Cloud-assisted mobile-access of health data with privacy and auditability

IEEE Journal of Biomedical and Health Informatics

Volumn 18, Issue 2, 2014, Pages 419-429

  Tong, Yue ^a   Sun, Jinyuan ^a   Chow, Sherman S M ^b   Li, Pan ^c  

^a University of Tennessee   (United States)

^b CHINESE UNIVERSITY OF HONG KONG   (Hong Kong)

^c MISSISSIPPI STATE UNIVERSITY   (United States)

Author keywords

Access control; auditability; eHealth; privacy

Indexed keywords

ACCESS CONTROL; CRYPTOGRAPHY; DIGITAL STORAGE; EHEALTH; HEALTH CARE; INFORMATION MANAGEMENT; NUMBER THEORY; RANDOM NUMBER GENERATION; SEARCH ENGINES;

ATTRIBUTE-BASED ENCRYPTIONS; AUDITABILITY; CLOUD SERVICE MODELS; ELECTRONIC HEALTHCARE; HEALTH-CARE SYSTEM; PRIVACY PRESERVING; PSEUDO RANDOM NUMBER GENERATORS; ROLE-BASED ACCESS CONTROL;

DATA PRIVACY;

ALGORITHM; ARTICLE; COMPUTER SECURITY; CONFIDENTIALITY; ELECTRONIC MEDICAL RECORD; INTERNET; METHODOLOGY; TELEMEDICINE;

ALGORITHMS; COMPUTER SECURITY; CONFIDENTIALITY; ELECTRONIC HEALTH RECORDS; INTERNET; TELEMEDICINE;

EID: 84896443001     PISSN: 21682194     EISSN: None     Source Type: Journal    
DOI: 10.1109/JBHI.2013.2294932     Document Type: Article

References (43)

1. U.S. Department of Health & Human Service, "Breaches Affecting 500 or More Individuals," (2001). [Online]. Available: http://www.hhs.gov/ ocr/privacy/hipaa/administrative/breachnotificationr ule/breachtool.html
2. P. Ray and J.Wimalasiri, "The need for technical solutions formaintaining the privacy of EHR," in Proc. IEEE 28th Annu. Int. Conf., New York City, NY, USA, Sep. 2006, pp. 4686-4689. (Pubitemid 46520959)
3. M. C. Mont, P. Bramhall, and K. Harrison, "A flexible role-based secure messaging service: Exploiting IBE technology for privacy in health care," presented at the 14th Int. Workshop Database Expert Syst. Appl., Prague, Czech Republic, 2003.
4. G. Ateniese, R. Curtmola, B. de Medeiros, and D. Davis, "Medical information privacy assurance: Cryptographic and system aspects," presented at the 3rd Conf. Security Commun. Netw., Amalfi, Italy, Sep. 2002.
5. L. Zhang, G. J. Ahn, and B. T. Chu, "A role-based delegation framework for healthcare information systems," in 7th ACM Symp. Access Control Models Technol., Monterey, CA, USA, 2002, pp. 125-134.
6. L. Zhang, G. J. Ahn, and B. T. Chu, "A rule-based framework for rolebased delegation and revocation," ACM Trans. Inf. Syst. Security, vol. 6, no. 3, pp. 404-441, 2003.
7. D. Boneh and M. Franklin, "Identity-based encryption from the Weil pairing. Extended abstract in CRYPTO 2001," SIAM J. Comput., vol. 32, no. 3, pp. 586-615, 2003.
8. J. Sun, C. Zhang, Y. Zhang, and Y. Fang, "An identity-based security system for user privacy in vehicular ad hoc networks," IEEE Trans. Parallel Distrib. Syst., vol. 21, no. 9, pp. 1227-1239, Sep. 2010.
9. J. Sun, X. Zhu, and Y. Fang, "Preserving privacy in emergency response based on wireless body sensor networks," in Proc. IEEE Global Telecommun. Conf., Dec. 2010, pp. 1-6.
10. J. Sun, X. Zhu, and Y. Fang, "Privacy and emergency response in ehealthcare leveraging wireless body sensor networks," IEEE Wireless Commun., vol. 17, no. 1, pp. 66-73, Feb. 2010.
11. J. Sun, X. Zhu, C. Zhang, andY. Fang, "HCPP: Cryptography based secure EHR system for patient privacy and emergency healthcare," in Proc. IEEE Int. Conf. Distrib. Comput. Syst., Jun. 2011, pp. 373-382.
12. L. Guo, C. Zhang, J. Sun, and Y. Fang, "PAAS: Privacy-preserving attribute-based authentication system for eHealth networks," in Proc. IEEE Intl. Conf. Distrib. Comput. Syst., Jun. 2012, pp. 224-233.
13. J. Sun, X. Zhu, C. Zhang, and Y. Fang, Security and Privacy for Mobile Healthcare (m-Health) Systems, in Handbook on Securing Cyber-Physical Infrastructure, S. Das, K. Kant, and N. Zhang, Eds. Amsterdam, The Netherlands: Elsevier, 2011.
14. E.-J. Goh, "Secure indexes," IACR Cryptology ePrint Archive, vol. 2003, p. 216, 2003.
15. R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky, "Searchable symmetric encryption: Improved definitions and efficient constructions," presented at the ACM Conf. Comput. Commun. Security, Alexandria, VA, USA, 2006.
16. Y. C. Chang and M. Mitzenmacher, "Privacy preserving keyword searches on remote encrypted data," in Proc. 3rd Int. Conf. Appl. Cryptogr. Netw. Security, 2005, pp. 442-455. (Pubitemid 41422132)
17. D. Song, D.Wagner, and A. Perrig, "Practical techniques for searching on encrypted data," in Proc. IEEE Symp. Security Privacy, 2000, pp. 44-55.
18. O. Goldreich and R. Ostrovsky, "Software protection and simulation on oblivious RAMs," J. ACM, vol. 43, pp. 431-473, 1996. (Pubitemid 126607640)
19. R. Ostrovsky, "Efficient computation on oblivious RAMs," in Proc. ACM Symp. Theory Comput., 1990, pp. 514-523.
20. C. Wang, K. Ren, S. Yu, and K. Urs, "Achieving usable and privacyassured similarity search over outsourced cloud data," in Proc. IEEE Conf. Comput. Commun., Mar. 2012, pp. 451-459.
21. N. Cao, Z. Yang, C.Wang, K. Ren, andW. Lou, "Privacy-preserving query over encrypted graph-structured data in cloud computing," in Proc. IEEE Int. Conf. Distrib. Comput. Syst., Jun. 2011, pp. 393-402.
22. X. Liang, R. Lu, X. Lin, and X. S. Shen, "Patient self-controllable access policy on PHI in ehealthcare systems," Adv. Health Inform. Conf., pp. 1-5, Apr. 2010.
23. M. Katzarova and A. Simpson, "Delegation in a distributed healthcare context: A survey of current approaches," in Proc. 9th Int. Conf. Inform. Security, 2006, pp. 517-529. (Pubitemid 44609970)
24. I. Foster, C.Kesselman,G. Tsudik, and S. Tuecke, "A security architecture for computational grids," in Proc. ACMConf. Comput. Commun. Security, San Francisco, CA, USA, 1998, pp. 83-92.
25. X. Liang, R. Lu, L.Chen, X. Lin, andX. Shen, "PEC:Aprivacy- preserving emergency call scheme formobile healthcare social networks" J. Commun. Netw., vol. 13, no. 2, pp. 102-112, 2011.
26. L. Guo, C. Zhang, J. Sun, and Y. Fang, "A privacy-preserving attribute-based authentication system for mobile health networks," IEEE Trans. Mobile Comput., vol. PP, no. 99, pp. 1-1, 2013.
27. W.-B. Lee and C.-D. Lee, "A cryptographic key management solution for HIPAA privacy/security regulations," IEEE Trans. Inf. Technol. Biomed., vol. 12, no. 1, pp. 34-41, Jan. 2008. (Pubitemid 351266641)
28. C. C. Tan, H.Wang, S. Zhong, and Q. Li, "Body sensor network security: An identity-based cryptography approach," in Proc. ACM Conf. Wireless Netw. Security, Apr. 2008, pp. 148-153.
29. J. Benaloh, M. Chase, E. Horvitz, and K. Lauter, "Patient controlled encryption: Ensuring privacy of electronicmedical records," in Proc. ACM Workshop Cloud Comput. Security, 2009, pp. 103-114.
30. M. Li, S. Yu, Y. Zheng, K. Ren, andW. Lou, "Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption," IEEE Trans. Parallel Distrib. Syst., vol. 24, no. 1, pp. 131-143, Jan. 2013.
31. C.-K. Chu, S. S. M. Chow, W.-G. Tzeng, J. Zhou, and R. H. Deng, "Keyaggregate cryptosystem for scalable data sharing in cloud storage," IEEE Trans. Parallel Distrib. Syst., vol. 99, no. PrePrints, p. 1, 2013. Available: http://doi.ieeecomputersociety.org/10.1109/TPDS.2013.112
32. M. Chase and S. S. M. Chow, "Improving privacy and security in multiauthority attribute-based encryption," in Proc. ACM Conf. Comput. Commun. Security, 2009, pp. 121-130.
33. S. S. M. Chow, "New privacy-preserving architectures for identity-/attribute-based encryption" Ph.D. dissertation, Courant Inst. Math. Sci., New York University, New York, NY, USA, 2010.
34. S. S. M. Chow, Y. J. He, L. C. K. Hui, and S.-M. Yiu, "SPICE-Simple privacy-preserving identity-management for cloud environment," in Proc. 10th Int. Conf. Appl. Cryptography Netw. Security, 2012, pp. 526-543.
35. S. S. M. Chow, C.-K. Chu, X. Huang, J. Zhou, and R. H. Deng, "Dynamic secure cloud storage with provenance," in Cryptography and Security, Berlin, Germany, Springer-Verlag, 2012, pp. 442-464.
36. A. Shamir, "How to share a secret," Commun. ACM, vol. 22, pp. 612-613, 1979.
37. V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attributed-based encryption for fine-grained access control of encrypted data," in Proc. ACMConf. Comput. Commun. Security, 2006, pp. 89-98. (Pubitemid 47131359)
38. S. Yu, C. Wang, K. Ren, and W. Lou, "Achieving secure, scalable, and fine-grained data access control in cloud computing," presented at the IEEE Conf. Comput. Commun., San Diego, CA, USA, Mar. 2010.
39. A. Pingley,W. Yu, N. Zhang, X. Fu, andW. Zhao, "CAP: A context-aware privacy protection system for location-based services," in Proc. IEEE Int. Conf. Distrib. Comput. Syst., 2009, pp. 49-57.
40. T. Xu and Y. Cai, "Location cloaking for safety protection of ad hoc networks," in Proc. IEEE Conf. Comput. Commun., 2009, pp. 1944-1952.
41. Y. Earn, R. Alsaqour, M. Abdelhaq, and T. Abdullah, "Searchable symmetric encryption: Review and evaluation," J. Theoret. Appl. Inf. Technol., vol. 30, no. 1, pp. 48-54, 2011.
42. A. Boldyreva, "Efficient threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-group signature scheme," in Proc. 6th Int. Workshop Theory Practice Public Key Cryptography, 2003, pp. 31-46. (Pubitemid 137638340)
43. The java pairing based cryptography library (jpbc)," (2013). [Online]. Available: http://gas.dia.unisa.it/projects/jpbc/