Abstract
Cloud computing technology offers the possibility of inter-organizational medical data sharing at a larger scale. The different organizations can maintain their own cloud environment while exchanging healthcare data among them in a peer-to-peer(P2P) fashion according to some defined polices. However, there are many security and privacy challenges that hamper the adoption of cloud computing solutions in healthcare domain. Besides, due to the privacy sensitivity of healthcare data, an organization may not wish to disclose its identity to others when exchanging data in the network to avoid different attacks by the intruders. Hence, anonymously authenticated data exchange is essential between the different peer organizations. In this paper we propose an anonymous on-the-fly secure data exchange protocol for such environment based on pairing-based cryptography. Our proposed solution allows cloud peers to dynamically generate temporary identities that are used to produce a session key for each session of data exchange. The proposed protocol is robust against different attacks, such as target-oriented, man-in-the middle, masquerade, and message manipulation attacks.
Similar content being viewed by others
References
Fuxman A, Kolaitis PG, Miller RJ, Tan WC (2005) Peer data exchange. In ACM Trans Database Syst 31(4):1454–1498
Beeri C, Vardi MY (1984) A proof procedure for data dependencies. In JACM 31(4):718–741
Halevy AY, Ives ZG, Suciu D, Tatarinov I (2003) Schema mediation in peer data management system. In: Proceedings of the international conference on data engineering, pp 505–516
Halevy AY, Ives ZG, Madhavan J, Mork P, Suciu D, Tatarinov I (2004) The piazza peer-data management system. In IEEE Trans Knowl Data Eng (TKDE) 16(7):787–798
Serafini L, Giunchiglia F, Molopoulos J, Bernstein P (2003) Local relational model: a logocal formalization of database coordination. Technical Report, Informatica e Telecomunicazioni, University of Trento
Rodriguez-Gianolli P, Garzetti M, Jiang L, Kementsietsidis A, Kiringa I, Masud M, Miller R, Mylopoulos J (2005) Data sharing in the hyperion peer database system. In: Proceedings of the international conference on very large data bases (VLDB), pp 1291–1294
Kementsietsidis A, Arenas M, Miller RJ (2003) Mapping data in peer-to-peer systems: semantics and algorithmic issues. In: Proceedings of the international conference on the management of data (ACMSIGMOD), pp 325–336
Miller V (1986) Uses of elliptic curves in cryptography. In: Crypto’85 on advances in cryptology. Lecture Notes in Computer Science, vol 218. Springer, Berlin Heidelberg, pp 417– 426
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:203–209
Gura N, Patel A, Wander A, Eberle H, Shantz SC (2004) Comparing elliptic curve cryptography and RSA on 8-bit CPUs. Workshop on cryptographic hardware and embedded systems (CHES), pp 119–132
Oliveira LB, Dahab R (2006) Pairing-based cryptography for sensor networks. In: 5th IEEE international symposium on network computing and applications (NCA’06), USA
Shamir A (1984) Identity-based cryptosystems and signature schemes. In: CRYPTO’84 on advances in cryptology. Springer, Berlin Heidelberg, pp 47–53
Boneh D, Franklin M (2001) Identity-based encryption from the weil pairing. In: Proceedings of the CRYPTO 2001, LNCS 2139. Springer, Berlin Heidelberg, pp 213–229
Sakai R, Ohgishi K, Kasahara M (2000) Cryptosystems based on pairing. In: Proceedings of the symposium on cryptography and information security (SCIS2000), pp 26–28
Joux A, Nguyen K (2001) Separating decision Diffie-Hellman from Diffie-Hellman in cryptographic groups. Cryptology ePrint Archive, Report 2001/03, available at http://eprint.iacr.org/2001/03/
Rahman Sk Md M, Masud M, Adams C, El-Khatib K, Mouftah H, Okamoto E (2010) Pair-wise cryptographic models for secure data exchange in P2P database management systems. Cryptology ePrint Archive: Report 2010/085 (a technical report); available at http://eprint.iacr.org/2010/085
Balfanz D, Durface G, Shankar N et al (2003) Secure handshakes from pairing-based key agreements. IEEE symposium on security and privacy
The Tate Pairing available at http://www.computing.dcu.ie/%7Emike/tate.html
Elliptic Curve Cryptography Tutorial http://www.certicom.com/index.php/ecc
Rahman Sk Md M, Inomata A, Okamoto T, Mambo M, Okamoto E (2007) Anonymous secure communication in wireless mobile ad-hoc networks. In: Stajano F et al (eds) Springer lecture notes in computer science LNCS 4412, pp 140– 149
Rahman Sk Md M, Inomata A, Mambo M, Okamoto E (2006) Anonymous on-demand position-based routing in mobile ad-hoc networks. In: IPSJ digital courier, vol 2, pp 524–536
Popescu BC, Crispo B, Tanenbaum A S Popescu BC, Crispo B, Tanenbaum AS (2006) Safe and private data sharing with turtle: friends team-up and beat the system. In: Christianson B et al (eds) Lecture notes in computer science (LNCS 3957), security protocols 2004. Springer, Berlin, pp 213–220
Raymond J-F (2001) Traffic analysis: protocols, attacks, design issues and open problems. In: Proceedings of PET’01, vol 2009, LNCS. Springer, pp 10–29
Shim K (2003) Efficient one round tripartite authenticated key agreement protocol from Weil pairing. Electron Lett 39(2):208–209
Sun H-M, Hsieh B-T (2003) Security analysis of Shim’s authenticated key agreement protocols from pairings. IACR Cryptology ePrint Archive, 113. available at http://eprint.iacr.org/2003/113
Barreto PSLM, Kim HY, Lynn B, Scott M (2002) Efficient algorithms for pairing-based cryptosystems. In: Yung M (ed) Proceedings of CRYPTO 2002 advances in cryptology, LNCS 2442. Springer, Berlin Heidelberg, pp 354– 368
Doukas C, Pliakas T, Maglogiannis I (2010) Mobile healthcare information management utilizing cloud computing and android OS. In: 2010 annual international conference of the IEEE engineering in medicine and biology society (EMBC), pp 1037–1040
Chenguang H, Fan X, Li Y (2013) Toward ubiquitous healthcare services with a novel efficient cloud platform. IEEE Trans Biomed Eng 60(1):230–234
Babaoglu O, Marzolla M (2014) Escape from the data center: the promise of peer-to-peer cloud computing. IEEE Spectr
Zhijia C et al (2009) Rapid provisioning of cloud infrastructure leveraging peer-to-peer networks. In: 29th IEEE international conference on ICDCS workshops, distributed computing systems workshops, 2009
Pearson S (2009) Taking account of privacy when designing cloud computing services. In: ICSE workshop on software engineering challenges of cloud computing, 2009. CLOUD 2009
Pearson S, Shen Y, Mowbray M (2009) A privacy manager for cloud computing. In: Cloud computing, pp 90–106
Itani W, Kayssi A, Chehab A (2009) Privacy as a service: privacy- aware data storage and processing in cloud computing architectures. In: IEEE international conference on dependable, autonomic and secure computing, pp 711–716
Wang C, Wang Q, Ren K, Lou W (2010) Privacy-preserving public auditing for data storage security in cloud computing. In: IEEE INFOCOM 2010, San Diego
Van Dijk M, Juels A (2010) On the impossibility of cryptography alone for privacy-preserving cloud computing. IACR ePrint, vol 305
Grobauer B, Walloschek T, Stocker E (2011) Understanding cloud computing vulnerabilities. IEEE Secur Priv 9(2):50–57
Rahman Sk Md M, Masud M, Noman ANM, Alamri A, Hassan MM (2014) Towards secure data exchange in peer-to-peer data management systems. Appl Math Inf Sci 8(6):2775– 2787
Masud M, Rahman Sk Md M (2012) Secure data exchange in P2P data sharing systems in eHealth perspective. IJCSI International Journal of Computer Science Issues, ISSN (Online): 1694-0814, vol 9, issue 6, No 2, pp 36-42
Rahman Sk Md M, Masud Md M, Adams C, El-Khatib K, Mouftah H, Okamoto E (2011) Cryptographic security models for eHealth P2P database management systems network. In: IEEE 2011 9th annual conference on privacy, security and trust (PST2011), Montreal
Rahman Sk Md M, Masud Md M, Adams C, Mouftah H, Inomata A (2011) Session-wise private data exchange in eHealth peer-to-peer database management systems. In: IEEE international conference on intelligence and security informatics (ISI2011), Beijing
Shini S, Thomas T, Chithraranjan K (2012) Cloud based medical image exchange-security challenges. In: Proceedings of international conference on modelling, optimization and computing
Ratnam KA, Dominic DD (2012) Cloud services enhancing the Malaysian Healthcare sector. In: Proceedings of international conference on computer and information science
Basu S et al (2012) Fusion: managing healthcare records at cloud scale. Computer 11:42–49
Guo L, Chen F, Chen L, Tang X (2010) The building of cloud computing environment for E-health. In: Proceedings of international conference on E-Health networking, digital ecosystem and technologies
Li M et al (2011) Authorized private keyword search over encrypted data in cloud computing. In: 2011 31st international conference on distributed computing systems (ICDCS). IEEE
Li M et al (2013) Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems 24.1: 131–143
Chen T-S et al (2012) Secure dynamic access control scheme of PHR in cloud computing. J Med Syst 36.6:4005–4020
Acknowledgments
This work was supported by NSTIP strategic technologies program number (12-INF2613-02) in the Kingdom of Saudi Arabia.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Rahman, S.M.M., Masud, M.M., Hossain, M.A. et al. Privacy preserving secure data exchange in mobile P2P cloud healthcare environment. Peer-to-Peer Netw. Appl. 9, 894–909 (2016). https://doi.org/10.1007/s12083-015-0334-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-015-0334-2