A Secure and Privacy-Aware Smart Health System with Secret Key Leakage Resilience

Zhang, Yinghui; Lang, Pengzhen; Zheng, Dong; Yang, Menglei; Guo, Rui

doi:https://doi.org/10.1155/2018/7202598

Security and Communication Networks

On this page

Abstract Introduction Preliminaries System Model Analysis Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Security and Privacy for Smart, Connected, and Mobile IoT Devices and Platforms

View this Special Issue

Research Article | Open Access

Volume 2018 | Article ID 7202598 | https://doi.org/10.1155/2018/7202598

A Secure and Privacy-Aware Smart Health System with Secret Key Leakage Resilience

Yinghui Zhang,^1,2,3Pengzhen Lang,¹Dong Zheng,^1,2Menglei Yang,¹and Rui Guo¹

Academic Editor: Karl Andersson

Received30 Jan 2018

Revised16 Apr 2018

Accepted30 May 2018

Published24 Jun 2018

Abstract

With the development of the smart health (s-health), data security and patient privacy are becoming more and more important. However, some traditional cryptographic schemes can not guarantee data security and patient privacy under various forms of leakage attacks. To prevent the adversary from capturing the part of private keys by leakage attacks, we propose a secure leakage-resilient s-health system which realizes privacy protection and the safe transmission of medical information in the case of leakage attacks. The key technique is a promising public key cryptographic primitive called leakage-resilient anonymous Hierarchical Identity-Based Encryption. Our construction is proved to be secure against chosen plaintext attacks in the standard model under the Diffie-Hellman exponent assumption and decisional linear assumption. We also blind the public parameters and ciphertexts by using double exponent technique to achieve the recipient anonymity. Finally, the performance analysis shows the practicability of our scheme, and the leakage rate of the private key approximates to 1/6.

1. Introduction

With the development of information technology, the Internet of Things (IoT) has become a very important technology for government departments, businesses, and academic circles in various countries with its huge application scenes. The technology of IoT is based on the Internet to achieve the communication between information and terminal equipment, information, and real goods. At present, IoT has been widely used in many fields, like food safety, smart health (s-health), urban construction, cloud storage, etc. [1–4].

The cloud-based s-health systems play an important role in our daily life. At present, doctors use computers to store and retrieve patients’ electronic health records (EHRs). EHRs systems replace paper systems and thus increase efficiency in the recording, storage, and retrieval of patients information [5–7]. However, EHRs which reveal highly confidential personal information stored in the cloud and exchanged over the Internet can be vulnerable to attack [8–10], such as data loss, hackers hijacking information, and integrity. In recent years, a large number of medical information leaks in cloud storage have attracted more and more people’s attention. Data privacy and security is believed to be the major challenge in the deployment of EHR-based healthcare system. There has been a lot of work that deals with data privacy and security problems [11–15].

However, the traditional cryptographic schemes may not be secure under various forms of leakage attacks, such as side-channel attacks [16] and cold-boot attack [17]. Such attacks exploit various forms of information leakage by observing physical implementations of cryptosystems, such as running time [18], electromagnetic radiation [19], power consumption, and fault detection [20]. IoT generally adopts discrete network structure, and most of the nodes are located outdoors, which makes it easy for attackers to obtain sensitive information [21–23]. Therefore, it is very meaningful to construct a secure and privacy-aware smart health system with secret key leakage resilience in the case of leakage attacks. Based on the paper of Zhang et al. [24], we construct a leakage-resilient anonymous HIBE scheme in s-health data sharing [25–27] scenarios.

1.1. Our Contributions

To address the medical information security and privacy of the patients issues in s-health, we propose a secure s-health system which allows a medical information owner to securely share data in the case of leakage attacks. The main contributions of this paper as follows.(i)Firstly, we present the system model of a secure s-health system based on a leakage-resilient anonymous HIBE scheme. Our system addresses the problem of key management and reduces the pressure of PKG.(ii)Secondly, we blind the public parameters and ciphertexts using double exponent technique to achieve the anonymity, so as to achieve the effect of protecting privacy.(iii)Finally, our scheme is built in prime order groups that are more computationally efficient than composite order groups. The proposed scheme is proved to be secure against chosen plaintext attacks in the standard model.

1.2. Related Work

More attention to identity-based encryption (IBE) has been attracted since the notion of IBE was introduced by Shamir [28]. The private key for the user in traditional IBE schemes [29] is generated by the Private Key Generation Center (PKG). However, in a large scale network, such as s-health, the number of users is huge, and the task of PKG is too heavy and it is difficult to manage the user’s private key. In order to solve this problem, the notion of Hierarchical Identity-Based Encryption (HIBE) was proposed [30] and then many HIBE schemes were proposed [31, 32]. What is more, many anonymous HIBE schemes were proposed [33–36] where the ciphertext does not leak the identity of the recipient. However, their sizes of private keys and ciphertexts increase with the depth of identity hierarchy. Zhang et al. [24] proposed an anonymous HIBE scheme over prime order groups where both private keys and ciphertext have a constant size.

Dillema et al. [37] proposed a simple cryptographic access control method in the prehospital environment. However, this system provides access privilege if and only if patient and health worker meet in the physical world. Zhang et al. [38] proposed a reference model of the security and privacy issues in the EHR cloud and requirements for secure access of EHR data. A secure EHR system demonstrated to be resilient to various attacks to protect patient privacy and enable emergency healthcare was proposed by Sun et al. [39]. In e-Health and Mobile Health network, Guo et al. [40, 41] proposed a privacy-preserving attribute-based authentication system, which leverages users verifiable attributes to authenticate users while preserving their privacy issues. Kumar et al. [42] proposed a biometric based authentication scheme which is lightweight and solely uses symmetric key based operations. A secure data sharing using IBE scheme for the implementation of data sharing in the e-Healthcare system was proposed by Sudarson et al. [43]. Zhang et al. [44] proposed a system architecture and adversary model of a secure s-health system which realizes fine-grained access control on s-health cloud data and hence ensures users privacy protection. Dawoud et al. [45] defined different scenarios for the integration of the e-health systems with the cloud computing systems and these scenarios discussed the authentication and data processing in the different parts of the system. Zhang et al. [46] proposed a three-factor authenticated key agreement scheme based on a dynamic authentication mechanism to protect the users privacy using for e-health systems, and it was proved to be semantically secure under the real or random model. Sahi et al. [47] reviewed the latest research with regard to privacy preservation in e-Healthcare and explored whether this research offers any possible solutions to patient privacy requirements for e-Healthcare. However, these schemes may not be secure under various forms of leakage attacks.

The first leakage-resilient cryptographic scheme was proposed by Dziembowski and Pietrzak [48] that can capture most of the key leakage attacks. However, they constructed the leakage-resilient encryption scheme based on “only computation leaks information” which can not capture the cold-boot attack. To resist the cold-boot attack, the bounded-leakage model [49] was proposed by Akavia et al. What is more, the relative-leakage model [50] was proposed by Naor et al. Leakage resilience (anonymous) IBE schemes have been discussed previously. A leakage-resilient IBE scheme was proposed and showed being secure in the standard model by Alwen et al. [51]. Chow et al. [52] proposed three new leakage-resilient IBE schemes under the respective static assumptions of the original systems. Li et al. [53] proposed a new leakage-resilient public key encryption and showed that it was secure under Decisional Diffie-Hellman (DDH) assumption. Liu et al. [54] showed that the techniques of dual system technique lead to leakage resilience and proposed an anonymous leakage-resilient identity-based encryption scheme. Li et al. [55] proposed a new leakage-resilient IBE scheme in the bounded-leakage model and showed being semantically secure against adaptive chosen ciphertext attack in the standard model.

1.3. Organization

Some preliminaries are reviewed in Section 2. In Section 3, we define the usage scenario for smart healthcare system and present the system model and leakage-resilient security model. The secure s-health system based on leakage-resilient anonymous HIBE is described in Section 4. In Section 5, our security analysis and leakage resilience analysis are described. Finally, we draw our conclusions in Section 6.

2. Preliminaries

2.1. Notations

For ease of reference, important notations are summarized in Table 1.

2.2. Random Extractor

We define the statistical distance between two random variables and over a finite domain to be The min-entropy of a random variable X is defined as The average min-entropy of a random variable X conditioned on another random variable Y is defined as follows:

Definition 1. If, for all pairs of random variables such that and , it holds that where is uniform over , we call polynomial-time function an average-case -strong extractor.

Lemma 2. If has possible values and is random variable, we have

2.3. Bilinear Groups

Let and be two cyclic groups of prime order and be a bilinear map. We call a bilinear group if it has the following properties:(i)Bilinearity: and , we have .(ii)Nondegeneracy: for the generator , we have .(iii)Computability: , the bilinear map can be efficiently computed.

2.4. Computational Assumptions

2.4.1. Bilinear Diffie-Hellman Exponent (BDHE) Assumption

Let be a generator of group and . We define the computational BDHE problem [56] to be where , . Algorithm has advantage in solving the computational BDHE problem if

The decisional version of the BDHE problem is defined in the usual manner. Let ; Algorithm has advantage in solving the decisional BDHE problem if

2.4.2. Decisional Linear Assumption

The decisional linear problem [57] is defined as Algorithm goal is to output 1 when or 0 otherwise. We give three weak versions of the decisional linear problem [35] as follows:(i)Version (1): Algorithm goal is to output 1 when or 0 otherwise.(ii)Version (2): Algorithm goal is to output 1 when or 0 otherwise.(iii)Version (3): Algorithm goal is to output 1 when or 0 otherwise.

3. System Model

3.1. Usage Scenario

The hospital uses the system software developed by our proposal, and each member of the hospital is registered in the system at a certain level. The system allocates private keys to them through the key generation algorithm; however, the private key generated may be leaked partly by malicious attackers through various forms of leakage attacks.

A patient, named Alice, visits a doctor in this hospital. According to condition, a nurse assigns Alice to the doctor named Bob. Through diagnosis, Bob thinks that Alice needs the doctor named Carol to treat the illness together. And Bob uploads Alice’s EHRs to the cloud server with public key of Carol through the system. Carol uses his private key to download and decrypt Alice’s EHRs. They complete the diagnosis and treatment of Alice.

During the entire process, Bob sends Alice’s EHRs to Carol through the cloud, but Carol’s private key may have leaked partly. If the general system is used, Alice’s EHRs may be leaked, but our program can ensure that Alice’s EHRs will not be leaked. Thus, the patient’s EHRs have been protected safely.

3.2. System Model

We divide the system model into two parts, and the first part is shown in Figure 1, which is to produce the private keys to the different level of users (patients, doctors). The S-Health Authority (SHA) is an entity that produces the public key parameters and the master secret key. In our system, the level is divided into levels. The private key of users in the first level is defined as the root private key. The private key of the - level users is related to the private key of the - level users, where .

The second part is shown in Figure 2, which is to share medical information among all users. It is described in the picture where doctor A shares medical information to patient B. A encrypts medical information with B’s public key (identity) and then uploads it to the s-health cloud (SHC). Then B decrypts medical information with its own private key. The adversary can know part of the private keys information of B through the leak attack.

We define an description of the proposed secure s-health system:(i)Initialization: SHA produces the public key parameters and the master secret key . All users can obtain .(ii)User Registration: A user (a patient, a doctor) can join the s-health system by confirming its level to SHA.(iii)Information Upload: A user encrypts medical information based on a leakage-resilient anonymous HIBE scheme and uploads the final ciphertext to SHC.(iv)Information Access: A user downloads a ciphertext from SHC. The ciphertext can be decrypted if and only if the private keys correspond to the public key used for encryption.

3.3. Leakage-Resilient Security Model for Anonymous HIBE

The security of leakage-resilient anonymous HIBE is defined by the following game () between an adversary and a challenger .(i)Init: The adversary gives the challenge identity to the challenger .(ii)Setup: computes . gives to and keeps to itself. will initialize a set , which will be the set of tuples of identities; private keys have been created and the number of leaked bits corresponds to the private key . Let be a leakage parameter.(iii)Phase 1: adaptively issues the following two kinds of queries:(a)Private Key Queries: adaptively queries with where and is not a prefix of ; responds with the private key corresponding to the identity .(b)Leak Queries: gives a polynomial-time leakage function and adaptively queries with . finds the tuple and replies with when or a reject symbol .(iv)Challenge: selects two messages on which it wishes to be challenged. chooses a random bit and gives to .(v)Phase 2: answers the queries in the same way as phase 1 with the added restriction that can not execute leakage queries.(vi)Guess: outputs a bit and wins if .

Definition 3. We say that an anonymous HIBE scheme is leakage-resilient and selectively secure against chosen plaintext attacks (ANO-IND-sID-CPA) if all polynomial-time adversaries ’s advantage is negligible in the above game. We define ’s advantage to be

4. Secure s-Health System

4.1. A Leakage-Resilient Anonymous HIBE Scheme

For an HIBE of maximum depth and an identity where , a leakage-resilient anonymous HIBE scheme is defined as follows:(i)Setup: The Setup algorithm takes a security parameter and produces the public key parameters and the master secret key . All users can obtain .(ii)KenGen: The KenGen algorithm takes as input the public key , an identity , and the private key corresponding to the identity . It outputs the private key .(iii)Encrypt: The Encrypt algorithm takes as input the public key , an identity , and a message . It outputs a ciphertext .(iv)Decrypt: The Decrypt algorithm takes as input the public key , a ciphertext , and the private key corresponding to the identity . It outputs the message or a reject symbol if the ciphertext is invalid.

4.2. Description of Secure s-Health System

Let be a large prime number and be a group of order . Let be the HIBE of maximum depth and represent identity information as bit strings of length [58].(i)Initialization: SHA randomly chooses . Set , , , , and then pick in group at random. The public key parameters are The master secret key is .(ii)User Registration: The user joins the s-health system and gets its private keys. The user initiates the following key generation protocol. KeyGen: The KeyGen algorithm is defined as follows.(a)Root private keys: For the first level user where and , root randomly chooses and produces the auxiliary parameters where , , and is outputted as the public key. Root outputs the private key for as and where and are used to rerandomize the private keys.(b)Delegate: For the - level user where , and , by using the private key corresponding to the - level user : and randomly chooses and it produces the auxiliary parameters where and . Let ; then one can obtain and . outputs the private key for as and where .(iii)Information Upload: A user encrypts medical information based on a leakage-resilient anonymous HIBE scheme as follows. Encrypt: The encryptor randomly chooses and a random seed . The encryptor creates the ciphertext as follows: (iv)Information Access: A user downloads and decrypts a ciphertext from SHC as follows. Decrypt: The - level user decrypts a ciphertext using the private key and computes

4.3. Correctness

The correctness can be checked:

5. Analysis

5.1. Security Analysis

Following [59], the security proof can be completed by a series of hybrid games. Let denote the challenge ciphertext given to the adversary during a . We define the hybrid games to be(1)Game 1: ;(2)Game 2: ;(3)Game 3: ;(4)Game 4: ,

where and .

We will show these games are indistinguishable in the following lemmas.

Lemma 4. Suppose the decision -BDHE assumption holds, there is no polynomial-time adversary that can distinguish Game 1 and Game 2.

Proof. The proof follows from the security of the Boneh-Boyen selective-ID scheme [60] and Abdalla’s security analysis [58]. Suppose there is adversary that can distinguish between Game 1 and Game 2 with advantage . Then challenge will be made to solve the decision -BDHE assumption.
receives a challenge tuple where , , and is either or a random element of . interacts with as follows:(i)Init: The adversary gives the challenge identity to the challenger where .(ii)Setup: randomly chooses , where , . It sets The public key parameters are . The master secret key is , which is unknown to .(iii)Phase 1: adaptively queries with where and is not a prefix of . This condition ensures that there is such that . produces the private key corresponding to the identity , where denotes the first element such that . Let be the number of sites such that in . To respond to the query, produces the auxiliary parameters as follows. For , compute Finally, the auxiliary parameters can be computed as follows. where randomly chooses and sets . The private keys corresponding to the identity are simulated as follows. In fact, In addition, Then we can obtain also produces . uses to derive a private key for the descendant identity and gives the result. Then, submits the leak queries to .(iv)Challenge: selects two messages on which it wishes to be challenged. first produces the auxiliary parameters as for challenge identity , where . then randomly chooses and a random seed and responds to the ciphertexts as where .(v)Phase 2: answers the queries in the same way as phase 1 with the added restriction that the can not execute leakage queries.(vi)Guess: outputs a bit and wins if . From the above game, we can see that if , is playing Game 1. The challenge ciphertexts are valid encryption to . In fact, let . Then one can obtain Otherwise, is a random element in ; is playing Game 2. Thus, Game 1 and Game 2 are computationally indistinguishable.

Lemma 5. Suppose the decisional linear assumption holds. Then Game 2 and Game 3 are indistinguishable.

Proof. Suppose there is adversary that can distinguish between Game 2 and Game 3 with advantage . Then a challenge will be made to solve the decision linear problem.
receives a challenge tuple is either or a random element of G. interacts with as follows:(i)Init: The adversary gives the challenge identity to the challenger where .(ii)Setup: randomly chooses where , . It sets where The public key parameters are . The master secret key is which is unknown to , where .(iii)Phase 1: adaptively queries with where and is not a prefix of . This condition ensures that there is such that . produces the private key corresponding to the identity where denotes the first element such that . Let be the number of sites such that in . To respond to the query, produces the auxiliary parameters as follows. For , Finally, the auxiliary information parameters can be computed as follows. where randomly chooses and sets . The private keys corresponding to the identity are simulated as follows. In fact, In addition, Then we can obtain also produces . uses to derive a private key for the descendant identity and gives the result. Then, submits the leak queries to .(iv)Challenge: selects two messages on which it wishes to be challenged. first produces the auxiliary parameters as for challenge identity , where . then randomly chooses and a random seed and responds to the ciphertexts as(v)Phase 2: answers the queries in the same way as phase 1 with the added restriction that can not execute leakage queries.(vi)Guess: outputs a bit and wins if .From the above game, we can see that if , is playing Game 2. In fact, let . Then one can obtain Otherwise, is a random element in , and is playing Game 3. Thus, Game 2 and Game 3 are computationally indistinguishable.

Lemma 6. Suppose the decisional linear assumption holds. Then Game 3 and Game 4 are indistinguishable.

Proof. This proof is similar to Lemma 5. receives a challenge tuple is either or a random element of G. interacts with as follows:(i)Init: adversary gives the challenge identity to the challenger where .(ii)Setup: randomly chooses where , . It sets The public key parameters are . The master secret key is which is unknown to , where .(iii)Phase 1: this section is similar to Lemma 5.(iv)Challenge: selects two messages on which it wishes to be challenged. randomly chooses , , and a random seed and responds to the ciphertexts as (v)Phase 2: answers the queries in the same way as phase 1 with the added restriction that can not execute leakage queries.(vi)Guess: outputs a bit and wins if . From the above game, we can see that if , is playing Game 3. In fact, let . Then one can obtain Otherwise, is a random element in , and is playing Game 4. Thus, Game 3 and Game 4 are computationally indistinguishable.

Theorem 7. If the decision -BDHE assumption and the decisional linear assumption hold, then our anonymous HIBE scheme is -leakage resilience secure.

5.2. Leakage Resilience Analysis

Let be used to represent a view that adversary sees without leakage, we have . From the above leakage-resilient security model, one can know that, for the challenge identity , the adversary can get the most leak information when doing leak queries. We set as bit; in other words, has values. From Lemma 2, one can obtain Therefore, as long as the extractor’s strength is , one can obtain where is uniform distribution and . The premise is that extractor performance is good enough; one can obtain . Hence the distance between and uniform distribution is and the statistical distance between two ciphertexts is at most . Therefore, no PPT adversary can distinguish the two challenge ciphertexts with the advantage of more than . The leakage ratio of our scheme is We compare our work with schemes [24, 35, 54] in Table 2, where , , , and mean the public key size, the secret key size, the ciphertext size, and leakage-resilience, respectively. We define as the maximum depth of HIBE, represents the user identity depth, and the symbol “-” represents the fact that the corresponding scheme does not have this feature. It is noted that our scheme supports anonymity and leakage-resilience where both private keys and ciphertext have a constant size.

Our scheme has no obvious advantage in computational efficiency, but the public key length and private key length of our HIBE scheme are both in time. However, we mainly solve the problem of key leakage in the acceptable range between computational efficiency and security balance.

6. Conclusion and Future Work

In this paper, we present a secure s-health system based on a leakage-resilient anonymous HIBE scheme in the bounded-leakage model. Our scheme can protect the patient’s privacy well, even when the private key is partially leaked. Our system also achieves the safe transmission of the patient’s EHRs in the case of leakage attacks. And we provide an example to show the systems feasibility. The proposed scheme was proved to be secure against chosen plaintext attacks in the standard model under the Diffie-Hellman exponent assumption and decisional linear assumption. However, the doctors may reveal the privacy of patients in a malicious way; thus, in the future work, we can increase tracking technology to limit doctors’ malicious information disclosure. In the future work, we can also study how to construct a secure s-health system which allows the master-key leakage.

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work is supported by National Key R&D Program of China (no. 2017YFB0802000), National Natural Science Foundation of China (nos. 61772418, 61472472, and 61402366), and Natural Science Basic Research Plan in Shaanxi Province of China (nos. 2018JZ6001, 2015JQ6236, 2016JM6033, and 2015JQ6262). Yinghui Zhang is supported by New Star Team of Xi’an University of Posts and Telecommunications.

References

J. Li, L. Wang, and Z. Huang, “Verifiable Chebyshev Maps-Based Chaotic Encryption Schemes with Outsourcing Computations in the Cloud/Fog Scenarios,” Concurrency and Computation: Practice and Experience, 2018.
View at: Google Scholar
L. Sun, Z. Li, Q. Yan, W. Srisa-An, and Y. Pan, “Sigpid: significant permission identification for android malware detection,” in Proceedings of the International Conference on Malicious and Unwanted Software, pp. 1–8, 2017.
View at: Google Scholar
Q. Lin, H. Yan, Z. Huang, W. Chen, J. Shen, and Y. Tang, “An ID-based linearly homomorphic signature scheme and its application in blockchain,” IEEE Access, vol. PP, no. 99, pp. 1–1, 2018.
View at: Publisher Site | Google Scholar
T. Li, J. Li, Z. Liu, P. Li, and C. Jia, “Differentially private Naive Bayes learning over multiple data sources,” Information Sciences, vol. 444, pp. 89–104, 2018.
View at: Publisher Site | Google Scholar | MathSciNet
J. Li, Z. Liu, X. Chen, F. Xhafa, X. Tan, and D. S. Wong, “L-EncDB: A lightweight framework for privacy-preserving data queries in cloud computing,” Knowledge-Based Systems, vol. 79, pp. 18–26, 2015.
View at: Publisher Site | Google Scholar
Q. Lin, J. Li, Z. Huang, W. Chen, and J. Shen, “A short linearly homomorphic proxy signature scheme,” IEEE Access, vol. 6, pp. 12966–12972, 2018.
View at: Publisher Site | Google Scholar
R. Xie, C. He, D. Xie, C. Gao, and X. Zhang, “A Secure Ciphertext Retrieval Scheme against Insider KGAs for Mobile Devices in Cloud,” Security and Communication Networks, vol. 2018.
View at: Publisher Site | Google Scholar
Y. Zhang, J. Li, X. Chen, and H. Li, “Anonymous attribute-based proxy re-encryption for access control in cloud computing,” Security and Communication Networks, vol. 9, no. 14, pp. 2397–2411, 2016.
View at: Publisher Site | Google Scholar
C. Yuan, X. Li, Q. J. Wu, J. Li, and X. Sun, “Fingerprint liveness detection from different fingerprint materials using convolutional neural network and principal component analysis,” Computers Materials & Continua, vol. 53, no. 4, pp. 357–371, 2015.
View at: Google Scholar
J. Li, X. Chen, S. S. M. Chow, Q. Huang, D. S. Wong, and Z. Liu, “Multi-authority fine-grained access control with accountability and its application in cloud,” Journal of Network Computer Applications, 2018.
View at: Google Scholar
Y. Zhang, D. Zheng, and R. H. Deng, “Security and Privacy in Smart Health: Efficient Policy-Hiding Attribute-Based Access Control,” IEEE Internet of Things Journal, vol. 5, no. 3, pp. 2130–2145, 2018.
View at: Publisher Site | Google Scholar
P. Li, J. Li, Z. Huang et al., “Multi-key privacy-preserving deep learning in cloud computing,” Future Generation Computer Systems, vol. 74, pp. 76–85, 2017.
View at: Publisher Site | Google Scholar
Y. Zhang, X. Chen, J. Li, D. S. Wong, and H. Li, “Anonymous attribute-based encryption supporting efficient decryption test,” in Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 511–516, ACM, 2013.
View at: Google Scholar
J. Li, X. Chen, M. Li, J. Li, P. P. C. Lee, and W. Lou, “Secure deduplication with efficient and reliable convergent key management,” IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 6, pp. 1615–1625, 2014.
View at: Publisher Site | Google Scholar
P. Li, J. Li, Z. Huang, C.-Z. Gao, W.-B. Chen, and K. Chen, “Privacy-preserving outsourced classification in cloud computing,” Cluster Computing, no. 1, pp. 1–10, 2017.
View at: Publisher Site | Google Scholar
Y. Dodis and K. Pietrzak, Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks, Springer, Berlin, Heidelberg, Germany, 2010.
View at: Publisher Site | MathSciNet
J. A. Halderman, S. D. Schoen, N. Heninger et al., “Lest we remember: cold-boot attacks on encryption keys,” Communications of the ACM, vol. 52, no. 5, pp. 91–98, 2008.
View at: Publisher Site | Google Scholar
P. C. Kocher, “Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems,” International Cryptology Conference on Advances in Cryptology, pp. 104–113, 1996.
View at: Publisher Site | Google Scholar
K. Gandolfi, C. Mourtel, and F. Olivier, “Electromagnetic analysis: Concrete results,” Ches May, vol. 2162, pp. 251–261, 2001.
View at: Publisher Site | Google Scholar
D. Boneh, R. A. DeMillo, and R. J. Lipton, On the Importance of Checking Cryptographic Protocols for Faults, Springer, Berlin, Heidelberg, Germany, 1997.
View at: Publisher Site | MathSciNet
Y. H. Zhang, X. F. Chen, H. Li, and J. Cao, “Identity-based construction for secure and efficient handoff authentication schemes in wireless networks,” Security and Communication Networks, vol. 5, no. 10, pp. 1121–1130, 2012.
View at: Publisher Site | Google Scholar
J. Li, X. Chen, X. Huang et al., “Secure distributed deduplication systems with improved reliability,” IEEE Transactions on Computers, vol. 64, no. 12, pp. 3569–3579, 2015.
View at: Publisher Site | Google Scholar | MathSciNet
C. Gao, Q. Cheng, P. He, W. Susilo, and J. Li, “Privacy-preserving Naive Bayes classifiers secure against the substitution-then-comparison attack,” Information Sciences, 2018.
View at: Publisher Site | Google Scholar | MathSciNet
C.-I. Fan, L.-Y. Huang, and P.-H. Ho, “Compact Anonymous Hierarchical Identity-Based Encryption with Constant Size Private Keys,” Computer Journal, vol. 59, no. 4, pp. 452–461, 2018.
View at: Publisher Site | Google Scholar | MathSciNet
J. Li, Y. Zhang, X. Chen, and Y. Xiang, “Secure attribute-based data sharing for resource-limited users in cloud computing,” Computers & Security, vol. 72, pp. 1–12, 2018.
View at: Publisher Site | Google Scholar
Y. Zhang, D. Zheng, X. Chen, J. Li, and H. Li, “Efficient attribute-based data sharing in mobile clouds,” Pervasive and Mobile Computing, vol. 28, pp. 135–149, 2016.
View at: Publisher Site | Google Scholar
Y. Zhang, X. Chen, J. Li, D. S. Wong, H. Li, and I. You, “Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing,” Information Sciences, vol. 379, pp. 42–61, 2017.
View at: Publisher Site | Google Scholar
A. Shamir, Identity-based cryptosystems and signature schemes, vol. 21 of Lecture Notes in Computer Science, 2 edition, 1984.
View at: Publisher Site | MathSciNet
J. Li, J. Li, X. Chen, C. Jia, and W. Lou, “Identity-based encryption with outsourced revocation in cloud computing,” IEEE Transactions on computers, vol. 64, no. 2, pp. 425–437, 2015.
View at: Publisher Site | Google Scholar | MathSciNet
C. Gentry and A. Silverberg, “Hierarchical id-based cryptography,” in Proceedings of the Advances in Cryptology - ASIACRYPT 2002, International Conference on the Theory and Application of Cryptology and Information Security, pp. 548–566, Queenstown, New Zealand, December, 2002.
View at: Publisher Site | Google Scholar | MathSciNet
D. Boneh, X. Boyen, and E.-J. Goh, “Hierarchical identity based encryption with constant size ciphertext,” in Proceedings of the International Conference on Theory and Applications of Cryptographic Techniques, pp. 440–456, 2005.
View at: Publisher Site | Google Scholar | MathSciNet
B. Waters, “Dual system encryption: Realizing fully secure ibe and hibe under simple assumptions,” International Cryptology Conference on Advances in Cryptology, vol. 5677, pp. 619–636, 2009.
View at: Publisher Site | Google Scholar | MathSciNet
J. H. Seo, T. Kobayashi, M. Ohkubo, and K. Suzuki, “Anonymous hierarchical identity-based encryption with constant size ciphertexts,” in Proceedings of the International Conference on Practice and Theory in Public Key Cryptography, vol. 5443, pp. 215–234, PKC, 2009.
View at: Publisher Site | Google Scholar | MathSciNet
J. H. Seo and J. H. Cheon, “Fully secure anonymous hierarchical identity-based encryption with constant size ciphertexts,” Iacr Cryptology Eprint Archive, vol. 2011, no. 2011, pp. 215–234, 2011.
View at: Google Scholar | MathSciNet
J. H. Park and D. H. Lee, “Anonymous hibe: Compact construction over prime-order groups,” IEEE Transactions on Information Theory, vol. 59, no. 4, pp. 2531–2541, 2013.
View at: Publisher Site | Google Scholar | MathSciNet
S. C. Ramanna and P. Sarkar, Anonymous Constant-Size Ciphertext HIBE from Asymmetric Pairings, Springer, Berlin, Heidelberg, Germany, 2013.
View at: Publisher Site
F. W. Dillema and S. Lupetti, “Rendezvous-based access control for medical records in the pre-hospital environment,” in Proceedings of the 1st ACM SIGMOBILE international workshop on Systems and networking support for healthcare and assisted living environments, pp. 1–6, ACM, 2007.
View at: Google Scholar
R. Zhang and L. Liu, “Security models and requirements for healthcare application clouds,” in Proceedings of the Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on, pp. 268–275, IEEE, 2010.
View at: Google Scholar
J. Sun, X. Zhu, C. Zhang, and Y. Fang, “Hcpp: Cryptography based secure ehr system for patient privacy and emergency healthcare,” in Proceedings of the Distributed Computing Systems (ICDCS), 2011 31st International Conference on, pp. 373–382, 2011.
View at: Publisher Site | Google Scholar
L. Guo, C. Zhang, J. Sun, and Y. Fang, “PAAS: A Privacy-Preserving Attribute-Based Authentication System for eHealth Networks,” in Proceedings of the IEEE International Conference on Distributed Computing Systems, pp. 224–233, 2012.
View at: Publisher Site | Google Scholar
L. Guo, C. Zhang, J. Sun, and Y. Fang, “A Privacy-Preserving Attribute-Based Authentication System for Mobile Health Networks,” IEEE Transactions on Mobile Computing, vol. 13, no. 9, pp. 1927–1941, 2014.
View at: Publisher Site | Google Scholar
T. Kumar, A. Braeken, M. Liyanage, and M. Ylianttila, “Identity privacy preserving biometric based authentication scheme for Naked healthcare environment,” IEEE International Conference on Communications, 2017.
View at: Google Scholar
A. Sudarsono, M. Yuliana, and H. A. Darwito, “A secure data sharing using identity-based encryption scheme for e-healthcare system,” in Proceedings of the International Conference on Science in Information Technology, pp. 429–434, 2017.
View at: Publisher Site | Google Scholar
Y. Zhang, J. Li, D. Zheng, X. Chen, and H. Li, “Towards privacy protection and malicious behavior traceability in smart health,” Personal & Ubiquitous Computing, vol. 21, no. 8, pp. 1–16, 2017.
View at: Google Scholar
M. Dawoud and D. T. Altilar, “Cloud-based E-health systems: Security and privacy challenges and solutions,” in Proceedings of the International Conference on Computer Science and Engineering, pp. 861–865, 2017.
View at: Publisher Site | Google Scholar
L. Zhang, Y. Zhang, S. Tang, and H. Luo, “Privacy protection for e-health systems by means of dynamic authentication and three-factor key agreement,” IEEE Transactions on Industrial Electronics, vol. 65, no. 3, pp. 2795–2805, 2017.
View at: Publisher Site | Google Scholar
M. A. Sahi, H. Abbas, K. Saleem et al., “Privacy preservation in e-healthcare environments: State of the art and future directions,” IEEE Access, vol. 6, pp. 464–478, 2018.
View at: Publisher Site | Google Scholar
S. Dziembowski and K. Pietrzak, “Leakage-resilient cryptography,” IEEE Symposium on Foundations of Computer Science, pp. 293–302, 2008.
View at: Google Scholar
A. Akavia, S. Goldwasser, and V. Vaikuntanathan, Simultaneous hardcore bits and cryptography against memory attacks, vol. 5444, Springer, Berlin, Heidelberg, Germany, 2009.
View at: Publisher Site | MathSciNet
M. Naor and G. Segev, “Public-key cryptosystems resilient to key leakage,” International Cryptology Conference on Advances in Cryptology, vol. 5677, pp. 18–35, 2009.
View at: Publisher Site | Google Scholar | MathSciNet
J. Alwen, Y. Dodis, M. Naor, G. Segev, S. Walfish, and D. Wichs, “Public-key encryption in the bounded-retrieval model,” in Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, pp. 113–134, 2010.
View at: Publisher Site | Google Scholar | MathSciNet
S. S. M. Chow, Y. Dodis, Y. Rouselakis, and B. Waters, “Practical leakage-resilient identity-based encryption from simple assumptions,” in Proceedings of the ACM Conference on Computer and Communications Security, pp. 152–161, 2010.
View at: Publisher Site | Google Scholar
S. Li, F. Zhang, Y. Sun, and L. Shen, “Efficient leakage-resilient public key encryption from ddh assumption,” Cluster Computing, vol. 16, no. 4, pp. 797–806, 2013.
View at: Publisher Site | Google Scholar
P. Liu, C. Hu, S. Guo, and Y. Wang, “Anonymous identity-based encryption with bounded leakage resilience,” in Proceedings of the IEEE International Conference on Advanced Information NETWORKING and Applications Workshops, pp. 287–292, 2015.
View at: Google Scholar
J. Li, M. Teng, Y. Zhang, and Q. Yu, “A leakage-resilient cca-secure identity-based encryption scheme,” Computer Journal, vol. 59, no. 7, pp. 1066–1075, 2016.
View at: Publisher Site | Google Scholar
J. Quisquater and D. Samyde, ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards, Springer, Berlin, Heidelberg, Germany, 2001.
View at: Publisher Site
D. M. Freeman, Converting pairing-based cryptosystems from composite-order groups to prime-order groups, vol. 2009 of Lecture Notes in Computer Science, Springer, Berlin, 2010.
View at: Publisher Site | MathSciNet
M. Abdalla, D. Catalano, and D. Fiore, “Verifiable random functions from identity-based key encapsulation,” EUROCRYPT, pp. 554–571, 2009.
View at: Publisher Site | Google Scholar | MathSciNet
X. Boyen and B. Waters, Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles), Springer, Berlin, Heidelberg, Germany, 2006.
View at: Publisher Site | MathSciNet
D. Boneh and X. Boyen, “Efficient selective-id secure identity-based encryption without random oracles,” Journal of Cryptology, no. 4, p. 172, 2004.
View at: Google Scholar | MathSciNet

Copyright

Copyright © 2018 Yinghui Zhang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1812

Downloads

1126

Citations