Secure smart health with privacy-aware aggregate authentication and access control in Internet of Things

Abstract With the rapid technological advancements in the Internet of Things (IoT), wireless communication and cloud computing, smart health is expected to enable comprehensive and qualified healthcare services. It is important to ensure security and efficiency in smart health. However, existing smart health systems still have challenging issues, such as aggregate authentication, fine-grained access control and privacy protection. In this paper, we address these issues by introducing SSH, a Secure Smart Health system with privacy-aware aggregate authentication and access control in IoT. In SSH, privacy-aware aggregate authentication is enabled by an anonymous certificateless aggregate signature scheme, in which users' identity information is protected based on symmetric encryption mechanisms. In addition, privacy-aware access control is based on anonymous attribute-based encryption technologies. Our formal security proofs indicate that SSH achieves batch authentication and non-repudiation under the Computational Diffie-Hellman assumption. Extensive experimental results and performance comparisons show that SSH is practical in terms of computation cost and communication overheads.

[1]  Jianfeng Ma,et al.  Verifiable Computation over Large Database with Incremental Updates , 2014, IEEE Transactions on Computers.

[2]  Zhaoquan Cai,et al.  Towards secure and flexible EHR sharing in mobile health cloud under static assumptions , 2017, Cluster Computing.

[3]  Jian Shen,et al.  Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks , 2018, J. Netw. Comput. Appl..

[4]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[5]  Cong Wang,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2011, IEEE Transactions on Parallel and Distributed Systems.

[6]  George K. Karagiannidis,et al.  Secrecy Cooperative Networks With Outdated Relay Selection Over Correlated Fading Channels , 2017, IEEE Transactions on Vehicular Technology.

[7]  Hong Yuan,et al.  Cryptanalysis and Improvement for Certificateless Aggregate Signature , 2018, Fundam. Informaticae.

[8]  Jin Li,et al.  A Hybrid Cloud Approach for Secure Authorized Deduplication , 2015, IEEE Transactions on Parallel and Distributed Systems.

[9]  Ting Wu,et al.  Generating stable biometric keys for flexible cloud computing authentication using finger vein , 2016, Inf. Sci..

[10]  Jiangang Shu,et al.  Comments on “A Large-Scale Concurrent Data Anonymous Batch Verification Scheme for Mobile Healthcare Crowd Sensing” , 2019, IEEE Internet of Things Journal.

[11]  Jian Shen,et al.  Secure data uploading scheme for a smart home system , 2018, Inf. Sci..

[12]  Mohsen Guizani,et al.  A Large-Scale Concurrent Data Anonymous Batch Verification Scheme for Mobile Healthcare Crowd Sensing , 2019, IEEE Internet of Things Journal.

[13]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[14]  Jin Li,et al.  Efficient attribute-based data sharing in mobile clouds , 2016, Pervasive Mob. Comput..

[15]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[16]  Yi Mu,et al.  Malicious KGC attacks in certificateless cryptography , 2007, ASIACCS '07.

[17]  Yinghui Zhang,et al.  Efficient and privacy-aware attribute-based data sharing in mobile cloud computing , 2017, Journal of Ambient Intelligence and Humanized Computing.

[18]  Hua Wang,et al.  Privacy-Preserving Task Recommendation Services for Crowdsourcing , 2021, IEEE Transactions on Services Computing.

[19]  Robert H. Deng,et al.  TKSE: Trustworthy Keyword Search Over Encrypted Data With Two-Side Verifiability via Blockchain , 2018, IEEE Access.

[20]  Robert H. Deng,et al.  Anonymous Privacy-Preserving Task Matching in Crowdsourcing , 2018, IEEE Internet of Things Journal.

[21]  Chen Chen,et al.  Efficient and secure big data storage system with leakage resilience in cloud computing , 2018, Soft Comput..

[22]  Tao Jiang,et al.  Towards secure and reliable cloud storage against data re-outsourcing , 2015, Future Gener. Comput. Syst..

[23]  C. Pandu Rangan,et al.  Identity based partial aggregate signature scheme without pairing , 2012, 2012 35th IEEE Sarnoff Symposium.

[24]  Fucai Zhou,et al.  Dynamic Fully Homomorphic encryption-based Merkle Tree for lightweight streaming authenticated data structures , 2018, J. Netw. Comput. Appl..

[25]  Shalini Batra,et al.  An Efficient Certificateless Aggregate Signature Scheme for Vehicular Ad-Hoc Networks , 2015, Discret. Math. Theor. Comput. Sci..

[26]  Jianfeng Ma,et al.  A remotely keyed file encryption scheme under mobile cloud computing , 2018, J. Netw. Comput. Appl..

[27]  Jianfeng Ma,et al.  A Secure and Efficient ID-Based Aggregate Signature Scheme for Wireless Sensor Networks , 2017, IEEE Internet of Things Journal.

[28]  Robert H. Deng,et al.  Outsourcing Service Fair Payment Based on Blockchain and Its Applications in Cloud Computing , 2018, IEEE Transactions on Services Computing.

[29]  Debiao He,et al.  Reattack of a Certificateless Aggregate Signature Scheme with Constant Pairing Computations , 2014, TheScientificWorldJournal.

[30]  Jin Li,et al.  Online/offline unbounded multi-authority attribute-based encryption for data sharing in mobile cloud computing , 2016, Secur. Commun. Networks.

[31]  Rui Guo,et al.  Fine-Grained Access Control Systems Suitable for Resource-Constrained Users in Cloud Computing , 2018, Comput. Informatics.

[32]  Fatos Xhafa,et al.  Privacy-aware attribute-based PHR sharing with user accountability in cloud computing , 2014, The Journal of Supercomputing.

[33]  Jian Shen,et al.  A Novel Security Scheme Based on Instant Encrypted Transmission for Internet of Things , 2018, Secur. Commun. Networks.

[34]  Ricardo Dahab,et al.  Efficient Certificateless Signatures Suitable for Aggregation , 2007, IACR Cryptol. ePrint Arch..

[35]  Zhi Guan,et al.  An efficient certificateless aggregate signature with constant pairing computations , 2013, Inf. Sci..

[36]  Hao Wang,et al.  New directly revocable attribute-based encryption scheme and its application in cloud storage environment , 2016, Cluster Computing.

[37]  Jin Li,et al.  Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing , 2017, Inf. Sci..

[38]  Robert H. Deng,et al.  Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage , 2014, IEEE Transactions on Parallel and Distributed Systems.

[39]  Jianhua Chen,et al.  Insecurity of an efficient certificateless aggregate signature with constant pairing computations , 2014, Inf. Sci..

[40]  Jin Li,et al.  Generic construction for secure and efficient handoff authentication schemes in EAP-based wireless networks , 2014, Comput. Networks.

[41]  Yinghui Zhang,et al.  Privacy-preserving communication and power injection over vehicle networks and 5G smart grid slice , 2018, J. Netw. Comput. Appl..

[42]  Robert H. Deng,et al.  Blockchain based efficient and robust fair payment for outsourcing services in cloud computing , 2018, Inf. Sci..

[43]  Jin Li,et al.  Hierarchical and Shared Access Control , 2016, IEEE Transactions on Information Forensics and Security.

[44]  Arun Kumar Sangaiah,et al.  Sensitivity Analysis of an Attack-Pattern Discovery Based Trusted Routing Scheme for Mobile Ad-Hoc Networks in Industrial IoT , 2018, IEEE Access.

[45]  Jin Li,et al.  Multi-authority fine-grained access control with accountability and its application in cloud , 2018, J. Netw. Comput. Appl..

[46]  Robert H. Deng,et al.  Security and Privacy in Smart Health: Efficient Policy-Hiding Attribute-Based Access Control , 2018, IEEE Internet of Things Journal.