Maryam Zarezadeh; Maede Ashouri-Talouki; Mohammad Siavashi
Abstract
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha ...
Read More
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records in a cloud system. In their scheme, encrypted EHRs are stored in multiple clouds to provide scalability and privacy. In addition, they considered a role-based access control (RBAC) such that for any user, an EHR access policy must be determined. They also encrypt the EHRs by the public keys of all users. So, for a large amount of EHRs, this scheme is not efficient. Furthermore, using RBAC for access policy makes the policy changing difficult. In their scheme, users cannot search on encrypted EHRs based on diseases and some physicians must participate in the data retrieval by a requester physician. In this paper, we address these problems by considering a ciphertext-policy attribute-based encryption (CP-ABE) which is conceptually closer to the traditional access control methods such as RBAC. Our secure scheme can retrieve encrypted EHR based on a specific disease. Furthermore, the proposed scheme guarantees the user access control and the anonymity of the user or data owner during data retrieval. Moreover, our scheme is resistant against collusion between unauthorized retrievers to access the data. The analysis shows that our scheme is secure and efficient for cloud-based EHRs.
A. Mohseni-Ejiyeh; M. Ashouri-Talouki; M. Mahdavi
Abstract
Due to the explosion of smart devices, data traffic over cellular networks has seen an exponential rise in recent years. This increase in mobile data traffic has caused an immediate need for offloading traffic from operators. Device-to-Device(D2D) communication is a promising solution to boost the ...
Read More
Due to the explosion of smart devices, data traffic over cellular networks has seen an exponential rise in recent years. This increase in mobile data traffic has caused an immediate need for offloading traffic from operators. Device-to-Device(D2D) communication is a promising solution to boost the capacity of cellular networks and alleviate the heavy burden on backhaul links. However, direct wireless connections between devices in D2D communication are vulnerable to certain security threats. In this paper, we propose an incentive-aware lightweight secure data sharing scheme for D2D communication. We have considered the major security challenges of the data sharing scheme, including data confidentiality, integrity, detecting message modification, and preventing the propagation of malformed data. We have also applied an incentive mechanism to motivate users involvement in the process of data sharing. Actually, D2D communication is highly dependent on user participation in sharing content, so, we apply the concept of virtual check to motivate users(named proxy users)to help the requesting user(client) in the process of obtaining the data. Unlike the previous studies, our proposed protocol is an stateless protocol and does not depend on the users contextual information. Therefore, it can be used at anytime and from anywhere. The security analysis proves that the proposed protocol resists the security attacks and meets the security requirements. The performance evaluation shows that the proposed protocol outperforms the previous works in terms of communication and computation cost. Thus, the proposed protocol is indeed an efficient and practical solution for secure data sharing in D2D communication.