Secure lightweight client for cloud-based E-Health Model

A strict requirement for the security and privacy of Electronic Health Records (EHRs) is a primary issue for realizing a secure eHealth system. Based on an investigation of medical modes and a questionnaire survey on 114 medical practitioners of several of China's tertiary hospitals, the medical industry needs such high-security EHRs systems while the EHRs systems currently in use cannot meet requirements. The solution to this bottleneck is proposing a novel model for realizing a secure eHealth system. In this study, a secure cloud-based electronic health system model (SCBEH) is proposed. It is a novel model integrating critical security technologies and manifesting four necessary features of a secure EHR system. The implementation of the four features is described as follows: Firstly, the SCBEH model, which optimized a MONA benchmark model and absorbed all its security technologies, has four aspects to be considered: 1) the use of symmetric and asymmetric hybrid encryption technique (KEM-DEM), in which the latest elliptic curve cryptography algorithm (ECC) of asymmetric encryption is used; 2) the applications of group key distribution and group signature technologies are achieved; 3) the revocation and tracking of illegal group members are reimplemented; 4) the computational burden of client is alleviated. Compared with MONA, the proposed model initially achieves the client minimum storage cost reduction of 0 and the client time cost reduction of about 25.9% on generating the 10M file. Secondly, a two-party session key protocol named password authentication key exchange based on verification elements for lightweight clients (LC-VE-PAKE) is proposed. This protocol enables the client to transfer its computational operations to a specified proxy server securely. Compared with SCBEH without implementing this protocol, the time cost of client users is further reduced on average by 15.8% on generating 10M files, while the time cost of accessing 10M files is significantly reduced by about 10%-79.8%. Thirdly, an authorization algorithm named federated proxy implements for fine-grained access control based on CP-ABE (FPI-CP-ABE) is proposed. This algorithm verifies the identity and permission of non-group members to meet the strict privacy protection requirements of EHRs data. Compared with the initial SCBEH, the calculation costs of the data owner were all close to 0, while those of the data requester were a little more. Meanwhile, it must be noticed that the time cost of the data requester on accessing the 10M file is about 0.62s, which is about 13.4% of the proxy server. Fourthly, an assessment and prediction module named network security situation awareness based on task execution time (TET-NSSA) is proposed to prevent possible security threats timely. The time cost of each component in the security state is extracted as parameters to compute the perceived and predicted values of the security situation of the proposed model. According to the calculated results, the confidence interval of NSSA values on accessing the 10M file is 0.17~0.23. The error between the calculated NSSP values and the measured NSSA values does not exceed 5%. The results of this study will remarkably facilitate the development of a practical secure cloud-based eHealth system.

Text 119863.pdf Download (948kB) Official URL or Download Paper: http://ethesis.upm.edu.my/id/eprint/18480

Actions (login required)

View Item