Abstract
Electronic healthcare (eHealth) systems have replaced traditional paper-based medical systems due to attractive features such as universal accessibility, high accuracy, and low cost. As a major constituent part of eHealth systems, mobile healthcare (mHealth) applies Mobile Internet Devices (MIDs) and Embedded Devices (EDs), such as tablets, smartphones, and other devices embedded in the bodies of individuals, to improve the quality of life and provide more convenient healthcare services for patients. Unfortunately, MIDs and EDs have only limited computational capacity, storage space, and power supply. By taking this into account, we present a new design to guarantee the integrity of eHealth records and the anonymity of the data owner in a more efficient and flexible way. The essence of our design is a general method which can convert any secure Attribute-Based Signature (ABS) scheme into a highly efficient and secure Online/Offline Attribute-Based Signature (OOABS) scheme. We prove the security and analyze the efficiency improvement of the new design. Additionally, we illustrate the proposed generic construction by applying it to a specific ABS scheme.
- Research 2 Guidance. 2012. Retrieved from http://research2guidance.com/us-1-3-billion-the-market-for-mhealth-applications-in-2012/.Google Scholar
- Shahriar Akter and Pradeep Ray. 2010. mHealth-an ultimate platform to serve the unserved. Yearb. Med. Inform. 2010 (2010), 94--100.Google Scholar
- Nuttapong Attrapadung, Benoît Libert, and Elie De Panafieu. 2011. Expressive key-policy attribute-based encryption with constant-size ciphertexts. In Public Key Cryptography (PKC’11). Springer, 90--108. Google ScholarCross Ref
- Josh Benaloh, Melissa Chase, Eric Horvitz, and Kristin Lauter. 2009. Patient Controlled Encryption: Ensuring privacy of electronic medical records. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security. ACM, 103--114. Google ScholarDigital Library
- John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-policy attribute-based encryption. In IEEE Symposium on Security and Privacy, 2007 (SP’07). IEEE, 321--334. Google ScholarDigital Library
- Xavier Boyen. 2007. Mesh signatures. In Advances in Cryptology (EUROCRYPT’07). Springer, 210--227. Google ScholarDigital Library
- Luigi Catuogno, Alexandra Dmitrienko, Konrad Eriksson, Dirk Kuhlmann, Gianluca Ramunno, Ahmad-Reza Sadeghi, Steffen Schulz, Matthias Schunter, Marcel Winandy, and Jing Zhan. 2009a. Trusted virtual domains--design, implementation and lessons learned. In International Conference on Trusted Systems. Springer, 156--179.Google Scholar
- Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, and Marcel Winandy. 2009b. Transparent mobile storage protection in trusted virtual domains. In LISA. 159--172.Google Scholar
- Luigi Catuogno, Hans Löhr, Marcel Winandy, and Ahmad-Reza Sadeghi. 2014. A trusted versioning file system for passive mobile storage devices. J. Netw. Comput. Appl. 38 (2014), 65--75. Google ScholarDigital Library
- David Chaum and Eugène Van Heyst. 1991. Group signatures. In Advances in Cryptology (EUROCRYPT’91). Springer, 257--265. Google ScholarCross Ref
- Xiaofeng Chen, Fangguo Zhang, Willy Susilo, and Yi Mu. 2007. Efficient generic on-line/off-line signatures without key exposure. In Applied Cryptography and Network Security. Springer, 18--30. Google ScholarDigital Library
- Keita Emura, Atsuko Miyaji, Akito Nomura, Kazumasa Omote, and Masakazu Soshi. 2009. A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In Information Security Practice and Experience. Springer, 13--23. Google ScholarDigital Library
- Alex Escala, Javier Herranz, and Paz Morillo. 2011. Revocable attribute-based signatures with adaptive security in the standard model. In Progress in Cryptology (AFRICACRYPT’11). Springer, 224--241. Google ScholarCross Ref
- Shimon Even, Oded Goldreich, and Silvio Micali. 1990. On-line/off-line digital signatures. In Advances in Cryptology (CRYPTO’89 Proceedings). Springer, 263--275. Google ScholarCross Ref
- Martin Gagné, Shivaramakrishnan Narayan, and Reihaneh Safavi-Naini. 2013. Short pairing-efficient threshold-attribute-based signature. In Pairing-Based Cryptography (Pairing’12). Springer, 295--313. Google ScholarDigital Library
- Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. 1988. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17, 2 (1988), 281--308. Google ScholarDigital Library
- Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006a. Attribute-based encryption for fine-grained access control of encrypted data. In 13th ACM Conference on Computer and Communications Security. ACM, 89--98.Google ScholarDigital Library
- Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006b. Attribute-based encryption for fine-grained access control of encrypted data. In 13th ACM Conference on Computer and Communications Security (CCS’06). ACM, 89--98. Google ScholarDigital Library
- Tracy D. Gunter and Nicolas P. Terry. 2005. The emergence of national electronic health record architectures in the United States and Australia: Models, costs, and questions. J. Med. Internet Res. 7, 1 (2005). Google ScholarCross Ref
- Fuchun Guo and Yi Mu. 2008. Optimal online/offline signature: How to sign a message without online computation. In Provable Security. Springer, 98--111. Google ScholarDigital Library
- Javier Herranz, Fabien Laguillaumie, Benoît Libert, and Carla Ràfols. 2012. Short attribute-based signatures for threshold predicates. In Topics in Cryptology (CT-RSA’12). Springer, 51--67. Google ScholarDigital Library
- Javier Herranz, Fabien Laguillaumie, and Carla Ràfols. 2010. Constant size ciphertexts in threshold attribute-based encryption. In Public Key Cryptography (PKC’10). Springer, 19--34. Google ScholarDigital Library
- Susan Hohenberger and Brent Waters. 2014. Online/offline attribute-based encryption. In Public-Key Cryptography (PKC 2014). Springer, 293--310. Google ScholarDigital Library
- Jing Jin, Gail-Joon Ahn, Hongxin Hu, Michael J. Covington, and Xinwen Zhang. 2009. Patient-centric authorization framework for sharing electronic health records. In 14th ACM Symposium on Access Control Models and Technologies. ACM, 125--134. Google ScholarDigital Library
- Jayaprakash Kar. 2014. Provably secure online/off-line identity-based signature scheme for wireless sensor network. IJ Netw. Sec. 16, 1 (2014), 29--39.Google Scholar
- Dalia Khader. 2007. Attribute based group signatures. IACR Cryptology ePrint Archive 2007 (2007), 159.Google Scholar
- Hugo Krawczyk and Tal Rabin. 2000. Chameleon hashing and signatures. In Proc. of NDSS. Citeseer, 143--154.Google Scholar
- Allison Lewko, Tatsuaki Okamoto, Amit Sahai, Katsuyuki Takashima, and Brent Waters. 2010. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In Advances in Cryptology (EUROCRYPT’2010). Springer, 62--91. Google ScholarDigital Library
- Jin Li, Man Ho Au, Willy Susilo, Dongqing Xie, and Kui Ren. 2010. Attribute-based signature and its applications. In 5th ACM Symposium on Information, Computer and Communications Security. ACM, 60--69. Google ScholarDigital Library
- Jin Li and Kwangjo Kim. 2008. Attribute-based ring signatures. IACR Cryptology ePrint Archive 2008 (2008), 394.Google Scholar
- Ming Li, Shucheng Yu, Yao Zheng, Kui Ren, and Wenjing Lou. 2013. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24, 1 (2013), 131--143. Google ScholarDigital Library
- Dai-Rui Lin, Chih-I. Wang, and D. J. Guan. 2008. An efficiently online/offline signcryption for firewall. In 8th International Conference on Intelligent Systems Design and Applications, 2008 (ISDA’08). Vol. 3. IEEE, 472--478.Google Scholar
- Joseph K. Liu, Joonsang Baek, Jianying Zhou, Yanjiang Yang, and Jun Wen Wong. 2010. Efficient online/offline identity-based signature for wireless sensor network. Int. J. Inform. Sec. 9, 4 (2010), 287--296. Google ScholarDigital Library
- Hemanta K. Maji, Manoj Prabhakaran, and Mike Rosulek. 2008. Attribute-based signatures: Achieving attribute-privacy and collusion-resistance. IACR Cryptology ePrint Archive 2008 (2008), 328.Google Scholar
- Hemanta K. Maji, Manoj Prabhakaran, and Mike Rosulek. 2011. Attribute-based signatures. In Topics in Cryptology (CT-RSA 2011). Springer, 376--392. Google ScholarCross Ref
- Michelino Mancini. 2014. Medical identity theft in the emergency department: Awareness is crucial. West. J. Emerg. Med. (2014).Google Scholar
- Yang Ming and Yumin Wang. 2010. Improved identity based online/offline signature scheme. In 2010 7th International Conference on Ubiquitous Intelligence 8 Computing and 7th International Conference on Autonomic 8 Trusted Computing (UIC/ATC’10). IEEE, 126--131.Google ScholarDigital Library
- Vanga Odelu, Ashok Kumar Das, Y. Sreenivasa Rao, Saru Kumari, Muhammad Khurram Khan, and Kim-Kwang Raymond Choo. 2016. Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment. Comput. Stand. Interf. (2016).Google Scholar
- Tatsuaki Okamoto and Katsuyuki Takashima. 2011. Efficient attribute-based signatures for non-monotone predicates in the standard model. In Public Key Cryptography (PKC’11). Springer, 35--52. Google ScholarCross Ref
- Tatsuaki Okamoto and Katsuyuki Takashima. 2013. Decentralized attribute-based signatures. In Public-Key Cryptography (PKC 2013). Springer, 125--142. Google ScholarCross Ref
- Tatsuaki Okamoto and Katsuyuki Takashima. 2014. Efficient attribute-based signatures for non-monotone predicates in the standard model. IEEE Trans. Cloud Comput. 2, 4 (2014), 409--421. Google ScholarCross Ref
- Y. Sreenivasa Rao and Ratna Dutta. 2014. Expressive bandwidth-efficient attribute based signature and signcryption in standard model. In Information Security and Privacy. Springer, 209--225. Google ScholarCross Ref
- Ronald L. Rivest, Adi Shamir, and Yael Tauman. 2001. How to leak a secret. In Advances in Cryptology (ASIACRYPT 2001). Springer, 552--565. Google ScholarCross Ref
- Amit Sahai and Brent Waters. 2005. Fuzzy identity-based encryption. In Advances in Cryptology (EUROCRYPT 2005). Springer, 457--473. Google ScholarDigital Library
- Siamak F. Shahandashti and Reihaneh Safavi-Naini. 2009. Threshold attribute-based signatures and their application to anonymous credential systems. In Progress in Cryptology (AFRICACRYPT 2009). Springer, 198--216. Google ScholarDigital Library
- Adi Shamir. 1985. Identity-based cryptosystems and signature schemes. In Advances in Cryptology. Springer, 47--53. Google ScholarCross Ref
- Adi Shamir and Yael Tauman. 2001. Improved online/offline signature schemes. In Advances in Cryptology (CRYPTO’01). Springer, 355--367. Google ScholarCross Ref
- Jinshu Su, Dan Cao, Baokang Zhao, Xiaofeng Wang, and Ilsun You. 2014. ePASS: An expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the internet of things. Fut. Gen. Comput. Syst.s 33 (2014), 11--18.Google ScholarDigital Library
- Dongdong Sun, Yi Mu, and Willy Susilo. 2008. A generic construction of identity-based online/offline signcryption. In International Symposium on Parallel and Distributed Processing with Applications, 2008 (ISPA’08). IEEE, 707--712.Google Scholar
- Latanya Sweeney. 2002. k-anonymity: A model for protecting privacy. Int. J. Uncert. Fuzz. Knowl.-Based Syst. 10, 05 (2002), 557--570.Google ScholarDigital Library
- Sapal Tachakra, X. H. Wang, Robert S. H. Istepanian, and Y. H. Song. 2003. Mobile e-health: The unwired evolution of telemedicine. Telemed. J. E-health 9, 3 (2003), 247--257.Google ScholarCross Ref
- Yue Tong, Jinyuan Sun, Sherman S. M. Chow, and Pan Li. 2014. Cloud-assisted mobile-access of health data with privacy and auditability. IEEE J. Biomed. Health Inform. 18, 2 (2014), 419--429. Google ScholarCross Ref
- Yanjiang Yang, Joseph K. Liu, Kaitai Liang, Kim-Kwang Raymond Choo, and Jianying Zhou. 2015. Extended proxy-assisted approach: Achieving revocable fine-grained encryption of cloud data. In European Symposium on Research in Computer Security. Springer, 146--166. Google ScholarCross Ref
- Andrew Chi-Chih Yao and Yunlei Zhao. 2013. Online/offline signatures for low-power devices. IEEE Trans. Inform. Forens. Secur. 8, 2 (2013), 283--294. Google ScholarDigital Library
- Taek-Young Youn and Dowon Hong. 2012. Signcryption with fast online signing and short signcryptext for secure and private mobile communication. Sci. Chin. Informa. Sci. 55, 11 (2012), 2530--2541. Google ScholarCross Ref
- Shaojun Zhang, Peng Chen, and Jianfeng Wang. 2014. Online/offline attribute based signature. In 2014 9th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA). IEEE, 566--571.Google ScholarDigital Library
- Yan Zhang, Dengguo Feng, Zhengfeng Zhang, and Liwu Zhang. 2013. On the security of an efficient attribute-based signature. In Network and System Security. Springer, 381--392. Google ScholarCross Ref
Index Terms
- Protecting Mobile Health Records in Cloud Computing: A Secure, Efficient, and Anonymous Design
Recommendations
Secure sharing of Personal Health Records in cloud computing
The sharing of Personal Health Records (PHR) in cloud computing is a promising platform of health information exchange. However, the storage of personal medical and health information is usually outsourced to some third parties which may result in the ...
Personal Health Records Integrity Verification Using Attribute Based Proxy Signature in Cloud Computing
IDCS 2013: Proceedings of the 6th International Conference on Internet and Distributed Computing Systems - Volume 8223Personal health records PHRs have been appeared as patient -centric model for health information exchange, which are often outsourced to be stored in cloud services. However, the integrity and privacy of the PHRs are cause for concern that personal ...
An Efficient Cloud-Based Personal Health Records System Using Attribute-Based Encryption and Anonymous Multi-receiver Identity-Based Encryption
3PGCIC '14: Proceedings of the 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet ComputingAs an emerging patient-centric model of health information exchange, cloud-based personal health record (PHR) system holds great promise for empowering patients and ensuring more effective delivery of health care. In this paper, we propose a novel ...
Comments