Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Shengmin Xu,Jianting Ning,Xinyi Huang,Yingjiu Li,Guowen Xu

DOI: https://doi.org/10.1109/tdsc.2021.3106393

2022-01-01

Abstract:Healthcare Internet-of-Things (IoT) enables lightweight devices to observe patients’ vital signals and outsource them to a remote cloud to enjoy flexible data sharing. However, it faces many security threats as the outsourced data is no longer physically controlled by data owners, and the cloud that hosts the outsourced data is not fully trusted. Many privacy protection technologies have been adopted to solve this problem, among which cryptographic mechanisms have become one of the most promising tools. Unfortunately, current cryptographic mechanisms in healthcare IoT mainly suffer from the following challenges: 1) dynamic user groups for managing users’ accessibility; 2) efficient revocation mechanism to mitigate the burden during user revocation; 3) forward and backward secrecy to ensure session independence in the presence of session key leakage; 4) revocable storage to prevent data users from learning any unauthorized data even the data is authorized before; and 5) information manipulation during data transmission. In this article, we introduce a practical and secure system to address the above problems. Our system provides fine-grained access control with dynamic user groups for optimizing scalability and functionality. We prove that our system is secure against numerous real-world threats. Extensive comparison and experimental analysis demonstrate that our system enjoys superior performance than the state-of-the-art solutions.

Yujie Wu,Xiao Tan,Qi Xie

DOI: https://doi.org/10.3390/math12243883

IF: 2.4

2024-12-11

Mathematics

Abstract:Electronic Health Records (EHRs: digital compilations of patient health status and diagnosis) are typically shared, analyzed, and stored on cloud servers. One operational challenge is to guarantee the accurate storage of EHRs, for instance, by utilizing Provable Data Possession (PDP). When a portion of one hospital's EHRs needs to be transferred to another, outsourcing the computational costs of data transfer to the cloud and ensuring the integrity of the data transferred off-site becomes a problematic issue. In this article, to tackle these two problems, we put forward a certificateless provable data possession scheme with outsourced data transmission on secure cloud storage. Our scheme achieves the following functions: ensuring the data integrity for the transferred data; only the data owner or the data recipient themselves can verify the integrity of their own remote data; delegating most of the computations to the public cloud server to enable data transferability. Finally, we analyze the security and efficiency of the concrete scheme. The analysis demonstrates that our scheme is demonstrably secure and efficient.

mathematics

Ye Lu,Tao Feng,Chunyan Liu,Wenbo Zhang

DOI: https://doi.org/10.32604/cmc.2023.046106

2024-01-01

Abstract:The Access control scheme is an effective method to protect user data privacy. The access control scheme based on blockchain and ciphertext policy attribute encryption (CP–ABE) can solve the problems of single—point of failure and lack of trust in the centralized system. However, it also brings new problems to the health information in the cloud storage environment, such as attribute leakage, low consensus efficiency, complex permission updates, and so on. This paper proposes an access control scheme with fine-grained attribute revocation, keyword search, and traceability of the attribute private key distribution process. Blockchain technology tracks the authorization of attribute private keys. The credit scoring method improves the Raft protocol in consensus efficiency. Besides, the interplanetary file system (IPFS) addresses the capacity deficit of blockchain. Under the premise of hiding policy, the research proposes a fine-grained access control method based on users, user attributes, and file structure. It optimizes the data-sharing mode. At the same time, Proxy Re-Encryption (PRE) technology is used to update the access rights. The proposed scheme proved to be secure. Comparative analysis and experimental results show that the proposed scheme has higher efficiency and more functions. It can meet the needs of medical institutions.

computer science, information systems,materials science, multidisciplinary

Kai Zhang,Tao Chen,Siyuan Chen,Lifei Wei,Jianting Ning

DOI: https://doi.org/10.1007/s10586-024-04464-w

2024-01-01

Cluster Computing

Abstract:EHRs sharing systems provide a secure and efficient way for patients and doctors to share information in smart healthcare. Due to the concern about data confidentiality and authorized access, the exploitation of attribute-based encryption (ABE) is widely adopted for EHRs sharing in cloud storage. However, most ABE-based EHRs sharing system only considered unilateral access control or supported non-flexible bilateral access control. Hence, we propose a lightwight and flexible healthcare data sharing system, LiVeRe, which enables fine-grained bilateral access control and moreover supports efficient user revocation and ciphertext integrity verification for the access control property. Technically, we employ the dual-policy framework to specify the access policy and pre-decryption techniques to alleviate the computational burden, and efficient revocation of user access rights by the KUNode algorithm. We also provide formal security models and correspondingly prove its security. Moreover, we conduct experiments on the cloud to demonstrate the practicality of our LiVeRe scheme.

Xiyu Liang,Yali Liu,Jianting Ning

DOI: https://doi.org/10.1109/JBHI.2024.3391218

Abstract:IoT and 5G-enabled smart healthcare allows medical practitioners to diagnose patients from any location via electronic health records (EHRs) by wireless body area network (WBAN) devices. Privacy, including the medical practitioner's identity and the patient's EHR, can easily be leaked from hospitals or cloud servers, and secret keys used to access EHRs must be revoked after diagnosis. In response to the challenges associated with user authentication and secret key revocation, this paper proposes an access control scheme with privacy-preserving authentication and flexible revocation for smart healthcare using attribute-based encryption (ABE), named PAFR-ABE, which provides access control to prevent malicious users from decrypting EHRs. Meanwhile, PAFR-ABE ensures privacy-preserving authentication for users during secret key generation, which safeguards users' identities and prevents unauthorized requests for secret keys. In addition, PAFR-ABE achieves flexible revocation and recovery of secret keys, which eliminates the need to update secret keys for unrevoked users. Security analysis indicates that PAFR-ABE meets the security requirements of an access control scheme for smart healthcare, especially in terms of forward security and backward security. Performance analysis shows that PAFR-ABE is efficient in the key generation and revocation algorithms compared with typical access control schemes.

Arthur S. Voundi Koe,Qi Chen,Juan Tang,Shan Ai,Hongyang Yan,Shiwen Zhang,Duncan S. Wong

DOI: https://doi.org/10.1002/int.23009

IF: 8.993

2022-09-09

International Journal of Intelligent Systems

Abstract:With recent advances in cloud computing, mobile devices are increasingly being used to record patient physiological parameters, and transfer them to a cloud‐based hospital information system, for access control mediation over a variety of stakeholders. In such a cloud‐based architecture, the patient must specify an access policy for a group of authorized parties towards its outsourced data. Multiauthority ciphertext‐policy attribute‐based encryption (CP‐ABE) was provided as an innovative cloud‐based access control cryptographic primitive to tackle the key escrow issue in a centralized architecture, and boost flexibility through cross‐domain attributes management. Existing works, however, still have glaring drawbacks. First, they still rely on a trusted authority to generate and distribute user secret keys. Second, they do not simultaneously provide encryption, decryption, or revocation outsourcing, resulting in high processing and communication cost for both the data sender and the data receiver. Third, they do not support both user and attribute revocation, and the integrity of ciphertext downloaded from the cloud is not always verified at the user end. As a result, this paper exploits the dummy attribute technique and introduces a novel, efficient, and secure multiauthority ciphertext‐policy ABE method for mediating access control over medical data, in the mobile cloud. The ciphertext access policy enforcement, partial ciphertext decryption, and both the user and attribute indirect revocation updates are safely outsourced to the cloud server in this study. Theoretical analysis demonstrates that our scheme is efficient and verifiable, and we prove that our construction is secure under the decisional bilinear Diffie‐Hellman assumption.

computer science, artificial intelligence

Qiu Zhang,Yinxia Sun,Yang Lu,Guoqiang Zhang

DOI: https://doi.org/10.1016/j.jisa.2024.103892

IF: 4.96

2024-10-24

Journal of Information Security and Applications

Abstract:Cloud computing has revolutionized in the healthcare industry, particularly in the management and accessibility of Electronic health records (EHR). However, maintaining the integrity and authenticity of EHR in cloud environments remains a crucial concern. To tackle this challenge, certificateless proxy re-signature is a promising cryptographic primitive for developing a practical EHR sharing system in the cloud. User revocation is a necessary issue in such system, but revocation introduces a new challenge, namely the continued validity of signatures from revoked users. A conventional method to solve this problem is to make the unrevoked users re-sign those valid EHR by using their current signing keys, which brings a lot of burden to the users. Therefore, we should establish an efficient mechanism to ensure that only signatures of valid data from non-revoked users can pass verification. In this paper, we propose a notion called revocable certificateless proxy re-signature with signature evolution (RCLPRS-SE), which allows for dynamic management of users and the ability to update signatures efficiently in accordance with evolving data requirements. We present a concrete construction of RCLPRS-SE and provide formal security proofs in the standard model. Compared with the existing related works, our scheme has a significant advantage in terms of signature updating efficiency.

computer science, information systems

Jialu Hao,Cheng Huang,Jian Liu,Ming Xian,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/glocom.2018.8647659

2018-01-01

Abstract:Data owners have benefited significantly from cloud computing for managing the numerous data produced by massive devices in various Internet of Things (IoT) applications, such as smart home and electronic healthcare. On the other hand, fine-grained access control on outsourced data is a big concern for data owners, after they lose physical control over their data. Key-policy attribute-based encryption (KP-ABE), which provides data confidentiality and fine-grained data access control simultaneously, can be naturally introduced in this cloud-based IoT paradigm. However, the primitive KP-ABE cannot achieve efficient data access control with flexible user revocation. In this paper, we propose an efficient and fine-grained data access control scheme based on the proxy re-encryption and key blinding techniques for cloud-based IoT. With the scheme, the decryption capability of misbehaving users can be efficiently revoked to prevent data disclosure. In addition, most of the costly update operations over ciphertexts and keys due to user revocation, are delegated to the cloud. Extensive experiment results demonstrate that our scheme is more efficient than existing solutions in terms of computation and communication overheads.

Haiping Huang,Peng Zhu,Fu Xiao,Xiang Sun,Qinglong Huang

DOI: https://doi.org/10.1016/j.cose.2020.102010

Abstract:How to alleviate the contradiction between the patient's privacy and the research or commercial demands of health data has become the challenging problem of intelligent medical system with the exponential increase of medical data. In this paper, a blockchain-based privacy-preserving scheme is proposed, which realizes secure sharing of medical data between several entities involved patients, research institutions and semi-trusted cloud servers. And meanwhile, it achieves the data availability and consistency between patients and research institutions, where zero-knowledge proof is employed to verify whether the patient's medical data meets the specific requirements proposed by research institutions without revealing patients' privacy, and then the proxy re-encryption technology is adopted to ensure that research institutions can decrypt the intermediary ciphertext. In addition, this proposal can execute distributed consensus based on PBFT algorithm for transactions between patients and research institutions according to the prearranged terms. Theoretical analysis shows the proposed scheme can satisfy security and privacy requirements such as confidentiality, integrity and availability, as well as performance evaluation demonstrates it is feasible and efficient in contrast with other typical schemes.

Liang Zhang,Haibin Kan,Honglan Huang

DOI: https://doi.org/10.1145/3528416.3530228

2022-01-01

Abstract:Patient-centered healthcare data sharing and data usage consent are gaining popularity. Cross-enterprise document sharing (XDS) is the crucial system of sharing personalized healthcare data. Furthermore, dynamic consent is vital to the XDS system, because it respects people's autonomy and achieves recognition of data sovereignty. Because of its transparency, blockchain is a powerful system for managing storage and computing without a trusted third party. Besides, ciphertext-policy attribute-based encryption (CP-ABE) extends public-key encryption by implying access control policies in ciphertexts, making it suitable for protecting the privacy of individual healthcare data in versatile cases. Particularly, we use hospital name, "date" and "department" as attribute strings in the access control policies. Consequently, based on consortium blockchain and CP-ABE, we propose a patient-centered XDS and a dynamic consent framework. Compared with previous related literature, we make the proposed framework consistent with current practices and achieve favorable criteria, such as data confidentiality, data recoverability and time-aware ciphertext. Further, we conduct comprehensive experiments to show the feasibility and practicality.

Yang Zhao,Pengcheng Fan,Haoting Cai,Zhiguang Qin,Hu Xiong

DOI: https://doi.org/10.6633/ijns.201711.19(6).21

2017-01-01

Abstract:By sharing the personal health information (PHI) in the healthcare provider (HP) which is equipped with cloud servers, mobile-healthcare (m-healthcare) significantly promotes a huge revolution of medical consultation. Nonetheless there is a series of challenges such as PHI confidentiality and the attribute revocation. To deal with these problems, we propose a scheme based on the attribute-based encryption. The scheme which supports non-monotonic access structures and fine-grained attribute revocation is established over the composite order bilinear groups. By utilizing this scheme, we can well protect PHI and achieve the goal of revocation. Furthermore, the security analysis and comparison show that our scheme is more expressive despite of the lower efficiency.

Shu Wu,Aiqing Zhang,Ya Gao,Xiaojuan Xie

DOI: https://doi.org/10.1016/j.csi.2024.103833

IF: 3.721

2024-01-21

Computer Standards & Interfaces

Abstract:Personal health records (PHR) offer significant benefit for patients, such as reducing medical cost and improving the quality of medical care. Majority of the current schemes lack provisions for tracking and revoking malicious doctors. The explicit access policies are prone to leaking patient private information. What's more, owning to the uneven distribution of medical supplies, shocking computational overhead during decryption is a burden that can't be ignored for busy medical workers. This paper proposed a patient-centric medical service matching scheme that supports policy hiding, attribute matching, fine-grained access control, and user dynamic management. The scheme uses ciphertext policy-based attribute encryption (CP-ABE) to achieve fine-grained access control and supports policy hiding. It utilizes white-box tracking technology and binary tree structure to achieve malicious doctor tracking. Revocation information is ciphertext to achieve dynamic management of doctors. From the experimental results, it can be concluded that our protocol achieves both patient-centric security and performance advantages.

computer science, software engineering, hardware & architecture

Reetu Gupta,Priyesh Kanungo,Nirmal Dagdee,Golla Madhu,Kshira Sagar Sahoo,N Z Jhanjhi,Mehedi Masud,Nabil Sharaf Almalki,Mohammed A AlZain

DOI: https://doi.org/10.3390/s23052617

2023-02-27

Abstract:With continuous advancements in Internet technology and the increased use of cryptographic techniques, the cloud has become the obvious choice for data sharing. Generally, the data are outsourced to cloud storage servers in encrypted form. Access control methods can be used on encrypted outsourced data to facilitate and regulate access. Multi-authority attribute-based encryption is a propitious technique to control who can access encrypted data in inter-domain applications such as sharing data between organizations, sharing data in healthcare, etc. The data owner may require the flexibility to share the data with known and unknown users. The known or closed-domain users may be internal employees of the organization, and unknown or open-domain users may be outside agencies, third-party users, etc. In the case of closed-domain users, the data owner becomes the key issuing authority, and in the case of open-domain users, various established attribute authorities perform the task of key issuance. Privacy preservation is also a crucial requirement in cloud-based data-sharing systems. This work proposes the SP-MAACS scheme, a secure and privacy-preserving multi-authority access control system for cloud-based healthcare data sharing. Both open and closed domain users are considered, and policy privacy is ensured by only disclosing the names of policy attributes. The values of the attributes are kept hidden. Characteristic comparison with similar existing schemes shows that our scheme simultaneously provides features such as multi-authority setting, expressive and flexible access policy structure, privacy preservation, and scalability. The performance analysis carried out by us shows that the decryption cost is reasonable enough. Furthermore, the scheme is demonstrated to be adaptively secure under the standard model.

Shunrong Jiang,Tao Jiang,Liangmin Wang

DOI: https://doi.org/10.1109/tsc.2017.2771280

IF: 11.019

2017-01-01

IEEE Transactions on Services Computing

Abstract:Data deduplication has been widely used in cloud storage to reduce storage space and communication overhead by eliminating redundant data and storing only one copy for them. In order to achieve secure data deduplication, the convergent encryption scheme and many of its variants are proposed. However, most of these schemes do not consider or cannot address the efficiently dynamic ownership changes and the secure Proof-of-Ownership (PoW), simultaneously. In this paper, we propose a secure data deduplication scheme with efficient PoW process for dynamic ownership management. Specially, our scheme supports both cross-user file-level and inside-user block-level data deduplication. During the file-level deduplication, we construct a new PoW scheme to ensure the tag consistency and achieve the mutual ownership verification. Moreover, we design a lazy update strategy to achieve efficient ownership management. For inside-user block-level deduplication, the user-aided key is used to realize convergent key management and reduce the key storage space. Finally, the security and performance analysis demonstrate that our scheme can ensure data confidentiality and tag consistency, and it is efficient in data ownership management.

Chengzhe Lai,Zhe Ma,Rui Guo,Dong Zheng

DOI: https://doi.org/10.1007/s12083-022-01303-w

2022-03-08

Abstract:In order to solve the problem of medical data sharing difficulties among medical institutions, we propose a secure medical data sharing scheme based on traceable ring signature and blockchain. Firstly, a certificateless traceable ring signature algorithm based on distributed key generation is proposed to provide data integrity with privacy preservation. Secondly, the smart contract combined with access control and Self-Controlling Object (SCO) can realize the decryption outsourcing and data sharing. In addition, the proposed scheme uses the InterPlanetary File System (IPFS) to store the oceans of medical privacy data, and encrypts the hash index to store, which improves the efficiency of data sharing. Finally, integrated with the blockchain, we can select the proxy node and upload the SCO package to the blockchain node for data sharing by using consensus mechanism. The security analysis shows that the scheme can realize the electronic health record (EHR) source tracking while achieving secure data sharing and privacy protection. In the performance evaluation, we compare the functionality with other schemes and conclude that our scheme is well-functional. Also, the time-consuming simulation of the algorithms in our scheme using the PBC library reflects a high practicality. The results show that the proposed scheme is secure in terms of medical data sharing and privacy protection, and feasible for data source tracking.

computer science, information systems,telecommunications

Shengmin Xu,Jianting Ning,Yingjiu Li,Yinghui Zhang,Guowen Xu,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tdsc.2021.3126532

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:To reduce the cost of human and material resources and improve the collaborations among medical systems, research laboratories and insurance companies for healthcare researches and commercial activities, electronic medical records (EMRs) have been proposed to shift from paperwork to friendly shareable electronic records. To take advantage of EMRs efficiently and reduce the cost of local storage, EMRs are usually outsourced to the remote cloud for sharing medical data with authorized users. However, cloud service providers are untrustworthy. In this paper, we propose an efficient, secure, and flexible EMR sharing system by introducing a novel cryptosystem called dual-policy revocable attribute-based encryption and tamper resistance blockchain technology. Our proposed system enables EMRs to be shared at a fine-grained level and allows data users to detect any unauthorized manipulation. Moreover, the key generation center can revoke malicious users without affecting the honest users. We provide the formal security model as well as the concrete scheme with security analysis. The experimental simulation and experimental analysis of our proposed scheme demonstrate that our proposed system has superior performances to the most relevant solutions.

xuejiao liu,yingjie xia,yang xiang,mohammad mehedi hassan,abdulhameed alelaiwi

DOI: https://doi.org/10.1109/SocialSec2015.13

2015-01-01

Abstract:Hybrid cloud is a widely used cloud architecture in large companies that can outsource data to the publiccloud, while still supporting various clients like mobile devices. However, such public cloud data outsourcing raises serious security concerns, such as how to preserve data confidentiality and how to regulate access policies to the data stored in public cloud. To address this issue, we design a hybrid cloud architecture that supports data sharing securely and efficiently, even with resource-limited devices, where private cloud serves as a gateway between the public cloud and the data user. Under such architecture, we propose an improved construction of attribute-based encryption that has the capability of delegating encryption/decryption computation, which achieves flexible access control in the cloud and privacy-preserving in datautilization even with mobile devices. Extensive experiments show the scheme can further decrease the computational cost and space overhead at the user side, which is quite efficient for the user with limited mobile devices. In the process of delegating most of the encryption/decryption computation to private cloud, the user can not disclose any information to the private cloud. We also consider the communication securitythat once frequent attribute revocation happens, our scheme is able to resist some attacks between private cloud and data user by employing anonymous key agreement.

Heng Pan,Yaoyao Zhang,Xueming Si,Zhongyuan Yao,Liang Zhao

DOI: https://doi.org/10.3390/sym14122479

2022-01-01

Symmetry

Abstract:The Internet of Things (IoT) and cloud technologies have significantly facilitated healthcare. In such a context, medical data are collected by the terminals from the patients, manipulated, and stored on the cloud by hospitals (doctors). This brings asymmetry problems in medical data access control, processing, and storage between doctors and patients, which results in medical data sharing face many challenges such as privacy leakage and malicious feedback from cloud servers on queries. To solve these asymmetry problems, this paper proposes a medical data sharing scheme with cloud-chain cooperation and policy fusion in the IoT. Regarding asymmetrical access control rights, a conflict resolution and fusion algorithm that enables co-authorization of medical data by the doctor and the patient is introduced. To balance the symmetry of medical data storage and processing, a cloud-chain cooperation ciphertext retrieval method is proposed by means of two-stage joint searching from cloud servers and the blockchain, which can not only detect malicious medical data feedback from cloud servers, but also improve the data search efficiency. The security analysis showed that this scheme satisfies the confidentiality and verifiability of the retrieved information, and the feasibility of the proposed scheme was demonstrated through experiments.

Heng Pan,Yaoyao Zhang,Jianmei Liu,Xueming Si,Zhongyuan Yao,Liang Zhao

DOI: https://doi.org/10.4018/ijdcf.329219

2023-01-01

International Journal of Digital Crime and Forensics

Abstract:In medical data sharing, the data access control authorities of the sharing entities and computing capabilities of the sharing platforms are asymmetric. This asymmetry leads to poor patient control over their data, privacy disclosure, and difficulties in tracking data sharing. This aarticle proposes a cooperation model of cloud and chain (CMCC) for the secure sharing of medical data. In the CMCC, the power equivalence of blockchain nodes limits the control authority asymmetry between doctors and patients in medical data sharing. Moreover, a cloud server is used to store medical data, and some of the node-side computations are handed over to the cloud, which addresses the asymmetric computing capability asymmetry between the cloud and ordinary nodes. Based on the CMCC, a secure medical data sharing scheme based on proxy re-encryption mechanism is proposed. This scheme realizes secure medical data sharing, especially the patient's complete control of the data. The security and performance analysis show that the proposed scheme outperforms the existing ones.