Trustworthy Delegation toward Securing Mobile Healthcare Cyber-Physical Systems

Changhee Hahn, Hyunsoo Kwon, Junbeom Hur

Research output: Contribution to journalArticle

Abstract

Attribute-based encryption (ABE) offers a promising solution for flexible access control over sensitive personal health records in a mobile healthcare system on top of a public cloud infrastructure. However, ABE cannot be simply applied to lightweight devices due to its substantial computation cost during decryption. This problem could be alleviated by delegating significant parts of the decryption operations to computationally powerful parties such as cloud servers, but the correctness of the delegated computation would be at stake. Thus, previous works enabled users to validate the partial decryption by employing a cryptographic commitment or message authentication code (MAC). This paper demonstrates that the previous commitment or MAC-based schemes cannot support verifiability in the presence of potentially malevolent cloud servers. We propose two concrete attacks on previous commitment or MAC-based schemes. We propose an effective countermeasure scheme for securing resource-limited mobile healthcare systems and provide a rigorous security proof in the standard model, demonstrating that the proposed scheme is secure against our attacks. The experimental analysis shows that the proposed scheme provides the similar performance compared with the previous commitment-based schemes and outperforms the MAC-based scheme.

Original languageEnglish
JournalIEEE Internet of Things Journal
DOIs
Publication statusAccepted/In press - 2018 Jan 1

Fingerprint

Authentication
Cryptography
Servers
Access control
Health
Concretes
Cyber Physical System
mHealth
Costs

Keywords

  • attribute-based encryption.
  • Cloud computing
  • cloud computing
  • Cyber-physical systems
  • Encryption
  • Medical diagnostic imaging
  • Medical services
  • mobile healthcare
  • Servers

ASJC Scopus subject areas

  • Signal Processing
  • Information Systems
  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications

Cite this

Trustworthy Delegation toward Securing Mobile Healthcare Cyber-Physical Systems. / Hahn, Changhee; Kwon, Hyunsoo; Hur, Junbeom.

In: IEEE Internet of Things Journal, 01.01.2018.

Research output: Contribution to journalArticle

@article{b7cf921cc19e4669a7efdb5feddf5bea,
title = "Trustworthy Delegation toward Securing Mobile Healthcare Cyber-Physical Systems",
abstract = "Attribute-based encryption (ABE) offers a promising solution for flexible access control over sensitive personal health records in a mobile healthcare system on top of a public cloud infrastructure. However, ABE cannot be simply applied to lightweight devices due to its substantial computation cost during decryption. This problem could be alleviated by delegating significant parts of the decryption operations to computationally powerful parties such as cloud servers, but the correctness of the delegated computation would be at stake. Thus, previous works enabled users to validate the partial decryption by employing a cryptographic commitment or message authentication code (MAC). This paper demonstrates that the previous commitment or MAC-based schemes cannot support verifiability in the presence of potentially malevolent cloud servers. We propose two concrete attacks on previous commitment or MAC-based schemes. We propose an effective countermeasure scheme for securing resource-limited mobile healthcare systems and provide a rigorous security proof in the standard model, demonstrating that the proposed scheme is secure against our attacks. The experimental analysis shows that the proposed scheme provides the similar performance compared with the previous commitment-based schemes and outperforms the MAC-based scheme.",
keywords = "attribute-based encryption., Cloud computing, cloud computing, Cyber-physical systems, Encryption, Medical diagnostic imaging, Medical services, mobile healthcare, Servers",
author = "Changhee Hahn and Hyunsoo Kwon and Junbeom Hur",
year = "2018",
month = "1",
day = "1",
doi = "10.1109/JIOT.2018.2878216",
language = "English",
journal = "IEEE Internet of Things Journal",
issn = "2327-4662",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Trustworthy Delegation toward Securing Mobile Healthcare Cyber-Physical Systems

AU - Hahn, Changhee

AU - Kwon, Hyunsoo

AU - Hur, Junbeom

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Attribute-based encryption (ABE) offers a promising solution for flexible access control over sensitive personal health records in a mobile healthcare system on top of a public cloud infrastructure. However, ABE cannot be simply applied to lightweight devices due to its substantial computation cost during decryption. This problem could be alleviated by delegating significant parts of the decryption operations to computationally powerful parties such as cloud servers, but the correctness of the delegated computation would be at stake. Thus, previous works enabled users to validate the partial decryption by employing a cryptographic commitment or message authentication code (MAC). This paper demonstrates that the previous commitment or MAC-based schemes cannot support verifiability in the presence of potentially malevolent cloud servers. We propose two concrete attacks on previous commitment or MAC-based schemes. We propose an effective countermeasure scheme for securing resource-limited mobile healthcare systems and provide a rigorous security proof in the standard model, demonstrating that the proposed scheme is secure against our attacks. The experimental analysis shows that the proposed scheme provides the similar performance compared with the previous commitment-based schemes and outperforms the MAC-based scheme.

AB - Attribute-based encryption (ABE) offers a promising solution for flexible access control over sensitive personal health records in a mobile healthcare system on top of a public cloud infrastructure. However, ABE cannot be simply applied to lightweight devices due to its substantial computation cost during decryption. This problem could be alleviated by delegating significant parts of the decryption operations to computationally powerful parties such as cloud servers, but the correctness of the delegated computation would be at stake. Thus, previous works enabled users to validate the partial decryption by employing a cryptographic commitment or message authentication code (MAC). This paper demonstrates that the previous commitment or MAC-based schemes cannot support verifiability in the presence of potentially malevolent cloud servers. We propose two concrete attacks on previous commitment or MAC-based schemes. We propose an effective countermeasure scheme for securing resource-limited mobile healthcare systems and provide a rigorous security proof in the standard model, demonstrating that the proposed scheme is secure against our attacks. The experimental analysis shows that the proposed scheme provides the similar performance compared with the previous commitment-based schemes and outperforms the MAC-based scheme.

KW - attribute-based encryption.

KW - Cloud computing

KW - cloud computing

KW - Cyber-physical systems

KW - Encryption

KW - Medical diagnostic imaging

KW - Medical services

KW - mobile healthcare

KW - Servers

UR - http://www.scopus.com/inward/record.url?scp=85055680767&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055680767&partnerID=8YFLogxK

U2 - 10.1109/JIOT.2018.2878216

DO - 10.1109/JIOT.2018.2878216

M3 - Article

JO - IEEE Internet of Things Journal

JF - IEEE Internet of Things Journal

SN - 2327-4662

ER -