Trustworthy Delegation Toward Securing Mobile Healthcare Cyber-Physical Systems

Changhee Hahn; Hyunsoo Kwon; Junbeom Hur

doi:10.1109/JIOT.2018.2878216

Trustworthy Delegation Toward Securing Mobile Healthcare Cyber-Physical Systems

Changhee Hahn, Hyunsoo Kwon, Junbeom Hur

Department of Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

14 Citations (Scopus)

Abstract

Attribute-based encryption (ABE) offers a promising solution for flexible access control over sensitive personal health records in a mobile healthcare system on top of a public cloud infrastructure. However, ABE cannot be simply applied to lightweight devices due to its substantial computation cost during decryption. This problem could be alleviated by delegating significant parts of the decryption operations to computationally powerful parties, such as cloud servers, but the correctness of the delegated computation would be at stake. Thus, previous works enabled users to validate the partial decryption by employing a cryptographic commitment or message authentication code (MAC). This paper demonstrates that the previous commitment or MAC-based schemes cannot support verifiability in the presence of potentially malevolent cloud servers. We propose two concrete attacks on previous commitment or MAC-based schemes. We propose an effective countermeasure scheme for securing resource-limited mobile healthcare systems and provide a rigorous security proof in the standard model, demonstrating that the proposed scheme is secure against our attacks. The experimental analysis shows that the proposed scheme provides the similar performance compared with the previous commitment-based schemes and outperforms the MAC-based scheme.

Original language	English
Article number	8510797
Pages (from-to)	6301-6309
Number of pages	9
Journal	IEEE Internet of Things Journal
Volume	6
Issue number	4
DOIs	https://doi.org/10.1109/JIOT.2018.2878216
Publication status	Published - 2019 Aug

Bibliographical note

Funding Information:
Manuscript received July 30, 2018; revised September 18, 2018; accepted October 19, 2018. Date of publication October 26, 2018; date of current version July 31, 2019. This work was supported in part by the Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea Government (MSIT) (No. 2018-0-00269, A research on safe and convenient big data processing methods), in part by the National Research Foundation of Korea (NRF) grant funded by the Korea Government (MSIP) (No. 2016R1A2A2A05005402), and in part by the Military Crypto Research Center (UD170109ED) funded by the Defense Acquisition Program Administration (DAPA) and Agency for Defense Development (ADD). This work is the extended version of [24]. (Corresponding author: Junbeom Hur.) The authors are with the Department of Computer Science and Engineering, Korea University, Seoul 02841, South Korea (e-mail: jbhur@korea.ac.kr). Digital Object Identifier 10.1109/JIOT.2018.2878216

Publisher Copyright:
© 2014 IEEE.

Keywords

Attribute-based encryption (ABE)
cloud computing
cyber-physical systems
mobile healthcare

ASJC Scopus subject areas

Signal Processing
Information Systems
Hardware and Architecture
Computer Science Applications
Computer Networks and Communications

Access to Document

10.1109/JIOT.2018.2878216

Cite this

@article{b7cf921cc19e4669a7efdb5feddf5bea,

title = "Trustworthy Delegation Toward Securing Mobile Healthcare Cyber-Physical Systems",

abstract = "Attribute-based encryption (ABE) offers a promising solution for flexible access control over sensitive personal health records in a mobile healthcare system on top of a public cloud infrastructure. However, ABE cannot be simply applied to lightweight devices due to its substantial computation cost during decryption. This problem could be alleviated by delegating significant parts of the decryption operations to computationally powerful parties, such as cloud servers, but the correctness of the delegated computation would be at stake. Thus, previous works enabled users to validate the partial decryption by employing a cryptographic commitment or message authentication code (MAC). This paper demonstrates that the previous commitment or MAC-based schemes cannot support verifiability in the presence of potentially malevolent cloud servers. We propose two concrete attacks on previous commitment or MAC-based schemes. We propose an effective countermeasure scheme for securing resource-limited mobile healthcare systems and provide a rigorous security proof in the standard model, demonstrating that the proposed scheme is secure against our attacks. The experimental analysis shows that the proposed scheme provides the similar performance compared with the previous commitment-based schemes and outperforms the MAC-based scheme.",

keywords = "Attribute-based encryption (ABE), cloud computing, cyber-physical systems, mobile healthcare",

author = "Changhee Hahn and Hyunsoo Kwon and Junbeom Hur",

note = "Funding Information: Manuscript received July 30, 2018; revised September 18, 2018; accepted October 19, 2018. Date of publication October 26, 2018; date of current version July 31, 2019. This work was supported in part by the Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea Government (MSIT) (No. 2018-0-00269, A research on safe and convenient big data processing methods), in part by the National Research Foundation of Korea (NRF) grant funded by the Korea Government (MSIP) (No. 2016R1A2A2A05005402), and in part by the Military Crypto Research Center (UD170109ED) funded by the Defense Acquisition Program Administration (DAPA) and Agency for Defense Development (ADD). This work is the extended version of [24]. (Corresponding author: Junbeom Hur.) The authors are with the Department of Computer Science and Engineering, Korea University, Seoul 02841, South Korea (e-mail: jbhur@korea.ac.kr). Digital Object Identifier 10.1109/JIOT.2018.2878216 Publisher Copyright: {\textcopyright} 2014 IEEE.",

year = "2019",

month = aug,

doi = "10.1109/JIOT.2018.2878216",

language = "English",

volume = "6",

pages = "6301--6309",

journal = "IEEE Internet of Things Journal",

issn = "2327-4662",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "4",

}

TY - JOUR

T1 - Trustworthy Delegation Toward Securing Mobile Healthcare Cyber-Physical Systems

AU - Hahn, Changhee

AU - Kwon, Hyunsoo

AU - Hur, Junbeom

N1 - Funding Information: Manuscript received July 30, 2018; revised September 18, 2018; accepted October 19, 2018. Date of publication October 26, 2018; date of current version July 31, 2019. This work was supported in part by the Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea Government (MSIT) (No. 2018-0-00269, A research on safe and convenient big data processing methods), in part by the National Research Foundation of Korea (NRF) grant funded by the Korea Government (MSIP) (No. 2016R1A2A2A05005402), and in part by the Military Crypto Research Center (UD170109ED) funded by the Defense Acquisition Program Administration (DAPA) and Agency for Defense Development (ADD). This work is the extended version of [24]. (Corresponding author: Junbeom Hur.) The authors are with the Department of Computer Science and Engineering, Korea University, Seoul 02841, South Korea (e-mail: jbhur@korea.ac.kr). Digital Object Identifier 10.1109/JIOT.2018.2878216 Publisher Copyright: © 2014 IEEE.

PY - 2019/8

Y1 - 2019/8

N2 - Attribute-based encryption (ABE) offers a promising solution for flexible access control over sensitive personal health records in a mobile healthcare system on top of a public cloud infrastructure. However, ABE cannot be simply applied to lightweight devices due to its substantial computation cost during decryption. This problem could be alleviated by delegating significant parts of the decryption operations to computationally powerful parties, such as cloud servers, but the correctness of the delegated computation would be at stake. Thus, previous works enabled users to validate the partial decryption by employing a cryptographic commitment or message authentication code (MAC). This paper demonstrates that the previous commitment or MAC-based schemes cannot support verifiability in the presence of potentially malevolent cloud servers. We propose two concrete attacks on previous commitment or MAC-based schemes. We propose an effective countermeasure scheme for securing resource-limited mobile healthcare systems and provide a rigorous security proof in the standard model, demonstrating that the proposed scheme is secure against our attacks. The experimental analysis shows that the proposed scheme provides the similar performance compared with the previous commitment-based schemes and outperforms the MAC-based scheme.

AB - Attribute-based encryption (ABE) offers a promising solution for flexible access control over sensitive personal health records in a mobile healthcare system on top of a public cloud infrastructure. However, ABE cannot be simply applied to lightweight devices due to its substantial computation cost during decryption. This problem could be alleviated by delegating significant parts of the decryption operations to computationally powerful parties, such as cloud servers, but the correctness of the delegated computation would be at stake. Thus, previous works enabled users to validate the partial decryption by employing a cryptographic commitment or message authentication code (MAC). This paper demonstrates that the previous commitment or MAC-based schemes cannot support verifiability in the presence of potentially malevolent cloud servers. We propose two concrete attacks on previous commitment or MAC-based schemes. We propose an effective countermeasure scheme for securing resource-limited mobile healthcare systems and provide a rigorous security proof in the standard model, demonstrating that the proposed scheme is secure against our attacks. The experimental analysis shows that the proposed scheme provides the similar performance compared with the previous commitment-based schemes and outperforms the MAC-based scheme.

KW - Attribute-based encryption (ABE)

KW - cloud computing

KW - cyber-physical systems

KW - mobile healthcare

UR - http://www.scopus.com/inward/record.url?scp=85055680767&partnerID=8YFLogxK

U2 - 10.1109/JIOT.2018.2878216

DO - 10.1109/JIOT.2018.2878216

M3 - Article

AN - SCOPUS:85055680767

SN - 2327-4662

VL - 6

SP - 6301

EP - 6309

JO - IEEE Internet of Things Journal

JF - IEEE Internet of Things Journal

IS - 4

M1 - 8510797

ER -

Trustworthy Delegation Toward Securing Mobile Healthcare Cyber-Physical Systems

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this