healthcare data in a cloud-assisted healthcare IoT system brings a huge potential for improving the safety, quality, and efficiency of healthcare services. However, often the data collected in a healthcare IoT system is vital and sensitive. The dissemination of such data is also vulnerable to malicious attacks such as tampering, eavesdropping, and forgery. Thus, disseminated data's integrity, authenticity, and privacy are elementary security demands to end-users and owners. Also, the resource-constrained nature of healthcare IoT devices invalidates the existing solutions. To address the above challenges, we propose a lightweight and secure redactable signature scheme with coarse-grained additional redaction control (CRS) for secure dissemination of healthcare data in a cloud-assisted healthcare IoT system. The security analysis indicates our CRS is secure against signature forgery, additional redaction attacks, and redacted version linkability. Compared to other existing solutions, our scheme can achieve some level of security but less computational complexity and communication overhead.

engineering, electrical & electronic,computer science, hardware & architecture

Madhan Jeyaraman,Sangeetha Balaji,Naveen Jeyaraman,Sankalp Yadav

DOI: https://doi.org/10.7759/cureus.43262

2023-08-10

Cureus

Abstract:The integration of artificial intelligence (AI) into healthcare promises groundbreaking advancements in patient care, revolutionizing clinical diagnosis, predictive medicine, and decision-making. This transformative technology uses machine learning, natural language processing, and large language models (LLMs) to process and reason like human intelligence. OpenAI's ChatGPT, a sophisticated LLM, holds immense potential in medical practice, research, and education. However, as AI in healthcare gains momentum, it brings forth profound ethical challenges that demand careful consideration. This comprehensive review explores key ethical concerns in the domain, including privacy, transparency, trust, responsibility, bias, and data quality. Protecting patient privacy in data-driven healthcare is crucial, with potential implications for psychological well-being and data sharing. Strategies like homomorphic encryption (HE) and secure multiparty computation (SMPC) are vital to preserving confidentiality. Transparency and trustworthiness of AI systems are essential, particularly in high-risk decision-making scenarios. Explainable AI (XAI) emerges as a critical aspect, ensuring a clear understanding of AI-generated predictions. Cybersecurity becomes a pressing concern as AI's complexity creates vulnerabilities for potential breaches. Determining responsibility in AI-driven outcomes raises important questions, with debates on AI's moral agency and human accountability. Shifting from data ownership to data stewardship enables responsible data management in compliance with regulations. Addressing bias in healthcare data is crucial to avoid AI-driven inequities. Biases present in data collection and algorithm development can perpetuate healthcare disparities. A public-health approach is advocated to address inequalities and promote diversity in AI research and the workforce. Maintaining data quality is imperative in AI applications, with convolutional neural networks showing promise in multi-input/mixed data models, offering a comprehensive patient perspective. In this ever-evolving landscape, it is imperative to adopt a multidimensional approach involving policymakers, developers, healthcare practitioners, and patients to mitigate ethical concerns. By understanding and addressing these challenges, we can harness the full potential of AI in healthcare while ensuring ethical and equitable outcomes.

Reihaneh Torkzadehmahani,Reza Nasirigerdeh,David B Blumenthal,Tim Kacprowski,Markus List,Julian Matschinske,Julian Spaeth,Nina Kerstin Wenke,Jan Baumbach

DOI: https://doi.org/10.1055/s-0041-1740630

Abstract:Background: Artificial intelligence (AI) has been successfully applied in numerous scientific domains. In biomedicine, AI has already shown tremendous potential, e.g., in the interpretation of next-generation sequencing data and in the design of clinical decision support systems. Objectives: However, training an AI model on sensitive data raises concerns about the privacy of individual participants. For example, summary statistics of a genome-wide association study can be used to determine the presence or absence of an individual in a given dataset. This considerable privacy risk has led to restrictions in accessing genomic and other biomedical data, which is detrimental for collaborative research and impedes scientific progress. Hence, there has been a substantial effort to develop AI methods that can learn from sensitive data while protecting individuals' privacy. Method: This paper provides a structured overview of recent advances in privacy-preserving AI techniques in biomedicine. It places the most important state-of-the-art approaches within a unified taxonomy and discusses their strengths, limitations, and open problems. Conclusion: As the most promising direction, we suggest combining federated machine learning as a more scalable approach with other additional privacy-preserving techniques. This would allow to merge the advantages to provide privacy guarantees in a distributed way for biomedical applications. Nonetheless, more research is necessary as hybrid approaches pose new challenges such as additional network or computation overhead.

Chanchal Maurya,Vijay Kumar Chaurasiya

DOI: https://doi.org/10.1007/s11042-023-15006-8

IF: 2.577

2023-03-27

Multimedia Tools and Applications

Abstract:E-healthcare system has been introduced to provide real-time patient health monitoring using IoT sensors and efficiently share patient data with multiple users. Patients need to outsource their health data over the cloud due to the resource-constrained nature of IoT devices and patient devices. While accessing the data from a trusted cloud or distributed users makes health data susceptible and leads to leakage and manipulation. Therefore, we need secure data sharing with fine-grained access control and authentication schemes. The existing proxy re-encryption data sharing schemes use the same key to re-encrypt the patient’s health data more than once, leading to a collusion attack with users. This paper proposes an efficient and collusion-resistant re-encryption scheme (CRRE) with mutual authentication to address the collusion attack that provides privacy-preserving secure data sharing with fine-grained access control. Integrating the CRRE scheme with blockchain provides data integrity, verifiability, accountability, and interoperability between all entities in the e-healthcare system. The random oracle model and AVISPA tool are used to validate the formal and informal security of the CRRE scheme. The proposed scheme is implemented and compared with existing PRE-based schemes on various parameters. The results prove that the proposed CRRE scheme is more efficient and suitable for resource-constrained devices in the e-healthcare system.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Blake Murdoch

DOI: https://doi.org/10.1186/s12910-021-00687-3

2021-09-15

BMC Medical Ethics

Abstract:Abstract Background Advances in healthcare artificial intelligence (AI) are occurring rapidly and there is a growing discussion about managing its development. Many AI technologies end up owned and controlled by private entities. The nature of the implementation of AI could mean such corporations, clinics and public bodies will have a greater than typical role in obtaining, utilizing and protecting patient health information. This raises privacy issues relating to implementation and data security. Main body The first set of concerns includes access, use and control of patient data in private hands. Some recent public–private partnerships for implementing AI have resulted in poor protection of privacy. As such, there have been calls for greater systemic oversight of big data health research. Appropriate safeguards must be in place to maintain privacy and patient agency. Private custodians of data can be impacted by competing goals and should be structurally encouraged to ensure data protection and to deter alternative use thereof. Another set of concerns relates to the external risk of privacy breaches through AI-driven methods. The ability to deidentify or anonymize patient health data may be compromised or even nullified in light of new algorithms that have successfully reidentified such data. This could increase the risk to patient data under private custodianship. Conclusions We are currently in a familiar situation in which regulation and oversight risk falling behind the technologies they govern. Regulation should emphasize patient agency and consent, and should encourage increasingly sophisticated methods of data anonymization and protection.

ethics,medical ethics,social sciences, biomedical

Chao Wang,Jieyu Zhang,Nicholas Lassi,Xiaohan Zhang

DOI: https://doi.org/10.3390/healthcare10101878

2022-09-27

Health Care

Abstract:Advanced artificial intelligence (AI) technologies are now widely employed in China's medical and healthcare fields. Enormous amounts of personal data are collected from various sources and inserted into AI algorithms for medical purposes, producing challenges to patient's privacy. This is a comparative study of Chinese, United States, and European Union operational rules for healthcare data that is collected and then used in AI functions, particularly focusing on legal differences and deficiencies. The conceptual boundaries of privacy and personal information, the influence of technological development on the informed consent model, and conflicts between freedom and security in rules of cross-border data flow were found to be key issues requiring consideration when regulating healthcare data used for AI purposes. Furthermore, the results indicate that the appropriate balance between privacy protections and technological development, between individual and group interests, and between corporate profits and the public interest should be identified and observed. In terms of specific rule-making, it was found that China should establish special regulations protecting healthcare information, provide clear definitions and classification schemas for different types of healthcare information, and enact stricter accountability mechanisms. Examining and contrasting operational rules for AI in health care promotes informed privacy governance and improved privacy legislation.

health care sciences & services,health policy & services

Nikolai S. Germanov,Германов Николай Станиславович

DOI: https://doi.org/10.17816/dd430334

2023-06-26

Digital Diagnostics

Abstract:Active deployment of artificial intelligence (AI) systems in medicine creates many challenges. Recently, the concept of responsible artificial intelligence (RAI) was widely discussed, which is aimed at solving the inevitable ethical, legal, and social problems. The scientific literature was analyzed and the possibility of applying the RAI concept to overcome the existing AI problems in medicine was considered. Studies of possible AI applications in medicine showed that current algorithms are unable to meet the basic enduring needs of society, particularly, fairness, transparency, and reliability. The RAI concept based on three principles accountability for AI activities and responsibility and transparency of findings (ART) was proposed to address ethical issues. Further evolution, without the development and application of the ART concept, turns dangerous and impossible the use of AI in such areas as medicine and public administration. The requirements for accountability and transparency of conclusions are based on the identified epistemological (erroneous, non-transparent, and incomplete conclusions) and regulatory (data confidentiality and discrimination of certain groups) problems of using AI in digital medicine [2]. Epistemological errors committed by AI are not limited to omissions related to the volume and representativeness of the original databases analyzed. In addition, these include the well-known black box problem, i.e. the inability to look into the process of forming AI outputs when processing input data. Along with epistemological errors, normative problems inevitably arise, including patient confidentiality and discrimination of some social groups due to the refusal of some patients to provide medical data for training algorithms and as part of the analyzed databases, which will lead to inaccurate AI conclusions in cases of certain gender, race, and age. Importantly, the methodology of the AI data analysis depends on the program code set by the programmer, whose epistemological and logical errors are projected onto the AI. Hence the problem of determining responsibility in the case of erroneous conclusions, i.e. its distribution between the program itself, the developer, and the executor. Numerous professional associations design ethical standards for developers and a statutory framework to regulate responsibility between the links described. However, the state must play the greatest role in the development and approval of such legislation. The use of AI in medicine, despite its advantages, is accompanied by many ethical, legal, and social challenges. The development of RAI has the potential both to solve these challenges and to further the active and secure deployment of AI systems in digital medicine and healthcare.

Yang, Xiaodong,Wei, Lizhen,Li, Songyu,Wang, Caifen

DOI: https://doi.org/10.1007/s12083-024-01769-w

IF: 3.488

2024-07-26

Peer-to-Peer Networking and Applications

Abstract:To enhance the security of medical data, the government and healthcare institutions must collect and analyze vast amounts of information, enabling the prompt detection of irregular patterns and timely issuance of accurate warnings. This is crucial for preventing and containing potential threats to medical data security. However, securely sharing and converting these data poses a significant challenge, particularly in open wireless access networks within healthcare settings. Proxy re-signature (PRS) offers not only signature conversion capabilities but also anonymity, safeguarding data reliability and authenticity. Nonetheless, current proxy re-signature techniques overlook the potential for algorithm substitution attacks (ASA). Therefore, we introduce a novel proxy re-signature scheme, leveraging cryptographic reverse firewall (CRF) technology, tailored specifically for the medical domain. Furthermore, we conducted rigorous security analysis and simulation experiments to validate the practical effectiveness of our scheme. This approach addresses the need for secure data sharing among various entities, including medical institutions, management centers, and research facilities, ensuring the integrity and confidentiality of critical medical information.

computer science, information systems,telecommunications

Jingwei Liu,Jin Zhang,Mian Ahmad Jan,Rong Sun,Lei Liu,Sahil Verma,Pushpita Chatterjee

DOI: https://doi.org/10.1109/jbhi.2023.3304361

IF: 7.7

2023-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:Data mining, integration, and utilization are the inevitable trend of the Internet of Medical Things (IoMT) in the context of big data. With the increasing demand for data privacy, federated learning has emerged as a new paradigm, which enables distributed joint training of medical data sources without leaving the private domain. However, federated learning is suffering from security threats as the shared local model will reveal original datasets. Privacy leakage is even more fatal in healthcare because medical data contains critically sensitive information. In addition, open wireless channels are susceptible to malicious attacks. To further safeguard the privacy of IoMT, we propose a comprehensive privacy-preserving federated learning scheme with a tactful dropout handling mechanism. The proposed scheme leverages blind masking and certificateless proxy re-encryption (CL-PRE) for secure aggregation, ensuring the confidentiality of the local model and rendering the global model invisible to any parties other than clients. It also provides authentication of uploaded models while protecting identity privacy. Compared with other relevant schemes, our solution has better performance on functional features and efficiency, and is more applicable to IoMT systems with many devices.

computer science, interdisciplinary applications,mathematical & computational biology,medical informatics, information systems

Chengzhe Lai,Hanyue Zhang,Rongxing Lu,Dong Zheng

DOI: https://doi.org/10.1109/jiot.2024.3350029

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The conflict between data privacy and sharing among healthcare institutions creates data silos, causing wasteful duplication, incomplete information, and potential hindrances to scientific research. In this paper, we present a privacy-preserving medical data sharing scheme based on cloud-assisted private set intersection (PSI) and aggregate signature technique. Firstly, we propose a novel authenticated cloud-assisted private set intersection, named AC-PSI, which can achieve client authentication and randomized processing of private data by using Diffie-Hellman-based Oblivious Pseudorandom Function (DH-OPRF) and Vector Oblivious Linear-Function Evaluation-based Oblivious Pseudorandom Function (VOLE-OPRF), respectively. Secondly, based on the AC-PSI and locally verifiable signature (LVS), we design a privacy-preserving and secure medical data sharing scheme, which can provide enhanced security features by enabling access control of computing resources and resist pre-computation attacks from external sources. Our approach has been proven through a rigorous analysis of security. Finally, through comparative analysis with the existing schemes, it is demonstrated that the proposed AC-PSI and medical data sharing scheme has low communication and computation overhead while achieving a higher level of privacy preservation and security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jie Zhao,Yifeng Zheng,Hejiao Huang,Jing Wang,Xiaojun Zhang,Daojing He

DOI: https://doi.org/10.1016/j.sysarc.2023.102860

IF: 5.836

2023-03-23

Journal of Systems Architecture

Abstract:Cloud-assisted medical cyber–physical systems (MCPSs) leverage the power of cloud computing for scalable storage and management of outsourced medical data. Based on the crucial outsouced medical data, guardians could know patient's health condition timely, doctors can make accurate diagnoses of patients, and medical research centers could also conduct medical big data analysis. However, medical data is highly sensitive and demands strong protection. Meanwhile, the integrity of outsourced medical data is vulnerable to hardware failures, software bugs or human errors. To date, a large number of data privacy-preserving integrity auditing schemes have been presented, but most of them suffer from the burden of complex public key certificate management or the key escrow problem of identity-based cryptography. In this paper, we propose a lightweight certificateless privacy-preserving integrity verification scheme (LCPPIV) with conditional anonymity for cloud-assisted MCPSs by developing an elliptic-curve digital signature and a key exchange mechanism, which can achieve the functionalities of medical data privacy protection, integrity verification of outsourced medical data, conditional anonymity, batch auditing, and secure compensation mechanism, simultaneously. Theoretical security analysis demonstrates that our scheme is provably secure in the random oracle model, with resistance to the public key replacement attack, malicious-but-passive-KGC attack, and response auditing proofs forgery. The performance evaluations indicate that LCPPIV is much more practical for cloud-assisted MCPSs compared with state-of-art data auditing schemes.

computer science, software engineering, hardware & architecture

Zuyan Wang,Jun Tao,Dika Zou

2024-05-31

Abstract:The growing popular awareness of personal privacy raises the following quandary: what is the new paradigm for collecting and protecting the data produced by ever-increasing sensor devices. Most previous studies on co-design of data aggregation and privacy preservation assume that a trusted fusion center adheres to privacy regimes. Very recent work has taken steps towards relaxing the assumption by allowing data contributors to locally perturb their own data. Although these solutions withhold some data content to mitigate privacy risks, they have been shown to offer insufficient protection against disclosure attacks. Aiming at providing a more rigorous data safeguard for the Internet of Things (IoTs), this paper initiates the study of privacy-preserving data aggregation. We propose a novel paradigm (called RASE), which can be generalized into a 3-step sequential procedure, noise addition, followed by random permutation, and then parameter estimation. Specially, we design a differentially private randomizer, which carefully guides data contributors to obfuscate the truth. Then, a shuffler is employed to receive the noisy data from all data contributors. After that, it breaks the correct linkage between senders and receivers by applying a random permutation. The estimation phase involves using inaccurate data to calculate an approximate aggregate value. Extensive simulations are provided to explore the privacy-utility landscape of our RASE.

Cryptography and Security

Alexander Ziller,Tamara T. Mueller,Simon Stieger,Leonhard F. Feiner,Johannes Brandt,Rickmer Braren,Daniel Rueckert,Georgios Kaissis

DOI: https://doi.org/10.1038/s42256-024-00858-y

IF: 23.8

2024-06-22

Nature Machine Intelligence

Abstract:Artificial intelligence (AI) models are vulnerable to information leakage of their training data, which can be highly sensitive, for example, in medical imaging. Privacy-enhancing technologies, such as differential privacy (DP), aim to circumvent these susceptibilities. DP is the strongest possible protection for training models while bounding the risks of inferring the inclusion of training samples or reconstructing the original data. DP achieves this by setting a quantifiable privacy budget. Although a lower budget decreases the risk of information leakage, it typically also reduces the performance of such models. This imposes a trade-off between robust performance and stringent privacy. Additionally, the interpretation of a privacy budget remains abstract and challenging to contextualize. Here we contrast the performance of artificial intelligence models at various privacy budgets against both theoretical risk bounds and empirical success of reconstruction attacks. We show that using very large privacy budgets can render reconstruction attacks impossible, while drops in performance are negligible. We thus conclude that not using DP at all is negligent when applying artificial intelligence models to sensitive data. We deem our results to lay a foundation for further debates on striking a balance between privacy risks and model performance.

computer science, artificial intelligence, interdisciplinary applications

Yilin Ning,Xiaoxuan Liu,Gary S. Collins,Karel G. M. Moons,Melissa McCradden,Daniel Shu Wei Ting,Jasmine Chiat Ling Ong,Benjamin Alan Goldstein,Siegfried K. Wagner,Pearse A. Keane,Eric J. Topol,Nan Liu

DOI: https://doi.org/10.1038/s41591-024-03310-1

IF: 82.9

2024-10-20

Nature Medicine

Abstract:The deployment of artificial intelligence (AI)-powered prediction models in healthcare can lead to ethical concerns about their implementation and upscaling. For example, AI prediction models can hinder clinical decision-making if they advise different diagnoses or treatments by sex and gender or by race and ethnicity without clear justification. Recent guidance (such as the WHO guidance on ethics and governance of AI for health and the Dutch guideline on AI for healthcare) and legislation (such as the European Union AI Act and the White House Executive Order on Safe, Secure, and Trustworthy Development and Use of AI in United States) have outlined important principles for the implementation of AI, including ethical considerations 1,2 . Health systems have responded by establishing governance committees and processes to ensure the safe and equitable implementation of AI tools 3 . However, there is currently no assessment tool that can identify and mitigate ethical issues during the implementation of AI prediction models in healthcare practice, including for public health. The development and validation of AI prediction models has benefited from detailed reporting and risk-of-bias tools, such as TRIPOD+AI 4 and PROBAST (with its forthcoming AI extension) for fairness and bias control and CLAIM 5 for data privacy, security and interpretability of AI imaging studies. However, when planning the implementation of a rigorously developed and well-performing AI prediction model in healthcare practice, existing recommendations and guidance on ethics are sparse and lack operational detail. For example, the DECIDE-AI reporting guideline 6 contains a small number of ethics-related recommendations for early clinical evaluation of AI concerning equity, safety and human-AI interaction, and FUTURE-AI 7 provides recommendations based on six principles (fairness, universality, traceability, usability, robustness and explainability) in model design, development, validation and deployment. A bioethics-centric delivery science toolkit for responsible AI implementation in healthcare is needed 8 .

biochemistry & molecular biology,cell biology,medicine, research & experimental

Xiyu Liang,Yali Liu,Jianting Ning

DOI: https://doi.org/10.1109/JBHI.2024.3391218

Abstract:IoT and 5G-enabled smart healthcare allows medical practitioners to diagnose patients from any location via electronic health records (EHRs) by wireless body area network (WBAN) devices. Privacy, including the medical practitioner's identity and the patient's EHR, can easily be leaked from hospitals or cloud servers, and secret keys used to access EHRs must be revoked after diagnosis. In response to the challenges associated with user authentication and secret key revocation, this paper proposes an access control scheme with privacy-preserving authentication and flexible revocation for smart healthcare using attribute-based encryption (ABE), named PAFR-ABE, which provides access control to prevent malicious users from decrypting EHRs. Meanwhile, PAFR-ABE ensures privacy-preserving authentication for users during secret key generation, which safeguards users' identities and prevents unauthorized requests for secret keys. In addition, PAFR-ABE achieves flexible revocation and recovery of secret keys, which eliminates the need to update secret keys for unrevoked users. Security analysis indicates that PAFR-ABE meets the security requirements of an access control scheme for smart healthcare, especially in terms of forward security and backward security. Performance analysis shows that PAFR-ABE is efficient in the key generation and revocation algorithms compared with typical access control schemes.

Mahesh Vaijainthymala Krishnamoorthy

2024-10-23

Abstract:As AI systems increasingly integrate into critical societal sectors, the demand for robust privacy-preserving methods has escalated. This paper introduces Data Obfuscation through Latent Space Projection (LSP), a novel technique aimed at enhancing AI governance and ensuring Responsible AI compliance. LSP uses machine learning to project sensitive data into a latent space, effectively obfuscating it while preserving essential features for model training and inference. Unlike traditional privacy methods like differential privacy or homomorphic encryption, LSP transforms data into an abstract, lower-dimensional form, achieving a delicate balance between data utility and privacy. Leveraging autoencoders and adversarial training, LSP separates sensitive from non-sensitive information, allowing for precise control over privacy-utility trade-offs. We validate LSP's effectiveness through experiments on benchmark datasets and two real-world case studies: healthcare cancer diagnosis and financial fraud analysis. Our results show LSP achieves high performance (98.7% accuracy in image classification) while providing strong privacy (97.3% protection against sensitive attribute inference), outperforming traditional anonymization and privacy-preserving methods. The paper also examines LSP's alignment with global AI governance frameworks, such as GDPR, CCPA, and HIPAA, highlighting its contribution to fairness, transparency, and accountability. By embedding privacy within the machine learning pipeline, LSP offers a promising approach to developing AI systems that respect privacy while delivering valuable insights. We conclude by discussing future research directions, including theoretical privacy guarantees, integration with federated learning, and enhancing latent space interpretability, positioning LSP as a critical tool for ethical AI advancement.

Machine Learning,Artificial Intelligence,Cryptography and Security,Computers and Society