Security and Privacy Issues in Electronic Health Network
MA Yan, LIU Jianwei, LIU Weiran School of Electronic and Information Engineering, Beihang University, Beijing 100191, China
Electronic health network (EHN) is an information system providing functions involved in e-health. In this paper, we devise mechanisms covering three important security and privacy issues of EHN including trust management, privacy preserving, and data sharing. First, we propose an authenticated key agreement scheme based on hierarchical identity-based signature (HIBS). We abstract a hierarchical architecture from the social network architecture of EHN. To support large-scale scenarios, we introduce a virtual signature generation phase into traditional HIBS, thus our scheme will be efficient even the depth is quite big. Second, we propose a fast data searching scheme based on symmetric searchable encryption (SSE). To improve the searching efficiency, we introduce a two-level cache structure into the traditional SSE. Third, we propose an access control scheme based on hierarchical identity- based encryption (HIBE). To make it a fine-grained scheme, we organize the data owner’s file in hierarchy and introduce a virtual key generation phase to traditional HIBE. Also, the scheme can provide delegation and revocation functions easily. Besides, our schemes guarantee known-key secrecy, forward secrecy, and antidirection secrecy and possess the resistance capability to collude-attack. Evaluation results show that our scheme indeed achieves the security and efficiency.
Key words: electronic health network (EHN); trust management; privacy preserving; data sharing
 Eysenbach G, Powell J, Englesakis M, et al. Health related virtual communities and electronic support groups: Systematic review of the effects of online peer to peer interactions [J]. British Medical Journal, 2004, 328(7449): 1166-1171.
 Domingo M C. Managing healthcare through social networks [J]. Computer, 2010, 43(7): 20-25.  Fang Yuguang. Wireless healthcare: Technologies for bettering our life [J]. Wireless Communications, IEEE, 2010, 17(1): 2-3.
 Tan C C, Wang H D, Zhong S, et al. Body sensor network security: An identity-based cryptography approach [C]//Proc 1st ACM Conf on Wireless Network Security. New York: ACM Press, 2008: 148-153.
 Sun J Y, Fang Y G, Zhu X Y. Privacy and emergency response in e-healthcare leveraging wireless body sensor networks [J]. Wireless Communications, IEEE, 2010, 17(1): 66-73.
 Li M, Lou W J, Ren K. Data security and privacy in wireless body area networks [J]. Wireless Communications, IEEE, 2010, 17(1): 51-58.
 Ren Y L, Pazzi R W N, Boukerche A. Monitoring patients via a secure and mobile healthcare system [J]. Wireless
Communications, IEEE, 2010, 17(1): 59-65.
 Zhang C, Zhu X Y, Song Y, et al. A formal study of trust-based routing in wireless ad hoc networks [C]//Proc 29th Conf on Computer Communications, Piscataway: IEEE Press, 2010: 1-9.
 Zhao H Y, Yang X, Li X L. cTrust: trust aggregation in cyclic mobile ad hoc networks [C]//Proc 16th International Conf on Parallel Processing (LNCS 6272). Berlin: Springe-Verlag, 2010: 454-465.
 Zhang C, Sun J Y, Zhu X Y, et al. Privacy and security for online social networks: Challenges and opportunities [J]. IEEE Network, 2010, 24(4): 13-18.
 Sun J Y, Zhu X Y, Zhang C, et al. Hcpp: Cryptography based secure ehr system for patient privacy and emergency healthcare [C]//Proc 31st International Conf on Distributed Computing Systems. Piscataway: IEEE Press, 2011: 373- 382.  Shamir A. Identity-based cryptosystems and signature schemes[C]//Proc 4th International Cryptology Conf (LNCS 196). Berlin: Springer-Verlag, 1985: 47-53.
 Boneh D, Franklin M. Identity-based encryption from the Weil pairing[C]//Proc 21st International Cryptology Conf (LNCS 2139). Berlin: Springer-Verlag, 2001: 213-229.
 Horwitz J, Lynn B. Toward hierarchical identity-based encryption[C]//Proc 21st Annual International Conf on the Theory and Applications of Cryptographic Techniques (LNCS 2332). Berlin: Springer-Verlag, 2002: 466-481.
 Gentry C, Silverberg A. Hierarchical ID-based cryptography [C] //Proc 10th Conf on the Theory and Application of Cryptology and Information Security (LNCS 2501). Berlin: Springer-Verlag, 2002: 548-566.
 Song X D, Wagner D, Perrig A. Practical techniques for searches on encrypted data [C]//Proc 31st Conf on Security and Privacy. Piscataway: IEEE Press, 2000: 44-55.
 Goh E J. Secure Indexes [EB/OL]. [2013-01-07]. http:// eprint.iacr.org/2003/216.pdf.
 Curtmola R, Garay J, Kamara S, et al. Searchable symmetric encryption: Improved definitions and efficient constructions [C] //Proc 13th ACM Conf on Computer and Communications Security. New York: ACM Press, 2006: 79-88.
 Chang Y C, Mitzenmacher M. Privacy preserving keyword searches on remote encrypted data [C]//Proc 3rd Conf Applied Cryptography and Network Security (LNCS 3531). Berlin: Springer-Verlag, 2005: 442-455.
 Chang F, Dean J, Ghemawat S, et al. Bigtable: A distributed storage system for structured data [J]. ACM Transactions on Computer Systems, 2008, 26(2): 4-17.