Académique Documents
Professionnel Documents
Culture Documents
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2017.2687618, IEEE
Transactions on Industrial Informatics
1
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2017.2687618, IEEE
Transactions on Industrial Informatics
2
linked with smart mobile terminals through 4G or Wi-Fi. connectivity simultaneously. (4) The implementation of HES
Additional network infrastructure or gateway devices are includes the development of medical sensors, correlative
required to enable interconnection between such devices and software and network system.
nodes. Even when the mobile phone has been directly equipped The remainder of this paper is organized as follows. Section
with medical sensors or biometric information-sensing II describes GSRM and HEBM for security and
components, current technology limits it to collecting only one privacy-guarantee, respectively. Security proof, performance
or two data items. Furthermore, many e-/m-healthcare analysis and comparisons are presented in section III. Section
architectures fail in terms of the feasibility of data transmission IV introduces the implementation of HES. In Section V, we
directly from WBANs to wireless personal area networks provide an overview of related work. Finally, the conclusion
(WPANs) or the Internet because implementation difficulty and and future directions are summarized in Section VI.
the need for network connectivity are not considered. Therefore,
this paper focuses on designing a distinctive e-/m-healthcare II. SECURITY AND PRIVACY SCHEME DESIGN OF HES
architecture in which medical sensing data from a wireless
body-area intranet is relayed via an extended wireless sensor A. GSRM for data secure transmission
network infrastructure and then scattered to personal area To ensure the security of medical data transmitted in wireless
networks or the Internet. This architecture also emphasizes sensor networks, key distribution schemes and block encryption
security and privacy preservation during data transmission methods are required. A reasonable key distribution scheme can
while guaranteeing data availability. improve efficiency by decreasing the resource consumption of
Collecting the Secure data Privacy protection for memory, computation and communication of sensors. Because
medical data transmission by GSRM medical data by HEBM
most sensor nodes have only a single connection path, a key
distribution scheme based on a group send-receive model
CDMA
for families
(GSRM) and AES is proposed.
Internet
Related definitions:
Base station Definition 1: A set of nodes is a group of send-receive, if and
Gateway
Expert system only if:
Medical sensors Relay sensors
(1) All the sensor nodes are included within a circle whose
Wireless Body Wireless Sensor Networks Wireless Personal
Area Networks Infrastructure Area Networks
radius is R (half of the sensor communication range).
Fig. 1. The architecture of HES (2) The count of nodes in the group is an even number,
As shown in Fig. 1, the distinction between our denoted by 2ξ (ξ=1, 2 ...).
e-/m-healthcare architecture and others lies in secure, efficient (3) Approximately one-half of the nodes (denoted by Ss) only
and privacy-ensured data transmission in a wireless sensor send messages. The other one-half (denoted by Sr) only receive
network infrastructure and data release via gateway to WPANs messages.
(including the expert system or servers) through protocol (4) A leader node exists that is elected by one given algorithm
conversion among IEEE 802.15.4, 802.11 or CDMA. The in a group.
architecture of Fig. 1 not only addresses the problem of
Ss
communications between implantable medical nodes and Group A Ss Group B
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2017.2687618, IEEE
Transactions on Industrial Informatics
3
Definition 3: GSRM-level is a function L(d) and is relative corresponding to Node 1-1 and Node 1-2 are {d11-22', θ11-22'} and
only to the distance d between a sensor node and the base station. {d12-22', θ12-22'}, respectively. To avoid cumulative errors, the
The function L(d) has the following attributes: mean value will be calculated.
(1) d , there must be L(d) , where denotes the The values of d22 and θ22 can be obtained from (2).
set of real numbers and denotes the set of natural numbers. Once the distance between the base station and every node is
calculated, the node is able to learn its accurate GSRM-level
(2) d1 d 2 , there must be L(d1) ≤ L(d2).
value L(d). The above-mentioned calculation will be repeated
For example, there are two nodes denoted by "A" and "B" until arrival at the edge of a sensor network, when all
with GSRM-level values L(dA) and L(dB), respectively. If GSRM-level values have been completed. The construction
L(dA)=L(dB), "A" and "B" are in the same level; else if procedure is described as Algorithm 1.
L(dA)=L(dB)+1, "A" is the next level farther than "B" from the 1
d 22 2 [ (d11 cos 11 d11 22 'cos 11 22 ') (d11 sin 11 d11 22 'sin 11 22 ')
2 2
Level 2
22 1 [arctan( d11 sin 11 d1122 'sin 1122 ' ) arctan( d12 sin 12 d12 22 'sin 12 22 ' )]
Node 2-1 2 d11 cos 11 d1122 'cos 1122 ' d12 cos 12 d1222 'cos 12 22 '
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2017.2687618, IEEE
Transactions on Industrial Informatics
4
Based on TABLE I, we can derive other keys when ξ=ξ'>2 (i.e., the count of nodes in one group is an even number) will be
from the given recursion rules. If we have learned the key broken, if a virtual node exists, the fresh node can substitute for
h[key(i, j)] used by Ssi and Srj when ξ=ξ'-1, then we can derive it and become the real node. The leader deletes the mark of the
the current key "keyξ'" dispatched for the session between Ssi virtual node and launches the key updating. However, if no
and Srj when ξ=ξ'>2. Two random integers r1 and r2 (r1, r2 [1, virtual node exists when the fresh node joins the group, the
ξ'-1]) will be generated for the calculation of "keyξ'". leader will create a virtual node to balance of the "send or
Furthermore, when ξ=ξ'+1, the recursion rules will be repeated. receive" model and conduct the key updating.
All cases of keys used for different sessions in one group are B. HEBM for data privacy protection
displayed in TABLE II when ξ=ξ'>2. Not all homomorphic encryption methods can be directly
TABLE II applied to the e-/m-healthcare system based on WSNs,
ALL CASES OF THE KEYS USED FOR DIFFERENT SESSIONS WHEN ξ=ξ'>2
particularly when considering resource constraints and the
Send node Receive node Key to use
requirements of the expert system. To better adapt to the
Ssi (i<ξ') Srj (j<ξ') h[key(i, j)]
Ssi (i<ξ' and i ≠r2) Srξ' h[key(i, r2) || keyξ'] privacy-preserving characteristics of HES, HEBM
Ssr 2 Srξ' h[key(r2, r1) || keyξ'] (Homomorphic Encryption Based on Matrix) is proposed.
Ssξ' Srj (j<ξ' and j≠r2) h[keyξ' || key(i, r2)] We suppose that a user of HES must submit n medical data
Ssξ' Srr h[keyξ' || key(r1, r2)]
2
items from WBANs via the wireless sensor network
Ssξ' Srξ' h[keyξ']
infrastructure to WPANs and then obtain the results through the
automatic analysis of the expert system. Each type of medical
When a node acquires its session key between itself and data has a normal region, for example, the normal range of
another node in the same group, it is allowed to send messages
human body temperature (armpit) is between 36 degrees Celsius
using the key. The GSRM-middle nodes are responsible for
and 37 degrees Celsius, i.e., [36.00℃, 37.00℃]. If HES can
communications between two adjacent groups. The medical
examine a total of l types of medical data, the normal region of
data collected from WBANs will be encrypted using the keys
generated by GSRM. Then, the ciphertext will be decrypted via the ith medical data item (i=1, 2, ..., l) can be represented as
WSNs symmetrically in the gateway. [mini, maxi]. Generally, maxi - mini <100. For the instance of
Keys will be updated periodically. When the updating occurs, maxi - mini ≥100, we can calculate s max i min i 1 , where
each node in one group generates a random number rdk for node 100
i and sends it to the leader. The leader updates the session key x denotes rounding up. Before the medical data of users such
between node i and node j according to (3) and informs them as xi is transmitted from the gateway into WPANs, an operation
secretly, where i=1, 2, ..., j=1, 2, ..., and i ≠ j: xi=xi/s has be done. For the normal region of the ith medical data
Key'(i, j) = h[Key(i, j)⊕rdi⊕rdj] (3) item, the operations maxi=maxi/s and mini=mini/s have been
Due to energy exhaustion or node breakdown, some nodes done in the expert system.
will be dead after a period of running of WSNs. If the dead node The expert system proposed in this paper only feeds the
is not a leader, the leader will mark this node a "virtual node" results back based on three cases: normal, relatively low or high.
and no keys in the group will be changed. However, other nodes
For privacy protection, the query results of medical data must be
in the group no longer send messages to the dead node. If the
kept secret, which means that attackers can never obtain the
dead node is a leader, the election algorithm (Algorithm 1) in
factual medical data within the period of validity.
the group will be conducted and the new leader will mark the
dead leader a "virtual node". If the number of virtual nodes We now define some functions about HEBM as follows:
exceeds one-half of the total members in the group, the leader V : Round up each element in V.
node will delete them and re-distribute the keys in the group. M1*M2: Perform the dot product for two matrices M1 and M2;
However, if the alive nodes are too few (below a certain each element of the multiplied result takes the operation of
threshold) to maintain communications in the group, the group modulo g, where g is a given constant.
will be destroyed and all alive nodes will rejoin the network by addCol(M, c1, c2, v): After adding the value amplified v times
seeking other groups. Specifically, if the dead node is a of each corresponding element in column "c1" of M, each
GSRM-Middle node, the node nearest to it within the element in column "c2" of M takes the operation of modulo g,
communication range of the group will be searched and will
where g is a given constant.
replace it; otherwise, if an appropriate neighbor node cannot be
minusCol(M, c1, c2, v): After subtracting the value amplified
found, the group will be destroyed and all living nodes will
rejoin the network. If one node leaves the network v times of each corresponding element in column "c1" of M,
unconventionally (for example, a capture attack occurs), the each element in column "c2" of M takes the operation of modulo
leader launches the key updating, generates a random number rd, g, where g is a given constant and the modular arithmetic for a
then sends it confidentially to all other nodes and informs them negative number can be denoted by -a mod b=b-a mod b.
to update keys for each other according to (4): Therefore, the privacy transformation process of HEBM for a
Key'(i, j) = h[Key(i, j)⊕rd] (4) user's medical data can be described as follows:
When a fresh node applies to join the network, it calculates Step1: After secure transmission based on GSRM, the
the value of its GSRM-Level to decide in which group it will medical data of a user can be denoted by an n-dimensional
participate. Because the balance of the "send or receive" model
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2017.2687618, IEEE
Transactions on Industrial Informatics
5
column vector X=(x1, x2, ..., xn)T. X'= ra X is then calculated, every element in Y+ in the correct places of the matrix. For
instance, if n=5, Y=(y1, y2, y3, y4, y5), and the user focuses on
where ra is a random number and ra >100.
only Y+= {y2, y4}, we can scramble the order of Y, for example
Step2: First, two matrices denoted by M and M' separately
as (y3, y2, y5, y4, y1). After the execution of HEBM, the matrix O
are identity matrices. Second, the random number rb (rb >1) and
is returned. Only y2 and y4 can provide correct results and the
the random prime number g (g>10000∙max{xi}∙ra∙rb) will be
values of y1, y3 and y5 confuse potential attackers.
generated. Third, three arrays a, b and f will be defined, and the (2) In Step 3 of HEBM, {M*X', rb, g} is completed, which
following algorithm will be executed: can be further encrypted through the keys shared by the sender
Algorithm 2: Initialization of Matrix M and M' and receiver, and the transmission security will be enhanced.
1: for i = 1 to 1000
2: Generate two different random integers ai and bi, in III. PERFORMANCE ANALYSIS
region [1, n]; simultaneously generate fi stochastically in
region [0, g); A. Average storage cost
end for
3: for i = 1 to 1000 The storage cost of HES proposed in this paper primarily
addCol(M, ai, bi, fi); comes from the keys stored in sensors. Generally, a more
minusCol(M', a1001-i, b1001-i, f1001-i); convincing analysis of the average key storage cost is based on
end for comparisons among GSRM, the classic algorithm q-composite
Step3: M*X' will be calculated, and then the scrambled data (short for qc) [5] and its improved algorithm proposed in [6]
{M*X', rb, g} will be transmitted into WPANs. (short for Imp.qc). We suppose that N sensor nodes are
Step4: Synchronously with Step1 and Step2 in the expert randomly distributed in a range of w×h, in which these nodes
system, an n-dimensional row vector Y=(y1, y2, ..., yn) is can be divided into groups by GSRM and the average number of
calculated in advance, where y 1 . Then, a matrix T nodes in each group is 2ξ. The average storage cost of each node
i
max i min i in GSRM can be described as 2πρR2 and is positively related to
is constructed. Each element of T’s leading diagonal is equal to the density ρ. In qc or Imp.qc, network connectivity must be
-yi∙mini. The values of the remaining elements of T are guaranteed; otherwise, nodes cannot communicate with each
generated stochastically. other by exchanging shared keys. To prevent network
Step5: After receiving the message {M*X', rb, g}, the expert connectivity from varying sharply, the density ρ is consistently
system calculates Y'= 10000rb Y and M*X'*Y' (an kept as a constant with the coinstantaneous increase of both
node number and region size. Relative simulation parameters
n-dimensional matrix). Then, the message {M*X'*Y', T} will are listed in TABLE III.
be sent back.
Step6: The received M*X'*Y' will be left multiplied by M', TABLE III
PARAMETERS OF SIMULATION
which establishes M'*M*X'*Y'=X'*Y'=X'Y' due to Parameters Value
g>10000∙max{xi}∙ra∙rb. Then, the result matrix Width w=80m in Fig. 4-(a) (b)(c)
X ' Y ' is derived. Height h=80m in Fig. 4-(a)(b)(c)
O
100000ra rb Number of nodes N=30 in Fig. 4-(a) (b) (c), from 0
to 600 in Fig. 5
Step7: Users can obtain the values of elements on O’s leading Network connectivity >=95%
diagonal, which can be expressed as rei. Query results are Network density ρ=0.468%
determined by the value of rei, which is normal if 0<rei <1, Communication Distance R=17.5m
relatively low if rei <0 and relatively high if rei >1. Number of groups (GSRM) group=9
Number of keys in pool (qc and pool=1000
Further strengthening security and privacy Imp.qc)
(1) In most cases, the user need not inquire all types of Parameter q (qc and Imp.qc) q=1
medical data (denoted by Y). For example, a user with Sinus Parameter m (qc and Imp.qc) m=20
rhythm cares about only his or her heart rate. If a user needs to In Fig. 4, the topologies of GSRM, qc and Imp.qc are shown
inquire several types of medical data and the dataset can be in (a), (b) and (c), respectively. Nine groups are formed in
denoted by Y+ and Y+ Y, Y can be disorganized but keep GSRM, and each group is shown as the circle in Fig. 4-(a). The
80
80 disconnected nodes 80
disconnected nodes 150
connected nodes
70 connected nodes GSRM
70 70 access nodes qc
60 Imp. qc
60 60
average storage cost
50 100
Height (m)
50 50
Height (m)
Height (m)
40
40 40
30
30 30
50
20 20 20
10 10 10
0 0 0 0
0 20 40 60 80 0 20 40 60 80 0 20 40 60 80 100 200 300 400 500 600
Width (m) Width (m) Width (m) value of N
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2017.2687618, IEEE
Transactions on Industrial Informatics
6
4
x 10 4
4.5 x 10
1 0.35 2.5
GSRM
0.7 3
0.6 2.5
1.5 Initial phase: 6777 ms
0.2
0.5
Enc./Dec. phase: 390 ms
2
0.15
0.4 1
1.5
0.3 0.1
GSRM
1
0.2 0.5
qc and Imp.qc 0.05
0.1
0.5 Initial phase: 3416 ms
Enc./Dec. phase: 187 ms
0 0 0 0
0 5 10 15 20 25 30 0 50 100 150 200 0 2 4 6 8 10 12 14 16 18 20 15 20 25 30 35 40 45
average storage cost Number of nodes to be captured number of n the value of n
Fig. 6. Comparisons of network Fig. 7. Ratio with the varying Fig. 8. Comparisons of Fig. 9 Average consumed
connectivity among GSRM, qc number of captured nodes communication cost among time of three homomorphic
and Imp.qc HES, Imp. PPSPC and (PC)-Based PPSPC encryption methods
qc and Imp.qc algorithms retain high connectivity when only those nodes captured by the attacker to the total keys as the
one isolated node exists. As shown in Fig. 5, when the scale of metric of anti-capturing attacks.
the network (both region size and node number) increases, We assume that the keys stored in each node range from 2 to
GSRM guarantees a relatively stable level of the average 5, with 2000 nodes in the network and 1000 keys in the key pool.
storage cost, which means keys stored in each node are Shown in Fig. 7, the ratio increases approximately linearly with
approximately ξ but not exactly ξ due to the key updating caused the rise of captured nodes. GSRM has a stronger anti-capturing
by entering and leaving of sensors. In contrast, the average ability than Imp.qc and qc because the keys carried by each
storage cost of qc and Imp.qc gradually increases because when node are dispersed in groups, resulting in less information being
the network expands, an additional increase of keys in the key obtained by the attacker even when he (or she) has controlled
pool is needed to ensure the secure running of WSNs. This the whole group.
increase results in an increase of keys possessed by each node. In addition, GSRM has the following properties:
The average storage cost of Imp.qc is slightly greater than that (1) Forward Confidentiality: Once the network detects a node
of qc because its access nodes need two key pools to distribute that has suffered from the capture attack, keys updates are
secret keys. performed automatically, thus making it impossible for the
captured node to obtain the new keys instantly or to participate
B. Network connectivity
in subsequent sessions.
The connectivity of GSRM, qc and Imp.qc is related to the (2) Backward Confidentiality: When key updates occur, due
keys stored in sensor nodes. To compare the network to the lack of previous keys, the fresh nodes are unable to
connectivity fairly, we assume that each sensor node shares the decrypt the data packages generated before they entered the
same average key storage, ranging from 0 to 30. There are 100 network.
nodes in the network. Other relative simulation parameters b. security and privacy of HEBM
except for N and ρ are shown in TABLE III. The HEBM scheme focuses more on the privacy protection
As shown in Fig. 6, the GSRM algorithm is superior to qc of medical data. The matrix permutation and data confusion
(Imp.qc and qc have the same connectivity) when the numbers make it impossible for anyone except the source to obtain the
of keys stored in each sensor are relatively small. However, plaintext of private data. Therefore, HEBM can effectively
when keys reach 20 or more, the network connectivity of these resist the following attacks.
two schemes, in which the isolated nodes have been neglected, (1) A leakage of privacy by the administrator or anyone who
is approximately 100%. owns the highest authority. Even when the information stored in
C. Security analysis the WPANs server is decrypted, it remains confused and thus
cannot be discriminated even by the administrator.
The security analysis of HES can be divided into two parts:
(2) Eavesdrop attack. The attacker is unable to access
the security of GSRM and that of HEBM.
substantive information even when a data packet is captured due
a. security of GSRM
to the lack of decrypted keys.
In a key management system, an attacker can obtain a large
(3) Chosen plaintext attack.
number of keys by capturing a small fraction of sensor nodes,
We make the following assumptions for the chosen plaintext
which enables him (or her) possibly to take control of the entire
attack on HEBM: the attacker has already obtained the entire
network by deploying a replicated mobile sink to preload some
records of a specific user who utilized medical services from
compromised keys for authentication and then initiate data
HES t times. Each service record can be described as a triple {X,
communication with any sensor node. Here, we make the
M, C}={Xi, Mi, Mi*Xi}, where X, M and C indicate the real
following assumptions:
medical data, scrambling matrix and confused medical data,
(1) The attacker can randomly capture nodes from any
respectively; i=1, 2, ..., t. We shall prove that when the attacker
network area.
accesses a new medical record Mt+1*Xt+1 from the same user,
(2) The attacker has the ability to read the memory
the posterior probability P(X=Xt+1 | C=Mt+1*Xt+1) that Xt+1 is
information of a captured node and obtain all its secret keys.
broken by the attacker equals the prior probability P(X=Xt+1),
(3) The attacker is unable to capture or attack the base station.
where Xi and Mi are mutually independent.
(4) We use the ratio of the number of keys originating from
To prove:
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2017.2687618, IEEE
Transactions on Industrial Informatics
7
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2017.2687618, IEEE
Transactions on Industrial Informatics
8
with the network system, and installed the APP on the mobile 50
Number of People
seven medical data items (of which the first three are real and 20
whose values are shown in TABLE VI. The real medical data of 0
patient A can be denoted by X, and X' is calculated followed by Monday Tuesday Wednesday
Period
Thursday Friday
the generation of random numbers ra, rb and g. Then, matrix M Fig. 11. User’s feedback toward HES
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2017.2687618, IEEE
Transactions on Industrial Informatics
9
between region (0,1). The heart rate and blood sugar are Homomorphic Encryption (FHE) and AES. A. Page et al [18]
relatively high, body temperature is relatively low, and the other also present a privacy-preserving medical remote monitoring
data items stay in a normal range, which is consistent with scheme based on FHE, achieving a desirable efficiency. C.
TABLE VI. Wang et al [3] adopt the compressive sensing method for the
To verify preliminarily the reliability and feasibility of the first time to achieve functions such as simplified data
expert system, we tested 78 patients using HES (only body acquisition, secure data reconstruction, and local resource
temperature, heart rate and blood oxygen) for a duration of one savings. The above schemes obtain better tradeoffs between
week. Note that one important feature of HES is that it is security or privacy and desirable efficiency.
available for the families and guardians to access health status Different from our proposal, particularly aiming at medical
information of these 78 patients via their mobile phones' APP,
emergencies, R. X. Lu et al [8] present a secure and
which also caters to the scenario of remote healthcare for old
privacy-preserving opportunistic computing framework, SPOC,
people. The analysis of questionnaires of their families and
which comprises user-centric, attribute-based privacy
guardians is shown in Fig. 11. Three situations are possible:
satisfied with the results provided by the expert system, access-control strategies based on scalar product computation.
unsatisfied and no response. We see a relatively high approval The (PC)-based PPSPC protocol proposed in [9] can also be
of results provided by the expert system. used with the SPOC framework. Both of them consider
computation cost and energy consumption while minimizing
V. RELATED WORK privacy disclosure. Similar work involves the BMEDiSN
system [19], which provides electronic medical services for
The emergence of wireless body-area networks (WBANs)
sudden disaster events. However, these solutions are designed
has become a key enabler of remote and in-home health
only for healthcare emergency or disaster scenarios but not for
monitoring. The technology is expected to revolutionize the
more universal medical industry applications.
health and real-time body-monitoring industry [1]. However,
e-/m-healthcare still faces many challenges to its widespread
VI. CONCLUSION
adoption such as privacy breach violations [7].
J. Reid et al [12] design a role-based access control scheme Aiming at the existing issues of e-/m-healthcare systems, a
that assigns the access authorities in terms of different doctor distinct framework "HES" is proposed in this paper. The
levels. J. Mirkovic et al [13] also propose a similar access features of HES can be summarized in three areas: (1) using
control method. Moreover, an encryption method is frequently low-cost and easily-deployed wireless sensor networks as the
selected for the design of secure and privacy-preserving relay infrastructure for GSRM-based secure transmission of
e-/m-healthcare. J. A. Akinyele et al [14] consider medical data from WBANs to WPANs; (2) addressing the
attribute-based encryption as an effective approach of problem of achieving direct communications between a user’s
protecting the privacy of electronic medical records. L. K. Guo mobile terminals and embedded (wearable) medical devices
et al [15] find a close relationship between patients' medical (nodes); and (3) enforcing privacy-preserving strategies HEBM
records and a sequence of attributes such as existing symptoms and achieving satisfactory performance. The implementation of
and undergoing treatments, and put forward a decentralized an expert system that primarily addresses routine physical
m-health system that leverages patients’ verifiable attributes to examinations can greatly reduce a doctor’s or administrator's
authenticate each other in order to preserve attribute and involvement and enable families and guardians to access users'
identity privacy. Furthermore, some approaches based on health information anytime and anywhere. Therefore, HES can
homomorphic encryption have drawn more focus, although not serve as a significant component of the informationization of
all of them can be directly utilized in e-/m-healthcare. A. C. F. medical industries. However, some problems remain unsolved;
Chan [10] designs two schemes, which ensure that highly for example, the diagnosis reliability of the expert system is not
similar plaintexts can be transformed into distinctly different perfect, and HES cannot currently monitor or analyze sudden
ciphertexts to resist ciphertext-only attacks. C. C. Zhao et al [11] diseases.
study the homomorphic properties of the McEliece Public-key
Cryptosystem and claims that this method can ensure security REFERENCES
when data are transmitted in an unsafe environment. These [1] A. Sawand, S. Djahel, Z. Zhang, and F. Naït-Abdesselam, “Toward
schemes focus mostly on medical data privacy or security; Energy-Efficient and Trustworthy eHealth Monitoring System, ” China
Commun., vol.12, no. 1, pp. 46-65, Jan. 2015.
however, some important performance metrics such as [2] M. S. Shin, H. S. Jeon, Y. W. Ju, B. J. Lee, and S. P. Jeong, “Constructing
computation overhead, network connectivity, delay and power RBAC Based Security Model in u-Healthcare Service Platform,” The
consumption are ignored. Scientific World J., vol. 2015, Article ID 937914, 13 pages,
http://dx.doi.org/10.1155/2015/937914, 2015.
Considering network efficiency and aiming at the different [3] C. Wang, B. Zhang, K. Ren, J. M. Roveda, C. W. Chen, and Z. Xu. “A
demands on various parts of the medical data, J. J. Yang et al Privacy-aware Cloud-assisted Healthcare Monitoring System via
[16] suggest a solution that achieves balance between medical Compressive Sensing,” in Proc. of 33rd IEEE INFOCOM, 2014, pp.
2130-2138.
data utilization and privacy protection by combining statistical [4] M. Rushanan, A. D. Rubin, D. F. Kune, and C. M. Swanson, “SoK:
analysis and cryptography. O. Kocabas et al [17] explore an Security and Privacy in Implantable Medical Devices and Body Area
efficient and accurate medical monitor system based on Fully
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2017.2687618, IEEE
Transactions on Industrial Informatics
10
Networks,” in Proc. of 35th IEEE Symp. on Security and Privacy, 2014, interests include information security and privacy protection of wireless sensor
pp. 524-539. networks.
[5] C. Bekara and M. Laurent-Maknavicius, “A New Protocol for Securing Dr. Huang is currently an associate editor of International Journal of
Wireless Sensor Networks against Nodes Replication Attacks,” in Proc. Communication Systems and an editor of International Journal of Distributed
of 3rd IEEE Int. Conf. on Wireless and Mobile Computing, Networking Sensor Networks.
and Communications (WiMOB 2007), 2007, pp. 59-59.
[6] P. T. Sivasankar and M. Ramakrishnan, “Active key management scheme Tianhe Gong received the B.Eng. degree in Information
to avoid clone attack in wireless sensor network,” in Proc. of 4th Int. Conf. Security from Nanjing University of Posts and
on Computing, Communications and Networking Technologies Telecommunications, Nanjing, China, in 2014. He is
(ICCCNT'13), 2013, pp. 1-4. currently with successive postgraduate and doctoral
[7] A. Marcos, J. Simplicio, H. I. Leonardo, M. B. Bruno, C. M. B. C. Tereza, programs of study with the School of Computer Science
and M. N¨aslund, “SecourHealth: A Delay-Tolerant Security Framework and Technology, Nanjing University of Posts and
for Mobile Health Data Collection,” IEEE J. Biomedical and Health Telecommunications, Nanjing, China. His research
Informatics (IEEE Trans. INF TECHNOL B), vol. 19, no. 2, pp. 761-772, interests include information security and privacy
Mar. 2015. protection of wireless sensor networks.
[8] R. X. Lu, X. D. Lin, and X. M. (Sherman) Shen, “SPOC: A Secure and
Privacy-Preserving Opportunistic Computing Framework for
Ning Ye received the B.S. degree in Computer Science
Mobile-Healthcare Emergency,” IEEE Trans. Parall. distr., vol. 24, no. 3,
from Nanjing University in 1994, the M.Eng. degree in
pp. 614-624, Mar. 2013.
Computer & Engineering from Southeast University in
[9] A. Amirbekyan and V. Estivill-Castro, “A New Efficient
2004, and the Ph.D. degree in Computer Science from
Privacy-Preserving Scalar Product Protocol,” in Proc. of Sixth
Nanjing University of Posts and Telecommunications in
Australasian Conf. Data Mining and Analytics (AusDM ’07), 2007, pp.
2009, Nanjing, China.
209-214.
In 2010, Ning Ye worked as a Visiting Scholar and
[10] A. C. F. Chan, "Symmetric-Key Homomorphic Encryption for Encrypted
Research Assistant in the Department of Computer
Data Processing," in Proc. of 2009 IEEE International Conference on
Science, University of Victoria, Canada. She is currently a
Communications (ICC '09), 2009, pp.1-5.
professor with the School of Computer Science and Technology, Nanjing
[11] C. C. Zhao, Y. T. Yang, and Z. C. Li, "The Homomorphic Properties of
University of Posts and Telecommunications, Nanjing, China. Her research
McEliece Public-Key Cryptosystem," in Proc. of 2012 Fourth
interests include information processing in wireless networks and Internet of
International Conference on Multimedia Information Networking and
Things. She is a senior member of Chinese Computer Federation (CCF).
Security (MINES'12), 2012, pp.39-42.
[12] J. Reid, I. Cheong, M. Henrickson, and J. Smith, “A novel use of RBAC
to protect privacy in distributed health care information systems,” in Proc. Ruchuan Wang received his B.S. degree in
of 8th Australasian Conf. on Information Security and Privacy, 2014, pp. Computational Mathematics from The PLA Information
403-415. Engineering University, Zhengzhou, China, in 1968.
[13] J. Mirkovic, H. Bryhni, and C. Ruland, “Secure solution for mobile He was a Visiting Scholar with Bremen University,
access to patient’s health care record,” in Proc. 13th IEEE Int. Conf. Germany, Munich University, Germany, and Max-Planck
e-Health Netw. Appl. Serv., 2011, pp. 296-303. Institute, Germany, during 1984-1992. He is currently a
[14] J. A. Akinyele, M. W. Pagano, M. D. Green, C. U. Lehmann, Z. N. professor and a Ph.D supervisor with the School of
Peterson, and A. D. Rubin, “Securing electronic medical records using Computer Science and Technology, Nanjing University of
attribute-based encryption on mobile devices,” in Proc. of 1st ACM Posts and Telecommunications, Nanjing, China. His
Workshop Security Privacy Smart phones Mobile Devices, 2011, pp. research interests include intelligent agent, information security, wireless
75-86. networking and distributed computing.
[15] L. K. Guo, C. Zhang, J. Y. Sun, and Y. G. Fang, “A Privacy-Preserving
Attribute-Based Authentication System for Mobile Health Networks,” Yi Dou received the B.Eng. degree in Information
IEEE Trans. Mobile Compu., vol. 13, no. 9, pp. 1927-1941, Sep. 2014. Security and M.Eng. degree in Computer Science and
[16] J. J. Yang, J. Q. Li, and Y. Niu, “A hybrid solution for privacy preserving Technology from Nanjing University of Posts and
medical data sharing in the cloud environment,” Future Generation Telecommunications, Nanjing, China, in 2011 and 2014,
Computer Systems, vol. 2015, no. 43-44, pp. 74-86, Nov. 2015. respectively. She is currently a Ph.D candidate with the
[17] O. Kocabas, T. Soyata, J. P. Couderc, M. Aktas, J. Xia, and M. Huang, Department of Computing, The Hong Kong PolyTechnic
"Assessment of cloud-based health monitoring using Homomorphic University, in Hong Kong. Her research interests include
Encryption," in Proc. of 2013 IEEE 31st International Conference on wireless sensor networks, Internet of Things, privacy
Computer Design (ICCD'13), 2013, pp.443-446. preserving and information security.
[18] A. Page, O. Kocabas, S. Ames, M. Venkitasubramaniam, and T. Soyata.
"Cloud-based secure health monitoring: Optimizing fully-homomorphic
encryption for streaming algorithms," in Proc. of 2014 Globecom
Workshops, 2014, pp.48-52.
[19] S. Gollakota, H. Hassanieh, B. Ransford, D. Katabi, and K. Fu, “They
Can Hear Your Heartbeats: Non-Invasive Security for Implantable
Medical Devices,” In Proc. of ACM Sigcomm’11, Aug. 2011, pp. 2-13.
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.