Amitesh Singh Rajput , Arnav Agarwal , Kiran B. Raja
{"title":"用于医疗保健数据隐私保护分发和访问控制的稳健多密钥授权系统","authors":"Amitesh Singh Rajput , Arnav Agarwal , Kiran B. Raja","doi":"10.1016/j.comcom.2024.07.005","DOIUrl":null,"url":null,"abstract":"<div><p>Innovation in medical technology and communication has rapidly empowered the development of smart healthcare devices. This has led to privacy breaches, threats and vulnerabilities to sensitive patient data that result in unwanted or targeted advertising. Previous research has focused on protecting access to sensitive patient data from unauthorized entities, especially by defining roles of healthcare entities in the overall system with their access privileges. However, such efforts need to be further robust due to the involvement of a single key authority that may lead to a critical point of failure. In this paper, this vulnerability has been addressed by developing a novel approach to crucially increase the number of key authorities using homomorphic encryption. The proposed approach ensures genuine access to the verified entity by forming a subsystem of <em>t</em> key authorities from a total of <em>n</em> authorities <span><math><mrow><mo>(</mo><mi>t</mi><mo><</mo><mi>n</mi><mo>)</mo></mrow></math></span>. This creates rigorous challenge to a malicious attacker, obfuscating the selection and functioning of key access packets in a multi-key authority setup. The results of the proposed approach achieve medical data confidentiality, entity authentication, and strategic data sharing. The security of the proposed approach is assessed for different vulnerabilities of the overall system using a challenge–response game model. Moreover, the proposed approach is found to be better and secure as compared to existing schemes.</p></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"225 ","pages":"Pages 195-204"},"PeriodicalIF":4.5000,"publicationDate":"2024-07-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A robust multi-key authority system for privacy-preserving distribution and access control of healthcare data\",\"authors\":\"Amitesh Singh Rajput , Arnav Agarwal , Kiran B. Raja\",\"doi\":\"10.1016/j.comcom.2024.07.005\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Innovation in medical technology and communication has rapidly empowered the development of smart healthcare devices. This has led to privacy breaches, threats and vulnerabilities to sensitive patient data that result in unwanted or targeted advertising. Previous research has focused on protecting access to sensitive patient data from unauthorized entities, especially by defining roles of healthcare entities in the overall system with their access privileges. However, such efforts need to be further robust due to the involvement of a single key authority that may lead to a critical point of failure. In this paper, this vulnerability has been addressed by developing a novel approach to crucially increase the number of key authorities using homomorphic encryption. The proposed approach ensures genuine access to the verified entity by forming a subsystem of <em>t</em> key authorities from a total of <em>n</em> authorities <span><math><mrow><mo>(</mo><mi>t</mi><mo><</mo><mi>n</mi><mo>)</mo></mrow></math></span>. This creates rigorous challenge to a malicious attacker, obfuscating the selection and functioning of key access packets in a multi-key authority setup. The results of the proposed approach achieve medical data confidentiality, entity authentication, and strategic data sharing. The security of the proposed approach is assessed for different vulnerabilities of the overall system using a challenge–response game model. Moreover, the proposed approach is found to be better and secure as compared to existing schemes.</p></div>\",\"PeriodicalId\":55224,\"journal\":{\"name\":\"Computer Communications\",\"volume\":\"225 \",\"pages\":\"Pages 195-204\"},\"PeriodicalIF\":4.5000,\"publicationDate\":\"2024-07-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Communications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S014036642400241X\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S014036642400241X","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
医疗技术和通信领域的创新迅速推动了智能医疗设备的发展。这导致了敏感患者数据的隐私泄露、威胁和漏洞,从而产生了不需要的或有针对性的广告。以往的研究侧重于保护未经授权的实体访问敏感的患者数据,特别是通过定义医疗实体在整个系统中的角色及其访问权限。然而,由于单个密钥机构的参与可能会导致关键故障点,因此这些工作需要进一步加强。本文通过开发一种新方法,利用同态加密技术大幅增加密钥授权的数量,从而解决了这一漏洞。所提出的方法通过从总共 n 个密钥机构(t<n)中组成一个由 t 个密钥机构组成的子系统,确保对已验证实体的真正访问。这对恶意攻击者提出了严峻的挑战,混淆了多密钥机构设置中密钥访问数据包的选择和功能。所提方法的结果实现了医疗数据保密、实体身份验证和战略数据共享。利用挑战-响应博弈模型,针对整个系统的不同漏洞评估了所提方法的安全性。此外,与现有方案相比,发现所提出的方法更好、更安全。
A robust multi-key authority system for privacy-preserving distribution and access control of healthcare data
Innovation in medical technology and communication has rapidly empowered the development of smart healthcare devices. This has led to privacy breaches, threats and vulnerabilities to sensitive patient data that result in unwanted or targeted advertising. Previous research has focused on protecting access to sensitive patient data from unauthorized entities, especially by defining roles of healthcare entities in the overall system with their access privileges. However, such efforts need to be further robust due to the involvement of a single key authority that may lead to a critical point of failure. In this paper, this vulnerability has been addressed by developing a novel approach to crucially increase the number of key authorities using homomorphic encryption. The proposed approach ensures genuine access to the verified entity by forming a subsystem of t key authorities from a total of n authorities . This creates rigorous challenge to a malicious attacker, obfuscating the selection and functioning of key access packets in a multi-key authority setup. The results of the proposed approach achieve medical data confidentiality, entity authentication, and strategic data sharing. The security of the proposed approach is assessed for different vulnerabilities of the overall system using a challenge–response game model. Moreover, the proposed approach is found to be better and secure as compared to existing schemes.
期刊介绍:
Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms.
Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
