Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Rong Fan,Ling-di Ping,Jian-Qing Fu,Xue-zeng Pan

DOI: https://doi.org/10.1109/wcsp.2010.5633690

2010-01-01

Abstract:Recently, Wireless Body Area Networks (WBANs) have been an attractive platform for pervasive computing and communication. Since the patient-related data is significance for medical diagnosis and patients' health-care, the security of distributed data storage is critical need for applications. However, the distributed architecture makes it challenging to build a secure and efficient data storage system due to the resource-constrained nature of sensor node. Besides, due to the lack of physical protection, WBANs are vulnerable to attacks when deployed in hostile environments. In order to address the challenges, we propose a novel secure and efficient data storage scheme with dynamic integrity checking in this paper. Based on the policies of multiple secret sharing, we first propose a secure and efficient patient-related data storage and access scheme for WBANs. Furthermore, to dynamically check the integrity of the distributed data shares, we then propose an efficient data integrity verification scheme based on orthonormal vectors. Finally, the security and performance analysis shows that the proposed scheme is secure and practical for WBANs.

Yang, Xiaodong,Wei, Lizhen,Li, Songyu,Wang, Caifen

DOI: https://doi.org/10.1007/s12083-024-01769-w

IF: 3.488

2024-07-26

Peer-to-Peer Networking and Applications

Abstract:To enhance the security of medical data, the government and healthcare institutions must collect and analyze vast amounts of information, enabling the prompt detection of irregular patterns and timely issuance of accurate warnings. This is crucial for preventing and containing potential threats to medical data security. However, securely sharing and converting these data poses a significant challenge, particularly in open wireless access networks within healthcare settings. Proxy re-signature (PRS) offers not only signature conversion capabilities but also anonymity, safeguarding data reliability and authenticity. Nonetheless, current proxy re-signature techniques overlook the potential for algorithm substitution attacks (ASA). Therefore, we introduce a novel proxy re-signature scheme, leveraging cryptographic reverse firewall (CRF) technology, tailored specifically for the medical domain. Furthermore, we conducted rigorous security analysis and simulation experiments to validate the practical effectiveness of our scheme. This approach addresses the need for secure data sharing among various entities, including medical institutions, management centers, and research facilities, ensuring the integrity and confidentiality of critical medical information.

computer science, information systems,telecommunications

Chunqiang Hu,Fan Zhang,Xiuzhen Cheng,Xiaofeng Liao,Dechang Chen

DOI: https://doi.org/10.1145/2463183.2463191

2013-01-01

Abstract:Wireless Body Area Networks (BANs) are expected to play a crucial role in patient-health monitoring in the near future. Establishing secure communications between BAN sensors and external users is key to addressing the prevalent security and privacy concerns. In this paper, we propose the primitive functions to implement a secret-sharing based Ciphertext-Policy Attribute-Based Encryption (CP_ABE) scheme, which encrypts the data based on an access structure specified by the data source. We also design two protocols to securely retrieve the sensitive patient data from a BAN and instruct the sensors in a BAN. Our analysis indicates that the proposed scheme is feasible, can provide message authenticity, and can counter possible major attacks such as collusion attacks and battery-draining attacks.

Yimin Wang,Yang Liu

DOI: https://doi.org/10.1109/jsyst.2022.3152742

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:Wireless body area networks (WBANs) are an essential part of health-care system. It collects the patients biomedical data through sensors and sends the data to the remote doctor. Based on these data, remote doctors can provide the patient with a detailed diagnosis and suitable treatment. However, in wireless communication environment, WBANs may be affected by various attacks, which leads to privacy leakage. Before WBANs come into application, data confidentiality and patient privacy are the main challenges for us. Therefore, we proposed a revocable certificateless authentication scheme that effectively overcomes these problems. In this scheme, to realize large-scale applications, we divided WBANs into several independent areas, and each area is responsible for the patients in its own area. Once a malicious user appears, revocation center can change the key of its own area to achieve efficient revocation. This approach disperses the management burden of the network manager and realizes conditional privacy-preserving. Besides, bilinear pairing is not used in this scheme, which greatly reduces the computational cost. It is especially important for clients with limited capabilities in WBANs. It is proved that the security of this scheme is equivalent to the assumption of elliptic curve discrete logarithm in a random oracle.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Krishna Teja Vadikari,Arunkumar Rajasekaran,Vamshi Yatala,Sai Sunneehith,Rahul Potheireddy

DOI: https://doi.org/10.1109/ICDCOT61034.2024.10515957

2024-03-15

Abstract:Wireless Body Area Networks (WBANs) have revolutionized wearable sensor use for swift medical diagnosis and treatment. This study underscores the need for robust solutions to protect user privacy and authentication security during wireless health data exchange. Operating in an environment where wearable devices consistently collect private data, WBAN s highlight the importance of privacy preservation. Integrating WBANs with privacy-preserving methods and anonymous authentication allows users to confidently share data without compromising identities. These builds trust. For secure information sharing between patients and doctors, the work introduces an anonymous privacy-preserving authentication mechanism, considering computational and communication costs. The approach's effectiveness is validated using the Cygwin software tool, offering a pathway for a secure and considerate future in healthcare monitoring. This research contributes to the evolving landscape of secure and private data exchange in the context ofWBANs.

Medicine,Computer Science

Jiayuan Zhang,Rongxin Guo,Yifan Shi,Wanting Tang

DOI: https://doi.org/10.3934/mbe.2024271

2024-06-03

Abstract:Many current electronic medical record (EMR) sharing schemes that use proxy re-encryption and blockchain do not fully consider the potential threat of malicious node impersonation attacks. This oversight could lead to data leakage as attackers masquerade as legitimate users or proxy nodes during the sharing process. To deal with this problem, we propose an EMR sharing scheme based on proxy re-encryption and blockchain to protect against impersonation attacks. First, we prevent the potential threat of impersonation attacks by generating a shared temporary key and assigning tasks to multiple proxy nodes. Second, we use a random function to ensure that the selection of encrypted proxy nodes is fair. Third, we use a combination of blockchain and the InterPlanetary File System to solve the problem of insufficient storage capacity of shared processes and ensure the storage security of EMRs. Through the security proof, our scheme guarantees anti-impersonation, anti-collusion, and anti-chosen plaintext attack capability in the sharing process of EMRs. Additionally, experiments on the blockchain platform, namely Chain33, show that our scheme significantly increases efficiency.

Martin Konan,Wenyong Wang

DOI: https://doi.org/10.3390/s19071608

IF: 3.9

2019-04-03

Sensors

Abstract:The current advances in cloud-based services have significantly enhanced individual satisfaction in numerous modern life areas. Particularly, the recent spectacular innovations in the wireless body area networks (WBAN) domain have made e-Care services rise as a promising application field, which definitely improves the quality of the medical system. However, the forwarded data from the limited connectivity range of WBAN via a smart device (e.g., smartphone) to the application provider (AP) should be secured from an unapproved access and alteration (attacker) that could prompt catastrophic consequences. Therefore, several schemes have been proposed to guarantee data integrity and privacy during their transmission between the client/controller (C) and the AP. Thereby, numerous effective cryptosystem solutions based on a bilinear pairing approach are available in the literature to address the mentioned security issues. Unfortunately, the related solution presents security shortcomings, where AP can with ease impersonate a given C. Hence, this existing scheme cannot fully guarantee C’s data privacy and integrity. Therefore, we propose our contribution to address this data security issue (impersonation) through a secured and efficient remote batch authentication scheme that genuinely ascertains the identity of C and AP. Practically, the proposed cryptosystem is based on an efficient combination of elliptical curve cryptography (ECC) and bilinear pairing schemes. Furthermore, our proposed solution reduces the communication and computational costs by providing an efficient data aggregation and batch authentication for limited device’s resources in WBAN. These additional features (data aggregation and batch authentication) are the core improvements of our scheme that have great merit for limited energy environments like WBAN.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xiuli Chai,Gongyao Cao,Zhifeng Fu,Zhihua Gan,Binjie Wang,Yushu Zhang

DOI: https://doi.org/10.1016/j.bspc.2024.106424

IF: 5.1

2024-01-01

Biomedical Signal Processing and Control

Abstract:With the rapid development of telemedicine technology, electronic medical records (EMR) are facing security issues such as illegal access, leakage and malicious tampering during the transmission of electronic patient information (EPI). In view of this, a high-capacity RDHEI based on adaptive pixel modulation and high bit-plane based redundancy matrix coding (HBP-RMC) is proposed to effectively achieve patient privacy protection by embedding private data such as electronic medical records and authentication information into encrypted medical images. Specifically, the carrier image is encrypted using designed block-level disruption and adaptive pixel-modulation to preserve pixel-correlation. This method provides the basis for high embedding rates while ensuring the overall security of the image. Next, an accurate block-level pixel prediction is proposed to make full use of the high correlation to generate considerable redundancy and in balance with high prediction accuracy. Then the proposed HBP-RMC is used to maximally convert the redundant information into the embeddable space and effectively limit the size of the auxiliary information. At the decoding end, users can realize separable image restoration and information extraction according to their own keys. The maximum ERs of our scheme on the BOWS-2 and BOSSbase datasets can reach 2.9332 bpp and 3.0249 bpp, respectively. Extensive experiments prove that our algorithm outperforms some existing state-of-the-art schemes.

Sunil Prajapat,Pankaj Kumar,Sandeep Kumar

DOI: https://doi.org/10.1007/s10586-024-04449-9

2024-04-15

Cluster Computing

Abstract:The wireless body area network (WBAN) has emerged as a promising networking paradigm thanks to embedded systems, integrated circuit technologies, and wireless communications advancements. WBAN has the ability to send real-time biomedical data to remote medical personnel for clinical diagnostics through intelligent medical sensors in or around the patient's body. Moreover, WBANs have played an increasingly important role in modern medical systems over the past decade as part of the Internet of Things (IoT). In addition to their conveniences, WBANs present us with the data confidentiality challenge and protecting patient's privacy. The system requires a robust security mechanism to protect against threats because of the massive production of delay-sensitive data. This article presents a quantum key distribution (QKD) protocol-based authentication scheme for secure communication within WBAN infrastructure to prevent attacks and provide services free of security risks. To the best of our knowledge, we proposed a privacy preserving quantum authentication scheme for secure data sharing in WBANs to enhance security by encrypting medical data and safeguarding patients identities. Simulations conducted using Mathematica evaluate the proposed quantum authentication protocol both theoretically and practically, showing strong encryption performance against recent schemes. Results include computational cost of 6.832 ms , communication costs of 588 bits, and energy consumption of 432.98 indicating the proposed quantum authentication protocol model exhibits superior reliability, feasibility, and efficiency in safeguarding WBAN data during transmission and storage.

computer science, information systems, theory & methods

Mengxia Shuai,Ling Xiong,Changhui Wang,Nenghai Yu

DOI: https://doi.org/10.1049/iet-ifs.2019.0491

2020-01-01

IET Information Security

Abstract:With the advances in wireless communication and Internet of things, wireless body area networks (WBANs) have attracted more and more attention because of the potential in improving the quality of health care services. With the help of WBANs, the user can access the patient's life-critical data generated by miniaturised medical sensors, and remote health care monitoring services are provided. Since the open nature of wireless channel and sensitivity of transmitted information, the security and privacy of such personal data are becoming important issues that must be dealt with. In the past few years, a large number of authentication schemes had been proposed to solve these issues. However, most of the existing schemes are not secure enough. As a step toward this direction, in this study, the authors present a privacy-preserving authentication scheme with adaptive resilience of desynchronisation attacks for WBANs, in which lightweight crypto-modules are adopted to pursue the best efficiency. The proposed scheme adopts the pseudonym identity technique to provide user anonymity, and one-way hash chain technique and serial number method are employed to ensure forward secrecy and resist desynchronisation attack, respectively. Analysis and comparison results demonstrate that the proposed scheme achieves a delicate balance between security and efficiency.

Yilei Wang,Dongjie Yan,Fagen Li,Hu Xiong

2017-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to delegate the decryption right by re-encrypting the ciphertext under the delegator’s public key to an encryption under the public key of delegatee. Fueled by the translation ability, PRE is regarded as a promising candidate to secure data sharing in a cloud environment. However, the security of the PRE will be totally destroyed in case the secret key of the delegator or the delegatee has been exposed. Despite the key exposure seems inevitable, the PRE scheme with resistance against secret key leakage has never been presented before. To deal with this intractable problem, we propose a key-insulated proxy reencryption (KIPRE) scheme by incorporating the mechanisms of PRE and key-insulated cryptosystem. In the proposed scheme, the lifetime of the secret key associated with the user, i.e., the delegator or the delegatee, has been divided into several periods. In each time period, the user can interact with his/her physically-secure but computation-limited helper to update his/her temporary secret key. On the contrary, the public keys of the users remained unchanged during the whole lifetime of the system. We then apply our KIPRE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds with resilience to the key exposure. The performance evaluation and the security analysis demonstrate that our scheme is efficient and practical.

Zhaoyang Zhang,Honggang Wang,Athanasios V. Vasilakos,Hua Fang

DOI: https://doi.org/10.4108/icst.bodynets.2013.253689

2013-01-01

Abstract:Wireless Body Area Networks (WBANs) are the core of components of future m-Health system and is playing a crucial role in healthcare applications. A key requirement for such applications is secure communications between body sensors. This paper presents a novel key agreement scheme which allows wireless body sensors in WBANs to share a common key generated using wireless channel information. Unlike traditional biometric based security approach, the proposed key agreement does not need extra hardware, which can secure data communications in a plug-n-play manner. Our experimental results show that the proposed scheme is feasible for WBANs.

Jingwei Liu,Zonghua Zhang,Xiaofeng Chen,Kyung Sup Kwak

DOI: https://doi.org/10.1109/tpds.2013.145

IF: 5.3

2014-02-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Wireless body area network (WBAN) has been recognized as one of the promising wireless sensor technologies for improving healthcare service, thanks to its capability of seamlessly and continuously exchanging medical information in real time. However, the lack of a clear in-depth defense line in such a new networking paradigm would make its potential users worry about the leakage of their private information, especially to those unauthenticated or even malicious adversaries. In this paper, we present a pair of efficient and light-weight authentication protocols to enable remote WBAN users to anonymously enjoy healthcare service. In particular, our authentication protocols are rooted with a novel certificateless signature (CLS) scheme, which is computational, efficient, and provably secure against existential forgery on adaptively chosen message attack in the random oracle model. Also, our designs ensure that application or service providers have no privilege to disclose the real identities of users. Even the network manager, which serves as private key generator in the authentication protocols, is prevented from impersonating legitimate users. The performance of our designs is evaluated through both theoretic analysis and experimental simulations, and the comparative studies demonstrate that they outperform the existing schemes in terms of better trade-off between desirable security properties and computational overhead, nicely meeting the needs of WBANs.

computer science, theory & methods,engineering, electrical & electronic

Jianhong Zhang,Chenghe Dong

DOI: https://doi.org/10.1109/tnse.2022.3205044

IF: 6.6

2023-01-10

IEEE Transactions on Network Science and Engineering

Abstract:Wireless body area networks (WBANs) provide healthcare providers with early warning of medical emergencies by monitoring vital parameters of a patient's body with wearable devices embedded with biosensors. However, the resource-constrained nature of WBAN devices makes the data collected from them vulnerable to internal and external attacks during transmission. By aggregating medical data, data aggregation technology is used to conduct statistical analysis of the data and achieve confidentiality of patient information, which can help doctors make the correct diagnosis and assist medical insurance companies choose the right insurance for patients. However, the existing data aggregation schemes are inefficient or prone to potential safety risks to patients due to their high computational intensity and known identity of recipients. To address it, we propose a privacy-preserving health data aggregation scheme in the multi-receiver setting, which not only securely collects health data from IoT wearable devices but also supports the anonymity of multiple receivers while avoiding time-consuming pairing operations. Since the patient's health data and the recipient's identities are transmitted in cipher-text, it effectively prevents data leakage and achieves privacy protection of identity information among recipients. Compared with several existing schemes, the proposed scheme not only achieves anonymity of the collected data and the receivers' identities,but also makes it lightweight. Furthermore, experimental results demonstrate that the proposed scheme is cost-efficient in an all-around performance.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Mengxia Shuai,Bin Liu,Nenghai Yu,Ling Xiong,Changhui Wang

DOI: https://doi.org/10.1016/j.jisa.2020.102499

IF: 4.96

2020-01-01

Journal of Information Security and Applications

Abstract:As a significant part of electronic health, wireless body area networks (WBANs) have greatly improved the quality and efficiency of healthcare. With the help of WBANs, comprehensive and uninterrupted health monitoring becomes possible, and the user can enjoy the medical services provided by application providers with no limitations on space and time. Since the physiological data of user are transmitted on the public channels, it is essential to protect user’s privacy and ensure secure communications in WBANs. In the past few years, several authentication schemes were proposed to solve the security issues of transferring data in WBANs. However, most of these schemes are not efficient and secure enough. As a step towards this direction, in this paper, we propose an efficient and privacy-preserving authentication scheme for WBANs using elliptic curve cryptography (ECC). In the proposed scheme, the method of certificateless authentication based on identity-based cryptography is adopted, which makes it suitable for multi-server architecture without online third party participation. Security analysis and comparisons with five related authentication schemes demonstrate that the proposed privacy-preserving authentication scheme can not only provide the desired security features, but also reduce the computation cost effectively.

Lei Yang,Qingji Zheng,Xinxin Fan

DOI: https://doi.org/10.1109/infocom.2017.8056954

2017-05-01

Abstract:The integration of cloud computing and Internet of Things (IoT) is quickly becoming the key enabler for the digital transformation of the healthcare industry by offering comprehensive improvements in patient engagements, productivity and risk mitigation. This paradigm shift, while bringing numerous benefits and new opportunities to healthcare organizations, has raised a lot of security and privacy concerns. In this paper, we present a reliable, searchable and privacy-preserving e-healthcare system, which takes advantage of emerging cloud storage and IoT infrastructure and enables healthcare service providers (HSPs) to realize remote patient monitoring in a secure and regulatory compliant manner. Our system is built upon a novel dynamic searchable symmetric encryption scheme with forward privacy and delegated verifiability for periodically generated healthcare data. While the forward privacy is achieved by maintaining an increasing counter for each keyword at an IoT gateway, the data owner delegated verifiability comes from the combination of the Bloom filter and aggregate message authentication code. Moreover, our system is able to support multiple HSPs through either data owner assistance or delegation. The detailed security analysis as well as the extensive simulations on a large data set with millions of records demonstrate the practical efficiency of the proposed system for real world healthcare applications.

Chunhua Jin,Zhiwei Chen,Wenyu Qin,Kaijun Sun,Guanhua Chen,Liqing Chen

DOI: https://doi.org/10.1002/nem.2305

2024-10-09

International Journal of Network Management

Abstract:As the internet of vehicles (IoV) technology develops, it promotes the intelligent interaction among vehicles, roadside units, and the environment. Nevertheless, it also brings vehicle information security challenges. In recent years, vehicle data sharing is suffering to algorithm substitution attacks (ASA), which means backdoor adversaries can carry out filtering attacks through data sharing. Therefore, this paper designs a blockchain‐based proxy re‐encryption (PRE) scheme with cryptographic reverse firewall (BIBPR‐CRF) for IoV. In our proposal, CRF can promise the internal safety of vehicle units. More specifically, it can prevent ASA attacks while ensuring chosen plaintext attack (CPA)‐security. Meanwhile, the PRE algorithm can provide the confidential sharing and secure operation of data. Moreover, we use a consortium blockchain service center (CBSC) to store the first ciphertext and re‐encrypt it with smart contracts on the blockchain, which can avoid single point of failure and achieve higher efficiency compared to proxy servers. Finally, we evaluate the performance of BIBPR‐CRF with regard to communication cost, computational cost, and energy consumption. Our proposal is the most fitting for IoV application, in contrast with the other three schemes.

computer science, information systems,telecommunications

Bruno Rodrigues,Ivone Amorim,Ivan Costa,Alexandra Mendes

2023-07-04

Abstract:The exponential growth in the digitisation of services implies the handling and storage of large volumes of data. Businesses and services see data sharing and crossing as an opportunity to improve and produce new business opportunities. The health sector is one area where this proves to be true, enabling better and more innovative treatments. Notwithstanding, this raises concerns regarding personal data being treated and processed. In this paper, we present a patient-centric platform for the secure sharing of health records by shifting the control over the data to the patient, therefore, providing a step further towards data sovereignty. Data sharing is performed only with the consent of the patient, allowing it to revoke access at any given time. Furthermore, we also provide a break-glass approach, resorting to Proxy Re-encryption (PRE) and the concept of a centralised trusted entity that possesses instant access to patients' medical records. Lastly, an analysis is made to assess the performance of the platform's key operations, and the impact that a PRE scheme has on those operations.

Cryptography and Security

Haiping Huang,Peng Zhu,Fu Xiao,Xiang Sun,Qinglong Huang

DOI: https://doi.org/10.1016/j.cose.2020.102010

Abstract:How to alleviate the contradiction between the patient's privacy and the research or commercial demands of health data has become the challenging problem of intelligent medical system with the exponential increase of medical data. In this paper, a blockchain-based privacy-preserving scheme is proposed, which realizes secure sharing of medical data between several entities involved patients, research institutions and semi-trusted cloud servers. And meanwhile, it achieves the data availability and consistency between patients and research institutions, where zero-knowledge proof is employed to verify whether the patient's medical data meets the specific requirements proposed by research institutions without revealing patients' privacy, and then the proxy re-encryption technology is adopted to ensure that research institutions can decrypt the intermediary ciphertext. In addition, this proposal can execute distributed consensus based on PBFT algorithm for transactions between patients and research institutions according to the prearranged terms. Theoretical analysis shows the proposed scheme can satisfy security and privacy requirements such as confidentiality, integrity and availability, as well as performance evaluation demonstrates it is feasible and efficient in contrast with other typical schemes.