Privacy-Protection Scheme Based on Sanitizable Signature for Smart Mobile Medical Scenarios

Xu, Zhiyan; Luo, Min; Kumar, Neeraj; Vijayakumar, Pandi; Li, Li

doi:https://doi.org/10.1155/2020/8877405

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Related Work Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Attacks, Challenges, and New Designs in Security and Privacy for Smart Mobile Devices

View this Special Issue

Research Article | Open Access

Volume 2020 | Article ID 8877405 | https://doi.org/10.1155/2020/8877405

Privacy-Protection Scheme Based on Sanitizable Signature for Smart Mobile Medical Scenarios

Zhiyan Xu,¹Min Luo,²Neeraj Kumar,³Pandi Vijayakumar,⁴and Li Li²

Academic Editor: Ding Wang

Received25 Jun 2020

Revised25 Sept 2020

Accepted09 Nov 2020

Published24 Nov 2020

Abstract

With the popularization of wireless communication and smart devices in the medical field, mobile medicine has attracted more and more attention because it can break through the limitations of time, space, and objects and provide more efficient and quality medical services. However, the characteristics of a mobile smart medical network make it more susceptible to security threats such as data integrity damage and privacy leakage than those of traditional wired networks. In recent years, many digital signature schemes have been proposed to alleviate some of these challenges. Unfortunately, traditional digital signatures cannot meet the diversity and privacy requirements of medical data applications. In response to this problem, this paper uses the unique security attributes of sanitizable signatures to carry out research on the security and privacy protection of medical data and proposes a data security and privacy protection scheme suitable for smart mobile medical scenarios. Security analysis and performance evaluation show that our new scheme effectively guarantees data security and user privacy while greatly reducing computation and communication costs, making it especially suitable for mobile smart medical application scenarios.

1. Introduction

With the swift development of the Internet and smart devices, mobile medicine has emerged at the historic moment. It is a new type of medical model that can break through the limitations of objective factors such as time, space, and objects. In mobile medical applications, smart devices can provide remote health monitoring and medical supervision for patients using wireless sensor networks [1, 2].

Compared with the traditional medical model, the value of electronic medical records is no longer limited to the application of medical, scientific research, and teaching activities but more related to hospital management, insurance claims, judicial evidence collection, and preventive healthcare [3, 4]. The scope of application of medical information is getting wider and wider, and the utilization rate is getting higher and higher. Therefore, the authenticity and availability of the electronic medical information are critical to the correct use of medical data and to fully reflect the value of medical data sharing. A slight difference may endanger the safety of the patient’s life and property, causing irreparable losses [5].

At the same time, medical data contains a lot of personal privacy, which may lead to the leakage of patient privacy in resource sharing [6, 7]. Unnecessary medical information leakage will cause patients to suffer unpredictable hazards such as loss of biological information, telephone fraud, and precise marketing and also seriously endanger the safety of people’s life and property [8, 9]. The problems of medical data security and privacy protection have become the biggest obstacles to the further development and promotion of the mobile medical industry.

Digital signature is one of the important means to protect the authenticity and availability of medical data [10–12]. However, not all applications must obtain the complete electronic medical record. For example, when an electronic medical record is used for medical reimbursement, patients only need to provide the insurance company with real information about the treatment and insurance number. When the complete electronic medical record is provided, too much personal information unrelated to medical claims will be disclosed.

To protect the privacy of patients, one of the solutions is to require the signer to only sign information related to medical claims [13]. However, whenever a new subset of the electronic medical record needs to be shared, the signer is required to repeat the signing process, which will generate excessively high computation costs, and sometimes, even the documents cannot be resigned due to the departure of the signer.

Sanitizable signature [14] is a type of digital signature that supports controlled modification of signed messages. This feature makes it not only guarantee the integrity and authenticity of medical data but also effectively hide sensitive information of patients (specific sensitive information can be flexibly set according to different information sharing objects), which not only follows the “minimum necessary” disclosure standard of HIPAA privacy rules [15] but also promotes the use of value-added medical information and improves the efficiency of the scheme. Therefore, sanitizable signatures are very suitable for solving data security and privacy protection issues in smart mobile medical scenarios.

1.1. Our Research Contributions

We regard the main contributions of our scheme to be as follows: (i)We propose a system model suitable for data security and privacy protection in smart mobile medical scenarios(ii)We propose a privacy-protection scheme based on sanitizable signature for smart mobile medical scenarios (hereafter referred to as the PP-SS scheme).(iii)We conduct security analysis and performance evaluation for the newly proposed PP-SS scheme

1.2. Organization of the Paper

The rest of the paper is organized as follows. Sections 2 and 3 present related work and the problem statement, respectively. The new PP-SS scheme is proposed in Section 4. In Sections 5 and 6, we describe the security analysis and the performance evaluation, respectively. Finally, we conclude the paper in the last section.

The traditional digital signature does not allow any modification operation to the signed message; otherwise, the message signature is invalid [16, 17]. However, to achieve data integrity, authenticity, and availability while ensuring data privacy in smart mobile medical and many other application fields, users hope that signed messages can be modified in a controlled manner to derive new signed messages [18, 19].

The concept of a sanitizable signature was first proposed by Ateniese et al. [14] in 2005, which can break through the limitations of traditional digital signatures and support an entity (sanitizer) designated by the original signer to modify the signed message within the scope of authorization and generate a new signature without any interaction with the signer. Compared with a traditional signature, it not only ensures data integrity but also solves the hidden problem of sensitive information and provides more flexibility.

Brzuska et al. [20] gave the first formal security model for a sanitizable signature. Gong et al. [21] analyzed the formal security model proposed in [20] and pointed out that the security model is vulnerable to rights forgery attacks and then provided new definitions of attributes such as unforgeability and immutability. Subsequently, Krenn et al. [22] made further research on the above model and introduced stronger unforgeability and privacy.

With the continuous development of sanitizable signature technology, it covers more application examples. Brzuska et al. [23] introduced unlinkability, which can ensure that the sanitized signature will not leak from the original signature; even if the original signature is known, it is difficult determine whether the two signatures are related. Subsequent literature [24] introduced noninteractive public accountability, which can facilitate the implementation of the multieye principle [25]. Pöhls et al. [26] proposed the concept of hidden attributes, which means that outsiders cannot know which parts of the signed message are allowed to be modified. Then, Camenisch et al. [27] gave a formal definition of the hidden attribute, and Beck et al. [28] reinforced the attribute. Very recently, Bultel et al. [29] proposed a new sanitizable signature scheme, but it did not perform well in terms of performance.

At present, sanitizable signature schemes have been tried to be implemented on different devices, from desktops [28], to smart cards [30], and then to applications in XML signatures [20]. Before deploying the sanitizable signature scheme in practical applications, users must be aware of the possible legal consequences. Some researchers have proposed emergency properties to avoid some legal challenges [31, 32], because qualified digital signatures are equivalent to handwritten digital signatures in court. The value of concern is that a sanitizable signature scheme can be used to help a redactable signature [33] achieve accountability [34].

3. Problem Statement

The definitions of the equivalence class signature and system model of our proposed PP-SS scheme are presented in this section. System components and security requirements of the privacy-protection scheme based on a sanitizable signature for smart mobile medical scenarios are then described.

3.1. Equivalence Class Signature

We give the definition of equivalence class signature (EQS). For more details, please refer to Reference [35].

Definition 1. (EQS). An EQS signature scheme consists of the following five polynomial algorithms, where is the bilinear group and is the length of a message. (i) is a key generation algorithm; it inputs parameters and outputs a key pair (ii) is a signing algorithm; it inputs parameters and outputs a signature on the equivalence class (iii) is a change representation algorithm; it inputs parameters and outputs a signature on the equivalence class (iv) is a signature verification algorithm; it inputs parameters and outputs , if and is a valid signature; otherwise, and is an invalid signature(v) is a key verification algorithm; it inputs parameters and outputs , if the keys are consistent; otherwise, and the keys are consistent

3.2. System Model

The architecture of our smart mobile medical scenarios is shown in Figure 1, and there are six types of entities in a privacy-protection scheme based on a sanitizable signature scheme: trusted authority, smart medical device, medical server, signer, sanitizer, and verifier. Each entity is specifically defined as follows: (i)Trusted authority. A trusted authority is responsible for initializing the system and generating system parameters(ii)Smart medical device. A smart medical device refers to a portable or wearable medical device used to monitor the health status of patients and give timely feedback to medical experts to get better medical services(iii)Medical server. A medical server is a device with strong computing power and plenty of storage space, which can handle a large amount of data received from smart medical devices(iv)Signer. A signer is usually a doctor who is responsible for completing the setting of relevant parameters that allow modification of the content, the authorization of the semitrust sanitizer, and the signature of the original message(v)Sanitizer. A sanitizer is usually a semitrusted third party authorized by the signer, responsible for modifying the specified content within the scope of the signer’s authorization and generating a signature on the sanitized message(vi)Verifier. A verifier is usually a medical data sharing entity which refers to the beneficiaries of medical data sharing, such as insurance companies, scientific research centers, and medical institutions, who can verify the validity of the message signature before and after sanitization and the legality of the identity of the signer and sanitizer

3.3. System Components

Our proposed PP-SS scheme is a collection of the following six polynomial time algorithms: (i) is a probabilistic algorithm to complete system initialization, where is a security parameter and is the system parameters(ii) is a probabilistic algorithm to generate key pairs for the signer(iii) is a probabilistic algorithm to generate key pairs for the sanitizer(iv) is a randomized algorithm to generate an original signature, where is the message, is a description of the admissible modifications to , and is the signature of message , and (v) is a randomized algorithm to generate a sanitized signature, where is a description of information that needs to be modified on , is the sanitized message, is the signature of sanitized message , and (vi) is a deterministic algorithm to verify the validity of the signature , with 1 or 0 as outputs to indicate whether the message keeps intergrity

3.4. Security Requirements

A privacy-protection scheme based on a sanitizable signature needs to satisfy the following functions and security requirements: (i)Integrity. To ensure that a verifier can check the message integrity by verifying the validity of the signature(ii)Unforgeability. To ensure that the signature can be proven whether it is generated by the signer or sanitizer, and no one can forge the signature generated by the signer or sanitizer(iii)Privacy. On the premise of maintaining the validity of the original signature, the sanitizer can be allowed to sanitize the sensitive information in the signed message, and no one can distinguish whether the message has been sanitized

4. Our Proposed PP-SS Scheme

Our proposed PP-SS scheme includes six phases, namely, phase, phase, phase, phase, phase, and phase.

4.1. Setup

The trusted authority generates system parameters after obtaining the security parameter by executing the following operations: (1)Generate two cyclic addition groups , and one multiplication group with the same order , where is a prime. is a generator of . is a bilinear pairing(2)Select one hash function: (3)Publish system parameter list

4.2. Extract-SKey

The signer produces his public-private key by executing the following operations: (1)Select random values , , , (2)Compute , and set (3)Compute , and set (4)Set as signer’s public key and as signer’s private key

4.3. Extract-ZKey

The sanitizer produces his public-private key by executing the following operations: (1)Select random value and set as the sanitizer’s private key(2)Compute as the sanitizer’s public key

4.4. Sign

The signer produces the signature on the message by executing the following operations: (1)Input system parameters , signer’s private key , sanitizer’s public key , message , and a description of the admissible modifications to (2)Compute and (3)Compute for , whereand set as the signature of message (4)Choose a random number and compute , (5)Set ,(6)Compute (7)Return

4.5. Sanitization

The sanitizer completes the modification of the message and produces the signature for the sanitized message by executing the following operations: (1)Input system parameters , signer’s public key , sanitizer’s private key , message , signature , and a description of the admissible modifications to (2)Compute and set (3)Compute to get (4)If , then excute ; otherwise, return (5)Select random values , as randomization factors(6)Compute and and set (7)Compute and (8)Compute (9)For , computewhere (10)Return

4.6. Verification

The verifier verifies the signature of message by executing the following operations: (1)Input system parameters , signer’s public key , sanitizer’s public key , message , signature , and a description of the admissible modifications to (2)For , computewhere (3)Compute(4)If , accept ; otherwise, reject

5. Security Analysis

5.1. Correctness

Our proposed sanitizable signature scheme is correct if and only if the sanitized signature generated from our scheme can satisfy Equation (3), where the correctness of the scheme is elaborated as follows, where :

5.2. Provable Security

In this section, we demonstrate that our presented PP-SS scheme has perfect strong transparency against adversaries as defined in [29].

Definition 2. (transparency). Transparency is also indistinguishability, which means that the sanitized signature looks like it has not been sanitized. It requires that one cannot decide whether the signature is sanitized or nonsanitized without the help of the oracle [22].

Theorem 3. A sanitizable signature scheme is perfectly strongly transparent if for all probability polynomial time adversaries A, sanitize where is the security experiments of transparency for sanitizable signatures.

Proof. We prove that the scheme has perfectly strong transparency through the hybrid argument. Now, let denote the maximum number of times that adversary can query the oracle, and define the hybrid variables , ,..., as follows.

is identical to . For , is almost the same as the value of , except for the answer of the -th query to is . That is to say, the answer of the first -th query to is the sanitized signature, and the remaining - signatures are unsanitized (original) signatures. It should be noted that . Obviously, if for , then holds.

For , we demonstrate that as below. Let the tuple be the -th query of adversary to oracle, if , then oracle returns and the equality holds trivially. Otherwise, let and be the answer. The signature comes from the mathematical distribution , where

Replacing and with and , respectively, for some , we can obtain a mathematical distribution , where

Because of the perfect adaption of [35], the distribution of and is the same as that of and , where , . Then, we can obtain a distribution , and we have

From the above derivation process, it is easy to find that in , the signature completely came from . Therefore, we can conclude that and are equivalent in function.

5.3. Comparative Summary: Security Properties

We show that our PP-SS scheme can meet all the security requirements presented in Section 3. (i)Integrity. The PP-SS scheme proposed in this paper has the characteristics of a traditional digital signature. Before sharing medical data, first sign it, and then the verifier can determine the integrity of the medical data by verifying the signature of the message(ii)Unforgeability. The PP-SS scheme proposed in this paper introduces Fuchsbauer et al.’s scheme, which has been proven to be unforgeable under chosen message attacks [35], which can ensure no one can forge the signature generated by the signer or sanitizer(iii)Sanitization. The sanitizer in our proposed PP-SS scheme in this paper can be allowed to sanitize the information in the signed message, which can effectively hide the patient’s sensitive information(iv)Privacy. The PP-SS scheme proposed in this paper can effectively hide the patient’s sensitive information, and the unsanitized signature and the sanitized signature generated from our PP-SS scheme are indistinguishable as proven in Section 5.2, which effectively protects the privacy of the patient

5.4. Comparative Summary: Security Comparison

As can be seen from Table 1, we observe that Jiang et al.’s scheme [16], Wu et al.’s scheme [17], Bultel et al.’s scheme [29], and our proposed PP-SS scheme can all meet the integrity and unforgeability. Only our PP-SS scheme can satisfy the sanitization and privacy. Suppose a patient agrees to share his electronic medical record with other medical research institutions through a third-party platform (hospital) but does not want to expose the privacy information such as the identity in the message. If users try to solve the above problems using the schemes of Jiang et al. or Wu et al., they will find that both of them can only obscure the identity of the information publisher, but cannot effectively hide user privacy information contained in the message.

In Bultel et al.’s scheme [29] and our PP-SS scheme, patients can entrust a third-party platform as a sanitizer to modify the privacy information specified by the original signer in the message. In addition, both of them can meet the indistinguishability and the attacker cannot obtain the user’s private information, which can effectively protect the privacy of the user’s sensitive information. Comparatively speaking, Bultel et al.’s scheme and our PP-SS scheme satisfy all four security requirements in Table 1 and outperform the two other schemes in terms of data security and privacy protection.

6. Comparative Summary: Performance

In this section, we analyze the performance of our proposed PP-SS scheme by evaluating the computation and communication costs.

6.1. Computation Costs

We evaluate the performance of our new proposal and Bultel et al.’s scheme [29]. In the specific implementation, we choose a nonsingular elliptic curve mod , and , , is the additive group with the order on , security parameter bits, and and are both prime numbers with a length of 160 bits. We run the simulation experiment using the MIRACL library [36] on a personal computer (Intel core with [email protected] GHz CPU, 4 GB random memory, and Windows 7 operating system). The running time of different operations is shown in Table 2.

Because , , and phases are a one-off operation, we only consider the computation costs in the phase, phase, and phase. Analgorithm includespoint addition operations andpoint multiplication operations, an algorithm requires point multiplication operations, and an algorithm requires bilinear pair operations, where is the number of messages involved in the operation [35].

In the phase, the signer in Bultel et al.’s scheme needs to perform exponentiation operations, point addition operations, point multiplication operations, and hash to point operations; therefore, the computation cost of the phase in Bultel et al.’s scheme is . The signer in our PP-SS scheme needs to perform exponentiation operations, four point addition operations, fourteen point multiplication operations, and hash to point operations; therefore, the computation cost of phase in our PP-SS scheme is .

In the phase, the sanitizer in Bultel et al.’s scheme needs to perform exponentiation operations, point multiplication operations, and hash to point operations; therefore, the computation cost of the phase in Bultel et al.’s scheme is . The sanitizer in our PP-SS scheme needs to perform exponentiation operations, thirteen point multiplication operations, and hash to point operations; therefore, the computation cost of phase in our PP-SS scheme is .

In the phase, the verifier in Bultel et al.’s scheme needs to perform bilinear pair operations and hash to point operations; therefore, the computation cost of the phase in Bultel et al.’s scheme is . The verifier in our PP-SS scheme needs to perform bilinear pair operations and hash to point operations; therefore, the computation cost of phase in Bultel et al.’s scheme is .

As shown in Figure 2 and Table 3, if and , we can observe that the computation cost of the phase in our PP-SS scheme is ms, which is reduced by compared with Bultel et al.’s scheme (the computation cost is ms); the computation cost of the phase in our PP-SS scheme is ms, which is reduced by compared with Bultel et al.’s scheme (the computation cost is ms); and the computation cost of the phase in our PP-SS scheme is ms, which is reduced by compared with Bultel et al.’s scheme (the computation cost is ms) in terms of computation cost percentage. Obviously, our new scheme greatly reduces the computation cost at different phases.

6.2. Communication Costs

In the , , , and phases, there is no additional communication cost in Bultel et al.’s scheme [29] and our proposed PP-SS scheme. Hence, we only consider the communication costs of the phase and the phase. For simplicity, we assume the length of the user’s electronic medical record is in accordance with the above implementation. The communication cost is analyzed as follows.

In the phase, the signer in Bultel et al.’s scheme needs to send , , and the electronic medical record to the sanitizer. Since , , , and , , , are all the elements in , the communication cost of Bultel et al.’s scheme is bits. The signer in our PP-SS scheme needs to send and electronic medical record to the sanitizer. Since , , , and , , , , , are all the elements in , the communication cost of Bultel et al.’s scheme is bits.

In the phase, the sanitizer in Bultel et al.’s scheme needs to send to the sanitizer. Since , , and , , are all the elements in , the communication cost of Bultel et al.’s scheme is bits. The signer in our PP-SS scheme needs to send and electronic medical record to the sanitizer. Since , , and , , , , are all the elements in , the communication cost of Bultel et al.’s scheme is bits.

If we choose and bits, the comparative summary of the communication costs is demonstrate in Table 4 and Figure 3. We can observe that the communication cost of the phase in our PP-SS scheme is bits, which is reduced by compared with Bultel et al.’s scheme (the communication cost is bits), and the communication cost of the phase in our PP-SS scheme is bits, which is reduced by compared with Bultel et al.’s scheme (the communication cost is bits) in terms of communication cost percentage. Obviously, our new scheme greatly reduces the communication cost at different phases.

7. Conclusion

Smart mobile medical is a trend that is unlikely to disappear in the foreseeable future, and as the amount of user data continues to increase, it is essential to ensure the availability of medical data and the privacy of user information. Many digital signature schemes have been proposed recently, but most schemes have certain limitations and cannot be well adapted to the needs of smart medical applications.

To overcome this security problem, we propose a new data security and privacy protection scheme based on a sanitizable signature for smart mobile medical scenarios. Security analysis and detailed performance evaluation demonstrate that our PP-SS scheme can not only ensure the integrity of medical data and support the privacy protection of patient but also achieve a higher level of security assurance when communication and computation costs are greatly reduced. Therefore, our proposed PP-SS scheme is more suitable for actual deployment in smart mobile medical scenarios.

Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work was supported by the National Natural Science Foundation of China (Nos. 61902115, 61972294, and 61932016) and the Opening Project of Guangdong Provincial Key Laboratory of Data Security and Privacy Protection (No. 2017B030301004-11).

References

P. Kakria, N. K. Tripathi, and P. Kitipawang, “A real-time health monitoring system for remote cardiac patients using smartphone and wearable sensors,” International Journal of Telemedicine and Applications, vol. 2015, Article ID 373474, 11 pages, 2015.
View at: Publisher Site | Google Scholar
M. S. Hossain, G. Muhammad, and A. Alamri, “Smart healthcare monitoring: a voice pathology detection paradigm for smart cities,” Multimedia Systems, vol. 25, no. 5, pp. 565–575, 2019.
View at: Publisher Site | Google Scholar
H.-R. Lim, H. S. Kim, R. Qazi, Y.-T. Kwon, J.-W. Jeong, and W.-H. Yeo, “Advanced soft materials, sensor integrations, and applications of wearable flexible hybrid electronics in healthcare, energy, and environment,” Advanced Materials, vol. 32, no. 15, article 1901924, 2020.
View at: Publisher Site | Google Scholar
K. Kroenke, D. P. Alford, C. Argoff et al., “Challenges with implementing the centers for disease control and prevention opioid guideline: a consensus panel report,” Pain Medicine, vol. 20, no. 4, pp. 724–735, 2019.
View at: Publisher Site | Google Scholar
C. Peng, P. Goswami, and G. Bai, “A literature review of current technologies on health data integration for patient-centered health management,” Health Informatics Journal, vol. 26, no. 3, pp. 1926–1951, 2020.
View at: Publisher Site | Google Scholar
M. Al Ameen, J. Liu, and K. Kwak, “Security and privacy issues in wireless sensor networks for healthcare applications,” Journal of Medical Systems, vol. 36, no. 1, pp. 93–101, 2012.
View at: Publisher Site | Google Scholar
T. Gong, H. Huang, P. Li, K. Zhang, and H. Jiang, “A medical healthcare system for privacy protection based on IoT,” in 2015 Seventh International Symposium on Parallel Architectures, Algorithms and Programming (PAAP), pp. 217–222, Nanjing, China, December 2015.
View at: Publisher Site | Google Scholar
R. F. Greaves, S. Bernardini, M. Ferrari et al., “Key questions about the future of laboratory medicine in the next decade of the 21st century: a report from the IFCC-emerging technologies division,” Clinica Chimica Acta, vol. 495, pp. 570–589, 2019.
View at: Publisher Site | Google Scholar
L. Fang, C. Yin, J. Zhu et al., “Privacy protection for medical data sharing in smart healthcare,” ACM Transactions on Multimedia Computing Communications and Applications, vol. 1, no. 1, pp. 1–18, 2020.
View at: Google Scholar
D. He, Y. Zhang, D. Wang, and K. K. R. Choo, “Secure and efficient two-party signing protocol for the identity-based signature scheme in the IEEE P1363 standard for public key cryptography,” IEEE Transactions on Dependable and Secure Computing, vol. 17, no. 5, pp. 1124–1132, 2018.
View at: Publisher Site | Google Scholar
Y. Zhang, D. He, X. Huang, D. Wang, K. K. R. Choo, and J. Wang, “White-box implementation of the identity-based signature scheme in the IEEE P1363 standard for public key cryptography,” IEICE Transactions on Information and Systems, vol. E103.D, no. 2, pp. 188–195, 2020.
View at: Publisher Site | Google Scholar
Q. Feng, D. He, Z. Liu, D. Wang, and K. K. R. Choo, “Distributed signing protocol for IEEE p1363-compliant identity-based signature scheme,” IET Information Security, vol. 14, no. 4, pp. 443–451, 2020.
View at: Publisher Site | Google Scholar
H. Jin, Y. Luo, P. Li, and J. Mathew, “A review of secure and privacy-preserving medical data sharing,” IEEE Access, vol. 7, pp. 61656–61669, 2019.
View at: Publisher Site | Google Scholar
G. Ateniese, D. H. Chou, B. De Medeiros, and G. Tsudik, “Sanitizable signatures,” in European Symposium on Research in Computer Security, pp. 159–177, Springer, 2005.
View at: Google Scholar
Centers for Disease Control and Prevention, “HIPAA privacy rule and public health. Guidance from CDC and the US Department of Health and Human Services,” MMWR: Morbidity and Mortality Weekly Report, vol. 52, Supplement 1, pp. 1–17, 2003.
View at: Google Scholar
Y. Jiang, Y. Ji, and T. Liu, An anonymous communication scheme based on ring signature in VANETs, Computer Science, 2014.
L. Wu, Z. Xu, D. He, and X. Wang, “New certificateless aggregate signature scheme for healthcare multimedia social network on cloud environment,” Security and Communication Networks, vol. 2018, Article ID 2595273, 13 pages, 2018.
View at: Publisher Site | Google Scholar
D. S. Tug, C. H. Tug, D. D. Tug et al., Overview of functional and malleable signature schemes, 2015.
A. Bilzhause, H. C. Pöhls, and K. Samelin, “Position paper: the past, present, and future of sanitizable and redactable signatures,” in Proceedings of the 12th International Conference on Availability, Reliability and Security, pp. 1–9, Reggio Calabria, Italy, August 2017.
View at: Publisher Site | Google Scholar
C. Brzuska, M. Fischlin, T. Freudenreich et al., “Security of sanitizable signatures revisited,” in International Workshop on Public Key Cryptography, pp. 317–336, Springer, 2009.
View at: Google Scholar
J. Gong, H. Qian, and Y. Zhou, “Fully-secure and practical sanitizable signatures,” in International Conference on Information Security and Cryptology, pp. 300–317, Springer, 2010.
View at: Google Scholar
S. Krenn, K. Samelin, and D. Sommer, “Stronger security for sanitizable signatures,” in Data Privacy Management, and Security Assurance, pp. 100–117, Springer, 2015.
View at: Google Scholar
C. Brzuska, M. Fischlin, A. Lehmann, and D. Schröder, “Unlinkability of sanitizable signatures,” in International Workshop on Public Key Cryptography, pp. 444–461, Springer, 2010.
View at: Google Scholar
C. Brzuska, H. C. Pöhls, and K. Samelin, “Non-interactive public accountability for sanitizable signatures,” in European Public Key Infrastructure Workshop, pp. 178–193, Springer, 2012.
View at: Google Scholar
A. Bilzhause, M. Huber, H. C. Pöhls, and K. Samelin, “Cryptographically enforced four-eyes principle,” in 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 760–767, Salzburg, Austria, August 2016.
View at: Publisher Site | Google Scholar
H. C. Pöhls, K. Samelin, and J. Posegga, “Sanitizable signatures in xml signature performance, mixing properties, and revisiting the property of transparency,” in International Conference on Applied Cryptography and Network Security, pp. 166–182, Springer, 2011.
View at: Google Scholar
J. Camenisch, D. Derler, S. Krenn, H. C. Pöhls, K. Samelin, and D. Slamanig, “Chameleon-hashes with ephemeral trapdoors,” in IACR International Workshop on Public Key Cryptography, pp. 152–182, Springer, 2017.
View at: Google Scholar
M. T. Beck, J. Camenisch, D. Derler et al., “Practical strongly invisible and strongly accountable sanitizable signatures,” in Australasian Conference on Information Security and Privacy, pp. 437–452, Springer, 2017.
View at: Google Scholar
X. Bultel, P. Lafourcade, R. W. Lai, G. Malavolta, D. Schröder, and S. A. K. Thyagarajan, “Efficient invisible and unlinkable sanitizable signatures,” in IACR International Workshop on Public Key Cryptography, pp. 159–189, Springer, 2019.
View at: Google Scholar
H. C. Pöhls, S. Peters, K. Samelin, J. Posegga, and H. de Meer, “Malleable signatures for resource constrained platforms,” in IFIP International Workshop on Information Security Theory and Practices, pp. 18–33, Springer, 2013.
View at: Google Scholar
M. Rost and A. Pfitzmann, “Datenschutz-Schutzziele — revisited,” Datenschutz und Datensicherheit - DuD, vol. 33, no. 6, pp. 353–358, 2009.
View at: Publisher Site | Google Scholar
H. C. Pöhls, Increasing the legal probative value of cryptographically private malleable signatures, 2018.
S. Lim, E. Lee, and C. M. Park, “A short redactable signature scheme using pairing,” Security and Communication Networks, vol. 5, no. 5, 534 pages, 2012.
View at: Publisher Site | Google Scholar
H. C. Pöhls and K. Samelin, “Accountable redactable signatures,” in 2015 10th International Conference on Availability, Reliability and Security, pp. 60–69, Toulouse, France, August 2015.
View at: Publisher Site | Google Scholar
C. Hanser and D. Slamanig, “Structure-preserving signatures on equivalence classes and their application to anonymous credentials,” in International Conference on the Theory and Application of Cryptology and Information Security, pp. 491–511, Springer, 2014.
View at: Google Scholar
M. Scott, Miracl–Multiprecision Integer and Rational Arithmetic c/c++ Library, Shamus Software Ltd, Dublin, Ireland, 2003.

Copyright

Copyright © 2020 Zhiyan Xu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

560

Downloads

879

Citations

Wireless Communications and Mobile Computing

Attacks, Challenges, and New Designs in Security and Privacy for Smart Mobile Devices

Privacy-Protection Scheme Based on Sanitizable Signature for Smart Mobile Medical Scenarios

Abstract

1. Introduction

1.1. Our Research Contributions

1.2. Organization of the Paper

2. Related Work

3. Problem Statement

3.1. Equivalence Class Signature

3.2. System Model

3.3. System Components

3.4. Security Requirements

4. Our Proposed PP-SS Scheme

4.1. Setup

4.2. Extract-SKey

4.3. Extract-ZKey

4.4. Sign

4.5. Sanitization

4.6. Verification

5. Security Analysis

5.1. Correctness

5.2. Provable Security

5.3. Comparative Summary: Security Properties

5.4. Comparative Summary: Security Comparison

6. Comparative Summary: Performance

6.1. Computation Costs

6.2. Communication Costs

7. Conclusion

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright