Privacy Protection for E-Health Systems by Means of Dynamic Authentication and Three-Factor Key Agreement

Zhang, Liping; Zhang, Yixin; Tang, Shanyu; Luo, He

doi:10.1109/tie.2017.2739683

Cited by 122 publications

(79 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Before elaborating a security analysis, we summarize the following adversary model used in this work. (2) The attacker can extract all the secret data stored in MD if the lost/stolen mobile device is obtained by him [42,43] (3) The attacker can guess the user's identity and password offline by enumerating pairs in (ID and PW) from Cartesian product D ID × D PW in polynomial time, where D ID and D PW denote the identity space and the password space [37,44], respectively (4) The random numbers and the secret keys selected by each communication parties are adequately large to prevent the attacker from guessing these data successfully in polynomial time (5) The insider can obtain the registration request message of the user, and the insider can access the verifier table [45,46] 3.2. KSSTI Attack.…”

Section: Cryptanalysis On Jiang Et Al's Protocolmentioning

confidence: 99%

“…At present, electronic-health (e-health) services are greatly promoted with the significant advances in computer science, wireless communication technologies, low-power sensors, and various security solutions [1][2][3][4][5][6][7][8] have been developed to build secure e-health systems. Wireless sensor network (WSN) plays an important role in e-health via sensing, measuring, gathering patient's information for doctor's diagnosis, or recording in the medical server.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Improved Anonymous Authentication Protocol for Wearable Health Monitoring Systems

Shen

Wei-sheng

2020

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Wearable health monitoring system (WHMS), which helps medical professionals to collect patients’ healthcare data and provides diagnosis via mobile devices, has become increasingly popular thanks to the significant advances in the wireless sensor network. Because health data are privacy-related, they should be protected from illegal access when transmitted over a public wireless channel. Recently, Jiang et al. presented a two-factor authentication protocol on quadratic residues with fuzzy verifier for WHMS. However, we observe that their scheme is vulnerable to known session special temporary information (KSSTI) attack, privileged insider attack, and denial-of-service (DoS) attack. To defeat these weaknesses, we propose an improved two-factor authentication and key agreement scheme for WHMS. Through rigorous formal proofs under the random oracle model and comprehensive informal security analysis, we demonstrate that the improved scheme overcomes the disadvantages of Jiang et al.’s protocol and withstands possible known attacks. In addition, comparisons with several relevant protocols show that the proposed scheme achieves more security features and has suitable efficiency. Thus, our scheme is a reasonable authentication solution for WHMS.

show abstract

Section: Cryptanalysis On Jiang Et Al's Protocolmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An Improved Anonymous Authentication Protocol for Wearable Health Monitoring Systems

Shen

Wei-sheng

2020

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…Mutual authentication protocol is designed in [9] for smart city IoT application, which is constructed based on learning with errors complexity assumption. Zhang et al [10] suggest a three-factor key agreement protocol for e-health system, which supports dynamic authentication. Another key agreement protocol for multi-gateway IoT network is proposed in [11].…”

Section: Security Of Iot and Big Datamentioning

confidence: 99%

Privacy-preserving fusion of IoT and big data for e-health

Yang

Zheng

Guo

et al. 2018

Future Generation Computer Systems

109

View full text Add to dashboard Cite

In this paper, we propose a privacy-preserving e-health system, which is a fusion of Internet-of-things (IoT), big data and cloud storage. The medical IoT network monitors patient's physiological data, which are aggregated to electronic health record (EHR). The medical big data that contains a large amount of EHRs are outsourced to cloud platform. In the proposed system, the patient distributes an IoT group key to the medical nodes in an authenticated way without interaction round. The IoT messages are encrypted using the IoT group key and transmitted to the patient, which can be batch authenticated by the patient. The encrypted EHRs are shared among patient and different data users in a fine-grained access control manner. A novel keyword match based policy update mechanism is designed to enable flexible access policy updating without privacy leakage. Extensive comparison and simulation results demonstrate that the algorithms in the proposed system are efficient. Comprehensive analysis is provided to prove its security.

show abstract

“…Dawoud et al [45] defined different scenarios for the integration of the ehealth systems with the cloud computing systems and these scenarios discussed the authentication and data processing in the different parts of the system. Zhang et al [46] proposed a three-factor authenticated key agreement scheme based on a dynamic authentication mechanism to protect the users privacy using for e-health systems, and it was proved to be semantically secure under the real or random model. Sahi et al [47] reviewed the latest research with regard to privacy preservation in e-Healthcare and explored whether this research offers any possible solutions to patient privacy requirements for e-Healthcare.…”

Section: Related Workmentioning

confidence: 99%

A Secure and Privacy-Aware Smart Health System with Secret Key Leakage Resilience

Zhang

Lang

Zheng

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

With the development of the smart health (s-health), data security and patient privacy are becoming more and more important. However, some traditional cryptographic schemes can not guarantee data security and patient privacy under various forms of leakage attacks. To prevent the adversary from capturing the part of private keys by leakage attacks, we propose a secure leakageresilient s-health system which realizes privacy protection and the safe transmission of medical information in the case of leakage attacks. The key technique is a promising public key cryptographic primitive called leakage-resilient anonymous Hierarchical Identity-Based Encryption. Our construction is proved to be secure against chosen plaintext attacks in the standard model under the Diffie-Hellman exponent assumption and decisional linear assumption. We also blind the public parameters and ciphertexts by using double exponent technique to achieve the recipient anonymity. Finally, the performance analysis shows the practicability of our scheme, and the leakage rate of the private key approximates to 1/6.

show abstract

Privacy Protection for E-Health Systems by Means of Dynamic Authentication and Three-Factor Key Agreement

Cited by 122 publications

References 39 publications

An Improved Anonymous Authentication Protocol for Wearable Health Monitoring Systems

An Improved Anonymous Authentication Protocol for Wearable Health Monitoring Systems

Privacy-preserving fusion of IoT and big data for e-health

A Secure and Privacy-Aware Smart Health System with Secret Key Leakage Resilience

Contact Info

Product

Resources

About