Since cloud computing has been playing an increasingly important role in real life, the privacy protection in many fields has been paid more and more attention, especially, in the field of personal health record (PHR). The traditional ciphertext-policy attribute-based encryption (CP-ABE) provides the fine-grained access control policy for encrypted PHR data, but the access policy is also sent along with ciphertext explicitly. However, the access policy will reveal the users' privacy, because it contains too much sensitive information of the legitimate data users. Hence, it is important to protect users' privacy by hiding access policies. In most of the previous schemes, although the access policy is hidden, they face two practical problems: 1) these schemes do not support large attribute universe, so their practicality in PHR is greatly limited and 2) the cost of decryption is especially high since the access policy is embedded in the ciphertext.To address these problems, we construct a CP-ABE scheme with efficient decryption, where both the size of public parameters and the cost of decryption are constant. Moreover, we also show that the proposed scheme achieves full security in the standard model under static assumptions by using the dual system encryption method.INDEX TERMS Personal health record (PHR), attribute-based encryption, hidden policy, fast decryption.
This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.
In recent years, Industrial Internet of Things (IIoT) has become increasingly important for applications in the industry. Inevitably, security for IIoT has become a priority in order to deploy secure applications. Amongst available cryptographic tools, certificateless signature schemes offer sound authentication solutions and avoid public-key certification from Trusted Third Parties (TTP). Certificateless signatures solve the key escrow problem against the dishonest Private Key Generator (PKG) and has considered to be a useful tool for IIoT applications. Recently, Karati et al. (IEEE Trans. Industrial Informatics, vol.14, no. 8, 2018) presented a lightweight certificateless signature scheme for IIoT Environments. This scheme was then broken by Zhang et al. (IEEE Access, vol. 8, 2018) by simply allowing to change the public key of the signer and using the homomorphic property of the original scheme. In this paper, we introduce a new attack to the scheme against the existential unforgeability, which is universal since we do not have to assume homomorphic property. We then introduce an entirely new lightweight certificateless signature scheme, which has been proven to be fully secure against all attacks found earlier. Our scheme is the first lightweight certificateless signature scheme with full security and is the most efficient in comparison with other existing schemes. It is desirable for IIoT applications. We also provide experimental results to justify our claims.
The application of wireless devices has led to a significant improvement in the quality delivery of care in telemedicine systems. Patients who live in a remote area are able to communicate with the healthcare provider and benefit from the doctor consultations. However, it has been a challenge to provide a secure telemedicine system, which captures users (patients and doctors) mobility and patient privacy. In this work, we present several secure protocols for telemedicine systems, which ensure the secure communication between patients and doctors who are located in different geographical locations. Our protocols are the first of this kind featured with confidentiality of patient information, mutual authentication, patient anonymity, data integrity, freshness of communication, and mobility. Our protocols are based on symmetric-key schemes and capture all desirable security requirements in order to better serve our objectives of research for secure telemedicine services; therefore, they are very efficient in implementation. A comparison with related works shows that our work contributes first comprehensive solution to capture user mobility and patient privacy for telemedicine systems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.