Cost-effective secure E-health cloud system using identity based cryptographic techniques

Abstract Nowadays E-health cloud systems are more and more widely employed. However the security of these systems needs more consideration for the sensitive health information of patients. Some protocols on how to secure the e-health cloud system have been proposed, but many of them use the traditional PKI infrastructure to implement cryptographic mechanisms, which is cumbersome for they require every user having and remembering its own public/private keys. Identity based encryption ( IBE ) is a cryptographic primitive which uses the identity information of the user (e.g., email address) as the public key. Hence the public key is implicitly authenticated and the certificate management is simplified. Proxy re-encryption is another cryptographic primitive which aims at transforming a ciphertext under the delegator A into another ciphertext which can be decrypted by the delegatee B . In this paper, we describe several identity related cryptographic techniques for securing E-health system, which include new IBE schemes, new identity based proxy re-encryption ( IBPRE ) schemes. We also prove these schemes’ security and give the performance analysis, the results show our IBPRE scheme is especially highly efficient for re-encryption, which can be used to achieve cost-effective cloud usage.

[1]  Robert H. Deng,et al.  Conditional Proxy Broadcast Re-Encryption , 2009, ACISP.

[2]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[3]  Zhenfu Cao,et al.  Identity-Based Proxy Re-encryption Schemes with Multiuse, Unidirection, and CCA Security , 2008, IACR Cryptol. ePrint Arch..

[4]  Angelo De Caro,et al.  jPBC: Java pairing based cryptography , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[5]  Xiaohui Liang,et al.  ESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computing , 2011, Int. J. Secur. Networks.

[6]  Xu An Wang,et al.  Unidirectional IBPRE scheme from lattice for cloud computation , 2016, J. Ambient Intell. Humaniz. Comput..

[7]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[8]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[9]  Xavier Boyen,et al.  A tapestry of identity-based encryption: practical frameworks compared , 2008, Int. J. Appl. Cryptogr..

[10]  Yevgeniy Dodis,et al.  Proxy Cryptography Revisited , 2003, NDSS.

[11]  Marek R. Ogiela,et al.  Security of Linguistic Threshold Schemes in Multimedia Systems , 2009, KES IIMSS.

[12]  Masao Kasahara,et al.  ID based Cryptosystems with Pairing on Elliptic Curve , 2003, IACR Cryptol. ePrint Arch..

[13]  Xu An Wang,et al.  A New Identity Based Proxy Re-Encryption Scheme , 2010, 2010 International Conference on Biomedical Engineering and Computer Science.

[14]  Wen-Guey Tzeng,et al.  Identity-Based Proxy Re-encryption Without Random Oracles , 2007, ISC.

[15]  Markus Jakobsson,et al.  On Quorum Controlled Asymmetric Proxy Re-encryption , 1999, Public Key Cryptography.

[16]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[17]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[18]  Zahoor Ali Khan,et al.  A new patient monitoring framework and Energy-aware Peering Routing Protocol (EPR) for Body Area Network communication , 2014, J. Ambient Intell. Humaniz. Comput..

[19]  Pieter H. Hartel,et al.  A Type-and-Identity-Based Proxy Re-encryption Scheme and Its Application in Healthcare , 2008, Secure Data Management.

[20]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[21]  Zhenfu Cao,et al.  SCCR: a generic approach to simultaneously achieve CCA security and collusion-resistance in proxy re-encryption , 2011, Secur. Commun. Networks.

[22]  Weidong Zhong,et al.  A New Identity Based Encryption Scheme , 2010, 2010 International Conference on Biomedical Engineering and Computer Science.

[23]  Yi Mu,et al.  Identity-based data storage in cloud computing , 2013, Future Gener. Comput. Syst..

[24]  Toshihiko Matsuo,et al.  Proxy Re-encryption Systems for Identity-Based Encryption , 2007, Pairing.

[25]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption , 2008, IEEE Transactions on Information Theory.

[26]  Eric Horvitz,et al.  Patient controlled encryption: ensuring privacy of electronic medical records , 2009, CCSW '09.

[27]  Jin Li,et al.  Secure Deduplication with Efficient and Reliable Convergent Key Management , 2014, IEEE Transactions on Parallel and Distributed Systems.

[28]  Yuguang Fang,et al.  PAAS: A Privacy-Preserving Attribute-Based Authentication System for eHealth Networks , 2012, 2012 IEEE 32nd International Conference on Distributed Computing Systems.

[29]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[30]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[31]  Pieter H. Hartel,et al.  Inter-domain Identity-Based Proxy Re-encryption , 2008, Inscrypt.

[32]  Xu An Wang,et al.  A new proxy re-encryption scheme for protecting critical information systems , 2015, J. Ambient Intell. Humaniz. Comput..

[33]  Zhong Chen,et al.  New construction of identity-based proxy re-encryption , 2010, DRM '10.

[34]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[35]  Zhenfu Cao,et al.  Multi-use and unidirectional identity-based proxy re-encryption schemes , 2010, Inf. Sci..

[36]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[37]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[38]  A. Shamm Identity-based cryptosystems and signature schemes , 1985 .

[39]  Robert H. Deng,et al.  Conditional proxy re-encryption secure against chosen-ciphertext attack , 2009, ASIACCS '09.

[40]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-encryption , 2008, Public Key Cryptography.

[41]  Jin Li,et al.  Securely Outsourcing Attribute-Based Encryption with Checkability , 2014, IEEE Transactions on Parallel and Distributed Systems.

[42]  M.R. Ogiela,et al.  Linguistic Extension for Secret Sharing (m, n)-Threshold Schemes , 2008, 2008 International Conference on Security Technology.

[43]  Zhenfu Cao,et al.  CCA-Secure Proxy Re-Encryption without Pairings , 2009, IACR Cryptol. ePrint Arch..

[44]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[45]  Xu An Wang,et al.  On the Insecurity of an Identity Based Proxy Re-encryption Scheme , 2010, Fundam. Informaticae.

[46]  Qiang Tang,et al.  Type-Based Proxy Re-encryption and Its Construction , 2008, INDOCRYPT.

[47]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[48]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[49]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[50]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.

[51]  Kefei Chen,et al.  Chosen-Ciphertext Secure Proxy Re-encryption without Pairings , 2008, CANS.

[52]  Robert H. Deng,et al.  New Constructions for Identity-Based Unidirectional Proxy Re-Encryption , 2010, Journal of Computer Science and Technology.