FRR: Fair remote retrieval of outsourced private medical records in electronic health networks

Cloud computing is emerging as the next-generation IT architecture. However, cloud computing also raises security and privacy concerns since the users have no physical control over the outsourced data. This paper focuses on fairly retrieving encrypted private medical records outsourced to remote untrusted cloud servers in the case of medical accidents and disputes. Our goal is to enable an independent committee to fairly recover the original private medical records so that medical investigation can be carried out in a convincing way. We achieve this goal with a fair remote retrieval (FRR) model in which either t investigation committee members cooperatively retrieve the original medical data or none of them can get any information on the medical records. We realize the first FRR scheme by exploiting fair multi-member key exchange and homomorphic privately verifiable tags. Based on the standard computational Diffie-Hellman (CDH) assumption, our scheme is provably secure in the random oracle model (ROM). A detailed performance analysis and experimental results show that our scheme is efficient in terms of communication and computation.

[1]  Gail-Joon Ahn,et al.  Cooperative Provable Data Possession for Integrity Verification in Multicloud Storage , 2012, IEEE Transactions on Parallel and Distributed Systems.

[2]  Jiawei Han,et al.  SRDA: An Efficient Algorithm for Large-Scale Discriminant Analysis , 2008, IEEE Transactions on Knowledge and Data Engineering.

[3]  Yuguang Fang,et al.  Privacy and emergency response in e-healthcare leveraging wireless body sensor networks , 2010, IEEE Wireless Communications.

[4]  Gail-Joon Ahn,et al.  Zero-knowledge proofs of retrievability , 2011, Science China Information Sciences.

[5]  Ming Li,et al.  Data security and privacy in wireless body area networks , 2010, IEEE Wireless Communications.

[6]  J. Powell,et al.  Primary care Health related virtual communities and electronic support groups : systematic review of the effects of online peer to peer interactions , 2004 .

[7]  Josep Domingo-Ferrer,et al.  Simultaneous authentication and secrecy in identity-based data upload to cloud , 2013, Cluster Computing.

[8]  Stephen S. Yau,et al.  Efficient provable data possession for hybrid clouds , 2010, CCS '10.

[9]  B. B. Amberker,et al.  Publicly Auditable Provable Data Possession Scheme for Outsourced Data in the Public Cloud Using Polynomial Interpolation , 2012, SNDS.

[10]  Priyanka,et al.  Identity-Based Distributed Provable Data Possession in Multi-Cloud Storage , 2014 .

[11]  Shouhuai Xu,et al.  Fair and dynamic proofs of retrievability , 2011, CODASPY '11.

[12]  Yi Mu,et al.  On Indistinguishability in Remote Data Integrity Checking , 2015, Comput. J..

[13]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[14]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[15]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[16]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[17]  Robert H. Deng,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing , 2012, IEEE Transactions on Information Forensics and Security.

[18]  Huaqun Wang,et al.  On the Knowledge Soundness of a Cooperative Provable Data Possession Scheme in Multicloud Storage , 2014, IEEE Transactions on Parallel and Distributed Systems.

[19]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[20]  Josep Domingo-Ferrer,et al.  Identity-based remote data possession checking in public clouds , 2014, IET Inf. Secur..

[21]  Reza Curtmola,et al.  MR-PDP: Multiple-Replica Provable Data Possession , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[22]  Josep Domingo-Ferrer,et al.  Efficient Remote Data Possession Checking in Critical Information Infrastructures , 2008, IEEE Transactions on Knowledge and Data Engineering.

[23]  Wen-Guey Tzeng,et al.  Delegable Provable Data Possession for Remote Data in the Clouds , 2011, ICICS.

[24]  Huaqun Wang,et al.  Identity-Based Distributed Provable Data Possession in Multicloud Storage , 2015, IEEE Transactions on Services Computing.

[25]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[26]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[27]  Ari Juels,et al.  Proofs of retrievability: theory and implementation , 2009, CCSW '09.

[28]  Yevgeniy Dodis,et al.  Proofs of Retrievability via Hardness Amplification , 2009, IACR Cryptol. ePrint Arch..

[29]  Huaqun Wang,et al.  Proxy Provable Data Possession in Public Clouds , 2013, IEEE Transactions on Services Computing.

[30]  Yi Mu,et al.  On the security of auditing mechanisms for secure cloud storage , 2014, Future Gener. Comput. Syst..