Fog based Secure Framework for Personal Health Records Systems

The rapid development of personal health records (PHR) systems enables an individual to collect, create, store and share his PHR to authorized entities. Health care systems within the smart city environment require a patient to share his PRH data with a multitude of institutions' repositories located in the cloud. The cloud computing paradigm cannot meet such a massive transformative healthcare systems due to drawbacks including network latency, scalability and bandwidth. Fog computing relieves the burden of conventional cloud computing by availing intermediate fog nodes between the end users and the remote servers. Aiming at a massive demand of PHR data within a ubiquitous smart city, we propose a secure and fog assisted framework for PHR systems to address security, access control and privacy concerns. Built under a fog-based architecture, the proposed framework makes use of efficient key exchange protocol coupled with ciphertext attribute based encryption (CP-ABE) to guarantee confidentiality and fine-grained access control within the system respectively. We also make use of digital signature combined with CP-ABE to ensure the system authentication and users privacy. We provide the analysis of the proposed framework in terms of security and performance.Comment: 12 pages (CMC Journal, Tech Science Press

Healthcare 4.0: Trends, Challenges and Benefits

The Fourth Industry Revolution, known as Industry 4.0, refers to the forces that are transforming industry, including the healthcare industry, where it has been termed Healthcare 4.0. Though lagging other industries in the adoption of new innovative technologies, the healthcare industry is embracing the potential benefits that arise from new innovative technologies. New trends revealed both in the academic literature and by industry practice show that researchers and practitioners are becoming more aware of the benefits technology can bring to an industry as complex as the healthcare industry. The object of the study is to identify the challenges, trends and gaps in the existing body of research with regard to Healthcare 4.0. In this study, a systematic literature review on Healthcare 4.0 research papers was conducted to identify trends, challenges and the perceived benefits that may arise from it. This paper found that there is a need to conduct more empirical studies in this area. It, further, identified the need to implement practical procedures in the industry to get feedback from patients and healthcare participants in order to promote the adoption of new Healthcare 4.0 technologie

A solution to smart health and state of art

A medical cyber–physical system (MCPS) is a unique cyber–physical system (CPS), which combines embedded software control devices, networking capabilities, and complex physiological dynamics of patients in the modern medical field. In the process of communication, device, and information system interaction of MCPS, medical cyber–physical data are generated digitally, stored electronically, and accessed remotely by medical staff or patients. With the advent of the era of medical big data, a large amount of medical cyber–physical data is collected, and its sharing provides great value for diagnosis, pathological analysis, epidemic tracking, pharmaceutical, insurance, and so on. This overview will present MCPS’s architectures and frameworks from different perspectives, modeling and verification methods, identification and sign sensing technologies, key communications’ technologies, data storage and analysis technologies, monitoring systems, data security and privacy protection technologies, and key research perspectives and directions. We can have a com- prehensive understanding of the important characteristics and technical route of MCPS, and grasp its research status and progress

Efficient and Secure Data Sharing Using Attribute-based Cryptography

La crescita incontrollata di dati prodotti da molte sorgenti, eterogenee e di- namiche, spinge molti possessori di tali dati a immagazzinarli su server nel cloud, anche al fine di condividerli con terze parti. La condivisione di dati su server (possibilmente) non fidati fonte di importanti e non banali questioni riguardanti sicurezza, privacy, confidenzialit e controllo degli accessi. Al fine di prevenire accessi incontrollati ai dati, una tipica soluzione consiste nel cifrare i dati stessi. Seguendo tale strada, la progettazione e la realizzazione di politiche di accesso ai dati cifrati da parte di terze parti (che possono avere differenti diritti sui dati stessi) un compito complesso, che impone la presenza di un controllore fidato delle politiche. Una possibile soluzione l\u2019impiego di un meccanismo per il controllo degli accessi basato su schemi di cifratura attribute-base (ABE ), che permette al possessore dei dati di cifrare i dati in funzione delle politiche di accesso dei dati stessi. Di contro, l\u2019adozione di tali meccanismi di controllo degli accessi presentano due problemi (i) privacy debole: le politiche di accesso sono pubbliche e (ii) inefficienza: le politiche di accesso sono statiche e una loro modifica richiede la ricifratura (o la cifratura multipla) di tutti i dati. Al fine di porre rimedio a tali problemi, il lavoro proposto in questa tesi prende in con- siderazione un particolare schema di cifratura attribute-based, chiamato inner product encryption (IPE, che gode della propriet attribute-hiding e pertanto riesce a proteggere la privatezza delle politiche di accesso) e lo combina con le tecniche di proxy re-encryption, che introducono una maggiore flessibilit ed efficienza. La prima parte di questa tesi discute l\u2019adeguatezza dell\u2019introduzione di un meccanismo di controllo degli accessi fondato su schema basato su inner product e proxy re-encryption (IPPRE ) al fine di garantire la condivisione sicura di dati immagazzinati su cloud server non fidati. Pi specificamente, proponiamo due proponiamo due versioni di IPE : in prima istanza, presentiamo una versione es- tesa con proxy re-encryption di un noto schema basato su inner product [1]. In seguito, usiamo tale schema in uno scenario in cui vengono raccolti e gestiti dati medici. In tale scenario, una volta che i dati sono stati raccolti, le politiche di ac- cesso possono variare al variare delle necessit dei diversi staff medici. Lo schema proposto delega il compito della ricifratura dei dati a un server proxy parzial- mente fidato, che pu trasformare la cifratura dei dati (che dipende da una polit- ica di accesso) in un\u2019altra cifratura (che dipende da un\u2019altra politica di accesso) senza per questo avere accesso ai dati in chiaro o alla chiave segreta utilizzata dal possessore dei dati. In tal modo, il possessore di una chiave di decifratura corrispondente alla seconda politica di accesso pu accedere ai dati senza intera- gire con il possessore dei dati (richiedendo cio una chiave di decifratura associata alla propria politica di accesso). Presentiamo un\u2019analisi relativa alle prestazioni di tale schema implementato su curve ellittiche appartenenti alle classi SS, MNT e BN e otteniamo incoraggianti risultati sperimentali. Dimostriamo inoltre che lo schema proposto sicuro contro attacchi chosen plaintext sotto la nota ipotesi DLIN. In seconda istanza, presentiamo una versione ottimizzata dello schema proposto in precedenza (E-IPPRE ), basata su un ben noto schema basato suinner product, proposto da Kim [2]. Lo schema E-IPPRE proposto richiede un numero costante di operazioni di calcolo di pairing e ci garantisce che gli oggetti prodotti dall esecuzione dello schema (chiavi di decifratura, chiavi pubbliche e le cifrature stesse) sono di piccole rispetto ai parametri di sicurezza e sono efficientemente calcolabili. Testiamo sperimentalmente l\u2019efficienza dello schema proposto e lo proviamo (selettivamente nei confronti degli attributi) sicuro nei confronti di attacchi chosen plaintext sotto la nota ipotesi BDH. In altri termini, lo schema proposto non rivela alcuna informazione riguardante le politiche di accesso. La seconda parte di questa tesi presenta uno schema crittografico per la condivisione sicura dei dati basato su crittografia attribute-based e adatto per scenari basati su IoT. Come noto, il problema principale in tale ambito riguarda le limitate risorse computazionali dei device IoT coinvolti. A tal proposito, proponiamo uno schema che combina la flessibilit di E-IPPRE con l\u2019efficienza di uno schema di cifratura simmetrico quale AES, ottenendo uno schema di cifratura basato su inner product, proxy-based leggero (L-IPPRE ). I risultati sperimentali confermano l\u2019adeguatezza di tale schema in scenari IoT.Riferimenti [1] Jong Hwan Park. Inner-product encryption under standard assumptions. Des. Codes Cryptography, 58(3):235\u2013257, March 2011. [2] Intae Kim, Seong Oun Hwang, Jong Hwan Park, and Chanil Park. An effi- cient predicate encryption with constant pairing computations and minimum costs. IEEE Trans. Comput., 65(10):2947\u20132958, October 2016.With the ever-growing production of data coming from multiple, scattered, and highly dynamical sources, many providers are motivated to upload their data to the cloud servers and share them with other persons for different purposes. However, storing data on untrusted cloud servers imposes serious concerns in terms of security, privacy, data confidentiality, and access control. In order to prevent privacy and security breaches, it is vital that data is encrypted first before it is outsourced to the cloud. However, designing access control mod- els that enable different users to have various access rights to the shared data is the main challenge. To tackle this issue, a possible solution is to employ a cryptographic-based data access control mechanism such as attribute-based encryption (ABE ) scheme, which enables a data owner to take full control over data access. However, access control mechanisms based on ABE raise two chal- lenges: (i) weak privacy: they do not conceal the attributes associated with the ciphertexts, and therefore they do not satisfy attribute-hiding security, and (ii) inefficiency: they do not support efficient access policy change when data is required to be shared among multiple users with different access policies. To address these issues, this thesis studies and enhances inner-product encryption (IPE ), a type of public-key cryptosystem, which supports the attribute-hiding property as well as the flexible fine-grained access control based payload-hiding property, and combines it with an advanced cryptographic technique known as proxy re-encryption (PRE ). The first part of this thesis discusses the necessity of applying the inner- product proxy re-encryption (IPPRE ) scheme to guarantee secure data sharing on untrusted cloud servers. More specifically, we propose two extended schemes of IPE : in the first extended scheme, we propose an inner-product proxy re- encryption (IPPRE ) protocol derived from a well-known inner-product encryp- tion scheme [1]. We deploy this technique in the healthcare scenario where data, collected by medical devices according to some access policy, has to be changed afterwards for sharing with other medical staffs. The proposed scheme delegates the re-encryption capability to a semi-trusted proxy who can transform a dele- gator\u2019s ciphertext associated with an attribute vector to a new ciphertext associ- ated with delegatee\u2019s attribute vector set, without knowing the underlying data and private key. Our proposed policy updating scheme enables the delegatee to decrypt the shared data with its own key without requesting a new decryption key. We analyze the proposed protocol in terms of its performance on three dif- ferent types of elliptic curves such as the SS curve, the MNT curve, and the BN curve, respectively. Hereby, we achieve some encouraging experimental results. We show that our scheme is adaptive attribute-secure against chosen-plaintext under standard Decisional Linear (D-Linear ) assumption. To improve the per- formance of this scheme in terms of storage, communication, and computation costs, we propose an efficient inner-product proxy re-encryption (E-IPPRE ) scheme using the transformation of Kim\u2019s inner-product encryption method [2]. The proposed E-IPPRE scheme requires constant pairing operations for its al- gorithms and ensures a short size of the public key, private key, and ciphertext,making it the most efficient and practical compared to state of the art schemes in terms of computation and communication overhead. We experimentally as- sess the efficiency of our protocol and show that it is selective attribute-secure against chosen-plaintext attacks in the standard model under Asymmetric De- cisional Bilinear Diffie-Hellman assumption. Specifically, our proposed schemes do not reveal any information about the data owner\u2019s access policy to not only the untrusted servers (e.g, cloud and proxy) but also to the other users. The second part of this thesis presents a new lightweight secure data sharing scheme based on attribute-based cryptography for a specific IoT -based health- care application. To achieve secure data sharing on IoT devices while preserving data confidentiality, the IoT devices encrypt data before it is outsourced to the cloud and authorized users, who have corresponding decryption keys, can ac- cess the data. The main challenge, in this case, is on the one hand that IoT devices are resource-constrained in terms of energy, CPU, and memory. On the other hand, the existing public-key encryption mechanisms (e.g., ABE ) require expensive computation. We address this issue by combining the flexibility and expressiveness of the proposed E-IPPRE scheme with the efficiency of symmet- ric key encryption technique (AES ) and propose a light inner-product proxy re-encryption (L-IPPRE ) scheme to guarantee secure data sharing between dif- ferent entities in the IoT environment. The experimental results confirm that the proposed L-IPPRE scheme is suitable for resource-constrained IoT scenar- ios.References [1] Jong Hwan Park. Inner-product encryption under standard assumptions. Des. Codes Cryptography, 58(3):235\u2013257, March 2011. [2] Intae Kim, Seong Oun Hwang, Jong Hwan Park, and Chanil Park. An effi- cient predicate encryption with constant pairing computations and minimum costs. IEEE Trans. Comput., 65(10):2947\u20132958, October 2016

Enhancing Security in Internet of Healthcare Application using Secure Convolutional Neural Network

The ubiquity of Internet of Things (IoT) devices has completely changed the healthcare industry by presenting previously unheard-of potential for remote patient monitoring and individualized care. In this regard, we suggest a unique method that makes use of Secure Convolutional Neural Networks (SCNNs) to improve security in Internet-of-Healthcare (IoH) applications. IoT-enabled healthcare has advanced as a result of the integration of IoT technologies, giving it impressive data processing powers and large data storage capacity. This synergy has led to the development of an intelligent healthcare system that is intended to remotely monitor a patient's medical well-being via a wearable device as a result of the ongoing advancement of the Industrial Internet of Things (IIoT). This paper focuses on safeguarding user privacy and easing data analysis. Sensitive data is carefully separated from user-generated data before being gathered. Convolutional neural network (CNN) technology is used to analyse health-related data thoroughly in the cloud while scrupulously protecting the privacy of the consumers.The paper provide a secure access control module that functions using user attributes within the IoT-Healthcare system to strengthen security. This module strengthens the system's overall security and privacy by ensuring that only authorised personnel may access and interact with the sensitive health data. The IoT-enabled healthcare system gets the capacity to offer seamless remote monitoring while ensuring the confidentiality and integrity of user information thanks to this integrated architecture

A Security and Privacy Aware Computing Approach on Data Sharing in Cloud Environment

Today, the role of cloud computing in our day-to-day lives is very prominent. The cloud computing paradigm makes it possible to provide demand-based resources. Cloud computing has changed the way that organizations manage resources due to their robustness, low cost, and pervasive nature. Data security is usually realized using different methods such as encryption. However, the privacy of data is another important challenge that should be considered when transporting, storing, and analyzing data in the public cloud. In this paper, a new method is proposed to track malicious users who use their private key to decrypt data in a system, share it with others and cause system information leakage. Security policies are also considered to be integrated with the texts encrypted to ensure system safety and to prevent the violation of data owners ' privacy. For this purpose, before sending the data to the cloud, it must be encrypted in such a way that operations such as max, min, etc. can be performed on it. The proposed method uses order-preserving symmetric encryption (OPES), which does not require decryption or re-encryption for mathematical operations. This process leads to a great improvement in delay. The OPES scheme allows comparison operations to be performed directly on encrypted data without decryption operands. According to the results, it is obvious that the proposed strategy is in a better position compared to the base paper in terms of the system's ability to find the malicious elements that cause the problem of leakage and in terms of system security to prevent the violation of privacy

Multi-authority attribute-based keyword search over encrypted cloud data

National Research Foundation (NRF) Singapore; AXA Research Fun

Mutual query data sharing protocol for public key encryption through chosen-ciphertext attack in cloud environment

In this paper, we are proposing a mutual query data sharing protocol (MQDS) to overcome the encryption or decryption time limitations of exiting protocols like Boneh, rivest shamir adleman (RSA), Multi-bit transposed ring learning parity with noise (TRLPN), ring learning parity with noise (Ring-LPN) cryptosystem, key-Ordered decisional learning parity with noise (kO-DLPN), and KD_CS protocol’s. Titled scheme is to provide the security for the authenticated user data among the distributed physical users and devices. The proposed data sharing protocol is designed to resist the chosen-ciphertext attack (CCA) under the hardness solution for the query shared-strong diffie-hellman (SDH) problem. The evaluation of proposed work with the existing data sharing protocols in computational and communication overhead through their response time is evaluated

A survey of state-of-the-art methods for securing medical databases

This review article presents a survey of recent work devoted to advanced state-of-the-art methods for securing of medical databases. We concentrate on three main directions, which have received attention recently: attribute-based encryption for enabling secure access to confidential medical databases distributed among several data centers; homomorphic encryption for providing answers to confidential queries in a secure manner; and privacy-preserving data mining used to analyze data stored in medical databases for verifying hypotheses and discovering trends. Only the most recent and significant work has been included

Securing clouds using cryptography and traffic classification

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Over the last decade, cloud computing has gained popularity and wide acceptance, especially within the health sector where it offers several advantages such as low costs, flexible processes, and access from anywhere. Although cloud computing is widely used in the health sector, numerous issues remain unresolved. Several studies have attempted to review the state of the art in eHealth cloud privacy and security however, some of these studies are outdated or do not cover certain vital features of cloud security and privacy such as access control, revocation and data recovery plans. This study targets some of these problems and proposes protocols, algorithms and approaches to enhance the security and privacy of cloud computing with particular reference to eHealth clouds. Chapter 2 presents an overview and evaluation of the state of the art in eHealth security and privacy. Chapter 3 introduces different research methods and describes the research design methodology and processes used to carry out the research objectives. Of particular importance are authenticated key exchange and block cipher modes. In Chapter 4, a three-party password-based authenticated key exchange (TPAKE) protocol is presented and its security analysed. The proposed TPAKE protocol shares no plaintext data; all data shared between the parties are either hashed or encrypted. Using the random oracle model (ROM), the security of the proposed TPAKE protocol is formally proven based on the computational Diffie-Hellman (CDH) assumption. Furthermore, the analysis included in this chapter shows that the proposed protocol can ensure perfect forward secrecy and resist many kinds of common attacks such as man-in-the-middle attacks, online and offline dictionary attacks, replay attacks and known key attacks. Chapter 5 proposes a parallel block cipher (PBC) mode in which blocks of cipher are processed in parallel. The results of speed performance tests for this PBC mode in various settings are presented and compared with the standard CBC mode. Compared to the CBC mode, the PBC mode is shown to give execution time savings of 60%. Furthermore, in addition to encryption based on AES 128, the hash value of the data file can be utilised to provide an integrity check. As a result, the PBC mode has a better speed performance while retaining the confidentiality and security provided by the CBC mode. Chapter 6 applies TPAKE and PBC to eHealth clouds. Related work on security, privacy preservation and disaster recovery are reviewed. Next, two approaches focusing on security preservation and privacy preservation, and a disaster recovery plan are proposed. The security preservation approach is a robust means of ensuring the security and integrity of electronic health records and is based on the PBC mode, while the privacy preservation approach is an efficient authentication method which protects the privacy of personal health records and is based on the TPAKE protocol. A discussion about how these integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects follows. Distributed denial of service (DDoS) attacks are the second most common cybercrime attacks after information theft. The timely detection and prevention of such attacks in cloud projects are therefore vital, especially for eHealth clouds. Chapter 7 presents a new classification system for detecting and preventing DDoS TCP flood attacks (CS_DDoS) for public clouds, particularly in an eHealth cloud environment. The proposed CS_DDoS system offers a solution for securing stored records by classifying incoming packets and making a decision based on these classification results. During the detection phase, CS_DDOS identifies and determines whether a packet is normal or from an attacker. During the prevention phase, packets classified as malicious are denied access to the cloud service, and the source IP is blacklisted. The performance of the CS_DDoS system is compared using four different classifiers: a least-squares support vector machine (LS-SVM), naïve Bayes, K-nearest-neighbour, and multilayer perceptron. The results show that CS_DDoS yields the best performance when the LS-SVM classifier is used. This combination can detect DDoS TCP flood attacks with an accuracy of approximately 97% and a Kappa coefficient of 0.89 when under attack from a single source, and 94% accuracy and a Kappa coefficient of 0.9 when under attack from multiple attackers. These results are then discussed in terms of the accuracy and time complexity, and are validated using a k-fold cross-validation model. Finally, a method to mitigate DoS attacks in the cloud and reduce excessive energy consumption through managing and limiting certain flows of packets is proposed. Instead of a system shutdown, the proposed method ensures the availability of service. The proposed method manages the incoming packets more effectively by dropping packets from the most frequent requesting sources. This method can process 98.4% of the accepted packets during an attack. Practicality and effectiveness are essential requirements of methods for preserving the privacy and security of data in clouds. The proposed methods successfully secure cloud projects and ensure the availability of services in an efficient way