Multi-user certificateless public key encryption with conjunctive keyword search for cloud-based telemedicine

https://doi.org/10.1016/j.jisa.2020.102652Get rights and content

Abstract

With the development of communication and information technologies, the telemedicine system has infiltrated many aspects of medicine field. It allows doctors to simultaneously diagnose patients in different areas, which provides great convenience to people. However, the increasing medical data brings serious challenges to people, such as data storage and processing. To reduce data management costs and enjoy convenient services, more and more individuals and medical institutions prefer to store data in the cloud. Recently, many public key encryption with keyword search (PEKS) schemes have been designed to address the security and privacy of the outsourced data. However, most of the existing schemes support only single-keyword search, and cannot suitable for multi-user environment. To resolve these issues, we construct a certificateless public key encryption with conjunctive keyword search scheme for multi-user system (mCLPECK), in which the same data only needs to be encrypted once and can be searched by multi-receiver. At the same time, the mCLPECK scheme supports multi-keyword search. Furthermore, we show the proposed scheme can resist chosen keyword attacks, and has lower storage and computation overhead compared to other related schemes.

Introduction

Telemedicine is a new medical model that uses advanced communication and information technologies (i.e., computers, mobile devices) to realize the diagnosis, treatment, medicine education and other medical functions between experts and patients at a distance [1]. At present, the telemedicine technology has developed from early telephone remote diagnosis to real-time voice and video communication using the Internet anytime and anywhere, providing a broad prospect for the development of telemedicine. As such, it breaks the regional restrictions, not only can provide medical resources for remote areas, but also can improve medical service level in big cities [2]. Furthermore, it can reduce patients’ waiting time, avoid delayed diagnosis and misdiagnosis, and reduce medical expenses.

Along with the rapid development of telemedicine, it also faces many challenges, such as the storage issue of the huge electronic health records (EHRs) and the limited computing power of mobile medical monitoring devices. To address these issues, cloud-based telemedicine is emerging [3], which provides more affordable and efficient health services. Integrated with the powerful data storage capacity and the features of dynamic, scalable and pay-as-you-go service of cloud computing [4], [5], [6], cloud-based telemedicine not only provides users with convenient and high-quality services, but also reduces the burden of equipment maintenance. Fig. 1 shows the architecture for cloud-based telemedicine.

The cloud-based telemedicine brings great benefits to people, however, it also faces many serious threats especially the security and privacy issues. In a cloud-based telemedicine system, the EHRs data is outsourced to cloud server, and the users (i.e., doctors and patients) will lose physical control of these data. However, the server is not entirely trusted and may steal data for illegal commercial use. Therefore, ensuring data security and privacy is considered as a critical requirement [7], [8]. To enhance data security, data is usually stored on the server in ciphertext state. However, the ciphertext data will change the original structure, so the existing search algorithm for plaintext will no longer work for ciphertext.

The technology of searchable encryption (SE) can effectively realize the function of searching on ciphertext data without revealing any information of plaintext data. Song et al. [9] firstly proposed a SE scheme based on symmetric cryptography (SSE). Later, many SSE schemes have been proposed in an effort to balance security and efficiency [10], [11], [12]. The SSE algorithm has its own inherent advantages, such as fast operation and high performance. However, due to the symmetric nature of the secret key in SSE, the communicating parties must share a common secret key in advance, and each key can only used once for security. Therefore, the SSE schemes suffer from cumbersome key management issues, and are only suitable for single-user model, which limits its practical application. The reality is more of multi-user scenarios. For example, in a cloud-based telemedicine system, a patient may want to be diagnosed by more than one doctor, so he/she needs to share his/her EHRs with multiple doctors.

Motivation: To solve above issues, Boneh et al. [13] introduced the definition of PEKS and gave a PEKS instance. However, the proposed instance is not efficient in multi-user scenario. For example, when there are multiple receivers, the data sender needs to encrypt the same data multiple times using different receiver’s public key, which will consume huge computing and storage overhead. Recently, many PEKS schemes for multi-owner or multi-receiver system have been designed [14], [15], [16], [17]. Hwang et al. [14] developed a PEKS scheme that support conjunctive keyword search, and they extended their scheme to the multi-user scenario. Wang et al. [16] proposed an attribute-based keyword search scheme to achieve flexible access control in multi-user system.

However, these schemes are plagued by cumbersome certificate management or key escrow issues. To resolve these issues, the certificateless cryptosystem is introduced [18]. Recently, many certificateless PEKS (CLPEKS) schemes have been constructed [19], [20]. However, the previous CLPEKS schemes were unable to effectively support multi-keyword search and only considered the single receiver scenario, which cannot satisfy the realistic demand. Therefore, it is meaningful and challenging to develop a CLPEKS scheme that supports flexible search for multi-user system.

The main research contributions are summarized as follows.

  • Firstly, we design a new mCLPECK scheme, which supports conjunctive keyword search and is suitable for multi-user scenarios.

  • Secondly, we show mCLPECK is semantically secure under the random oracle model.

  • Finally, we provide the performance evaluation, and evaluation results indicate that mCLPECK has better performance.

Section 2 and Section 3 present some related references and preliminary backgrounds, respectively. Section 4 presents the concrete construction of the mCLPECK scheme. Section 5 and Section 6 provide the security and efficiency analysis for mCLPECK. We conclude this paper in Section 7.

Section snippets

Related work

To achieve data sharing between users, Boneh et al. [13] designed a PEKS scheme, which considered the e-mail system with three entities (i.e., the sender named Bob, the receiver named Alice, and the e-mail server). As shown in Fig. 2, Bob encrypts the e-mail files (i.e., CF={Enc(F1),,Enc(Fm)}) and the keywords extracted from the files (i.e., Cw={PEKS(w1),,PEKS(wn)}). Then, Bob uploads {CF,Cw} to the server. Alice generates the trapdoor Tw for keyword to be queried with his own private key,

Background

We present some notations used in this paper (see Table 1).

The construction of mCLPECK

This section presents the detail construction of mCLPECK, which includes seven algorithms.

  • Setup(1k): KGC inputs a security parameter 1k and chooses a bilinear pairing e: G1×G1G2. Let g be a generator of G1. KGC selects four different collision–resistance hash functions: h0:{0,1}×G1Zq, H1:{0,1}G1, H2:{0,1}G1, h3:{0,1}×G1×G1×G1Zq. KGC selects sZq randomly, and computes gpub=gs. KGC keeps s secretly, and publishes the public parameters GP={G1,G2,q,g,e,gpub,h0,H1,H2,h3}.

Security analysis

In this section, we present mCLPECK is semantically secure under the security model defined in Section 3.4.

Theorem 1

Suppose DLDHP is intractable, then mCLPECK is semantically secure under the chosen keyword attacks.

Theorem 1 can be derived from Lemma 1, Lemma 2.

Lemma 1

There is an algorithm C that can break the DLDHP assumption if A1 can break the mCLPECK scheme.

Proof

Let the maximum number of queries for the trapdoor is qt. The next, we will present that if A1 can break the scheme in Section 4 with the probability ϵ

Performance analysis

We present the efficiency comparison of mCLPECK and the related PECK schemes proposed in [31]. To achieve the security level of 1024-bit RSA algorithm, a Tate pairing e: G1×G1G2 is used in the implementation, where G1 with order q is generated by a point on a super-singular curve E(Fp):y2=x33x, p and q are 512-bit and 160-bit prime numbers respectively.

Conclusion

The telemedicine system combines telecommunication technology, new electronic technology and computer multimedia technology to provide patients with telemedicine diagnosis and other medical services. With the gradual maturity of telemedicine technology, it has been gradually applied in many departments of medicine, such as radiology, dermatology, cardiology and neurology. However, as the wide application of telemedicine, it is inevitable to face various challenges, especially the big data

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgements

This work was supported by the National Natural Science Foundation of China (No. 61902111), the High-level talent Fund Project of Henan University of Technology, China (No. 2018BS052), the Project funded by China Postdoctoral Science Foundation (No. 2020M670223), and the Open Fund Project of Key Laboratory of Grain Information Processing and Control (Henan University of Technology, China ), Ministry of Education (No. KFJJ-2016-107).

References (41)

  • HuangQ. et al.

    An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks

    Inform Sci

    (2017)
  • BakerJ. et al.

    Telemedicine technology: a review of services, equipment, and other aspects

    Curr Allergy Asthma Rep

    (2018)
  • MatusitzJ. et al.

    Telemedicine: Its effects on health communication

    Health Commun

    (2007)
  • JinZ. et al.

    Telemedicine in the cloud era: Prospects and challenges

    IEEE Pervasive Comput

    (2015)
  • TangS. et al.

    Achieving simple, secure and efficient hierarchical access control in cloud computing

    IEEE Trans Comput

    (2016)
  • LiX. et al.

    Two-factor data access control with efficient revocation for multi-authority cloud storage systems

    IEEE Access

    (2017)
  • ChenC.-M. et al.

    A secure authenticated and key exchange scheme for fog computing

    Enterpr Inf Syst

    (2020)
  • AbbasA. et al.

    A review on the state-of-the-art privacy-preserving approaches in the e-health clouds

    IEEE J Biomed Health Inf

    (2014)
  • TangS. et al.

    Provably secure group key management approach based upon hyper-sphere

    IEEE Trans Parallel Distrib Syst

    (2014)
  • SongX. et al.

    Practical techniques for searches on encrypted data

  • SunS.-F. et al.

    Practical backward-secure searchable encryption from symmetric puncturable encryption

  • SoleimanianA. et al.

    Publicly verifiable searchable symmetric encryption based on efficient cryptographic components

    Des Codes Cryptogr

    (2019)
  • GeX. et al.

    Towards achieving keyword search over dynamic encrypted cloud data with symmetric-key based verification

    IEEE Trans Dependable Secure Comput

    (2019)
  • BonehD. et al.

    Public key encryption with keyword search

  • HwangY.H. et al.

    Public key encryption with conjunctive keyword search and its extension to multi-user system

  • ZhangW. et al.

    Privacy preserving ranked multi-keyword search for multiple data owners in cloud computing

    IEEE Trans Comput

    (2016)
  • WangC. et al.

    A ciphertext-policy attribute-based encryption scheme supporting keyword search function

  • LiangK. et al.

    Searchable attribute-based mechanism with efficient data sharing for secure cloud storage

    IEEE Trans Inf Forensics Secur

    (2015)
  • Al-RiyamiS.S. et al.

    Certificateless public key cryptography

  • YanguoP. et al.

    Certificateless public key encryption with keyword search

    China Commun

    (2014)
  • Cited by (17)

    • A designated tester-based certificateless public key encryption with conjunctive keyword search for cloud-based MIoT in dynamic multi-user environment

      2023, Journal of Information Security and Applications
      Citation Excerpt :

      For an easy understanding of the CLPEKS scheme, we offer the following steps : This section describes a dCL-PECK scheme, an extension of the mCLPECK [47] scheme to support the dynamic addition and revocation of the data receiver. The dCL-PECK scheme allows anyone to encrypt a keyword set using the selected group of recipient’s public keys.

    • A designated cloud server-based multi-user certificateless public key authenticated encryption with conjunctive keyword search against IKGA

      2022, Computer Standards and Interfaces
      Citation Excerpt :

      The evaluation of the computation cost of each algorithm (i.e., Keygen, Encryption, Trapdoor, Test) by using some basic operations is shown in Table 3. Using the exact execution time reported [60] for these operations can make comparisons more likely. To run the basic operations, they used the MIRACL library [68] on Lenovo personal computer with Windows 10 operating system, I5-8250U 1.60 GHz processor and 8 GB memory.

    View all citing articles on Scopus
    View full text