Sage Journals: Discover world-class research

Abstract

Emerging IoT (Internet of Things) technologies provide many benefits to the improvement of healthcare service. The successful deployment of IoT depends on ensuring security and privacy that need to adapt to their processing capabilities. IoT is vulnerable to attacks since communications are mostly wireless. So far, most researchers have only focused on security or privacy issues related to wireless communication in the IoT environment without considering all the communication vulnerabilities. However, since most of biometric data from sensors travel over the cellular network, we are required to study a privacy-enhanced scheme that covers all the secure communications. Therefore, we propose a novel privacy-enhanced mobile healthcare system in the IoT environment. Our proposed scheme provides anonymous communication between a patient and a doctor in a wireless cellular network satisfying security requirements and guaranteeing its efficiency.

1. Introduction

The recent surging interest in IoT (Internet of Things) is based on the perception that IoT will become a new trend setter in the postmobile computing era. IoT will begin connecting human-beings and electronic devices in the initial stage and this will eventually expand to human-material fusion which will become a main driving force in making human lives more comfortable. Ultimately, IoT's aim is to achieve a truly ubiquitous society. The application of IoT is vast from home networking to smart healthcare which will bring significant benefits to our society; we as a society are fortunate enough to make an early investment decision in this area. In particular, with the growth of IoT technology, it has a similarly beneficial effect on the traditional healthcare practices. For example, it provides not only medication for illness but also health management. Nowadays, the provision of health services using digital technology has been termed as “mobile healthcare.” Mobile healthcare is defined as the practice of medicine and public health supported by mobile devices. Mobile healthcare has been recognized as one of the fastest growing industries, with growth rates of 10% annually. Moreover, the provision of mobile healthcare service has been adopted by many countries, such as the USA, Canada, the UK, Korea, and the EU. The major reasons for the rapid growth of mobile healthcare are as follows. First, the number of smartphone users has increased dramatically. Secondly, medical expenses for large ageing populations and chronic disease patients have been growing gradually. In particular, the periodical medical visits for people with chronic diseases cost a lot of money, therefore imposing a financial burden on patients. Nevertheless, mobile healthcare services contain potential security and privacy problems, even though it is convenient and has economic benefits. Generally, it could be possible for patients to reveal a physical or psychological secret to medical staff. Therefore, the patients' health information should be used for treatment by designated medical staff because of its sensitivity. However, what if a patient's private information is leaked to the public or to unauthorized people? For example, a patient could be embarrassed if the fact that he goes to a special clinic which cares for mental illness, urinary disease, or sexual counseling is leaked. Thus, the sensitive medical record must be protected from unauthorized access or modification.

Of course, many countries know the importance and make efforts to protect patient's information. In 2015, a European data protection supervisor mentioned that healthcare data should be regarded as basically sensitive private data and healthcare service providers must have the concept of “privacy by default, privacy by design” when they develop a healthcare system. In the US, use and disclosure of the PHI (Protected Health Information) should be in accordance with the requirements of the HIPAA (Health Insurance Portability and Accountability Act). The HIPAA requires that maintaining the confidentiality of the health data is not an option, but an obligation. However, the healthcare data is still being leaked. According to Identity Theft Resource Center(ITRC) report, healthcare data breach was the second largest portion of data breach in the industry sections in 2014. In 2015, social security numbers and personal medical information in Anthem, which is the second largest health insurer in the US, were hacked and stolen by hackers. To make matters worse, Reuters [1] reported that a medical record is worth 10 times more to hackers than credit card information. Of course, many researchers have studied security and privacy problems in mobile healthcare services. Burmester et al. [2] proposed the symmetric encryption scheme using RFID to solve security and privacy problems. Zhang et al. [3] stated ID-based encryption schemes for healthcare services. Tan et al. [4] addressed a secure healthcare protocol using IBE-Lite scheme that is more efficient than [3]. Huang et al. [5] pointed out Tan et al.'s [4] weaknesses about security and privacy breaches between smartphone and health cloud storage.

However, these secure and privacy-preserving schemes overlook important facts. Their assumption on the environment of network communication uses the Internet which is provided by ISP (Internet Service Provider). In order to use the network, the devices should be identified and authenticated from the ISP. In cases where there exists a malicious cellular network operator or an adversarial cloud provider, the security and privacy breach problems become more critical. In particular, both of them can deal with all communications and monitor a special patient's biometric data in their perspective network. They could be aware of who is communicating with whom, how often a person transmits his or her biodata, and the amount of the data exchanged between them. To make matters worse, all this information can be easily inferred for end-to-end communication, if a cellular network operator and a cloud provider collude with each other. They might threaten the privacy of all users in the mobile healthcare system. In this paper, we propose a novel secure and privacy-preserving mobile healthcare scheme using biosensors in wireless cellular network environment (Figure 3). First of all, we clarify the security requirements including patient's anonymity in mobile healthcare systems. Next, we point out the weaknesses of previous work in [5]. Then, we propose the solution with the security requirements to overcome the weaknesses. The proposed scheme provides a secure communication and also allows smartphone users to communicate in an anonymous way. To the best extent of our knowledge, our paper is the first work that considers the anonymity of a patient and his or her biodata in a wireless cellular network. Our contributions are mainly summarized as follows. (i) Our work is the first attempt for mobile healthcare systems considering wireless cellular network environment. Our proposed scheme provides an anonymous channel over wireless cellular network by using multihop Wi-Fi local communications that hides the source or destination. (ii) We draw the security requirements for mobile healthcare system and point out the weaknesses of Huang's scheme [5]. (iii) Our scheme satisfies fundamental security issues such as an eavesdropping attack and a matching attack. The remainder of this paper is organized as follows. Section 2 presents preliminaries such as network architecture, notations, and security requirements for mobile healthcare services. Section 3 reviews previous privacy-preserving mobile healthcare services and discusses its weaknesses. Section 4 proposes a new secure and privacy-enhanced scheme. Section 5 presents the security and performance analysis of our protocol and Section 6 concludes this paper.

2. Preliminaries

2.1. The Overview of Mobile Healthcare Service in the IoT Environment

Mobile healthcare is defined as the practice of medicine and public health supported by mobile devices as shown in Figure 1. More specifically, the system includes all the medical practices such as prevention, situation understanding, prognosis, and prescriptions for patients. The network architecture of mobile healthcare service in the IoT environment mainly consists of 4 main entities such as patients' biosensors, sink node, HSP (Healthcare Service Platform) including cloud storage, and medical staff's devices. Biosensors are attached on a patient's body and sent to a sink node. They are usually low-powered and too tiny to transmit the data to a healthcare cloud storage directly. To overcome this limitation, a sink node, such as a smartphone, is usually used to extend the range of communication. The sink node stores the biodata from the sensors and forwards them into a healthcare service platform. This includes a cloud storage because the storage capacity of the smartphone is not enough to store all of the patient's biodata. The healthcare service platform keeps a record of the patients' biodata. Then, a medical staff physician retrieves the patients' biodata and monitors it. Then, they can take a prescription or treatment for the patient.

Figure 1

The network architecture of mobile healthcare service.

2.2. Notations

We use the notations in Notations to analyze scheme in [5] and describe our proposed scheme.

2.3. An ElGamal with Elliptic Curve Cryptography and Its Example

The elliptic curve cryptography (ECC) is an approach to public key cryptography based on the algebraic structure of elliptic curves over finite fields. It is well known for fitting in mobile or remote environments, because ECC can offer the same level of security as RSA but while using much smaller key sizes. For example, a 256-bit ECC public key provides comparable security to a 3072-bit RSA public key [6]. In this paper, we and [5] use ECC over finite field $G F (p)$ , where $q = p^{n}$ and p is a large prime. To set up an elliptic curve cryptosystem, we choose integer $e, d \in G F (p)$ where e is the public key and d is the private key, where $e = d \cdot P$ and P is the base point in elliptic curve E. We see an instance of EC-ElGmal (Elliptic Curve Analog of ElGamal) cryptosystem shown in Table 1.

Table 1

An example of elliptic curve cryptosystem.

Section	Descriptions
Public key	$p, q, y = x \cdot P$
Private key	x
Encryption $E n c (e, M)$	$C = \{C_{1}, C_{2} \} = \{r \cdot P, r \cdot e + M \}$
Decryption $D e c (d, C)$	$M = C_{2} - d \cdot C_{1}$

2.4. Security Requirements for Mobile Healthcare Systems

Although a mobile healthcare system is convenient and efficient for managing medical records and monitoring statuses, it has various vulnerabilities such as a personal medical data leakage and unauthorized data modification. Therefore, it is strongly urged that we consider providing security for all communication channels involved with mobile healthcare services. First of all, we need to identify potential adversaries to mobile healthcare services when using wireless cellular networks, as shown in Table 2. Next, we need to characterize the security requirements of the mobile healthcare systems necessary to secure users from a variety of different attacks such as eavesdropping, replay, collusion, and impersonation attack, including privacy-preserving issue. (i)

Resistance to Eavesdropping Attack. This attack is a typical passive attack, which listens to the communication of mobile healthcare systems without authorization. The attack damages the confidentiality of biometric data and anonymity. Thus, encryption of transmitted data is essential.

(ii)

Resistance to Matching Attack. The attacker can know other people's public keys and encrypt a plain text with the public keys. Then, the attacker can compare cipher texts made by him with real cipher texts eavesdropped from a communication channel. Thus, patterns of cipher text should be changed in every session.

(iii)

Resistance to Replay Attack. The attacker can use previous network packets and maliciously repeat them. Thus, the same pattern of data in communication should be avoided.

(iv)

Resistance to Impersonation Attack. The attacker can use a fake identity to gain unauthorized access to the cloud storage or clone. Therefore, all public or secret keys in mobile healthcare systems should be provided from a trustworthy organization.

(v)

Resistance to Collusion Attack. Several attackers or malicious entities can conspire together to damage user's anonymity or decrypt cipher texts during communication. Therefore, these attacks should be blocked from occurring during multiple-messages communication.

(vi)

Provision of Unlinkability. Unlinkability is defined in [7] as ensuring that a user may use services or resources as often as they wish without worry about their research being trackable over multiple uses; in other words, the adversaries to mobile healthcare systems are not able to gather a user's biometric data via primary user. Steinbrecher and Köpsell [8] formulated the degree of unlinkability by using a concept of equivalence relation $~_{r (A)}$ , a notation which signifies “is related” within a set A. They define the degree of $(i_{1}, \dots, i_{k})$ unlinkability $d (i_{1}, \dots, i_{k})$ describing the unlinkability of k items $a_{i_{1}}, \dots, a_{i_{k}} \in A$ . Obviously, it holds $0 \leq d (i_{1}, \dots, i_{k}) \leq 1$ and the maximum of unlinkability is reached if $d (i_{1}, \dots, i_{k}) \leq 1 \Leftrightarrow \forall j \in |I_{k}| : P ((~_{r_{j} (A)} ∣ {a_{i_{1}}, \dots, a_{i_{k}}}) = (~_{r (A)})) = 1 / | I_{k} |$ , where $| I_{k} |$ means an index set enumerating all possible equivalence relations on ${a_{i_{1}}, \dots, a_{i_{k}}}$ . In other words, the worst case for the adversaries is that all possible relations among items have the probability $1 / | i t e m s |$ .

Table 2

Potential adversaries in mobile healthcare service.

Adversaries	Description
Malicious device	This adversary can access patient's smartphone illegally with the near network area and eavesdrop his personal medical information

Malicious cellular network operator	A cellular network operator can observe all communication between cellular users and cloud clones. In particular, he can gather a targeted network traffic and identify the user or user's location

Malicious cloud provider	A cloud storage or clone is not secure because a malicious cloud provider can find out user's identity and eavesdrop all communication between users and their clones

3. Review of Huang's Mobile Healthcare System [5] and Its Weaknesses

Huang et al. [5] overcame the weaknesses surrounding damage of privacy in [4]. Huang et al. [5] assumed that KDC (Key Distribution Center) is trustworthy, and cloud storage permits only authorized users to access and use stored data. To solve the low-power limitation of WBAN, [4] used ElGamal cryptosystem with elliptic curves for their mobile healthcare scheme. Furthermore, they assumed that a smartphone is tamper-resistant. Excluding the above constraints, all the entities and communications are not secure. Figure 2 presents communication protocols in [5]. However, we have found [5]'s weaknesses with the several attack points listed below. (i)

No Consideration about Malicious Network Entities. Reference [5] did not consider that a cellular network operator is able to monitor all the communications passing through the cellular network. Therefore, the malicious operator can observe a source address and destination address via healthcare cloud storage. In addition, the attacker can guess what periodical data is related to the sender's health data.

(ii)

Weaknesses against Eavesdropping Attack and Collusion Attack. First, a doctor sends unencrypted querying data to $K D C$ without any malicious intent. Then, a malicious cellular network operator is able to extract ${A i d}^{k}$ from $〈M A C, j, c_{A}^{k}, {A i d}^{k}, T〉$ and tell the ${A i d}^{k}$ to a malicious cloud provider. After time passes, the malicious cellular network operator observes a doctor's request ${s t r}^{*} = 〈I D ∣ d a t e ∣ t i m e ∣ t y p e〉$ and the response of $K D C$ , ${A i d}^{*}$ , and $x_{A}^{{s t r}^{k}}$ . Then, the attacker compares stored ${A i d}^{k}$ with ${A i d}^{*}$ . If the attacker finds the matching ${A i d}^{*}$ , they can get $x_{A}^{{s t r}^{*}}$ easily. Lastly, they share $x_{A}^{{s t r}^{*}}$ with the malicious cloud provider. Finally, they are able to decrypt $b_{A}^{k}$ from $c_{A}^{k}$ .

(iii)

No Given Guarantee of Unlinkability. Huang's scheme has the weakness of unlinkability by collusion attack. If a cloud storage provider colludes with a cellular network operator, a patient's biometric data could be leaked. Of course, the cloud storage provider cannot know the precise user from $〈{A i d}^{k}, c_{x}^{k}〉$ . However, they can ask a cellular network operator to identify a user's real identity through an alias. Therefore, a patient's privacy might be breached.

Figure 2

Huang's mobile healthcare system [5].

Figure 3

Our proposed scheme for secure and privacy-preserving mobile healthcare system.

4. Our Proposed Scheme for Mobile Healthcare System

4.1. Motivation

The objective of our proposed scheme is to preserve a patient's anonymity by hiding his source address in the network environment. We are inspired from Tor network that is well known for concealing routes in network. The major characteristic of Tor network circuit is to use the onion ring structure consisting of the multilayered cryptographic routers. When more routers participating in Tor network exist, the attacker with high-tech capability finds the source and destination address [9]. In other words, the encapsulated packets move to the next hop over decrypting the cryptographic ring of each router in the circuit. Therefore, the router cannot know the information but recognizes the next router. Consequently, the Tor circuit provides an untraceable route. Similarly, Ardagna et al. [10] present an anonymous communication model over cellular network environments. We apply communication model in [10] into our scheme using a cryptographic scheme in [5] to overcome the weakness in Section 3.

4.2. Anonymity Model

von Ahn et al. [11] state that in k-anonymity message transmission model a transmitter picked among the transmitter's group sends a message into a receiver, who is also chosen among the receiver's group. The attacker cannot conclude the original source transmitter or the destination receiver in k number of groups. This model is known as robust against selective nonparticipants. Ardagna et al. [10] extend the concept of [11] for assuring end-to-end anonymity in wireless cellular networks. They address $(α, β)$ -anonymity whose aim is to link the original source sender to the actual destination receiver. The definition is shown in Definition 1. In this paper, we achieve $(α, β)$ -anonymity of α number of devices in a patient's friend group and β number of devices in a doctor's friend group.

Definition 1.

$(α, β)$ -anonymity is kept if the attacker cannot associate s device in α number of devices as a transmitter's group with r device in β number of devices as a receiver's group.

4.3. Our Scheme for Secure and Anonymous Mobile Healthcare System

4.3.1. Registration Process

This step concerns the initialization process of a system similar to [5]'s scheme. First, a patient A registers their identity into KDC (Key Distribution Center). KDC generates a pair of public and private keys for them. For successful registration, KDC derives the master public key $Y_{A} = {y_{A}^{1}, \dots, y_{A}^{n}}$ and the master private key $X_{A} = {x_{A}^{1}, \dots, x_{A}^{n}}$ . And it generates a secret $S_{A} = {s_{A}^{1}, \dots, s_{A}^{n}}$ for a patient A, where $y_{A}^{i}$ , $x_{A}^{i}$ , $s_{A}^{i} \in G F (q)$ and $y_{A}^{i} = x_{A}^{i} \cdot P (1 \leq i \leq n)$ . And, it sends a key ring $K = {K^{1}, \dots, K^{m}}$ into patient A's smartphone.

4.3.2. Gathering Patient's Biometric Data and Sender's Communication

We adopt $(α, β)$ -anonymity to keep the anonymity of patient A's identification. First, body-sensors gather patient A's biometric data and encrypt the data. Then, they send the encrypted data to patient A's smartphone $P_{A}$ . The smartphone $P_{A}$ generates a message m like [5]. Next, the $P_{A}$ searches for its trustworthy friends' phones by sending “probe requests” to Wi-Fi networks periodically. The phones of A's friends should have been registered in the healthcare cloud clone and are currently available to forward patient A's data within the proximity Wi-Fi network. Then, $P_{A}$ checks for at least $α - 1$ phones to keep the sender's α-anonymity from a malicious cellular network operator. Then, $P_{A}$ chooses a device $d_{i}$ in α sender's group and assembles a message M as follows. (i) It encrypts $c_{i}$ , which is a clone of $d_{i}$ , with the public key of cloud proxy ${P U}_{p r}$ . (ii) It encrypts the first destination clone $c_{A}$ , which is a clone of patient A's smartphone $P_{A}$ , and a parameter α with a public key ${P U}_{c_{i}}$ . (iii) It encrypts patient A's biodata and the parameter β for clone communication. It also encrypts doctor B's clone $c_{B}$ with a public key of clone $c_{A}$ , ${P U}_{c_{A}}$ . The message M is the following equation:

\begin{matrix} M = \{E n c ({P U}_{p r}, c_{i}), E n c ({P U}_{c_{i}}, 〈c_{A}, α〉), E n c ({P U}_{c_{A}}, 〈c_{B}, β, m〉)\} . \end{matrix}

(1)

Patient A's smartphone sends the message M to $1 / α$ probabilistic chosen devices and the device consecutively forwards M to other chosen devices until $d_{i}$ is found. Finally $d_{i}$ also forwards M into a cloud proxy $p r$ in HSP. Next, $p r$ decrypts $E n c ({P U}_{p r}, c_{i})$ of M and checks the next destination $c_{i}$ . Then, $p r$ sends the rest of message M, which is $\overset{\circ}{M}$ as (2), to $c_{i}$ :

\begin{matrix} \overset{\circ}{M} = \{E n c ({P U}_{c_{i}}, 〈c_{A}, α〉), E n c ({P U}_{c_{A}}, 〈c_{D}, β, m〉)\} . \end{matrix}

(2)

The clone $c_{i}$ decrypts $E n c ({P U}_{c_{i}}, 〈c_{A}, α〉)$ of $\overset{\circ}{M}$ . Then, $c_{i}$ chooses α clones and broadcasts $\ddot{M}$ as (3) to other $α - 1$ clones including $c_{A}$ to hide the precise destination from the malicious cloud providers. Finally, only $c_{A}$ can decrypt $\ddot{M}$ as (3) and store m. Figure 4 shows gathering a patient's biometric data and a sender's communication:

\begin{matrix} \ddot{M} = E n c ({P U}_{c_{A}}, 〈c_{D}, β, m〉) . \end{matrix}

(3)

Figure 4

Gathering patient's biometric data and sender's communication.

4.3.3. Clones Communication

In this step, $c_{A}$ sends the biodata m into the doctor's cloud clone $c_{D}$ . Figure 5 shows the clone communication in HSP. First, $c_{A}$ searches β cloud clones associated with a doctor's clone $c_{D}$ to achieve β-anonymity because wireless cellular network operators have to choose the real source clone with the probability of $1 / β$ . Then, $c_{A}$ selects a random doctor's friend's clone $c_{j}$ that will receive the transmitter's message first among β receiver's clones to confuse the malicious cloud provider with ambiguity of the destination. Then, $c_{A}$ assembles a new message $\tilde{M}$ as (4) to send it to $c_{i}$ . If so, it would be hard for a malicious cloud provider to recognize the real final destination of the messages. $\tilde{M}$ is encrypted with the public key of $c_{i}$ to conceal the next destination clone $c_{j}$ , final destination $c_{D}$ , and the patient data m:

\begin{matrix} \tilde{M} = \{E n c ({P U}_{c_{i}}, 〈c_{j}, E n c ({P U}_{c_{j}}, 〈c_{D}, β〉), E n c ({P U}_{c_{B}}, m)〉)\} . \end{matrix}

(4)

Figure 5

Clones communication.

$c_{A}$ sends $\tilde{M}$ to his friend $c_{i}$ and $c_{i}$ checks the next hop $c_{j}$ from decrypted $\tilde{M}$ . Then, $c_{i}$ forwards M as (5), the rest of $\tilde{M}$ , to $c_{j}$ :

\begin{matrix} \bar{M} = \{E n c ({P U}_{c_{j}}, 〈c_{D}, β〉), Enc ({P U}_{c_{B}}, m)\} . \end{matrix}

(5)

Then, $c_{j}$ finds a parameter β and the destination $c_{D}$ . Next, it broadcasts message M as in

\begin{matrix} \overset{̿}{M} = E n c ({P U}_{c_{B}}, m) . \end{matrix}

(6)

4.3.4. Receiver's Communication

In this step, the doctor's clone $c_{D}$ forwards m to a doctor's smartphone $d_{B}$ by using friend's $c_{j}$ . First, $c_{D}$ searches $c_{j}$ devices in the proximity of doctor's smartphone $d_{B}$ . $c_{D}$ sends newly assembled message $\hat{\hat{M}}$ as (7) to $c_{j}$ :

\begin{matrix} \hat{\hat{M}} = E n c ({P U}_{c_{j}}, 〈d_{j}, E n c ({P U}_{d_{j}}, E n c ({P U}_{d_{B}}, m))〉) . \end{matrix}

(7)

$c_{j}$ checks the destination of his device and transmits $\hat{M}$ as (8), the rest of message $\hat{\hat{M}}$ , to cloud proxy $p r$ . $p r$ forwards $\hat{M}$ to phone $d_{j}$ over cellular network. However, a malicious cellular network operator cannot recognize the precise destination $d_{B}$ in $\hat{M}$ . After receiving the message, $d_{j}$ decrypts the message and broadcasts $E n c ({P U}_{d_{B}}, m)$ to all devices in the proximity of doctor's smartphone. Finally, doctor's smartphone can only decrypt the message and get m. Next, the doctor's smartphone verifies $M A C$ for confirming the integrity of the message:

\begin{matrix} \hat{M} = 〈d_{j}, E n c ({P U}_{d_{j}}, E n c ({P U}_{d_{B}}, m))〉 . \end{matrix}

(8)

4.3.5. Decryption of Patient's Biodata

The doctor asks $K D C$ for the information ${s t r}^{k}$ in order to decrypt the message $c_{A}^{k}$ . At this time, the doctor searches his friend's devices $d_{j}$ randomly to forward the request as the above transmitter's communication. Then, doctor's smartphone sends a message as $E n c ({P U}_{d_{j}}, 〈K D C, E n c (P U_{K D C}, B ∣ {s t r}^{k})〉)$ to nearby random device and the device forwards it until $d_{j}$ is found. Finally, $d_{j}$ transmits the above message to $K D C$ . $K D C$ computes the master key $x_{A}^{{s t r}^{k}} = \sum_{i = 1}^{n} ‍ h_{i} (s ∣ {s t r}^{k}) x_{A}^{i}$ and encrypts it with doctor's public key ${P U}_{B}$ . Then, $K D C$ sends the response cipher text as (9) to the device $d_{j}$ . Then, the device $d_{j}$ broadcasts the message $E n c ({P U}_{d_{B}}, x_{A}^{{s t r}^{k}})$ to nearby devices including the doctor's smartphone. The doctor's smartphone can only obtain the master key of $c_{A}^{k}$ . Then, it decrypts $c_{A}^{k}$ and gains $b_{A}^{k}$ like (10). Figure 6 presents the receiver's communication and decryption of patient's biodata:

\begin{matrix} E n c ({P U}_{d_{j}}, E n c ({P U}_{d_{B}}, x_{A}^{{s t r}^{k}})), \end{matrix}

(9)

\begin{matrix} D e c (x_{A}^{{s t r}^{k}}, c_{A}^{k}) = b_{A}^{k} ∣ r . \end{matrix}

(10)

Figure 6

Receiver's communication and decryption of patient's biodata.

5. Security Analysis

This section discusses how our proposed scheme satisfies the security requirements in Section 2, comparing [4] and [5]. Table 3 presents the summary of the comparison.

Table 3

The initial assumption and expected goal for our proposed scheme.

Resistance to/provision	Ours	[4]	[5]
Eavesdropping attack	◯	△	△
Matching attack	◯	◯	◯
Replay attack	◯	◯	◯
Collusion attack	◯	◯	◯
Provision of unlinkability	◯	×	×

5.1. Resistance to Collusion Attack and Provision of Unlinkability

Our protocol satisfies sender unlinkability if, for any two actions, the adversary cannot determine whether these actions are executed by the same user. To protect from a malicious cloud provider, our proposed scheme also uses an alias for patient's biometric data when the data is stored in a cloud clone. Accordingly, the malicious cloud provider cannot precisely link identification of stored data from used aliases. In addition, we apply anonymous communications similar to onion routers of Tor network [9], which is stated in Section 4. The patient selects random devices in order to hide the original source from a cellular network operator. In order to identify the real source or destination, the malicious cellular network operator has to guess certain user with $1 / α$ (or $1 / β$ ) probability. If α (or β) is large enough, it is harder for the cellular network operator to guess the identifications. Thus, we can achieve $(α, β)$ -anonymity. Also, the patient's biometric data is not transmitted to his own cloud clone directly. Instead of them, their friend's cloud broadcasts the encrypted message to other clones. Thus, it is impossible for the cloud provider and the cellular network operator to collude because both cannot link the original source with the destination. In conclusion, our enhanced privacy-preserving mobile healthcare system overcomes the weaknesses of [4, 5].

5.2. Resistance to Eavesdropping Attack

One of the main weaknesses in [4, 5] is not being resistant against eavesdropping attacks. Of course, there exists cryptographic protocol in [4, 5], such as IBE-Lite. However, unencrypted KDC requests from a doctor in [4, 5] can reveal the patient's identification in ${s t r}^{k}$ against a cellular network operator. To make matters worse, the cellular network operator can observe the response message and get a master key $x_{A}^{{s t r}^{k}}$ . However, we encrypt every message in all of the communication steps to protect from eavesdropping attacks from any adversaries.

5.3. Resistance to Replay Attack and Matching Attack

Our proposed scheme, similar to [4, 5], provides a cryptographic scheme by using random numbers to protect against replay attacks and matching attacks. In this way, the attacker cannot guess the cipher text pattern and cannot reuse it. The attacker can use previous network packets and maliciously repeat them. Thus, the same pattern of information in communication is avoided.

5.4. Resistance to Impersonation Attack

All entities in our proposed scheme are provided with cryptographic keys by a trustworthy organization, KDC. Also, all processes of identification in communication use the entities own keys. Therefore, our mobile healthcare system is secure.

6. Performance Analysis

To verify the validity of our proposed scheme, we implemented the prototype with Java 2 Standard Edition (J2SE Ver 1.7) platforms to support HTTP connections between smartphones and a cloud server. We used the Nexus 5 emulator in Android Studio in lieu of smartphones. In addition, we used a laptop as a testbed of cloud service which has 2.2 GHz Intel Core-i5 CPU and 8 GB RAM. For simulating the elliptic curve public key cryptography, we used JECC (Java Elliptic Curve Cryptography) package and arbitrary data packets which are similar to [5]'s data set. We then set up the testbeds for analyzing performance. First, we checked the encryption and decryption overhead of the whole process in ElGamal cryptosystem with elliptic curve. Figure 7 shows the comparison between our proposed scheme and [5]'s when α and β each have 20 phones. The transaction time for health monitoring is the amount of gathered biometric information that is sent to the destination at once. We can see that the time between [5] and ours is not much different and our scheme does not impose temporal burden on the system even though our scheme uses the friend's phones for anonymous communication.

Figure 7

Comparison between ours and [5].

Second, we checked communication overhead with various α senders and β receivers. We chose the max senders and receivers to be 36 and compared all possible α sets and β sets. In Figure 8, we can see that number of senders and receivers is not a big factor to affect the communication overhead.

Figure 8

Communication overhead with various α senders and β receivers.

7. Conclusion

We have proposed a novel and secure privacy-enhanced mobile healthcare scheme that is robust over the wireless cellular network. To the best extent of our knowledge, this is the first attempt for a mobile healthcare system to monitor over a cellular network. Our proposed scheme considers real network environments such as the ISP (Internet Service Provider) cellular network and it provides unlinkability between patient's alias and their real identification in all communication and also satisfies the security requirements for mobile healthcare systems. In addition, we show fairness in communication traffic and its efficiency, even though the system uses cryptographic encapsulation processes and forwards messages by using phones. However, the main limitation of our scheme is that several smartphones should exist for the anonymous communication. As a future extension of our proposed scheme, we will study anonymous network based mobile healthcare schemes considering all participants' interests including insurance.

Footnotes

Notations

Competing Interests

The authors declare that they have no competing interests.

Acknowledgments

This work was supported by Institute for Information & Communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (R0101-16-0195, Development of EAL 4 level military fusion security solution for protecting against unauthorized accesses and ensuring a trusted execution environment in mobile devices).

References

Humer

Finkle

Your medical record is worth more to hackers than your credit card

http://www.reuters.com/article/2014/09/24/us-cybersecurityhospitals-idUSKCN0HJ21I20140924

Burmester

Van Le

De Medeiros

Tsudik

Universally composable RFID identification and authentication protocols

ACM Transactions on Information and System Security 2009 12 4, article 21

10.1145/1513601.1513603

2-s2.0-76849106311

Zhang

Liu

Lou

Fang

Location-based compromise-tolerant security mechanisms for wireless sensor networks

IEEE Journal on Selected Areas in Communications 2006 24 2 247 260

10.1109/JSAC.2005.861382

2-s2.0-33144476837

Tan

C. C.

Wang

Zhong

IBE-lite: a lightweight identity-based cryptography for body sensor networks

IEEE Transactions on Information Technology in Biomedicine 2009 13 6 926 932

10.1109/titb.2009.2033055

2-s2.0-70449562519

Huang

Lee

D. H.

A privacy-strengthened scheme for E-healthcare monitoring system

Journal of Medical Systems 2012 36 5 2959 2971

10.1007/s10916-011-9774-2

2-s2.0-84867301818

U.S. National Security Agency

Fact Sheet NSA Suite B Cryptography

https://www.nsa.gov/what-we-do/information-assurance/

NIST Common Crieteria for Information Technology Security Evaluation Version 3.1, revision 4, 2012

Steinbrecher

Köpsell

Dingledine

Modelling unlinkability

Privacy Enhancing Technologies 2003 2760

Berlin, Germany

Springer

32 47 Lecture Notes in Computer Science

10.1007/978-3-540-40956-4_3

Dingledine

Mathewson

Syverson

Tor: The Second Generation Onion Router 2004

Washington, DC, USA

Naval Research Lab

10.

Ardagna

C. A.

Conti

Leone

Stefa

Preserving smartphone users' anonymity in cloudy days

Proceedings of the IEEE 2013 22nd International Conference on Computer Communication and Networks (ICCCN ′13)

August 2013

Nassau, Bahamas

1 5

10.1109/icccn.2013.6614170

2-s2.0-84891384442

11.

von Ahn

Bortz

Hopper

N. J.

K-anonymous message transmission

Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS ′03)

October 2003

ACM

122 130

2-s2.0-14844282596