Lightweight Sharable and Traceable Secure Mobile Health System

Mobile health (mHealth) has emerged as a new patient centric model which allows real-time collection of patient data via wearable sensors, aggregation and encryption of these data at mobile devices, and then uploading the encrypted data to the cloud for storage and access by healthcare staff and researchers. However, efficient and scalable sharing of encrypted data has been a very challenging problem. In this paper, we propose a Lightweight Sharable and Traceable (LiST) secure mobile health system in which patient data are encrypted end-to-end from a patient's mobile device to data users. LiST enables efficient keyword search and fine-grained access control of encrypted data, supports tracing of traitors who sell their search and access privileges for monetary gain, and allows on-demand user revocation. LiST is lightweight in the sense that it offloads most of the heavy cryptographic computations to the cloud while only lightweight operations are performed at the end user devices. We formally define the security of LiST and prove that it is secure without random oracle. We also conduct extensive experiments to access the system's performance.

[1]  Xiaolei Dong,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes , 2015, IEEE Transactions on Information Forensics and Security.

[2]  Yuguang Fang,et al.  A Privacy-Preserving Attribute-Based Authentication System for Mobile Health Networks , 2014, IEEE Transactions on Mobile Computing.

[3]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[4]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[5]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[6]  Kihyun Kim,et al.  Public Key Encryption with Conjunctive Field Keyword Search , 2004, WISA.

[7]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[8]  Mohammad S. Obaidat,et al.  Design of a Certificateless Designated Server Based Searchable Public Key Encryption Scheme , 2017, ICMC.

[9]  Samee Ullah Khan,et al.  > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 , 2008 .

[10]  Joonsang Baek,et al.  Public Key Encryption with Keyword Search Revisited , 2008, ICCSA.

[11]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[12]  R.T.Subhalakshmi,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption , 2016 .

[13]  Zhen Liu,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures , 2013, IEEE Transactions on Information Forensics and Security.

[14]  Rui Zhang,et al.  Hidden policy ciphertext-policy attribute-based encryption with keyword search against keyword guessing attack , 2016, Science China Information Sciences.

[15]  Qixiang Mei,et al.  Generic and Efficient Constructions of Attribute-Based Encryption with Verifiable Outsourced Decryption , 2016, IEEE Transactions on Dependable and Secure Computing.

[16]  Dong Hoon Lee,et al.  Improved searchable public key encryption with designated tester , 2009, ASIACCS '09.

[17]  Willy Susilo,et al.  Searchable Attribute-Based Mechanism With Efficient Data Sharing for Secure Cloud Storage , 2015, IEEE Transactions on Information Forensics and Security.

[18]  Robert H. Deng,et al.  Attribute-Based Encryption With Efficient Verifiable Outsourced Decryption , 2015, IEEE Transactions on Information Forensics and Security.

[19]  Yi Mu,et al.  Improving Privacy and Security in Decentralized Ciphertext-Policy Attribute-Based Encryption , 2015, IEEE Transactions on Information Forensics and Security.

[20]  Dengguo Feng,et al.  Expressive and Secure Searchable Encryption in the Public Key Setting , 2014, ISC.

[21]  Jianqiang Li,et al.  A hybrid solution for privacy preserving medical data sharing in the cloud environment , 2015, Future Gener. Comput. Syst..

[22]  Zhen Liu,et al.  Traceable CP-ABE: How to Trace Decryption Devices Found in the Wild , 2015, IEEE Transactions on Information Forensics and Security.

[23]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[24]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[25]  Yiwei Thomas Hou,et al.  Privacy-preserving multi-keyword fuzzy search over encrypted data in the cloud , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[26]  WU YAO-HUNG,et al.  Post-Quantum Secure Public Key Broadcast Encryption with Keyword Search , 2016 .

[27]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[28]  Yiwei Thomas Hou,et al.  Protecting Your Right: Verifiable Attribute-Based Keyword Search with Fine-Grained Owner-Enforced Search Authorization in the Cloud , 2016, IEEE Transactions on Parallel and Distributed Systems.

[29]  Victor I. Chang,et al.  Lattice assumption based fuzzy information retrieval scheme support multi-user for secure multimedia cloud , 2017, Multimedia Tools and Applications.

[30]  Qiong Huang,et al.  An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks , 2017, Inf. Sci..

[31]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[32]  Lifeng Guo,et al.  Efficient Secure-Channel Free Public Key Encryption with Keyword Search for EMRs in Cloud Storage , 2015, Journal of Medical Systems.

[33]  Yi Yang,et al.  Secure dynamic searchable symmetric encryption with constant document update cost , 2014, 2014 IEEE Global Communications Conference.

[34]  G. Ravi,et al.  Attribute Based Encryption With Verifiable Outsourced Decryption , 2014 .

[35]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: Improved definitions and efficient constructions , 2011, J. Comput. Secur..

[36]  Maode Ma,et al.  Conjunctive Keyword Search With Designated Tester and Timing Enabled Proxy Re-Encryption Function for E-Health Clouds , 2016, IEEE Transactions on Information Forensics and Security.