research-article

Protecting Mobile Health Records in Cloud Computing: A Secure, Efficient, and Anonymous Design

Authors:

Li XuAuthors Info & Claims

ACM Transactions on Embedded Computing Systems (TECS), Volume 16, Issue 2

Article No.: 57, Pages 1 - 20

https://doi.org/10.1145/2983625

Published: 02 January 2017 Publication History

Abstract

Electronic healthcare (eHealth) systems have replaced traditional paper-based medical systems due to attractive features such as universal accessibility, high accuracy, and low cost. As a major constituent part of eHealth systems, mobile healthcare (mHealth) applies Mobile Internet Devices (MIDs) and Embedded Devices (EDs), such as tablets, smartphones, and other devices embedded in the bodies of individuals, to improve the quality of life and provide more convenient healthcare services for patients. Unfortunately, MIDs and EDs have only limited computational capacity, storage space, and power supply. By taking this into account, we present a new design to guarantee the integrity of eHealth records and the anonymity of the data owner in a more efficient and flexible way. The essence of our design is a general method which can convert any secure Attribute-Based Signature (ABS) scheme into a highly efficient and secure Online/Offline Attribute-Based Signature (OOABS) scheme. We prove the security and analyze the efficiency improvement of the new design. Additionally, we illustrate the proposed generic construction by applying it to a specific ABS scheme.

References

[1]

Research 2 Guidance. 2012. Retrieved from http://research2guidance.com/us-1-3-billion-the-market-for-mhealth-applications-in-2012/.

[2]

Shahriar Akter and Pradeep Ray. 2010. mHealth-an ultimate platform to serve the unserved. Yearb. Med. Inform. 2010 (2010), 94--100.

[3]

Nuttapong Attrapadung, Benoît Libert, and Elie De Panafieu. 2011. Expressive key-policy attribute-based encryption with constant-size ciphertexts. In Public Key Cryptography (PKC’11). Springer, 90--108.

[4]

Josh Benaloh, Melissa Chase, Eric Horvitz, and Kristin Lauter. 2009. Patient Controlled Encryption: Ensuring privacy of electronic medical records. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security. ACM, 103--114.

Digital Library

[5]

John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-policy attribute-based encryption. In IEEE Symposium on Security and Privacy, 2007 (SP’07). IEEE, 321--334.

Digital Library

[6]

Xavier Boyen. 2007. Mesh signatures. In Advances in Cryptology (EUROCRYPT’07). Springer, 210--227.

Digital Library

[7]

Luigi Catuogno, Alexandra Dmitrienko, Konrad Eriksson, Dirk Kuhlmann, Gianluca Ramunno, Ahmad-Reza Sadeghi, Steffen Schulz, Matthias Schunter, Marcel Winandy, and Jing Zhan. 2009a. Trusted virtual domains--design, implementation and lessons learned. In International Conference on Trusted Systems. Springer, 156--179.

[8]

Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, and Marcel Winandy. 2009b. Transparent mobile storage protection in trusted virtual domains. In LISA. 159--172.

[9]

Luigi Catuogno, Hans Löhr, Marcel Winandy, and Ahmad-Reza Sadeghi. 2014. A trusted versioning file system for passive mobile storage devices. J. Netw. Comput. Appl. 38 (2014), 65--75.

Digital Library

[10]

David Chaum and Eugène Van Heyst. 1991. Group signatures. In Advances in Cryptology (EUROCRYPT’91). Springer, 257--265.

[11]

Xiaofeng Chen, Fangguo Zhang, Willy Susilo, and Yi Mu. 2007. Efficient generic on-line/off-line signatures without key exposure. In Applied Cryptography and Network Security. Springer, 18--30.

Digital Library

[12]

Keita Emura, Atsuko Miyaji, Akito Nomura, Kazumasa Omote, and Masakazu Soshi. 2009. A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In Information Security Practice and Experience. Springer, 13--23.

Digital Library

[13]

Alex Escala, Javier Herranz, and Paz Morillo. 2011. Revocable attribute-based signatures with adaptive security in the standard model. In Progress in Cryptology (AFRICACRYPT’11). Springer, 224--241.

[14]

Shimon Even, Oded Goldreich, and Silvio Micali. 1990. On-line/off-line digital signatures. In Advances in Cryptology (CRYPTO’89 Proceedings). Springer, 263--275.

[15]

Martin Gagné, Shivaramakrishnan Narayan, and Reihaneh Safavi-Naini. 2013. Short pairing-efficient threshold-attribute-based signature. In Pairing-Based Cryptography (Pairing’12). Springer, 295--313.

Digital Library

[16]

Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. 1988. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17, 2 (1988), 281--308.

Digital Library

[17]

Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006a. Attribute-based encryption for fine-grained access control of encrypted data. In 13th ACM Conference on Computer and Communications Security. ACM, 89--98.

Digital Library

[18]

Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006b. Attribute-based encryption for fine-grained access control of encrypted data. In 13th ACM Conference on Computer and Communications Security (CCS’06). ACM, 89--98.

Digital Library

[19]

Tracy D. Gunter and Nicolas P. Terry. 2005. The emergence of national electronic health record architectures in the United States and Australia: Models, costs, and questions. J. Med. Internet Res. 7, 1 (2005).

[20]

Fuchun Guo and Yi Mu. 2008. Optimal online/offline signature: How to sign a message without online computation. In Provable Security. Springer, 98--111.

Digital Library

[21]

Javier Herranz, Fabien Laguillaumie, Benoît Libert, and Carla Ràfols. 2012. Short attribute-based signatures for threshold predicates. In Topics in Cryptology (CT-RSA’12). Springer, 51--67.

Digital Library

[22]

Javier Herranz, Fabien Laguillaumie, and Carla Ràfols. 2010. Constant size ciphertexts in threshold attribute-based encryption. In Public Key Cryptography (PKC’10). Springer, 19--34.

Digital Library

[23]

Susan Hohenberger and Brent Waters. 2014. Online/offline attribute-based encryption. In Public-Key Cryptography (PKC 2014). Springer, 293--310.

Digital Library

[24]

Jing Jin, Gail-Joon Ahn, Hongxin Hu, Michael J. Covington, and Xinwen Zhang. 2009. Patient-centric authorization framework for sharing electronic health records. In 14th ACM Symposium on Access Control Models and Technologies. ACM, 125--134.

Digital Library

[25]

Jayaprakash Kar. 2014. Provably secure online/off-line identity-based signature scheme for wireless sensor network. IJ Netw. Sec. 16, 1 (2014), 29--39.

[26]

Dalia Khader. 2007. Attribute based group signatures. IACR Cryptology ePrint Archive 2007 (2007), 159.

[27]

Hugo Krawczyk and Tal Rabin. 2000. Chameleon hashing and signatures. In Proc. of NDSS. Citeseer, 143--154.

[28]

Allison Lewko, Tatsuaki Okamoto, Amit Sahai, Katsuyuki Takashima, and Brent Waters. 2010. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In Advances in Cryptology (EUROCRYPT’2010). Springer, 62--91.

Digital Library

[29]

Jin Li, Man Ho Au, Willy Susilo, Dongqing Xie, and Kui Ren. 2010. Attribute-based signature and its applications. In 5th ACM Symposium on Information, Computer and Communications Security. ACM, 60--69.

Digital Library

[30]

Jin Li and Kwangjo Kim. 2008. Attribute-based ring signatures. IACR Cryptology ePrint Archive 2008 (2008), 394.

[31]

Ming Li, Shucheng Yu, Yao Zheng, Kui Ren, and Wenjing Lou. 2013. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24, 1 (2013), 131--143.

Digital Library

[32]

Dai-Rui Lin, Chih-I. Wang, and D. J. Guan. 2008. An efficiently online/offline signcryption for firewall. In 8th International Conference on Intelligent Systems Design and Applications, 2008 (ISDA’08). Vol. 3. IEEE, 472--478.

[33]

Joseph K. Liu, Joonsang Baek, Jianying Zhou, Yanjiang Yang, and Jun Wen Wong. 2010. Efficient online/offline identity-based signature for wireless sensor network. Int. J. Inform. Sec. 9, 4 (2010), 287--296.

Digital Library

[34]

Hemanta K. Maji, Manoj Prabhakaran, and Mike Rosulek. 2008. Attribute-based signatures: Achieving attribute-privacy and collusion-resistance. IACR Cryptology ePrint Archive 2008 (2008), 328.

[35]

Hemanta K. Maji, Manoj Prabhakaran, and Mike Rosulek. 2011. Attribute-based signatures. In Topics in Cryptology (CT-RSA 2011). Springer, 376--392.

[36]

Michelino Mancini. 2014. Medical identity theft in the emergency department: Awareness is crucial. West. J. Emerg. Med. (2014).

[37]

Yang Ming and Yumin Wang. 2010. Improved identity based online/offline signature scheme. In 2010 7th International Conference on Ubiquitous Intelligence 8 Computing and 7th International Conference on Autonomic 8 Trusted Computing (UIC/ATC’10). IEEE, 126--131.

Digital Library

[38]

Vanga Odelu, Ashok Kumar Das, Y. Sreenivasa Rao, Saru Kumari, Muhammad Khurram Khan, and Kim-Kwang Raymond Choo. 2016. Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment. Comput. Stand. Interf. (2016).

[39]

Tatsuaki Okamoto and Katsuyuki Takashima. 2011. Efficient attribute-based signatures for non-monotone predicates in the standard model. In Public Key Cryptography (PKC’11). Springer, 35--52.

[40]

Tatsuaki Okamoto and Katsuyuki Takashima. 2013. Decentralized attribute-based signatures. In Public-Key Cryptography (PKC 2013). Springer, 125--142.

[41]

Tatsuaki Okamoto and Katsuyuki Takashima. 2014. Efficient attribute-based signatures for non-monotone predicates in the standard model. IEEE Trans. Cloud Comput. 2, 4 (2014), 409--421.

[42]

Y. Sreenivasa Rao and Ratna Dutta. 2014. Expressive bandwidth-efficient attribute based signature and signcryption in standard model. In Information Security and Privacy. Springer, 209--225.

[43]

Ronald L. Rivest, Adi Shamir, and Yael Tauman. 2001. How to leak a secret. In Advances in Cryptology (ASIACRYPT 2001). Springer, 552--565.

[44]

Amit Sahai and Brent Waters. 2005. Fuzzy identity-based encryption. In Advances in Cryptology (EUROCRYPT 2005). Springer, 457--473.

Digital Library

[45]

Siamak F. Shahandashti and Reihaneh Safavi-Naini. 2009. Threshold attribute-based signatures and their application to anonymous credential systems. In Progress in Cryptology (AFRICACRYPT 2009). Springer, 198--216.

Digital Library

[46]

Adi Shamir. 1985. Identity-based cryptosystems and signature schemes. In Advances in Cryptology. Springer, 47--53.

[47]

Adi Shamir and Yael Tauman. 2001. Improved online/offline signature schemes. In Advances in Cryptology (CRYPTO’01). Springer, 355--367.

[48]

Jinshu Su, Dan Cao, Baokang Zhao, Xiaofeng Wang, and Ilsun You. 2014. ePASS: An expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the internet of things. Fut. Gen. Comput. Syst.s 33 (2014), 11--18.

Digital Library

[49]

Dongdong Sun, Yi Mu, and Willy Susilo. 2008. A generic construction of identity-based online/offline signcryption. In International Symposium on Parallel and Distributed Processing with Applications, 2008 (ISPA’08). IEEE, 707--712.

[50]

Latanya Sweeney. 2002. k-anonymity: A model for protecting privacy. Int. J. Uncert. Fuzz. Knowl.-Based Syst. 10, 05 (2002), 557--570.

Digital Library

[51]

Sapal Tachakra, X. H. Wang, Robert S. H. Istepanian, and Y. H. Song. 2003. Mobile e-health: The unwired evolution of telemedicine. Telemed. J. E-health 9, 3 (2003), 247--257.

[52]

Yue Tong, Jinyuan Sun, Sherman S. M. Chow, and Pan Li. 2014. Cloud-assisted mobile-access of health data with privacy and auditability. IEEE J. Biomed. Health Inform. 18, 2 (2014), 419--429.

[53]

Yanjiang Yang, Joseph K. Liu, Kaitai Liang, Kim-Kwang Raymond Choo, and Jianying Zhou. 2015. Extended proxy-assisted approach: Achieving revocable fine-grained encryption of cloud data. In European Symposium on Research in Computer Security. Springer, 146--166.

[54]

Andrew Chi-Chih Yao and Yunlei Zhao. 2013. Online/offline signatures for low-power devices. IEEE Trans. Inform. Forens. Secur. 8, 2 (2013), 283--294.

Digital Library

[55]

Taek-Young Youn and Dowon Hong. 2012. Signcryption with fast online signing and short signcryptext for secure and private mobile communication. Sci. Chin. Informa. Sci. 55, 11 (2012), 2530--2541.

[56]

Shaojun Zhang, Peng Chen, and Jianfeng Wang. 2014. Online/offline attribute based signature. In 2014 9th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA). IEEE, 566--571.

Digital Library

[57]

Yan Zhang, Dengguo Feng, Zhengfeng Zhang, and Liwu Zhang. 2013. On the security of an efficient attribute-based signature. In Network and System Security. Springer, 381--392.

Cited By

Liu JYang JHuang XXu LXiang Y(2024)Privacy Enhanced Authentication for Online Learning Healthcare SystemsIEEE Transactions on Services Computing10.1109/TSC.2023.334849717:4(1670-1681)Online publication date: Jul-2024
https://doi.org/10.1109/TSC.2023.3348497
Morales-Camargo JMeneses-Claudio B(2023)Electronic medical record and its impact on health care and management. A systematic review between the years 2013 – 2023Salud, Ciencia y Tecnología - Serie de Conferencias10.56294/sctconf20234552(455)Online publication date: 8-Oct-2023
https://doi.org/10.56294/sctconf2023455
Huang QYan GYang Y(2023)Privacy-Preserving Traceable Attribute-Based Keyword Search in Multi-Authority Medical CloudIEEE Transactions on Cloud Computing10.1109/TCC.2021.310928211:1(678-691)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TCC.2021.3109282
Show More Cited By

Index Terms

Protecting Mobile Health Records in Cloud Computing: A Secure, Efficient, and Anonymous Design
1. Security and privacy

Recommendations

Secure sharing of Personal Health Records in cloud computing

The sharing of Personal Health Records (PHR) in cloud computing is a promising platform of health information exchange. However, the storage of personal medical and health information is usually outsourced to some third parties which may result in the ...
Personal Health Records Integrity Verification Using Attribute Based Proxy Signature in Cloud Computing
IDCS 2013: Proceedings of the 6th International Conference on Internet and Distributed Computing Systems - Volume 8223

Personal health records PHRs have been appeared as patient -centric model for health information exchange, which are often outsourced to be stored in cloud services. However, the integrity and privacy of the PHRs are cause for concern that personal ...
An Efficient Cloud-Based Personal Health Records System Using Attribute-Based Encryption and Anonymous Multi-receiver Identity-Based Encryption
3PGCIC '14: Proceedings of the 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing

As an emerging patient-centric model of health information exchange, cloud-based personal health record (PHR) system holds great promise for empowering patients and ensuring more effective delivery of health care. In this paper, we propose a novel ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Embedded Computing Systems

ACM Transactions on Embedded Computing Systems Volume 16, Issue 2

Special Issue on LCETES 2015, Special Issue on ACSD 2015 and Special Issue on Embedded Devise Forensics and Security

May 2017

705 pages

ISSN:1539-9087

EISSN:1558-3465

DOI:10.1145/3025020

Editor:
Sandeep K. Shukla
Indian Institute of Technology, India

Issue’s Table of Contents

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 02 January 2017

Accepted: 01 August 2016

Revised: 01 June 2016

Received: 01 December 2015

Published in TECS Volume 16, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Program for New Century Excellent Talents in Fujian University
Fujian Normal University Innovative Research Team
National Natural Science Foundation of China
Distinguished Young Scholars Fund of Fujian

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

22
Total Citations
View Citations
753
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)2

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu JYang JHuang XXu LXiang Y(2024)Privacy Enhanced Authentication for Online Learning Healthcare SystemsIEEE Transactions on Services Computing10.1109/TSC.2023.334849717:4(1670-1681)Online publication date: Jul-2024
https://doi.org/10.1109/TSC.2023.3348497
Morales-Camargo JMeneses-Claudio B(2023)Electronic medical record and its impact on health care and management. A systematic review between the years 2013 – 2023Salud, Ciencia y Tecnología - Serie de Conferencias10.56294/sctconf20234552(455)Online publication date: 8-Oct-2023
https://doi.org/10.56294/sctconf2023455
Huang QYan GYang Y(2023)Privacy-Preserving Traceable Attribute-Based Keyword Search in Multi-Authority Medical CloudIEEE Transactions on Cloud Computing10.1109/TCC.2021.310928211:1(678-691)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TCC.2021.3109282
Liu JYang JWu WHuang XXiang Y(2023)Lightweight Authentication Scheme for Data Dissemination in Cloud-Assisted Healthcare IoTIEEE Transactions on Computers10.1109/TC.2022.320713872:5(1384-1395)Online publication date: 1-May-2023
https://doi.org/10.1109/TC.2022.3207138
El Majdoubi DEl Bakkali HSadki SMaqour ZLeghmid A(2022)The Systematic Literature Review of Privacy-Preserving Solutions in Smart Healthcare EnvironmentSecurity and Communication Networks10.1155/2022/56420262022Online publication date: 16-Mar-2022
https://dl.acm.org/doi/10.1155/2022/5642026
Obiri IXia QXia HAffum EAbla SGao J(2021)Personal health records sharing scheme based on attribute based signcryption with data integrity verifiableJournal of Computer Security10.3233/JCS-210045(1-34)Online publication date: 6-Oct-2021
https://doi.org/10.3233/JCS-210045
Xu SNing JMa JHuang XPang HDeng RLobo JDi Pietro RChowdhury O(2021)Expressive Bilateral Access Control for Internet-of-Things in Cloud-Fog ComputingProceedings of the 26th ACM Symposium on Access Control Models and Technologies10.1145/3450569.3463561(143-154)Online publication date: 11-Jun-2021
https://dl.acm.org/doi/10.1145/3450569.3463561
Liu JHou JYang WXiang YZhou WWu WHuang X(2021)Leakage-Free Dissemination of Authenticated Tree-Structured Data With Multi-Party ControlIEEE Transactions on Computers10.1109/TC.2020.300683570:7(1120-1131)Online publication date: 1-Jul-2021
https://doi.org/10.1109/TC.2020.3006835
Xu LChen XZhang FLi WWu HTang SXiang Y(2020)ASBKS: Towards attribute set based keyword search over encrypted personal health recordsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.2970928(1-1)Online publication date: 2020
https://doi.org/10.1109/TDSC.2020.2970928
Niu JLi XGao JHan Y(2020)Blockchain-Based Anti-Key-Leakage Key Aggregation Searchable Encryption for IoTIEEE Internet of Things Journal10.1109/JIOT.2019.29563227:2(1502-1518)Online publication date: Feb-2020
https://doi.org/10.1109/JIOT.2019.2956322
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents