Tian-shu ZHOU,Xing-hua ZHU,Jing-song LI

DOI: https://doi.org/10.3969/j.issn.1673-7571.2015.06.025

2015-01-01

Abstract:To meet the demand of big data sharing and communication in regional medical systems in a secure manner, we designed and developed a security system within HIE-oriented EMR, including identity authentication, privilege management, access log, and data encryption modules. The establish and deployment of the system could prevent access from the illegal users, keep EMR system accessibility while controllability, record the modification traces and make it undeniability, protect the medical data from intercepted by intruders, keep the data confidentiality from none stakeholders, and finally construct a complete security system in EMR.

Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Chin-Ling Chen,Po-Tsun Huang,Yung-Yuan Deng,Hsing-Chung Chen,Yun-Ciao Wang

DOI: https://doi.org/10.1186/s13673-020-00221-1

2020-05-07

Abstract:Abstract As cloud computing technology matures, along with an increased application of distributed networks, increasingly larger amounts of data are being stored in the cloud, and are thus available for pervasive application. At the same time, current independent medical record systems tend to be inefficient, and most previous studies in this field fail to meet the security requirements of anonymity and unlinkability. Some proposed schemes are even vulnerable to malicious impersonation attacks. The scheme proposed in this study, therefore, combines public and private clouds in order to more efficiently and securely preserve and manage electronic medical records (EMR). In this paper, a new secure EMR authorization system is proposed, which uses elliptic curve encryption and public-key encryption, providing a health care system with both public and private cloud environments with a message authentication mechanism, allowing the secure sharing of medical resources. The analysis shows that the proposed scheme prevents known attacks, such as replay attacks, man-in-the-middle attacks and impersonation attacks, and provides user anonymity, unlinkability, integrity, non-repudiation, forward and backward security.

computer science, information systems

Song Luo,N. Han,Tan Hu,YuHua Qian

DOI: https://doi.org/10.1155/2024/5569121

IF: 1.938

2024-02-03

International Journal of Distributed Sensor Networks

Abstract:As network technology advances and more people use devices, data storage has become a significant challenge due to the explosive growth of information and the threat of data leaks. In traditional medical institutions, most medical data is stored centrally through cloud computing technology in the institution’s data center. This centralized storage method has many security risks, and once the central server is attacked, it will lead to the loss of medical data, which will lead to the leakage of patients’ private data. At the same time, electronic medical records are the most critical data in the current medical field. In the traditional centralized healthcare service system (HSS), there are data leakage problems and tampering with electronic medical records due to human factors. At the same time, each hospital is built independently, resulting in the current centralized healthcare service system having a data silo problem, making it difficult to share medical data between institutions securely. With the increase in the number of users in the system, the electronic medical record data in the system also increases gradually, resulting in the increasing overhead of decryption calculation. Therefore, this paper proposes a blockchain-based access control scheme with multiparty authorization to ensure the security of electronic medical records. The scheme uses an SM encryption algorithm to encrypt the medical data in the system. It adds the patient’s signature to ensure the confidentiality and security of the data, and the encrypted electronic medical records (EMRs) are stored in the InterPlanetary File System (IPFS) to realize the distributed storage of EMR. In addition, role-based multiauthorization access control is implemented through smart contract-based to ensure the security of EMR. We have analyzed the security of this paper’s solution and compared its performance with the existing schemes based on other cryptographic algorithms. The experimental results show that the proposed solution significantly improves the secure sharing of EMR and provides system performance.

computer science, information systems,telecommunications

Jingwei Liu,Yue Fan,Rong Sun,Lei Liu,Celimuge Wu,Shahid Mumtaz

DOI: https://doi.org/10.1109/jiot.2023.3287636

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Due to the massive applications of Internet of Things (IoT) and the prevalence of wearable devices, e-healthcare systems are widely deployed in medical institutions. As a significant carrier of medical data, electronic medical record (EMR) is convenient to be stored and retrieved, which greatly simplifies the experience of medical treatment and cuts down the trivial work of paramedics. However, EMRs usually include much sensitive information such as patients’ identification numbers or home addresses that may be easily captured by unauthorized doctors and cloud servers. Based on this concern, e-healthcare systems can make use of attribute-based encryption (ABE) to protect private information while achieving fine-grained access control of encrypted EMRs. Whereas, most ABE schemes do not support both policy hiding and keyword search. To address the above issues, we propose an inner product searchable encryption scheme with multi-keyword search (MK-IPSE) based on blockchain to provide full privacy preservation and efficient ciphertext retrieval for EMRs. Inner product encryption (IPE) can not only specify access permissions such that only users with matched attributes can get the target files, but also support access policy hiding. Besides, the proposed scheme combines searchable encryption (SE) and federated blockchain (FB) to implement efficient and stable multi-keyword search. Compared with the existing schemes, MK-IPSE shows better performance on computation and storage. Additionally, security analysis demonstrates that our scheme can resist IND-CKA and collusion attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qinlong Huang,Chao Wang,Lixuan Chen

DOI: https://doi.org/10.1109/tsc.2022.3203378

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:With the popularity of cloud computing services, an increasing number of users begin to use subscription-based services. Due to the semi-trusted cloud servers that may access the outsourced data, and malicious senders who may publish unauthorized data or junk data, access control encryption (ACE) schemes have been studied recently to enforce secure data write control as well as read control. However, their access control policies are specified by the authority or publishers, which do not apply to the subscriptions. In this paper, we propose DSFlow, a secure and fine-grained flow control system for subscription-based data services. DSFlow is designed in the cloud-edge computing architecture, which employs edge nodes to control the communications between publishers and cloud servers by sanitizing the original ciphertexts to resist malicious publishers, and allows any valid subscriber to decrypt the sanitized ciphertexts in cloud. We introduce a receiver-policy attribute-based ACE (RA-ACE) scheme for DSFlow, which embeds the fine-grained access control policy within the receiver's decryption key. We give a concrete construction of RA-ACE from key-policy attribute-based encryption, structure-preserving signature and non-interactive zero-knowledge proof, and formally prove the no-read rule and no-write rule of RA-ACE. The experiments demonstrate the efficiency of DSFlow compared with existing schemes.

computer science, information systems, software engineering

Der-Chen Huang,Ling-Chun Liu,Yong-Yuan Deng,Chin-Ling Chen,Kuang-Wei Zeng

DOI: https://doi.org/10.1007/s10586-024-04286-w

2024-03-14

Cluster Computing

Abstract:With the advent of the information age, data storage has not only developed from paper information systems to electronic information system storage, but has also extended to cloud database storage methods. To date, we can see the application of big data and cloud in various fields and levels, making induction, arrangement, transmission, and exchange of data easier and faster. The electronic and systematisation of patient medical records in the medical environment is an example. The use of electronic medical records can help improve the quality of medical care, reduce duplication of treatment, and reduce the waste of examination resources. It has many advantages, but also many risks. Medical institutions may abuse electronic medical data without the consent of patients, leading to the leakage of patient privacy data and causing serious social impact. Therefore, this study proposes a medical record exchange and sharing mechanism based on the Hyperledger blockchain architecture combined with proxy reencryption. When pharmacists need to obtain medical records for related research, patients can decide whether to share medical records, and hospitals can also revoke pharmacist access rights at any time to achieve more private, secure, and convenient sharing of medical records. The proposed scheme meets various blockchain security requirements and the BAN (Burrows–Abadi–Needham) logic proof model (Burrows–Abadi–Needham) is applied to assess the correctness of the proposed scheme. The proposed scheme performs well in terms of computational and communication costs.

computer science, information systems, theory & methods

Yuan Shen,Wei Song,Changsheng Zhao,Zhiyong Peng

DOI: https://doi.org/10.1109/trustcom56396.2022.00037

2022-01-01

Abstract:With the development of cloud computing, patients can obtain efficient and high-quality medical services by uploading their eHealth data to the cloud for sharing among medical personnel. Because eHealth data contain lots of sensitive information, they are always encrypted before uploading to protect patients’ privacy. Ciphertext-policy attribute-based encryption (CP-ABE) is a commonly used cryptographic primitive since it achieves fine-grained and one-to-many access control on the encrypted data. However, encrypted eHealth data may become an obstacle for some healthcare scenarios, especially the emergency rescue scenes. In addition, the one-to-many access manner makes the traditional CP-ABE mechanism hard to track the identity of a traitor who sells the decryption privilege to others. In this paper, we propose an Emergency Access Control and Traceable (EmACT) attribute-based encryption scheme to address these issues. In addition, EmACT outsources the heavy bilinear computations of the decryption to the cloud, which means that EmACT is adaptable to the resource-constrained health-monitoring devices. The proposed scheme’s security is formally proven, and the experimental results demonstrate that EmACT is efficient and practicable.

Gaoyuan Quan,Zhongyuan Yao,Longfei Chen,Yonghao Fang,Weihua Zhu,Xueming Si,Min Li

DOI: https://doi.org/10.1016/j.heliyon.2023.e22542

IF: 3.776

2023-01-01

Heliyon

Abstract:Traditional cloud-centric approaches to medical data sharing pose risks related to real-time performance, security, and stability. Medical and healthcare data encounter challenges like data silos, privacy breaches, and transmission latency. In response to these challenges, this paper introduces a blockchain-based framework for trustworthy medical data sharing in edge computing environments. Leveraging healthcare consortium edge blockchains, this framework enables fine-grained access control to medical data. Specifically, it addresses the real-time, multi-attribute authorization challenge in CP-ABE through a Distributed Attribute Authorization strategy (DAA) based on blockchain. Furthermore, it tackles the key security issues in CP-ABE through a Distributed Key Generation protocol (DKG) based on blockchain. To address computational resource constraints in CP-ABE, we enhance a Distributed Modular Exponentiation Outsourcing algorithm (DME) and elevate its verifiable probability to “1”. Theoretical analysis establishes the IND-CPA security of this framework in the Random Oracle Model. Experimental results demonstrate the effectiveness of our solution for resource-constrained end-user devices in edge computing environments.

Xiaohui Yang,Kun Zhang,Kai Jia,Peiyin Zhao

DOI: https://doi.org/10.1007/s12083-024-01669-z

IF: 3.488

2024-03-07

Peer-to-Peer Networking and Applications

Abstract:Sharing electronic medical record (EMR) is essential to dig out the value of medical data. Current data-sharing schemes usually rely on trusted third-party institutions. Patients lack control and tracking capabilities for sensitive individual medical data, and access control strategies lack personalization and autonomy, resulting in patients' reluctance to share EMR. Given the above problems, this paper proposes a blockchain-based patient-centered medical account chain to address the issues of existing EMR sharing schemes. The account chain establishes a personal smart contract account for the patient to allow patients to control and track sensitive medical data. This smart contract consists of two components: identity management and data management. Using the identity management contract, the patient can authorize and revoke access to their data. Data management contracts only allow authorized doctors to access and update the EMR. We use a hybrid encryption system, combining symmetric and asymmetric methods, to secure EMR, which often includes large files like medical images. This approach effectively tackles data privacy and security challenges, while improving encryption and decryption efficiency. The encrypted EMR is stored in the InterPlanetary File System (IPFS) cluster. Within the smart contract account, only the hash value from IPFS and the symmetric key encrypted with the patient's public key are retained. This approach minimizes storage costs on the blockchain while ensuring data coherence and integrity. During the sharing process, the proxy re-encryption algorithm reduces computational overhead on the patient's side while mitigating the risks associated with frequent exposure of the patient's private key. Through experiments and theoretical analysis on the Ethereum platform, the efficiency and superiority of the medical account chain in terms of functions, storage and computing costs are verified, and it is more suitable for modern medical scenarios.

computer science, information systems,telecommunications

Yu Wu,Nanzhou Lin,Wei Song,Yuan Shen,Xiandi Yang,Juntao Zhang,Yan Sun

DOI: https://doi.org/10.1007/978-3-030-30952-7_36

2019-01-01

Abstract:The outsourcing storage of medical big data encrypted in the cloud can effectively alleviate the problem of privacy disclosure, but cipher text storage will lead to the inconvenience of data access, which brings new challenges to medical big data shared access. The existing flexible authorization solutions for encrypted data are mainly based on methods such as CP-ABE, which requires the data owner to define the data access strategy, while in reality, the patient is the data owner of the medical data. At the same time, the existing scheme does not support access control authorization in emergency scenarios, and in medical big data applications, when patients can not authorize data users to access cipher text medical data, it will lead to unpredictable consequences. According to the application requirements of encrypted medical big data shared service in cloud environment, an adaptive authorization access method based on attribute encryption is proposed to realize flexible and secure medical data access authorization in normal and emergency situations. Experimental results demonstrate that our scheme is efficient.

Hancheng Gao,Haiping Huang,Lingyan Xue,Fu Xiao,Qi Li

DOI: https://doi.org/10.1109/jiot.2023.3279893

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The integration of Internet of Things (IoT) with cloud-edge computing in cyber-physical systems has revolutionized the way healthcare enterprises manage electronic health records (EHRs). With more healthcare enterprises outsourcing encrypted EHRs to the cloud, searchable encryption is utilized to retrieve encrypted data, especially attribute-based searchable encryption (ABSE) can achieve fine-grained access control. However, ABSE usually requires a lot of computation, which imposes a serious burden on resource-limited devices. Moreover, ensuring fairness in data access is crucial in the healthcare domain, where both data users and owners may have conflicting interests. In order to overcome these problems, this paper proposes a searchable encryption scheme with fine-grained access control for cloud-based EHRs sharing assisted by blockchain. It transfers computing tasks to edge servers and enables users to control who has access to their EHRs. The adoption of blockchain and smart contracts guarantees data integrity and transaction fairness. Moreover, a consensus algorithm is designed for the higher efficiency of the proposed scheme. Finally, security analysis proves the proposed scheme resists adaptive chosen keyword attacks (CKA). Performance analysis further confirms it has more functionalities and is efficient for smart healthcare.

computer science, information systems,telecommunications,engineering, electrical & electronic

Tatsuya Suzuki,Keita Emura,Toshihiro Ohigashi

DOI: https://doi.org/10.1007/s10916-019-1244-2

IF: 4.92

2019-03-28

Journal of Medical Systems

Abstract:To provide a search functionality for encrypted data, public key encryption with keyword search (PEKS) has been widely recognized. In actual usage, a PEKS scheme should be employed with a PKE scheme since PEKS itself does not support the decryption of data. Since a naive composition of a PEKS ciphertext and a PKE ciphertext does not provide CCA security, several attempts have been made to integrate PEKS and PKE in a joint CCA manner (PEKS/PKE for short). In this paper, we further extend these works by integrating secure-channel free PEKS (SCF-PEKS) and PKE, which we call SCF-PEKS/PKE, where no secure channel is required to send trapdoors. We give a formal security definition of SCF-PEKS/PKE in a joint CCA manner, and propose a generic construction of SCF-PEKS/PKE based on anonymous identity-based encryption, tag-based encryption, and one-time signature. We also strengthen the current consistency definition according to the secure-channel free property, and show that our construction is strongly consistent if the underlying IBE provides unrestricted strong collision-freeness which is defined in this paper. We also show that such an IBE scheme can be constructed by employing the Abdalla et al. transformations (TCC 2010/J. Cryptology 2018). Finally, as an application of SCF-PEKS/PKE, we strengthen the security of encrypted Electronic Medical Record (EMR) system proposed by Guo and Yau (J. Medical Sys. 2015).

health care sciences & services,medical informatics

Shufen Niu,Wenke Liu,Song Han,Lizhi Fang

DOI: https://doi.org/10.1371/journal.pone.0244979

IF: 3.7

2021-01-07

PLoS ONE

Abstract:As cloud storage technology develops, data sharing of cloud-based electronic medical records (EMRs) has become a hot topic in the academia and healthcare sectors. To solve the problem of secure search and sharing of EMR in cloud platforms, an EMR data-sharing scheme supporting multi-keyword search is proposed. The proposed scheme combines searchable encryption and proxy re-encryption technologies to perform keyword search and achieve secure sharing of encrypted EMR. At the same time, the scheme uses a traceable pseudo identity to protect the patient's private information. Our scheme is proven secure based on the modified Bilinear Diffie-Hellman assumption and Quotient Decisional Bilinear Diffie-Hellman assumption under the random oracle model. The performance of our scheme is evaluated through theoretical analysis and numerical simulation.

JG Zhang,XM Chen,J Zhuang,JR Jiang,XY Zhang,DQ Wu,HK Huang

DOI: https://doi.org/10.1117/12.480651

2003-01-01

Abstract:In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare providers. CA component keeps the information of user personnel identification, accessing rights, and their administration levels, and the DSPR component manages the All the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

Hongzhi Li,Dun Li,Wei Liang

DOI: https://doi.org/10.1007/s10586-024-04524-1

2024-05-30

Cluster Computing

Abstract:The application of healthcare systems has led to an explosive growth in personal electronic health records (EHRs). These EHRs are generated from different healthcare institutions and stored in cloud data centers, respectively. However, data owners lose the authority to control and track their private and sensitive EHRs. In fact, data owners cannot establish rules for EHRs exchanging and sharing, nor can they verify the integrity of EHRs stored in semi-trusted clouds. Hence, an individual-centric access control framework is required to realize data access control. In this study, we construct a data access control framework, which integrates decentralized smart contracts and role-based access control (RBAC) to provide fine-grained data access control services. The key ideas of this schme includes: (1) a fine-grained access control framework for EHRs is proposed to achieve trusted access control; (2) a personalized policies definition mechanism is adopted to achieve patient-centric data access control; (3) a integrity checking mechanism for the shared EHRs is implemented to ensure the availability of medical records. Finally, we analyze the security properties of this scheme and develop a prototype system to evaluate its performance. Both theoretical analysis and experiment results demonstrate that this scheme can provide fine-grained access control and efficient integrity checking services for EHRs.

computer science, information systems, theory & methods

Akanksha Saini,Qingyi Zhu,Navneet Singh,Yong Xiang,Longxiang Gao,Yushu Zhang

DOI: https://doi.org/10.1109/jiot.2020.3032997

IF: 10.6

2021-04-01

IEEE Internet of Things Journal

Abstract:In current healthcare systems, electronic medical records (EMRs) are always located in different hospitals and controlled by a centralized cloud provider. However, it leads to single point of failure as patients being the real owner lose track of their private and sensitive EMRs. Hence, this article aims to build an access control framework based on smart contract, which is built on the top of distributed ledger (blockchain), to secure the sharing of EMRs among different entities involved in the smart healthcare system. For this, we propose four forms of smart contracts for user verification, access authorization, misbehavior detection, and access revocation, respectively. In this framework, considering the block size of ledger and huge amount of patient data, the EMRs are stored in cloud after being encrypted through the cryptographic functions of elliptic curve cryptography (ECC) and Edwards-curve digital signature algorithm (EdDSA), while their corresponding hashes are packed into blockchain. The performance evaluation based on a private Ethereum system is used to verify the efficiency of proposed access control framework in the real-time smart healthcare system.

computer science, information systems,telecommunications,engineering, electrical & electronic

Peng Wang,Tao Xiang,Xiaoguo Li,Hong Xiang

DOI: https://doi.org/10.1016/j.ins.2020.09.004

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>With the increasing popularity of Internet of Energy (IoE), more and more physical devices connected to IoE depend on the information system for energy control and coordination. Under this condition, how to achieve information flow control in IoE becomes a great challenge. Access control encryption (ACE) is a promising technology to address the problem. However, existing ACE requires a centralized sanitizer, hindering its successful application in IoE. In this paper, we construct a new kind of ACE without sanitizers for IoE. We first construct a basic ACE scheme based on number-theoretic assumptions (i.e., DBDH assumption), and this scheme can control not only what users can read but also what they can write. To resist against the quantum attacks, we further construct a more secure ACE scheme based on learning with errors (LWE). We formally prove that our proposed two ACE schemes are secure under the proposed security definition, and we also evaluate the applicability and the efficiency of them in experiments.</p>

computer science, information systems