Untouchable once revoking: A practical and secure dynamic EHR sharing system via cloud

Author

Shengmin XU, Singapore Management UniversityFollow
Jianting NING
Xinyi HUANG
Yingjiu LI
Guowen XU

Publication Type

Journal Article

Version

publishedVersion

Publication Date

11-2022

Abstract

Healthcare Internet-of-Things (IoT) enables lightweight devices to observe patients’ vital signals and outsource them to a remote cloud to enjoy flexible data sharing. However, it faces many security threats as the outsourced data is no longer physically controlled by data owners, and the cloud that hosts the outsourced data is not fully trusted. Many privacy protection technologies have been adopted to solve this problem, among which cryptographic mechanisms have become one of the most promising tools. Unfortunately, current cryptographic mechanisms in healthcare IoT mainly suffer from the following challenges: 1) dynamic user groups for managing users’ accessibility; 2) efficient revocation mechanism to mitigate the burden during user revocation; 3) forward and backward secrecy to ensure session independence in the presence of session key leakage; 4) revocable storage to prevent data users from learning any unauthorized data even the data is authorized before; and 5) information manipulation during data transmission. In this article, we introduce a practical and secure system to address the above problems. Our system provides fine-grained access control with dynamic user groups for optimizing scalability and functionality. We prove that our system is secure against numerous real-world threats. Extensive comparison and experimental analysis demonstrate that our system enjoys superior performance than the state-of-the-art solutions.

Keywords

Cloud Computing, Encryption, Access Control, Tools, Complexity Theory, Data Communication, Computer Crime, Fine Grained Access Control, Forward And Backward Secrecy, Dynamic User Groups

Discipline

Information Security

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

19

Issue

6

First Page

3759

Last Page

3773

ISSN

1545-5971

Identifier

10.1109/TDSC.2021.3106393

Publisher

Institute of Electrical and Electronics Engineers

Citation

XU, Shengmin; NING, Jianting; HUANG, Xinyi; LI, Yingjiu; and XU, Guowen. Untouchable once revoking: A practical and secure dynamic EHR sharing system via cloud. (2022). IEEE Transactions on Dependable and Secure Computing. 19, (6), 3759-3773.
Available at: https://ink.library.smu.edu.sg/sis_research/10197

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TDSC.2021.3106393