Privacy preserving secure data exchange in mobile P2P cloud healthcare environment

Cloud computing technology offers the possibility of inter-organizational medical data sharing at a larger scale. The different organizations can maintain their own cloud environment while exchanging healthcare data among them in a peer-to-peer(P2P) fashion according to some defined polices. However, there are many security and privacy challenges that hamper the adoption of cloud computing solutions in healthcare domain. Besides, due to the privacy sensitivity of healthcare data, an organization may not wish to disclose its identity to others when exchanging data in the network to avoid different attacks by the intruders. Hence, anonymously authenticated data exchange is essential between the different peer organizations. In this paper we propose an anonymous on-the-fly secure data exchange protocol for such environment based on pairing-based cryptography. Our proposed solution allows cloud peers to dynamically generate temporary identities that are used to produce a session key for each session of data exchange. The proposed protocol is robust against different attacks, such as target-oriented, man-in-the middle, masquerade, and message manipulation attacks.

[1]  Chenguang He,et al.  Toward Ubiquitous Healthcare Services With a Novel Efficient Cloud Platform , 2013, IEEE Transactions on Biomedical Engineering.

[2]  Renée J. Miller,et al.  Mapping data in peer-to-peer systems: semantics and algorithmic issues , 2003, SIGMOD '03.

[3]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[4]  Dan Suciu,et al.  The Piazza peer data management system , 2004, IEEE Transactions on Knowledge and Data Engineering.

[5]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[6]  Mehedi Masud,et al.  Towards Secure Data Exchange in Peer-to-Peer Data Management Systems , 2014 .

[7]  H. T. Mouftah,et al.  Pair-wise Cryptographic Models for Secure Data Exchange in P2P Database Management Systems , 2010, IACR Cryptol. ePrint Arch..

[8]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[9]  Tony Thomas,et al.  Cloud Based Medical Image Exchange-Security Challenges , 2012 .

[10]  Jian-Guo Bau,et al.  Secure Dynamic Access Control Scheme of PHR in Cloud Computing , 2012, Journal of Medical Systems.

[11]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[12]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[13]  Ming Li,et al.  Authorized Private Keyword Search over Encrypted Data in Cloud Computing , 2011, 2011 31st International Conference on Distributed Computing Systems.

[14]  Hung-Min Sun,et al.  Security Analysis of Shim's Authenticated Key Agreement Protocols from Pairings , 2003, IACR Cryptol. ePrint Arch..

[15]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[16]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[17]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[18]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[19]  Mehedi Masud Secure Data Exchange in P2P Data Sharing Systems in eHealth Perspective , 2012 .

[20]  Andrew S. Tanenbaum,et al.  Safe and Private Data Sharing with Turtle: Friends Team-Up and Beat the System , 2004, Security Protocols Workshop.

[21]  Marten van Dijk,et al.  On the Impossibility of Cryptography Alone for Privacy-Preserving Cloud Computing , 2010, HotSec.

[22]  Takeshi Okamoto,et al.  Anonymous Secure Communication in Wireless Mobile Ad-Hoc Networks , 2006, ICUCT.

[23]  Antoine Joux,et al.  Separating Decision Diffie-Hellman from Diffie-Hellman in cryptographic groups , 2001, IACR Cryptology ePrint Archive.

[24]  Diana K. Smetters,et al.  Secret handshakes from pairing-based key agreements , 2003, 2003 Symposium on Security and Privacy, 2003..

[25]  Barry R. Borgerson,et al.  Mainframe Implementation With Off-The-Shelf LSI Modules , 1978, Computer.

[26]  Ilias Maglogiannis,et al.  Mobile healthcare information management utilizing Cloud Computing and Android OS , 2010, 2010 Annual International Conference of the IEEE Engineering in Medicine and Biology.

[27]  Li Chen,et al.  The building of cloud computing environment for e-health , 2010, 2010 International Conference on E-Health Networking Digital Ecosystems and Technologies (EDT).

[28]  Dan Suciu,et al.  Schema mediation in peer data management systems , 2003, Proceedings 19th International Conference on Data Engineering (Cat. No.03CH37405).

[29]  Siani Pearson,et al.  A Privacy Manager for Cloud Computing , 2009, CloudCom.

[30]  Catriel Beeri,et al.  A Proof Procedure for Data Dependencies , 1984, JACM.

[31]  John Mylopoulos,et al.  Data Sharing in the Hyperion Peer Database System , 2005, VLDB.

[32]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[33]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[34]  Eiji Okamoto,et al.  Anonymous On-Demand Position-based Routing in Mobile Ad-hoc Networks , 2006 .

[35]  Kyung-Ah Shim,et al.  Efficient one round tripartite authenticated key agreement protocol from Weil pairing , 2003 .

[36]  Alan H. Karp,et al.  Fusion: Managing Healthcare Records at Cloud Scale , 2012, Computer.

[37]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[38]  H. T. Mouftah,et al.  Cryptographic security models for eHealth P2P database management systems network , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[39]  Ying Chen,et al.  Rapid Provisioning of Cloud Infrastructure Leveraging Peer-to-Peer Networks , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems Workshops.

[40]  Kalai Anand Ratnam,et al.  Cloud services - Enhancing the Malaysian healthcare sector , 2012, 2012 International Conference on Computer & Information Science (ICCIS).

[41]  Phokion G. Kolaitis,et al.  Peer data exchange , 2005, PODS '05.

[42]  H. T. Mouftah,et al.  Session-wise private data exchange in eHealth peer-to-peer database management systems , 2011, Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics.

[43]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.