Security and privacy-preserving in e-health: A new framework for patient

Abstract The Internet of Things (IoT) concept forms the real digital world in which all objects and things are connected. This new concept has undergone major changes to almost all existing applications. The smart health (e-health) domain is one of the most widely used IoT subcategories that Introduces and presents new medical and healthcare facilities and services. Like other subcategories of Internet of Things, the most important challenges that smart health facing with are providing the security and privacy of patients and their health records. In recent years, a lot of research has been presented in the field of security and privacy of smart health, and many security/privacy-preserving schemes and protocols have been proposed in this regard. However, most of these schemes and protocols address some of the security and privacy features, not all of them. The lack of a security and privacy framework in smart health is also strongly felt. In addition, many of the proposed schemes and protocols have a not so lightweight computational complexity, and this is at odds with the nature of the Internet of Things, which deals with devices with constrained power supply, low computing power and limited memory. In this paper, we provide a new framework for ensuring patient security and privacy in e-health. The proposed framework preserves the privacy of the patient’s identity and the content of his/her healthcare records. Moreover, we present a new authentication scheme with the patient’s identity privacy-preserving feature. The proposed authentication scheme is an efficient-lightweight scheme and satisfies all the security features.

[1]  Ashok Kumar Das,et al.  A lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT , 2020, Comput. Networks.

[2]  Rolf H. Weber,et al.  Internet of things: Privacy issues revisited , 2015, Comput. Law Secur. Rev..

[3]  David A. Hoffman,et al.  Remote home health care technologies: how to ensure privacy? Build it in: Privacy by Design , 2010 .

[4]  Kim-Kwang Raymond Choo,et al.  Secure Key Agreement and Key Protection for Mobile Device User Authentication , 2019, IEEE Transactions on Information Forensics and Security.

[5]  Fadi A. Aloul,et al.  Security of mobile health (mHealth) systems , 2015, 2015 IEEE 15th International Conference on Bioinformatics and Bioengineering (BIBE).

[6]  Yan Li,et al.  Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan , 2016, Comput. Biol. Medicine.

[7]  David Lai,et al.  Preventing man-in-the-middle attack in Diffie-Hellman key exchange protocol , 2015, 2015 22nd International Conference on Telecommunications (ICT).

[8]  M. Sugumaran,et al.  An Architecture for Data Security in Cloud Computing , 2014, 2014 World Congress on Computing and Communication Technologies.

[9]  Shehzad Ashraf Chaudhry,et al.  Comments on “A privacy preserving three-factor authentication protocol for e-health clouds” , 2016, The Journal of Supercomputing.

[10]  Mehmet A. Orgun,et al.  A Survey of Authentication Schemes in Telecare Medicine Information Systems , 2016, Journal of Medical Systems.

[11]  Ji Zhang,et al.  An infrastructure framework for privacy protection of community medical internet of things , 2017, World Wide Web.

[12]  Robert H. Deng,et al.  Security and Privacy in Smart Health: Efficient Policy-Hiding Attribute-Based Access Control , 2018, IEEE Internet of Things Journal.

[13]  Anders Nordgren,et al.  Privacy by Design in Personal Health Monitoring , 2015, Health Care Analysis.

[14]  Robert H. Deng,et al.  Secure smart health with privacy-aware aggregate authentication and access control in Internet of Things , 2018, J. Netw. Comput. Appl..

[15]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[16]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[17]  Mahmoud Al-Ayyoub,et al.  Accelerating 3D medical volume segmentation using GPUs , 2016, Multimedia Tools and Applications.

[18]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[19]  Hanan El Bakkali,et al.  Towards controlled-privacy in e-health: A comparative study , 2014, 2014 International Conference on Multimedia Computing and Systems (ICMCS).

[20]  Jianfeng Ma,et al.  A privacy preserving three-factor authentication protocol for e-Health clouds , 2016, The Journal of Supercomputing.

[21]  Samee Ullah Khan,et al.  > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 , 2008 .

[22]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[23]  Naveed Ahmad,et al.  An efficient privacy mechanism for electronic health records , 2018, Comput. Secur..

[24]  Ashok Kumar Das,et al.  Lightweight and Physically Secure Anonymous Mutual Authentication Protocol for Real-Time Data Access in Industrial Wireless Sensor Networks , 2019, IEEE Transactions on Industrial Informatics.

[25]  Yu-Fang Chung,et al.  Secure user authentication scheme for wireless healthcare sensor networks , 2017, Comput. Electr. Eng..

[26]  Willy Susilo,et al.  Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment , 2020, IEEE Transactions on Dependable and Secure Computing.

[27]  Rapeepat Ratasuk,et al.  Recent Advances in M2M Communications and Internet of Things (IoT) , 2017, Int. J. Wirel. Inf. Networks.

[28]  Jonathan Murray,et al.  Cloud Computing: From Scarcity to Abundance , 2015 .

[29]  I-Ching Hsu,et al.  SAaaS: a cloud computing service model using semantic‐based agent , 2015, Expert Syst. J. Knowl. Eng..

[30]  Cheng-Chi Lee,et al.  An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System , 2017, Sensors.

[31]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[32]  Praneeth Babu Marella,et al.  Ancile: Privacy-Preserving Framework for Access Control and Interoperability of Electronic Health Records Using Blockchain Technology , 2018 .

[33]  Sasikanth Avancha,et al.  A privacy framework for mobile health and home-care systems , 2009, SPIMACS '09.

[34]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[35]  Eleonora Borgia,et al.  The Internet of Things vision: Key features, applications and open issues , 2014, Comput. Commun..

[36]  Maurizio Tomasella,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[37]  Andrew Jones,et al.  eHealth: Challenges Far Integrating BlockChain within Healthcare , 2019, 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3).

[38]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[39]  Ammar Almomani,et al.  Enhancing the Security of Exchanging and Storing DICOM Medical Images on the Cloud , 2018, Int. J. Cloud Appl. Comput..

[40]  Muhammad Ghulam,et al.  Medical Image Forgery Detection for Smart Healthcare , 2018, IEEE Communications Magazine.

[41]  Lawrence M. Fagan,et al.  Medical informatics: computer applications in health care and biomedicine (Health informatics) , 2003 .

[42]  Prabir Bhattacharya,et al.  An Innovative Model for Detecting Brain Tumors and Glioblastoma Multiforme Disease Patterns , 2017, Int. J. Softw. Sci. Comput. Intell..

[43]  Isabel de la Torre Díez,et al.  Proposing New Blockchain Challenges in eHealth , 2019, Journal of Medical Systems.

[44]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[45]  Joel J. P. C. Rodrigues,et al.  TCALAS: Temporal Credential-Based Anonymous Lightweight Authentication Scheme for Internet of Drones Environment , 2019, IEEE Transactions on Vehicular Technology.