Lightweight sharable and traceable secure mobile health system

National Research Foundation (NRF) Singapor

Privacy-preserving data search with fine-grained dynamic search right management in fog-assisted Internet of Things

This is the author accepted manuscript. The final version is available from Elsevier via the DOI in this record.Fog computing, as an assisted method for cloud computing, collects Internet of Things (IoT) data to multiple fog nodes on the edge of IoT and outsources them to the cloud for data search, and it reduces the computation cost on IoT nodes and provides fine-grained search right management. However, to provide privacy-preserving IoT data search, the existing searchable encryptions are very inefficient as the computation cost is too high for the resource-constrained IoT ends. Moreover, to provide dynamic search right management, the users need to be online all the time in the existing schemes, which is impractical. In this paper, we first present a new fog-assisted privacy-preserving IoT data search framework, where the data from each IoT device is collected by a fog node, stored in a determined document and outsourced to the cloud, the users search the data through the fog nodes, and the fine-grained search right management is maintained at document level. Under this framework, two searchable encryption schemes are proposed, i.e., Credible Fog Nodes assisted Searchable Encryption (CFN-SE) and Semi-trusted Fog Nodes assisted Searchable Encryption (STFN-SE). In CFN-SE scheme, the indexes and trapdoors are generated by the fog nodes, which greatly reduce the computation costs at the IoT devices and user ends, and fog nodes are used to support offline users’ key update. In STFN-SE scheme, the semi-trusted fog nodes are used to provide storage of encrypted key update information to assist offline users’ search right update. In both schemes, no re-encryption of the keywords is needed in search right updates. The performance evaluations of our schemes demonstrate the feasibility and high efficiency of our system.National Key Research and Development ProgramNational Natural Science Foundation of ChinaSichuan Provincial Major Frontier IssuesState Key Laboratory of Integrated Services Networks, Xidian Universit

Augmented security scheme for shared dynamic data with efficient lightweight elliptic curve cryptography

Technology for Cloud Computing (CC) has advanced, so Cloud Computing creates a variety of cloud services. Users may receive storage space from the provider as Cloud storage services are quite practical; many users and businesses save their data in cloud storage. Data confidentiality becomes a larger risk for service providers when more information is outsourced to Cloud storage. Hence in this work, a Ciphertext and Elliptic Curve Cryptography (ECC) with Identity-based encryption (CP-IBE) approaches are used in the cloud environment to ensure data security for a healthcare environment. The revocation problem becomes complicated since characteristics are used to create cipher texts and secret keys; therefore, a User revocation algorithm is introduced for which a secret token key is uniquely produced for each level ensuring security. The initial operation, including signature, public audits, and dynamic data, are sensible to Sybil attacks; hence, to overcome that, a Sybil Attack Check Algorithm is introduced, effectively securing the system. Moreover, the conditions for public auditing using shared data and providing typical strategies, including the analytical function, security, and performance conditions, are analyzed in terms of accuracy, sensitivity, and similarity

Authentication schemes for Smart Mobile Devices: Threat Models, Countermeasures, and Open Research Issues

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.This paper presents a comprehensive investigation of authentication schemes for smart mobile devices. We start by providing an overview of existing survey articles published in the recent years that deal with security for mobile devices. Then, we give a classification of threat models in smart mobile devices in five categories, including, identity-based attacks, eavesdropping-based attacks, combined eavesdropping and identity-based attacks, manipulation-based attacks, and service-based attacks. This is followed by a description of multiple existing threat models. We also provide a classification of countermeasures into four types of categories, including, cryptographic functions, personal identification, classification algorithms, and channel characteristics. According to the characteristics of the countermeasure along with the authentication model iteself, we categorize the authentication schemes for smart mobile devices in four categories, namely, 1) biometric-based authentication schemes, 2) channel-based authentication schemes, 3) factors-based authentication schemes, and 4) ID-based authentication schemes. In addition, we provide a taxonomy and comparison of authentication schemes for smart mobile devices in form of tables. Finally, we identify open challenges and future research directions

Automated Injection of Curated Knowledge Into Real-Time Clinical Systems: CDS Architecture for the 21st Century

abstract: Clinical Decision Support (CDS) is primarily associated with alerts, reminders, order entry, rule-based invocation, diagnostic aids, and on-demand information retrieval. While valuable, these foci have been in production use for decades, and do not provide a broader, interoperable means of plugging structured clinical knowledge into live electronic health record (EHR) ecosystems for purposes of orchestrating the user experiences of patients and clinicians. To date, the gap between knowledge representation and user-facing EHR integration has been considered an “implementation concern” requiring unscalable manual human efforts and governance coordination. Drafting a questionnaire engineered to meet the specifications of the HL7 CDS Knowledge Artifact specification, for example, carries no reasonable expectation that it may be imported and deployed into a live system without significant burdens. Dramatic reduction of the time and effort gap in the research and application cycle could be revolutionary. Doing so, however, requires both a floor-to-ceiling precoordination of functional boundaries in the knowledge management lifecycle, as well as formalization of the human processes by which this occurs. This research introduces ARTAKA: Architecture for Real-Time Application of Knowledge Artifacts, as a concrete floor-to-ceiling technological blueprint for both provider heath IT (HIT) and vendor organizations to incrementally introduce value into existing systems dynamically. This is made possible by service-ization of curated knowledge artifacts, then injected into a highly scalable backend infrastructure by automated orchestration through public marketplaces. Supplementary examples of client app integration are also provided. Compilation of knowledge into platform-specific form has been left flexible, in so far as implementations comply with ARTAKA’s Context Event Service (CES) communication and Health Services Platform (HSP) Marketplace service packaging standards. Towards the goal of interoperable human processes, ARTAKA’s treatment of knowledge artifacts as a specialized form of software allows knowledge engineers to operate as a type of software engineering practice. Thus, nearly a century of software development processes, tools, policies, and lessons offer immediate benefit: in some cases, with remarkable parity. Analyses of experimentation is provided with guidelines in how choice aspects of software development life cycles (SDLCs) apply to knowledge artifact development in an ARTAKA environment. Portions of this culminating document have been further initiated with Standards Developing Organizations (SDOs) intended to ultimately produce normative standards, as have active relationships with other bodies.Dissertation/ThesisDoctoral Dissertation Biomedical Informatics 201

Towards Authentication of IoMT Devices via RF Signal Classification

The increasing reliance on the Internet of Medical Things (IoMT) raises great concern in terms of cybersecurity, either at the device’s physical level or at the communication and transmission level. This is particularly important as these systems process very sensitive and private data, including personal health data from multiple patients such as real-time body measurements. Due to these concerns, cybersecurity mechanisms and strategies must be in place to protect these medical systems, defending them from compromising cyberattacks. Authentication is an essential cybersecurity technique for trustworthy IoMT communications. However, current authentication methods rely on upper-layer identity verification or key-based cryptography which can be inadequate to the heterogeneous Internet of Things (IoT) environments. This thesis proposes the development of a Machine Learning (ML) method that serves as a foundation for Radio Frequency Fingerprinting (RFF) in the authentication of IoMT devices in medical applications to improve the flexibility of such mechanisms. This technique allows the authentication of medical devices by their physical layer characteristics, i.e. of their emitted signal. The development of ML models serves as the foundation for RFF, allowing it to evaluate and categorise the released signal and enable RFF authentication. Multiple feature take part of the proposed decision making process of classifying the device, which then is implemented in a medical gateway, resulting in a novel IoMT technology.A confiança crescente na IoMT suscita grande preocupação em termos de cibersegurança, quer ao nível físico do dispositivo quer ao nível da comunicação e ao nível de transmissão. Isto é particularmente importante, uma vez que estes sistemas processam dados muito sensíveis e dados, incluindo dados pessoais de saúde de diversos pacientes, tais como dados em tempo real de medidas do corpo. Devido a estas preocupações, os mecanismos e estratégias de ciber-segurança devem estar em vigor para proteger estes sistemas médicos, defendendo-os de ciberataques comprometedores. A autenticação é uma técnica essencial de ciber-segurança para garantir as comunicações em sistemas IoMT de confiança. No entanto, os métodos de autenticação atuais focam-se na verificação de identidade na camada superior ou criptografia baseada em chaves que podem ser inadequadas para a ambientes IoMT heterogéneos. Esta tese propõe o desenvolvimento de um método de ML que serve como base para o RFF na autenticação de dispositivos IoMT para melhorar a flexibilidade de tais mecanismos. Isto permite a autenticação dos dispositivos médicos pelas suas características de camada física, ou seja, a partir do seu sinal emitido. O desenvolvimento de modelos de ML serve de base para o RFF, permitindo-lhe avaliar e categorizar o sinal libertado e permitir a autenticação do RFF. Múltiplas features fazem parte do processo de tomada de decisão proposto para classificar o dispositivo, que é implementada num gateway médico, resultando numa nova tecnologia IoMT

FFSSE: Flexible Forward Secure Searchable Encryption with Efficient Performance

Searchable Symmetric Encryption (SSE) has been widely applied in the design of encrypted database for exact queries or even range queries in practice. In spite of its efficiency and functionalities, it always suffers from information leakages. Some recent attacks point out that forward privacy is the desirable security goal. However, there are only a very small number of schemes achieving this security. In this paper, we propose a new forward secure SSE scheme, denoted as ``FFSSE\u27\u27, which has the best performance in the literature, namely with fast search operation, fast token generation and O(1) update complexity. It also supports both add and delete operations in the unique instance. Technically, we exploit a novel ``key-based blocks chain\u27\u27 technique based on symmetric cryptographic primitive, which can be deployed in arbitrary index tree structures or key-value structures directly to provide forward privacy. In order to reduce the storage on the client side, we further propose an efficient permutation technique (with similar function as trapdoor permutation) to support the re-construction of the search tokens. Experiments show that our scheme is 4 times, 300 times and 300 times faster than the state-of-the-art forward private SSE scheme (proposed in CCS 2016) in search, update and token generation, respectively. Security analysis shows that our scheme is secure