Abstract
In virtue of advances in smart networks and the cloud computing paradigm, smart healthcare is transforming. However, there are still challenges, such as storing sensitive data in untrusted and controlled infrastructure and ensuring the secure transmission of medical data, among others. The rapid development of watermarking provides opportunities for smart healthcare. In this article, we propose a new data-sharing framework and a data access control mechanism. The applications are submitted by the doctors, and the data is processed in the medical data center of the hospital, stored in semi-trusted servers to support the selective sharing of electronic medical records from different medical institutions between different doctors. Our approach ensures that privacy concerns are taken into account when processing requests for access to patients’ medical information. For accountability, after data is modified or leaked, both patients and doctors must add digital watermarks associated with their identification when uploading data. Extensive analytical and experimental results are presented that show the security and efficiency of our proposed scheme.
- Nuttapong Attrapadung and Hideki Imai. 2009. Attribute-based encryption supporting direct/indirect revocation modes. In Proceedings of the IMA International Conference on Cryptography and Coding. 278--300. DOI:https://doi.org/10.1007/978-3-642-10868-6_17Google Scholar
Digital Library
- Nuttapong Attrapadung, Benoît Libert, and Elie De Panafieu. 2011. Expressive key-policy attribute-based encryption with constant-size ciphertexts. In Proceedings of the International Workshop on Public Key Cryptography. 90--108. DOI:https://doi.org/10.1007/978-3-642-19379-8_6Google Scholar
Cross Ref
- Man Ho Au, Tsz Hon Yuen, Joseph K. Liu, Willy Susilo, Xinyi Huang, Yang Xiang, and Zoe L. Jiang. 2017. A general framework for secure sharing of personal health records in cloud system. Journal of Computer and System Sciences 90 (2017), 46--62. DOI:https://doi.org/10.1016/j.jcss.2017.03.002Google Scholar
Digital Library
- John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP’07). IEEE, Los Alamitos, CA, 321--334. DOI:https://doi.org/10.1109/SP.2007.11Google Scholar
Digital Library
- Alexandra Boldyreva, Vipul Goyal, and Virendra Kumar. 2008. Identity-based encryption with efficient revocation. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS’08). ACM, New York, NY, 417--426. DOI:https://doi.org/10.1145/1455770.1455823Google Scholar
Digital Library
- Dan Boneh and Matt Franklin. 2001. Identity-based encryption from the Weil pairing. In Proceedings of the Annual International Cryptology Conference. 213--229. DOI:https://doi.org/10.1007/3-540-44647-8_13Google Scholar
Cross Ref
- Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati. 2007. Over-encryption: Management of access control evolution on outsourced data. In Proceedings of the 33rd International Conference on Very Large Data Bases (VLDB’07). 123--134.Google Scholar
- W. Ding, Z. Yan, and R. H. Deng. 2020. Privacy-preserving data processing with flexible access control. IEEE Transactions on Dependable and Secure Computing 17, 2 (2020), 363--376. DOI:https://doi.org/10.1109/TDSC.2017.278624Google Scholar
Digital Library
- Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06). ACM, New York, NY, 89--98. DOI:https://doi.org/10.1145/1180405.1180418Google Scholar
Digital Library
- Muhammad Kamran and Muddassar Farooq. 2011. An information-preserving watermarking scheme for right protection of EMR systems. IEEE Transactions on Knowledge and Data Engineering 24, 11 (2011), 1950--1962. DOI:https://doi.org/10.1109/TKDE.2011.223Google Scholar
Digital Library
- Allison Lewko, Tatsuaki Okamoto, Amit Sahai, Katsuyuki Takashima, and Brent Waters. 2010. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques. 62--91. DOI:https://doi.org/10.1007/978-3-642-13190-5_4Google Scholar
Digital Library
- Jiguo Li, Wei Yao, Jinguang Han, Yichen Zhang, and Jian Shen. 2018. User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage. IEEE Systems Journal 12, 2 (2018), 1767--1777. DOI:https://doi.org/10.1109/JSYST.2017.2667679Google Scholar
Cross Ref
- Jiguo Li, Qihong Yu, Yichen Zhang, and Jian Shen. 2019. Key-policy attribute-based encryption against continual auxiliary input leakage. Information Sciences 470 (2019), 175--188. DOI:https://doi.org/10.1016/j.ins.2018.07.077Google Scholar
Cross Ref
- Ming Li, Shucheng Yu, Yao Zheng, Kui Ren, and Wenjing Lou. 2013. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems 24, 1 (2013), 131--143. DOI:https://doi.org/10.1109/TPDS.2012.97Google Scholar
Digital Library
- Jianghua Liu, Xinyi Huang, and Joseph K. Liu. 2015. Secure sharing of personal health records in cloud computing: Ciphertext-policy attribute-based signcryption. Future Generation Computer Systems 52 (2015), 67--76. DOI:https://doi.org/10.1016/j.future.2014.10.014Google Scholar
Digital Library
- Burke W. Mamlin and William M. Tierney. 2016. The promise of information and communication technology in healthcare: Extracting value from the chaos. American Journal of the Medical Sciences 351, 1 (2016), 59--68. DOI:https://doi.org/10.1016/j.amjms.2015.10.015Google Scholar
Cross Ref
- Yinbin Miao, Jianfeng Ma, Ximeng Liu, Fushan Wei, Zhiquan Liu, and Xu An Wang. 2016. m2-ABKS: Attribute-based multi-keyword search over encrypted personal health records in multi-owner setting. Journal of Medical Systems 40, 11 (2016), 246. DOI:https://doi.org/10.1007/s10916-016-0617-zGoogle Scholar
Digital Library
- Rafail Ostrovsky, Amit Sahai, and Brent Waters. 2007. Attribute-based encryption with non-monotonic access structures. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). ACM, New York, NY, 195--203. DOI:https://doi.org/10.1145/1315245.1315270Google Scholar
Digital Library
- Matthew Pirretti, Patrick Traynor, Patrick McDaniel, and Brent Waters. 2010. Secure attribute-based systems. Journal of Computer Security 18, 5 (2010), 799--837. DOI:https://doi.org/10.3233/JCS-2009-0383Google Scholar
Digital Library
- Huiling Qian, Jiguo Li, Yichen Zhang, and Jinguang Han. 2015. Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation. International Journal of Information Security 14, 6 (2015), 487--497. DOI:https://doi.org/10.1007/s10207-014-0270-9Google Scholar
Digital Library
- Amit Sahai, Hakan Seyalioglu, and Brent Waters. 2012. Dynamic credentials and ciphertext delegation for attribute-based encryption. In Proceedings of the Annual Cryptology Conference. 199--217. DOI:https://doi.org/10.1007/978-3-642-32009-5_13Google Scholar
Digital Library
- Amit Sahai and Brent Waters. 2005. Fuzzy identity-based encryption. In Proceedings of the International Conference on Theory and Applications of Cryptographic Techniques. 457--473. DOI:https://doi.org/10.1007/11426639_27Google Scholar
Digital Library
- Sherif Sakr and Amal Elgammal. 2016. Towards a comprehensive data analytics framework for smart healthcare services. Big Data Research 4 (2016), 44--58. DOI:https://doi.org/10.1016/j.bdr.2016.05.002Google Scholar
Digital Library
- Brent Waters. 2011. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Proceedings of the International Workshop on Public Key Cryptography. 53--70. DOI:https://doi.org/10.1007/978-3-642-19379-8_4Google Scholar
Cross Ref
- Shengmin Xu, Guomin Yang, Yi Mu, and Robert H. Deng. 2018. Secure fine-grained access control and data sharing for dynamic groups in the cloud. IEEE Transactions on Information Forensics and Security 13, 8 (2018), 2101--2113. DOI:https://doi.org/10.1109/TIFS.2018.2810065Google Scholar
Cross Ref
- Kaiping Xue, Yingjie Xue, Jianan Hong, Wei Li, Hao Yue, David S. L. Wei, and Peilin Hong. 2017. RAAC: Robust and auditable access control with multiple attribute authorities for public cloud storage. IEEE Transactions on Information Forensics and Security 12, 4 (2017), 953--967. DOI:https://doi.org/10.1109/TIFS.2016.2647222Google Scholar
Cross Ref
- Yingjie Xue, Jianan Hong, Wei Li, Kaiping Xue, and Peilin Hong. 2016. LABAC: A location-aware attribute-based access control scheme for cloud storage. In Proceedings of the 2016 IEEE Global Communications Conference (GLOBECOM’16). IEEE, Los Alamitos, CA, 1--6. DOI:https://doi.org/10.1109/GLOCOM.2016.7841945Google Scholar
Cross Ref
- Ji-Jiang Yang, Jianqiang Li, Jacob Mulder, Yongcai Wang, Shi Chen, Hong Wu, Qing Wang, and Hui Pan. 2015. Emerging information technologies for enhanced healthcare. Computers in Industry 69 (2015), 3--11. DOI:https://doi.org/10.1016/j.compind.2015.01.012Google Scholar
Digital Library
- Kan Yang and Xiaohua Jia. 2013. Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Transactions on Parallel and Distributed Systems 25, 7 (2013), 1735--1744. DOI:https://doi.org/10.1109/TPDS.2013.253Google Scholar
Digital Library
- Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou. 2010. Attribute based data sharing with attribute revocation. In Proceedings of the 5th ACM Symposium on Information, Computer, and Communication Security (ASIACCS’10). 261--270. DOI:https://doi.org/10.1145/1755688.1755720Google Scholar
Digital Library
Index Terms
Privacy Protection for Medical Data Sharing in Smart Healthcare
Recommendations
Security And Privacy Of Medical Data: Challenges For Next-Generation Patient-Centric Healthcare Systems
UMAP'19 Adjunct: Adjunct Publication of the 27th Conference on User Modeling, Adaptation and PersonalizationWe describe the recently-started EU H2020 Serums: Securing Medical Data in Smart Patient-Centric Healthcare Systems project that aims to develop novel techniques for safe and secure collection, storage, exchange and analysis of medical data, allowing ...
Efficient and Fine-Grained Sharing of Signed Healthcare Data in Smart Healthcare
Network and System SecurityAbstractSmart healthcare, as an examplar domain, is empowered by the remarkable miniaturization of sensors and the proliferation of smart devices, which lead to the production of massive amounts of healthcare data. Smart healthcare in the future is ...
Securing electronic medical records using attribute-based encryption on mobile devices
SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devicesWe provide a design and implementation of self-protecting electronic medical records (EMRs) using attribute-based encryption on mobile devices. Our system allows healthcare organizations to export EMRs to locations outside of their trust boundary. In ...






Comments