secure and privacy-preserving data sharing and collaboration in...

Research ArticleSecure and Privacy-Preserving Data Sharing and Collaborationin Mobile Healthcare Social Networks of Smart Cities

Qinlong Huang12 Licheng Wang12 and Yixian Yang12

1 Information Security Center State Key Laboratory of Networking and Switching TechnologyBeijing University of Posts and Telecommunications Beijing 100876 China2National Engineering Laboratory for Disaster Backup and Recovery Beijing University of Posts and TelecommunicationsBeijing 100876 China

Correspondence should be addressed to Qinlong Huang longsecbupteducn

Received 18 May 2017 Accepted 6 July 2017 Published 3 August 2017

Academic Editor Qing Yang

Copyright copy 2017 Qinlong Huang et alThis is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Mobile healthcare social networks (MHSN) integratedwith connectedmedical sensors and cloud-based health data storage providepreventive and curative health services in smart citiesThe fusion of social data together with real-time health data facilitates a novelparadigm of healthcare big data analysis However the collaboration of healthcare and social network service providers may posea series of security and privacy issues In this paper we propose a secure health and social data sharing and collaboration schemein MHSN To preserve the data privacy we realize secure and fine-grained health data and social data sharing with attribute-basedencryption and identity-based broadcast encryption techniques respectively which allows patients to share their private personaldata securely In order to achieve enhanced data collaboration we allow the healthcare analyzers to access both the reencryptedhealth data and the social data with authorization from the data owner based on proxy reencryption Specifically most of thehealth data encryption and decryption computations are outsourced from resource-constrained mobile devices to a health cloudand the decryption of the healthcare analyzer incurs a low cost The security and performance analysis results show the securityand efficiency of our scheme

1 Introduction

As an emerging paradigm smart cities leverage a varietyof promising techniques such as Internet of Things mobilecommunications and big data analysis to enable intelligentservices and provide a comfortable life for local residents[1] The smart city is an urbanized area where multiplesectors cooperate to achieve sustainable outcomes throughthe analysis of contextual real-time information whichwould produce massive opportunities for mobile healthcaresocial network (MHSN) [2] MHSN extends the traditionalcentralized healthcare system in which the patients stay athome or in hospital environment and the professional physi-cians in the healthcare center take responsibility of generatingmedical treatment With the considerable development ofwearable devices and body sensors in the smart city MHSNserving as a mobile community platform for healthcarepurposes improves healthcare efficiency and places greatemphasis on social interactivities [3] and assists patients

in dealing with certain emergency situations or helps inforwarding data and sharing patientsrsquo feelings

Compared to traditional hospital-centric healthcarewhich not only lacks efficiency when dealing with identifyingsome serious diseases in early stages but also suffersfrom limited healthcare information [4] MHSN enablescontinuous health monitoring and timely diagnosis to thepatients in the smart city It relies on wearable devices andmedical sensors to measure the patientsrsquo health conditionsand sends health data to the processing unit for doctorsrsquofurther diagnosis and analysis and provides easy access toa patientrsquos historical comprehensive health informationAdditionally the patients wearing body sensors continuouslymonitoring their health conditions are assumed to walkoutside moving from time to time and place to place [5]However MHSN may suffer from a series of security andprivacy threats due to the vulnerabilities of personal healthand social data The collected private information is storedand processed in the honest but curious health and social

HindawiSecurity and Communication NetworksVolume 2017 Article ID 6426495 12 pageshttpsdoiorg10115520176426495

2 Security and Communication Networks

cloud servers which may be directly revealed during thestorage and processing phases [6 7] Moreover the adversarycan intercept the sessions between patients to get their healthand social data Hence the underlying security and privacyrequirements including confidentiality and access controlshould be satisfied in MHSN [8ndash10]

Intelligent healthcare is another functionality that can berealized in MHSN which would provide efficient diagnosisand health condition warning by analyzing the infectious-ness in real time such as infectious diseases analysis [11]As we know infectious diseases could be rapidly spreadin the population via human-to-human contact An old-fashioned approach to prevent the spread of disease is toisolate the susceptible people for a certain period Howeverthis approach is always not satisfactory since people havingfrequent contact or strong social relationships with a patientaremore easily infected from the perspectives of biomedicineand sociology In general the spread of infectious diseasesdepends on usersrsquo social contacts and health conditions in ahigh probability Specifically the effective infectious diseasesanalysis could take several key factors into considerationthat is susceptibility of the infected patient and immunitystrength of contacted user However the health and socialdata of patients are collected by multiple independent serviceproviders such as hospitals and social network vendorsHence the collaboration of these service providers is thekey challenge of enabling this enhanced infection analysis inMHSN

11 Our Techniques In order to preserve the patientrsquos dataprivacy and achieve data availability encryption techniquesmust be adopted to make both health and social datainvisible to the untrusted cloud servers Any userswithout theauthorization of the data owner should not be able to accessthe personal health and social data and the collaborationof different untrusted cloud servers should be achieved viaan authorized entity Otherwise patients may not be willingto share their health and social data such that the infectionanalysis would be disabled In fact attribute-based encryp-tion (ABE) and identity-based broadcast encryption (IBBE)are widely adopted encryption algorithms [12] ParticularlyCP-ABE is conceptually closer to traditional access controlmodels to enforce fine-grained access control of encrypteddata By using CP-ABE health data can be protected withaccess policy and only the people who possess a set ofattributes that satisfy the access policy can access data IBBEscheme is a cryptographic mechanism in which data ownerscould broadcast their encrypted data to multiple receiversat one time and the public key of the user can be regardedas any valid strings such as the email unique ID andusername In combination these two mechanisms can beused to implement data protection in healthcare systems andsocial networks In this paper we propose a secure health andsocial data sharing and collaboration scheme in MHSN Themain contributions of our scheme are as follows

(1) We realize secure and privacy-preserving healthdata and social data sharing with attribute-basedencryption and identity-based broadcast encryption

techniques respectively which protects the privatedata confidentiality

(2) We provide a secure data collaboration constructionfrom different independent cloud servers based onproxy reencryption (PRE) which allows the health-care analyzers authorized by the data owner to accessthe reencrypted health data and social data forenhanced data analysis

(3) We outsource most of the health data encryption anddecryption computations from resource-constrainedmobile devices to a health cloud and the decryptionof the healthcare analyzer incurs low cost The exten-sive security and performance analysis results showthat our scheme is secure and efficient

12 Organization This paper is structured as follows wereview related work in Section 2 We introduce the prelim-inaries in Section 3 and provide the system model systemdefinition and security definition in Section 4 The detailedconstruction is given in Section 5 Then we analyze thesecurity and performance of our scheme in Sections 6 and7 respectively Finally we conclude this paper in Section 8

2 Related Work

Personal health records (PHRs) are the electronic recordscontaining health andmedical information of patients whichinvolves privacy information that patients are unwilling todisclose Thus the security and protection of PHR havebeen of great concern and a subject of research over theyears [13] Zhang et al [14] proposed a PHR security andprivacy preservation scheme by introducing consent-basedaccess control where the consent can only be generatedby an authorized user based on PRE Currently there hasbeen an increasing interest in applying ABE to protect PHRABE is a promising one-to-many cryptographic techniqueto realize flexible and fine-grained access control for sharingdata [15] which was first introduced by Sahai and Watersas a new method for fuzzy identity-based encryption (IBE)[16] It features a mechanism that enables access control overencrypted data using access policies and ascribed attributesamong private keys and ciphertexts [17] Narayan et al[18] proposed an attribute-based infrastructure for PHRsystems where each patientrsquos PHR files are encrypted usinga broadcast variant of ciphertext-policy ABE Li et al [19]proposed a novel ABE-based framework for patient-centricsecure sharing of PHRs in cloud computing environmentsAu et al [20] designed a general framework for secure sharingof PHR in cloud with CP-ABE and it deploys attribute-based PRE (ABPRE) mechanism so that the ciphertext fordoctor A can be transformed to the ciphertext for doctorB However the main complaint in CP-ABE scheme is thehigh computation overhead brought about by its complexcomputation This problem will become even worse in theface of resource-limitedwearable devices ormobile sensors inMHSN since it needs to perform burdensome computationtasks for fine-grained data access control when adoptingthe ABE algorithm In order to reduce the computational

Security and Communication Networks 3

overheads Liu et al [21] proposed an outsourced healthcarerecord access control system by moving the encryptioncomputation offline and keeping online computation taskvery low Yeh et al [22] proposed a decryption outsourcingframework for health information access control in the cloudby utilizing CSP to check whether the attributes satisfy theaccess policy in ciphertext which induces the outsourcedencryption and decryption scheme introduced by Zhang etal [23]

Intelligent healthcare which is one of the intelligentservices in the smart city contains various health-relatedapplications in MHSN such as home care and emergencyalarm [24] Wang et al [25] designed a secure health cloudsystem framework based on IBE in which the assistantdoctor can access the health data for enhanced analysiswith authorization from the data owner based on identity-based PRE (IBPRE) In particular by analyzing the collectedsocial data together with real-time health data accurateinfection analysis can be achieved The secure collaborationof healthcare and social network service providers is thekey challenge of intelligent healthcare since different serviceproviders may adopt different techniques to protect dataprivacy Zhang et al [11] introduced some challenges ofsecurity and privacy in MHSN of smart cities and proposedthe first secure data collaboration framework of healthcareand social network service providers However this schemedoes not give the implementation construction Liang et al[26] proposed PEC an ABE-based emergency call schemefor MHSN which combines location data with health datato guarantee that emergency information is sent to nearbyphysicians Jiang et al [27] proposed EPPS a personal healthinformation sharing scheme based on ABE by combining themobile social network with a healthcare center Patients withgeographical proximity can constitute a group to exchangehealth conditions healthcare experiences and medical treat-ments with the authorized physician But in this scheme thephysicians in the healthcare center must have many attributesecret keys for each attribute to dockwith patients in differentgroups Moreover these two schemes above do not considerthe data collaboration (eg infectious diseases analysis) withhealth and social data

3 Preliminaries

31 Bilinear Pairing Let G0 and G119879 be two multiplicativegroups of prime order 119901 A bilinear map is a function 119890 G0 times G0 rarr G119879 with the following properties

(1) Computability There is an efficient algorithm tocompute 119890(119892 ℎ) isin G119879 for any 119892 ℎ isin G0

(2) Bilinearity For all 119892 ℎ isin G0 and 119886 119887 isin Z119901 we have119890(119892119886 ℎ119887) = 119890(119892 ℎ)119886119887(3) Nondegeneracy If 119892 is a generator of G0 then 119890(119892 119892)

is also a generator of G119879

32 Ciphertext-Policy Attribute-Based Encryption The CP-ABE is a cryptography prototype for one-to-many securecommunication which consists of the following algorithms[17]

(1) 119878119890119905119906119901(1120582) The setup algorithm takes as input thesecurity parameter 120582 and outputs a public key PK anda master secret key MK

(2) 119870119890119910119866119890119899(PKMK 119878) The key generation algorithmtakes as input the public key PK themaster secret keyMK and a set 119878 of attributes and outputs an attributekey AK

(3) 119864119899119888(PK119872 119879) The encryption algorithm takes asinput the public key PK a message119872 and an accesspolicy 119879 and outputs a ciphertext CT

(4) 119863119890119888(PKAKCT) The decryption algorithm takes asinput the public key PK an attribute key AK and aciphertext CT with an access policy 119879 If 119878 isin 119879 itoutputs the message119872

33 Identity-Based Broadcast Encryption The IBBE can beseen as an extension of the IBE by allowing one to encrypta message once for many receivers The definition of IBBE isas follows [28]

(1) 119878119890119905119906119901(1120582 119873) The setup algorithm takes as input asecurity parameter 120582 and the maximal size119873 of a setof receivers and outputs a pair of public key PK andmaster secret key MK

(2) 119870119890119892119866119890119899(PKMK ID) The key generation algorithmtakes as input the public key PK themaster secret keyMK and a userrsquos identity ID and outputs a secret keySKID for the user

(3) 119864119899119888(PK119872119880) The encryption algorithm takes asinput the public key PK a message 119872 and a set119880 of receiversrsquo identities the algorithm outputs aciphertext CT for 119880

(4) 119863119890119888(PKCT SKID ID) The decryption algorithmtakes as input the public key PK a ciphertext CT asecret key SKID and an identity ID the algorithmoutputs the message119872 if ID isin 119880

4 The Proposed Scheme

41 System Model In MHSN the fusion of health dataand social data facilitates a novel paradigm of authorizedinfection analysis Our scheme focuses on the secure sharingand collaboration of these data As shown in Figure 1 thesystem model of our scheme consists of central authorityhealth cloud social cloud users healthcare provider andhealthcare analyzer

(1) Central Authority The central authority is a fullytrusted party which is in charge of generating systemparameters as well as private keys for each user

(2) Health Cloud The health cloud is a semitrustedparty which provides health data storage service Itis also responsible for helping encrypt health data formobile healthcare sensors and decrypt the ciphertextfor healthcare providers and reencrypt ciphertext forhealthcare analyzers


Health cloud Social cloud

Data owner

Healthcare analyzer

Social user

Data ownerSensor

Sensor

Social ciphertext

Health ciphertext

Social ciphertext

Health ciphertext

Healthcare provider Social user

Health ciphertext Social

ciphertext

Authorization

H l h l d S i l l d

Social ciphertext

Health ciphertext

Data ownerSensor

Sensorealthcare rovider Social user

Figure 1 System model of our scheme

(3) Social Cloud The social cloud is also a semitrustedparty which provides social data storage service andis in charge of reencrypting social ciphertext forhealthcare analyzers

(4) DataOwnerThedata owners generate a great amountof health data through the mobile healthcare sensorsand upload them to the health cloud by definingaccess policy and also upload their social data to thesocial cloud for sharing

(5) UserThe user is the ciphertextsrsquo receiver and is able todecrypt the ciphertexts if he is the intended receiverdefined by the data owners

(6) Healthcare Provider The healthcare providers are theintended receivers of health ciphertext stored in thehealth cloud If a healthcare providerrsquos attribute setsatisfies the access policy in the ciphertext he is able todecrypt the patientrsquos health data from the ciphertext

(7) Healthcare Analyzer The healthcare analyzer is theauthorized receiver of both health ciphertext andsocial ciphertext for data collaboration and analysis

42 System Definition Based on the system model ourscheme consists of the following algorithms

(1) 119878119890119905119906119901(1120582 119873) The central authority takes as input asecurity parameter 120582 and the maximal size of receiverset119873 and outputs a systempublic key PK and amastersecret key MK

(2) 119860119870119890119910119866119890119899(PKMK 119878) The central authority takes asinput PK and MK and a set of attributes 119878 of user orhealthcare provider and outputs the attribute key AK

(3) 119878119870119890119910119866119890119899(PKMK ID) The central authority takesas input PK and MK and an identity ID of user orhealthcare analyzer and outputs the secret key of userSK

(4) 119862119897119900119906119889119864119899119888119903119910119901119905(PK 119879) The health cloud takes asinput PK and an access policy 119879 and outputs anoutsourced health ciphertext CT1015840

(5) 119867119890119886119897119905ℎ119864119899119888119903119910119901119905(PK 119898ℎCT1015840)The health data ownertakes as input PK health data119898ℎ and an outsourcedhealth ciphertext CT1015840 and outputs a health ciphertextCTℎ

(6) 119862119897119900119906119889119863119890119888119903119910119901119905(PKCTℎAK1015840) The health cloudtakes as input PK a health ciphertext CTℎ and anoutsourced attribute key AK1015840 and outputs a partialdecrypted health ciphertext CT119903 if the attributes inAK1015840 satisfy the access policy in the ciphertext

(7) 119867119890119886119897119905ℎ119863119890119888119903119910119901119905(CT119903AK) The healthcare providertakes as input a partial decrypted health ciphertextCT119903 and an attribute key AK and outputs the healthdata119898ℎ

(8) 119878119900119888119894119886119897119864119899119888119903119910119901119905(PK 119898119888 119880) The social data ownertakes as input PK social data 119898119888 and a set 119880 ofreceiversrsquo identities and outputs a social ciphertextCT119888

(9) 119878119900119888119894119886119897119863119890119888119903119910119901119905(PKCT119888 ID SK) The social receivertakes as input PK a social ciphertext CT119888 a receiverrsquosidentity ID and its secret key SK and outputs thesocial data119898119888 if ID and SK are valid

(10) 119867119890119886119897119905ℎ119877119890119870119890119910119866119890119899(PKAK ID1015840) The health dataowner takes as input PK attribute key AK anda healthcare analyzerrsquos identity ID1015840 and outputs ahealth reencryption key RKℎ

(11) 119867119890119886119897119905ℎ119877119890119864119899119888(CTℎRKℎ) The health cloud takes asinput a health ciphertext CTℎ and a heath reen-cryption key RKℎ and outputs a reencrypted healthciphertext RTℎ

(12) 119878119900119888119894119886119897119877119890119870119890119910119866119890119899(PK SK ID1015840)The social data ownertakes as input PK a secret key SK and a healthcare


analyzerrsquos identity ID1015840 and outputs a social reencryp-tion key RK119888

(13) 119878119900119888119894119886119897119877119890119864119899119888(CT119888RK119888) The social cloud takes asinput a social ciphertext CT119888 and a social reen-cryption key RK119888 and outputs a reencrypted socialciphertext RT119888

(14) AnalyzerDecrypt(RTℎRT119888 SK1015840)The healthcare ana-lyzer takes as input a reencrypted health ciphertextRTℎ a reencrypted social ciphertext RT119888 and a secretkey SK1015840 and outputs health data 119898ℎ and social data119898119888

In the registration phase the central authority runsSetup algorithms to generate system public key and mastersecret key Meanwhile it also uses AKeyGen and SKeyGenalgorithm to generate attribute keys and secret keys ofusers in the system For the health data the health cloudfirst runs CloudEncrypt algorithm to encrypt data with anaccess policy and then the data owner runs HealthEncryptalgorithm to finish the encryptionWhen accessing the healthdata the health cloud first uses the CloudDecrypt algorithmto partially decrypt the ciphertext and then the user canuse the HealthDecrypt algorithm to recover the data Forthe social data the data owner runs SocialEncrypt algorithmto encrypt data for a set of receivers and the user canuse the SocialDecrypt algorithm to recover the social dataFurthermore the data owner could run HealthReKeyGenand SocialReKeyGen algorithms respectively to generatereencryption keys containing their own attribute keys andsecret keys Receiving the reencryption keys the health cloudand social cloud would run HealthReEnc and SocialReEncalgorithms to transform the initial ciphertexts to the reen-crypted ciphertexts Hence the healthcare analyzer canrun AnalyzerDecrypt algorithm to decrypt the reencryptedhealth and social ciphertexts

43 Security Definition In our scheme we assume that thehealth cloud and social cloud are honest but curious whichmeans they carry out computation and storage tasks butmay try to learn information about the private data [29]Specifically the security model covers the following aspects

(1) Data Confidentiality The unauthorized users thatare not the intended receivers defined by the dataowner should be prevented from accessing the healthand social data The healthcare analyzer should notbe able to access the reencrypted data without theauthorization of the data owner

(2) Fine-Grained Access Control The data owner cancustomize an expressive and flexible access policyso that the health data only can be accessed by thehealthcare providers whose attributes satisfy thesepolicies

(3) Collusion Resistance If each of the usersrsquo attributesin the set cannot satisfy the access policy in theciphertexts alone the access of ciphertext should notsuccessful

5 Construction

51 System Setup Thecentral authority runs 119878119890119905119906119901 algorithmto select a bilinear map 119890 G0 times G0 rarr G119879 where G0

and G119879 are two multiplicative groups with prime order 119901and 119892 is the generator of G0 Then the central authoritychooses the maximum number of receivers 119873 randomlychooses 119892 ℎ 119906 V 119908 isin G0 and 120572 120573 isin Z119901 choosescryptographic hash function 1198671 0 1lowast rarr Zlowast

119901 1198672 G119879 rarr G0 and finally outputs a system public key PK =(119892 119892120573 119890(119892 119892)120572 ℎ 119906120572 V V120572 V120572119873 119890(119906 V) 119908) and a mastersecret key MK = (119906 120572 120573)52 Key Generation The central authority runs 119860119870119890119910119866119890119899algorithm to select a random 120574 isin Z119901 which is a unique secretassigned to each user Then the central authority choosesrandom 120576 120593 isin Z119901 and random 119903119895 for each attribute 119895 isin119878 where 119878 is the attribute set of the user and outputs theattribute key AK

AK = (119863 = 119892(120572+120574)120573 1198631 = 119892120574ℎ120576 1198632 = 119892120576 1198633= 1198921120593 1198634 = 119892120593120572 1198635= 119908120593120572 119863119895 = 1198921205741198671 (119895)119903119895 1198631015840119895 = 119892119903119895119895isin119878)

(1)

For each user in the system the central authority runs119878119870119890119910119866119890119899 algorithm to select a random 120587 isin Z119901 and outputthe secret key SK for the user with identity ID

SK = (119870 = 1198921(120572+1198671(119868119863)) 1198701 = 1199061120587 1198702 = V120587 1198703= 119908120587) (2)

53 Secure Health Data Sharing

531 Health Data Encryption Themobile healthcare sensorsof the data owner could collect a wide range of real-timehealth data (eg blood pressure heart rate and pulse) forfurther diagnosis or specialist analysis Before uploading thedata to the health cloud the data owner first chooses arandom HK isin Z119901 and encrypts the health data 119898ℎ withHK using a symmetric encryption algorithm denoted as 119862 =SEHK(119898ℎ) Then the data owner defines an access policy 119879to ensure that only users satisfying this policy can access dataand then sends to the health cloud

Then the health cloud runs 119862119897119900119906119889119864119899119888119903119910119901119905 algorithm toperform the outsourced encryption For each node 119909 in theaccess policy tree 119879 the health cloud chooses a polynomial119901119909 These polynomials are chosen in the following way in atop-down manner starting from the root node 119877 For eachnode119909 in the tree set the degree119889119909 of the polynomial119901119909 to beone less than the threshold value 119896119909 of that node that is 119889119909 =119896119909 minus1 Starting with the root node 119877 the algorithm chooses arandom 119904 isin Z119901 and sets 119901119877(0) = 119904 Then it chooses 119889119877 otherpoints of the polynomial 119901119877 randomly to define it completelyFor any other node 119909 it sets 119901119909(0) = 119901parent(119909)(index(119909)) andchooses 119889119909 other points randomly to completely define 119901119909


Let 119884 be the set of leaf nodes in 119879 the health cloud outputsan outsourced ciphertext CT1015840 as

CT1015840 = (119879 11986210158403 = 119892119904 11986210158404 = ℎ119904 1198627= 119862119910 = 119892119901119910(0) 1198621015840119910 = 1198671 (attr119910)119901119910(0)

119910isin119884)

(3)

The health cloud returns CT1015840 to the data owner The dataowner runs 119867119890119886119897119905ℎ119864119899119888119903119910119901119905 algorithm to select 119905 isin Z119901 atrandom and computes 1198621 = HK sdot 119890(119892 119892)120572119905 with HK andcomputes 1198622 = 119892120573119905 1198623 = 11986210158403 sdot 119892119905 1198624 = 11986210158404 sdot ℎ119905 1198625 =(1198634)119905 1198626 = (1198635)119905 Finally the data owner outputs theciphertext CTℎ as

CTℎ = (119879 119862 = SEHK (119898ℎ) 1198621 = HK sdot 119890 (119892 119892)120572119905 1198622= 119892120573119905 1198623 = 119892119904+119905 1198624 = ℎ119904+119905 1198625 = 119892120593120572119905 1198626= 119908120593120572119905 1198627= 119862119910 = 119892119901119910(0) 1198621015840119910 = 1198671 (attr119910)119901119910(0)

119910isin119884)

(4)

532 Health Data Decryption If the attributes of the health-care provider satisfy the access policy 119879 he can decryptCTℎ successfully by informing health cloud and obtainingthe symmetric key The health cloud runs 119862119897119900119906119889119863119890119888119903119910119901119905algorithm with the ciphertext and outsourced attribute keyAK1015840 = (1198631 1198632 119863119895 1198631015840119895119895isin119878) from the healthcare providerThe health cloud first runsDecryptNode algorithmwhich canbe described as a recursive algorithm This algorithm takesthe ciphertext CTℎ AK

1015840 and a node 119909 from the access tree 119879as input(1) If the node 119909 is a leaf node then we let 119911 = attr119909 andcompute as follows If 119911 isin 119878 then

119863119890119888119903119910119901119905119873119900119889119890 (CTℎAK1015840 119909) = 119890 (119863119911 119862119909)119890 (1198631015840119911 1198621015840119909)

= 119890 (1198921205741198671 (119911)119903119911 119892119901119909(0))119890 (119892119903119911 1198671 (attr119909)119901119909(0)) = 119890 (119892 119892)

120574119901119909(0) (5)

If 119911 notin 119878 then119863119890119888119903119910119901119905119873119900119889119890(CTℎAK1015840 119909) =perp(2) If the node 119909 is a nonleaf node the algorithm119863119890119888119903119910119901119905119873119900119889119890(CTℎAK1015840 119909) proceeds as follows for all nodes119899 that are children of 119909 it calls 119863119890119888119903119910119901119905119873119900119889119890(CTℎAK1015840 119899)and stores output as 119865119899 Let 119878119909 be an arbitrary 119896119909-sized set ofchild nodes 119899 such that 119865119899 = perp If no such set exists then thenode is not satisfied and the function returns perp Otherwise

the function defines 119895 = index(119899) and 1198781015840119909 = index(119899) 119899 isin119878119909 and returns the result

119865119909 = prod119899isin119878119909

119865119899Δ 1198951198781015840119909 (0)

= prod119899isin119878119909

(119890 (119892 119892)119903sdot119901parent(119899)(index(119899)))Δ 1198951198781015840119909 (0)

= prod119899isin119878119909

119890 (119892 119892)119903sdot119901119909(119895)sdotΔ 1198951198781015840119909 (0) = 119890 (119892 119892)119903119901119909(0) (6)

If the access policy tree119879 is satisfied by 119878 we set the resultof the entire evaluation for the access tree 119879 as 119865 such that

119865 = 119863119890119888119903119910119901119905119873119900119889119890 (CTℎAK1015840 119877) = 119890 (119892 119892)120574119901119877(0)= 119890 (119892 119892)120574119904

(7)

Then the health cloud computes

119861 = 119890 (1198631 1198623)119890 (1198632 1198624) =119890 (119892120574ℎ120576 119892119904+119905)119890 (119892120576 ℎ119904+119905) = 119890 (119892 119892)120574(119904+119905)

119860 = 119861119865 =119890 (119892 119892)120574(119904+119905)119890 (119892 119892)120574119904 = 119890 (119892 119892)120574119905

(8)

Finally the health cloud sends the partial decryptedhealth ciphertext CT119903 = (119862 = SEHK(119898ℎ) 1198621 = HK sdot119890(119892 119892)120572119905 1198622 = 119892120573119905 119860 = 119890(119892 119892)120574119905) to the healthcareprovider After receiving CT119903 from the health cloud thehealthcare provider runs119867119890119886119897119905ℎ119863119890119888119903119910119901119905 algorithm to obtainthe symmetric key

HK = 1198621 sdot 119860119890 (1198622 119863) =HK sdot 119890 (119892 119892)120572119905 sdot 119890 (119892 119892)120574119905

119890 (119892120573119905 119892(120572+120574)120573) (9)

Thus SEHK(119898ℎ) can be decrypted with HK by applyingthe symmetric decryption algorithm and the healthcareprovider can access the data ownerrsquos health data for diagnosis

54 Secure Social Data Sharing

541 Social Data Encryption For the private social datadenoted as119898119888 the data owner runs 119878119900119888119894119886119897119864119899119888119903119910119901119905 algorithmto encrypt it and then outsource the ciphertext to the socialcloud First the data owner chooses a set 119880 of receiversrsquoidentities (where |119880| le 119873) and a random CK isin Z119901 which isused to encrypt the data based on the symmetric encryptionalgorithm The data owner randomly picks 119896 isin Zlowast

119901 andoutputs a social ciphertext CT119888

CT119888 = (119862 = SECK (119898119888) 1198621 = CK sdot 119890 (119906 V)119896 1198622= V119896sdotprodID119894isin119880(120572+1198671(ID119894)) 1198623 = V120587119896 1198624 = 119908120587119896 1198625= 119906minus120572119896)

(10)

542 Social Data Decryption The user with identity ID runs119878119900119888119894119886119897119863119890119888119903119910119901119905 algorithm to decrypt the social ciphertext If


ID isin 119880 the user computes

119868 = (119890 (1198625 VΔ120572(ID119880)) sdot 119890 (119870 1198622))1prodID119894isin119880andID119894 =ID1198671(ID119894) = (119890 (119906minus120572119896 VΔ120572(ID119880)) sdot 119890 (1199061(120572+1198671(ID)) V119896sdotprodID119894isin119880(120572+1198671(ID119894))))1prodID119894isin119880andID119894 =ID1198671(ID119894)

= (119890 (119906minus120572119896 V120572minus1 sdot(prodID119894isin119880andID119894 =ID(120572+1198671(ID119894))minusprodID119894isin119880andID119894 =ID1198671(ID119894))) sdot 119890 (119906 V)119896sdotprodID119894isin119880andID119894 =ID(120572+1198671(ID119894)))1prodID119894isin119880andID119894 =ID1198671(ID119894)

= (119890 (119906119896 V)prodID119894isin119880andID119894 =ID1198671(ID119894)minusprodID119894isin119880andID119894 =ID(120572+1198671(ID119894))+prodID119894isin119880andID119894 =ID(120572+1198671(ID119894)))1prodID119894isin119880andID119894 =ID1198671(ID119894) = 119890 (119906 V)119896 (11)

where

Δ 120572 (ID 119880) = 120572minus1 sdot ( prodID119894isin119880andID119894 =ID

(120572 + 1198671 (ID119894))

minus prodID119894isin119880andID119894 =ID

1198671 (ID119894)) (12)

Then the user computes CK with 119868CK = 1198621119868 = CK sdot 119890 (119906 V)119896

119890 (119906 V)119896 (13)

Finally the user recovers message 119898119888 with CK using thesymmetric encryption algorithm

55 Authorized Data Analysis

551 Health Data Reencryption In order to analyzethe healthcare data the health data owner runs 119867119890119886119897119905ℎ119877119890119870119890119910119866119890119899 algorithm to choose a healthcare analyzerrsquosidentity ID1015840 randomly pick 1199051015840 119887 isin Z119901 and compute thefollowing with attribute key AK

1198771 = 1198633 sdot 119908119887 = 1198921120593 sdot 1199081198871198772 = V119905

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1199051015840) sdot 119892119887(14)

Then the health data owner outputs the health reencryp-tion keyRKℎ = (1198771 1198772 1198773)When receiving the reencryptionkey the health cloud runs 119867119890119886119897119905ℎ119877119890119864119899119888 algorithm to reen-crypt the initial health ciphertextThe health cloud computes

11986210158401 = 1198621119890 (1198771 1198625) =HK sdot 119890 (119892 119892)120572119905119890 (1198921120593 sdot 119908119887 119892120593120572119905)

= HK sdot 119890 (119908119887 119892minus120593120572119905) (15)

Finally the health cloud outputs a reencrypted healthciphertext

RTℎ = (1198621015840 = 119862 = SEHK (119898ℎ) 11986210158401 = HK

sdot 119890 (119908119887 119892minus120593120572119905) 11986210158402 = 1198772 = V1199051015840 sdot(120572+1198671(ID

1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1199051015840) sdot 119892119887 11986210158404 = 1198626 = 119908120593120572119905)

(16)

552 Social Data Reencryption The social data is also usedto analyze healthcare such as infectious diseases The dataowner runs 119878119900119888119894119886119897119877119890119870119890119910119866119890119899 algorithm to choose a health-care analyzerrsquos identity ID1015840 randomly pick 1198961015840 119897 isin Z119901 andcompute the following with secret key SK

1198771 = 1198701 sdot 119908119897 = 1199061120587 sdot 1199081198971198772 = V119896

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1198961015840) sdot V119897(17)

Then the data owner outputs the social reencryption keyRK119888 = (1198771 1198772 1198773) Then receiving the reencryption key thesocial cloud runs 119878119900119888119894119886119897119877119890119864119899119888 algorithm to reencrypt theinitial social ciphertext The social cloud computes

11986210158401 = 1198621119890 (1198771 1198623) =CK sdot 119890 (119906 V)119896119890 (1199061120587 sdot 119908119897 V120587119896)

= CK sdot 119890 (119908119897 Vminus120587119896) (18)

Finally the social cloud outputs a reencrypted socialciphertext

RT119888 = (1198621015840 = 119862 = SECK (119898119888) 11986210158401 = CK

sdot 119890 (119908119897 Vminus120587119896) 11986210158402 = 1198772 = V1198961015840 sdot(120572+1198671(ID

1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1198961015840) sdot V119897 11986210158404 = 1198624 = 119908120587119896)

(19)

553 Authorized Decryption For the reencrypted health andsocial ciphertext the healthcare analyzer with identity ID1015840

runs AnalyzerDecrypt algorithm to decrypt For the healthdata the healthcare analyzer first computes

1198701015840 = 119890 (119870 11986210158402) = 119890 (1199061(120572+1198671(ID1015840)) V1199051015840 sdot(120572+1198671(ID1015840)))= 119890 (119906 V)1199051015840

(20)

Then the healthcare analyzer computes

119885 = 119862101584031198672 (1198701015840) =1198672 (119890 (119906 V)1199051015840) sdot 1198921198871198672 (119890 (119906 V)1199051015840) = 119892119887 (21)


Finally the healthcare analyzer computes the HK andrecovers the health data119898ℎ

HK = 11986210158401 sdot 119890 (119885 11986210158404)= HK sdot 119890 (119908119887 119892minus120593120572119905) sdot 119890 (119892119887 119908120593120572119905) (22)

For the social data the healthcare analyzer can computeV119897 with secret key and then computeCK and recover the socialdata119898119888

CK = 11986210158401 sdot 119890 (V119897 11986210158404) = CK sdot 119890 (119908119897 Vminus120587119896) sdot 119890 (V119897 119908120587119896) (23)

Therefore the healthcare analyzers can access both thereencrypted health data and the social data for collaborationand analysis with authorization from the data owner

6 Security Analysis

The sharing data in our scheme is encrypted with CP-ABE and IBBE techniques which are secure against chosenplaintext attack since the DBDH assumption holds [23 28]We analyze the security properties of our scheme as follows[29]

(1) Data Confidentiality The health data is encryptedusing access policy and the confidentiality of healthdata can be guaranteed against users who do nothold a set of attributes that satisfy the access policyIn the encryption phase though the health cloudperforms encryption computation for the data ownerit still cannot access the data without the attributekey During the decryption phase since the set ofattributes cannot satisfy the access policy in theciphertext the health cloud server cannot recover thevalue 119860 = 119890(119892 119892)120574119905 to further get the desired valueHK Therefore only the users with valid attributesthat satisfy the access policy can decrypt the healthciphertextThe social data is encryptedwith a randomsymmetric key CK and thenCK is protected by IBBESince the symmetric encryption and IBBE scheme aresecure the confidentiality of outsourced social datacan be guaranteed against unauthorized users whoseidentities are not in the set of receiversrsquo identitiesdefined by the data owner

(2) Fine-Grained Access Control The fine-grained accesscontrol allows flexibility in specifying differentialaccess policies of individual health data To enforcethis kind of access control we utilize CP-ABE toescort the symmetric encryption key of health dataIn the health data encryption phase of our scheme thedata owner is able to enforce an expressive and flexibleaccess policy and encrypt the symmetric key whichis used to encrypt the health data Specifically theaccess policy of encrypted data defined in access treesupports complex operations including both ANDand OR gate which is able to represent any desiredaccess conditions

(3) Collusion Resistance The users may intend to com-bine their attribute keys to access the data whichthey cannot access individually In our scheme thecentral authority generates attribute keys for differentusers the attribute key is associated with random 120574which is uniquely related to each user and makesthe combination of components in different attributekeys meaningless Suppose two or more users withdifferent attributes combine together to satisfy theaccess policy they cannot compute 119865 = 119890(119892 119892)120574119904 inthe outsourced decryption phase Thus the proposedscheme is collusion-resistant

7 Performance Analysis

71 Functionality Comparisons We list the key features of ourscheme in Table 1 andmake a comparison of our schemewithseveral data sharing schemes in MHSN in terms of healthdata confidentiality health data access control outsourcedencryption and decryption data authorization and socialdata collaboration In order to achieve fine-grained accesscontrol most of these schemes adopt the ABE techniqueFrom the comparison we can see that only EPPS [27] andour scheme achieve health data outsourced decryption con-sidering the low computing power of resource-constrainedmobile devices or healthcare sensors Zhang et al [14]Wang et al [25] Au et al [20] and our scheme supportdata authorization by deploying PRE mechanism so that thesemitrusted server could reencrypt the ciphertext to datarequester for research and analysis purposes without acquir-ing any plaintext Further PEC [26] combines social datawithhealthcare record for emergency call and EPPS [27] dividesthe mobile patients into different groups according to socialdata However both PEC [26] and EPPS [27] only utilizelocation information of social data and ignore other valuabledata in social networks which makes extensive social dataneeded in-depth healthcare analysis (eg infectious diseasesanalysis) impossible

Moreover the health and social datamay be collected andprotected by different independent service providers adopt-ing different encryption techniques such as ABE and IBBEThus to achieve data collaboration of these service providersdata authorization in these different service providers mustbe supported Our scheme proposes an efficient CP-ABEconstruction with outsourced encryption and decryption toachieve efficient fine-grained access control of health data andprovides a secure solution for the collaboration of differentservice providers by transforming the ABE-encrypted healthdata and IBBE-encrypted social data into an IBE-encryptedone that can only be decrypted by an authorized healthcareanalyzer such as specialists since IBE is more suitable to beemployed on resource-constrainedmobile devices inMHSN

72 Performance Comparisons We analyze the performanceefficiency of health data encryption decryption reencryptionkey generation and reencryption by comparing our schemewith several secure health data sharing schemes the resultis shown in Table 2 Let 119879119903 be the computation cost of asingle pairing 1198790 be the computation cost of an exponent


Table 1 Functionality comparison of data sharing schemes in MHSN

Zhang et al [14] Wang et al [25] Au et al [20] PEC [26] EPPS [27] Our schemeHealth data confidentiality PKE IBE CP-ABE CP-ABE CP-ABE CP-ABEHealth data access control Consent-based Identity-based Attribute-based Attribute-based Attribute-based Attribute-basedOutsourced encryption mdash No No No No YesOutsourced decryption mdash No No No Yes YesData authorization Yes Yes Yes No No YesSocial data collaboration No No No Yes Yes Yes

Table 2 Comparison of computation overhead for health data sharing

Schemes Data encryption Data decryption Data reencryption key generation Data reencryptionYeh et al [22] 119879119903 + (2119873119888 + 1)1198790 + 119879119905 2119879119903 + 119879119905 mdash mdashEPPS [27] (3119873119888 + 1)1198790 + 119879119905 119879119905 mdash mdashAu et al [20] (3119873119888 + 2)1198790 + 119879119905 (2119873119888 + 1)119879119903 + 119873119888119879119905 (3119873119903 + 1)1198790 + 119879119905 (2119873119903 + 2)119879119903 + 119873119903119879119905Wang et al [25] 21198790 + 2119879119905 2119879119903 31198790 119879119903 + 1198790Our scheme 51198790 + 119879119905 119879119903 31198790 + 119879119905 119879119903

Table 3 Computation overhead of social data sharing

Data encryption Data decryption Data reencryption key generation Data reencryption Data authorized decryption(119873119906 + 4)1198790 + 119879119905 2119879119903 + (119873119906 minus 1)1198790 + 119879119905 41198790 + 119879119905 119879119903 2119879119903

operation in G0 119879119905 be the time for an exponent operation inG119879119873119888 be the number of attributes in a ciphertext119873119903 be thenumber of attributes in a reencrypted ciphertext and 119873119906 bethe total number of receivers in social networks We ignorethe simple multiplication hash and symmetric encryptionand decryption operations

First we discuss the computation cost of health dataencryption and decryption Since Yeh et al [22] EPPS [27]and Au et al [20] all perform standard ABE algorithm locallyin the encryption phase their encryption computation costsare 119879119903 + (2119873119888 + 1) 1198790 + 119879119905 (3119873119888 + 1) 1198790 + 119879119905 and (3119873119888 +2) 1198790 + 119879119905 respectively which grow linearly with the numberof attributes in access policy In our scheme the users withmobile sensors only need to perform 51198790 + 119879119905 to encrypt thedata which is constant the same as Wang et al [25] and lessthan these schemes In the data decryption phase receivers inAu et alrsquos study [20] use secret keys corresponding tomatchedattributes to recursively decrypt the health ciphertext andthe computation cost is (2119873119888 + 1)119879119903 + 119873119888119879119905 In Yeh etalrsquos study [22] EPPS [27] and our scheme most of thedecryption computations are outsourced to the cloud serverIn particular users in our scheme only need to perform onepairing operation to decrypt the ciphertext

Further in the data authorization phase Au et al [20]adopted ABPRE to reencrypt ciphertext for authorized usersand the computation costs of reencryption key generationand data reencryption are both related to the number ofattributes of new access policy Our scheme transformsABE-encrypted health data to IBE-encrypted health data foranalysis purposes and the computation costs in these twophases are 31198790 + 119879119905 and 119879119903 which is constant and efficientas in Wang et alrsquos study [25]

We also evaluate the computation overhead of social datasharing when the ciphertexts in different service providersneed to collaborate together From Table 3 we can observethat the social data encryption cost on the data owner is(119873119906 + 4)1198790 + 119879119905 based on IBBE If the user is one of thedesirable receivers he can perform 2119879119903 + (119873119906 minus 1)1198790 + 119879119905cost to decrypt ciphertext Moreover our scheme also hashigh efficiency for the social data authorized phase in whichthe IBBE-encrypted social data can be reencrypted to IBE-encrypted one by semitrusted social cloud with reencryptionkey generated by the data owner The computation cost ofgenerating reencryption key is 41198790 + 119879119905 and the semitrustedsocial cloud needs to take 119879119903 cost to finish the social datareencryption At last the authorized healthcare analyzerneeds to perform 2119879119903 to obtain the social data or health datawhich are both protected by IBE

73 Experimental Evaluation We conduct experiments on aLinux system with an Intel Core 2 Duo CPU with 253GHzprocessor and 4GB memory The experimental prototype iswritten in C language with the assistance of cpabe toolkit andpairing-based cryptography library [30] We use a pairing-friendly type A 160-bit elliptic curve group based on thesupersingular curve over a 512-bit finite field The AdvancedEncryption Standard (AES) is chosen as the symmetric keyencryption scheme

We analyze the time cost of the data encryption anddecryption by comparing our scheme with Yeh et al [22]EPPS [27] Au et al [20] and Wang et al [25] In the dataencryption phase the data owner in these schemes encryptsa file with an access policy and posts the encrypted file tothe cloud server Figure 2 shows the computation time ondata owners during this phase The encryption time on data


Yeh et al [22]EPPS [27]Au et al [20]

Wang et al [25]Our scheme

0

20

40

60

80

100

Com

puta

tion

time (

ms)

4 6 8 10 12 14 16 18 202Number of attributes in access policy

Figure 2 Computation cost of health data encryption




0

50

100

150

200

250

300

Com

puta

tion

time (

ms)

Figure 3 Computation cost of health data decryption

owners grows with the number of attributes in access policyin Yeh et al [22] EPPS [27] and Au et al [20] while it staysconstant in our scheme In the data decryption phase Figure 3shows the computation time on healthcare providers fordecryption versus the number of attributes in access policyof ciphertext Compared to Au et al [20] we can see thatthe decryption times of Yeh et al [22] EPPS [27] and ourscheme are almost the same which are constant since mostof the laborious decryption operations are delegated to thecloud server

Furthermore we evaluate the computation time cost inhealth data reencryption phase and health data authorizeddecryption phase and the results are shown in Figures 4and 5 respectively We compare our scheme with that of

Au et al [20]Wang et al [25]Our scheme


0

50

100

150

200

250

300

Com

puta

tion

time (

ms)

Figure 4 Computation cost of health data reencryption



0

50

100

150

200

250

300C

ompu

tatio

n tim

e (m

s)

Figure 5 Computation cost of health data authorized decryption

Au et al [20] which utilizes ABPRE to support a generalframework for secure sharing of PHR and that of Wanget al [25] which adopts IBPRE We can observe that theexperimental results in Au et al [20] approximately followa linear relationship as the number of attributes increasesIn our scheme the data owner generates reencryption keysfor authorized healthcare analyzers so that the ABE-basedciphertext can be reencrypted to an IBE-based one and thenbe decrypted with a secret key which is independent of thenumber of attributes in access policy as in Wang et al [25]

8 Conclusion

In this paper we focus on the secure health data and socialdata sharing and collaboration in MHSN for smart citiesand propose a detailed construction based on ABE and


IBBE Our scheme allows the data owner to authorize thehealthcare analyzers to access data by reencrypting bothABE-protected health data and IBBE-protected social datato IBE-protected one which provides a solution for thecollaboration of different service providers In order to reducethe computation overhead of resource-constrained mobiledevices outsourced encryption and decryption constructionis adopted in our scheme which can delegate most of thecomputation cost to a cloud server Finally we analyze theperformance of our scheme with the existing schemes inMHSNand conduct experimentsThe results have shown thatour scheme is secure and efficient

Conflicts of Interest

The authors declare that they have no conflicts of interest

Acknowledgments

This work was supported by the National Key Researchand Development Program of China under Grant no2016YFB0800605 the National Natural Science Foundationof China under Grant no 61572080 and the CCF andVenustech Research Program under Grant no 2016012

References

[1] M SHossain GMuhammadWAbdul B Song andBGuptaldquoCloud-assisted secure video transmission and sharing frame-work for smart citiesrdquo Future Generation Computer Systems2017

[2] B Tang Z Chen G Hefferman et al ldquoIncorporating intelli-gence in fog computing for big data analysis in smart citiesrdquoIEEE Transactions on Industrial Informatics no 99 2017

[3] J Zhou Z Cao X Dong X Lin and A Vasilakos ldquoSecuringm-healthcare social networks challenges countermeasures andfuture directionsrdquo IEEEWireless Communications vol 20 no 4pp 12ndash21 2013

[4] K Zhang K Yang X Liang Z Su X Shen and H H LuoldquoSecurity and privacy for mobile healthcare networks from aquality of protection perspectiverdquo IEEE Wireless Communica-tions vol 22 no 4 pp 104ndash112 2015

[5] H Huang T Gong N Ye R Wang and Y Dou ldquoPrivate andsecured medical data transmission and analysis for wirelesssensing healthcare systemrdquo IEEE Transactions on IndustrialInformatics vol 13 no 3 pp 1227ndash1237 2017

[6] X Liang M Barua R Lu X Lin and X Shen ldquoHealthShareachieving secure and privacy-preserving health informationsharing through health social networksrdquo Computer Communi-cations vol 35 no 15 pp 1910ndash1920 2012

[7] J Zhou Z Cao X Dong N Xiong and A V Vasilakosldquo4S a secure and privacy-preserving key management schemefor cloud-assisted wireless body area network in m-healthcaresocial networksrdquo Information Sciences vol 314 pp 255ndash2762015

[8] L Chen Z Cao R Lu X Liang and X Shen ldquoEPF an event-aided packet forwarding protocol for privacy-preservingmobilehealthcare social networksrdquo in Proceedings of the 54th AnnualIEEE Global Telecommunications Conference (GLOBECOM rsquo11)Kathmandu Nepal December 2011

[9] L Guo C Zhang J Sun and Y Fang ldquoA privacy-preservingattribute-based authentication system for mobile health net-worksrdquo IEEE Transactions on Mobile Computing vol 13 no 9pp 1927ndash1941 2014

[10] W Yu Z Liu C Chen B Yang and X Guan ldquoPrivacy-preserving design for emergency response scheduling system inmedical social networksrdquo Peer-to-Peer Networking and Applica-tions vol 10 no 2 pp 340ndash356 2017

[11] K Zhang J Ni K Yang X Liang J Ren and X S ShenldquoSecurity and privacy in smart city applications challenges andsolutionsrdquo IEEE Communications Magazine vol 55 no 1 pp122ndash129 2017

[12] A Lounis A Hadjidj A Bouabdallah and Y Challal ldquoHealingon the cloud secure cloud architecture for medical wirelesssensor networksrdquo Future Generation Computer Systems vol 55pp 266ndash277 2016

[13] T-L Chen Y-T Liao Y-F Chang and J-H Hwang ldquoSecurityapproach to controlling access to personal health records inhealthcare servicerdquo Security and Communication Networks vol9 no 7 pp 652ndash666 2016

[14] A Zhang A Bacchus and X Lin ldquoConsent-based accesscontrol for secure and privacy-preserving health informationexchangerdquo Security and Communication Networks vol 9 no 16pp 3496ndash3508 2016

[15] Q Huang Y Yang and M Shen ldquoSecure and efficient datacollaboration with hierarchical attribute-based encryption incloud computingrdquo Future Generation Computer Systems vol 72pp 239ndash249 2017

[16] A Sahai and B Waters ldquoFuzzy identity-based encryptionrdquoin Proceedings of the 24th Annual International Conferenceon the Theory and Applications of Cryptographic Techniques(EUROCRYPT rsquo05) pp 457ndash473 Springer Aarhus DenmarkMay 2005

[17] J Bethencourt A Sahai and B Waters ldquoCiphertext-policyattribute-based encryptionrdquo in Proceedings of the IEEE Sympo-sium on Security and Privacy (SP rsquo07) pp 321ndash334 BerkeleyCalif USA May 2007

[18] S Narayan M Gagne and R Safavi-Naini ldquoPrivacy preservingehr system using attribute-based infrastructurerdquo in Proceedingsof the ACM Workshop on Cloud Computing Security Workshop(CCSW rsquo10) pp 47ndash52 Chicago Ill USA October 2010

[19] M Li S Yu Y Zheng K Ren andW Lou ldquoScalable and securesharing of personal health records in cloud computing usingattribute-based encryptionrdquo IEEE Transactions on Parallel andDistributed Systems vol 24 no 1 pp 131ndash143 2013

[20] M H Au T H Yuen J K Liu et al ldquoA general frameworkfor secure sharing of personal health records in cloud systemrdquoJournal of Computer and System Sciences 2017

[21] Y Liu Y Zhang J Ling and Z Liu ldquoSecure and fine-grained access control on e-healthcare records in mobile cloudcomputingrdquo Future Generation Computer Systems 2017

[22] L-Y Yeh P-Y Chiang Y-L Tsai and J-L Huang ldquoCloud-based fine-grained health information access control frame-work for lightweight IoT devices with dynamic auditing andattribute revocationrdquo IEEE Transactions on Cloud Computingno 99 2015

[23] P Zhang Z Chen J K Liu K Liang and H Liu ldquoAnefficient access control scheme with outsourcing capabilityand attribute update for fog computingrdquo Future GenerationComputer Systems 2016


[24] A Zanella N Bui A P Castellani L Vangelista and M ZorzildquoInternet of things for smart citiesrdquo IEEE Internet of ThingsJournal vol 1 no 1 pp 22ndash32 2014

[25] X A Wang J Ma F Xhafa M Zhang and X Luo ldquoCost-effective secure E-health cloud system using identity basedcryptographic techniquesrdquo Future Generation Computer Sys-tems vol 67 pp 242ndash254 2017

[26] X Liang R Lu L Chen X Lin and X Shen ldquoPEC a privacy-preserving emergency call scheme for mobile healthcare socialnetworksrdquo Journal of Communications andNetworks vol 13 no2 pp 102ndash112 2011

[27] S Jiang X Zhu and L Wang ldquoEPPS Efficient and privacy-preserving personal health information sharing in mobilehealthcare social networksrdquo Sensors vol 15 no 9 pp 22419ndash22438 2015

[28] Y Zhou H Deng Q Wu B Qin J Liu and Y Ding ldquoIdentity-based proxy re-encryption version 2makingmobile access easyin cloudrdquo Future Generation Computer Systems vol 62 pp 128ndash139 2016

[29] Q Huang L Wang and Y Yang ldquoDECENT secure and fine-grained data access control with policy updating for constrainedIoT devicesrdquoWorld Wide Web pp 1ndash17 2017

[30] B Lynn The pairing-based cryptography library httpcryptostanfordedupbc

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of


International Journal of

RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal of

Volume 201

Submit your manuscripts athttpswwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



cloud servers which may be directly revealed during thestorage and processing phases [6 7] Moreover the adversarycan intercept the sessions between patients to get their healthand social data Hence the underlying security and privacyrequirements including confidentiality and access controlshould be satisfied in MHSN [8ndash10]

Intelligent healthcare is another functionality that can berealized in MHSN which would provide efficient diagnosisand health condition warning by analyzing the infectious-ness in real time such as infectious diseases analysis [11]As we know infectious diseases could be rapidly spreadin the population via human-to-human contact An old-fashioned approach to prevent the spread of disease is toisolate the susceptible people for a certain period Howeverthis approach is always not satisfactory since people havingfrequent contact or strong social relationships with a patientaremore easily infected from the perspectives of biomedicineand sociology In general the spread of infectious diseasesdepends on usersrsquo social contacts and health conditions in ahigh probability Specifically the effective infectious diseasesanalysis could take several key factors into considerationthat is susceptibility of the infected patient and immunitystrength of contacted user However the health and socialdata of patients are collected by multiple independent serviceproviders such as hospitals and social network vendorsHence the collaboration of these service providers is thekey challenge of enabling this enhanced infection analysis inMHSN

11 Our Techniques In order to preserve the patientrsquos dataprivacy and achieve data availability encryption techniquesmust be adopted to make both health and social datainvisible to the untrusted cloud servers Any userswithout theauthorization of the data owner should not be able to accessthe personal health and social data and the collaborationof different untrusted cloud servers should be achieved viaan authorized entity Otherwise patients may not be willingto share their health and social data such that the infectionanalysis would be disabled In fact attribute-based encryp-tion (ABE) and identity-based broadcast encryption (IBBE)are widely adopted encryption algorithms [12] ParticularlyCP-ABE is conceptually closer to traditional access controlmodels to enforce fine-grained access control of encrypteddata By using CP-ABE health data can be protected withaccess policy and only the people who possess a set ofattributes that satisfy the access policy can access data IBBEscheme is a cryptographic mechanism in which data ownerscould broadcast their encrypted data to multiple receiversat one time and the public key of the user can be regardedas any valid strings such as the email unique ID andusername In combination these two mechanisms can beused to implement data protection in healthcare systems andsocial networks In this paper we propose a secure health andsocial data sharing and collaboration scheme in MHSN Themain contributions of our scheme are as follows

(1) We realize secure and privacy-preserving healthdata and social data sharing with attribute-basedencryption and identity-based broadcast encryption

techniques respectively which protects the privatedata confidentiality

(2) We provide a secure data collaboration constructionfrom different independent cloud servers based onproxy reencryption (PRE) which allows the health-care analyzers authorized by the data owner to accessthe reencrypted health data and social data forenhanced data analysis

(3) We outsource most of the health data encryption anddecryption computations from resource-constrainedmobile devices to a health cloud and the decryptionof the healthcare analyzer incurs low cost The exten-sive security and performance analysis results showthat our scheme is secure and efficient

12 Organization This paper is structured as follows wereview related work in Section 2 We introduce the prelim-inaries in Section 3 and provide the system model systemdefinition and security definition in Section 4 The detailedconstruction is given in Section 5 Then we analyze thesecurity and performance of our scheme in Sections 6 and7 respectively Finally we conclude this paper in Section 8

2 Related Work

Personal health records (PHRs) are the electronic recordscontaining health andmedical information of patients whichinvolves privacy information that patients are unwilling todisclose Thus the security and protection of PHR havebeen of great concern and a subject of research over theyears [13] Zhang et al [14] proposed a PHR security andprivacy preservation scheme by introducing consent-basedaccess control where the consent can only be generatedby an authorized user based on PRE Currently there hasbeen an increasing interest in applying ABE to protect PHRABE is a promising one-to-many cryptographic techniqueto realize flexible and fine-grained access control for sharingdata [15] which was first introduced by Sahai and Watersas a new method for fuzzy identity-based encryption (IBE)[16] It features a mechanism that enables access control overencrypted data using access policies and ascribed attributesamong private keys and ciphertexts [17] Narayan et al[18] proposed an attribute-based infrastructure for PHRsystems where each patientrsquos PHR files are encrypted usinga broadcast variant of ciphertext-policy ABE Li et al [19]proposed a novel ABE-based framework for patient-centricsecure sharing of PHRs in cloud computing environmentsAu et al [20] designed a general framework for secure sharingof PHR in cloud with CP-ABE and it deploys attribute-based PRE (ABPRE) mechanism so that the ciphertext fordoctor A can be transformed to the ciphertext for doctorB However the main complaint in CP-ABE scheme is thehigh computation overhead brought about by its complexcomputation This problem will become even worse in theface of resource-limitedwearable devices ormobile sensors inMHSN since it needs to perform burdensome computationtasks for fine-grained data access control when adoptingthe ABE algorithm In order to reduce the computational




3 Preliminaries





















Data owner

Healthcare analyzer

Social user

Data ownerSensor

Sensor

Social ciphertext

Health ciphertext

Social ciphertext

Health ciphertext



ciphertext

Authorization

H l h l d S i l l d

Social ciphertext

Health ciphertext

Data ownerSensor






























5 Construction




AK = (119863 = 119892(120572+120574)120573 1198631 = 119892120574ℎ120576 1198632 = 119892120576 1198633= 1198921120593 1198634 = 119892120593120572 1198635= 119908120593120572 119863119895 = 1198921205741198671 (119895)119903119895 1198631015840119895 = 119892119903119895119895isin119878)

(1)


SK = (119870 = 1198921(120572+1198671(119868119863)) 1198701 = 1199061120587 1198702 = V120587 1198703= 119908120587) (2)






CT1015840 = (119879 11986210158403 = 119892119904 11986210158404 = ℎ119904 1198627= 119862119910 = 119892119901119910(0) 1198621015840119910 = 1198671 (attr119910)119901119910(0)

119910isin119884)

(3)



119910isin119884)

(4)



119863119890119888119903119910119901119905119873119900119889119890 (CTℎAK1015840 119909) = 119890 (119863119911 119862119909)119890 (1198631015840119911 1198621015840119909)

= 119890 (1198921205741198671 (119911)119903119911 119892119901119909(0))119890 (119892119903119911 1198671 (attr119909)119901119909(0)) = 119890 (119892 119892)

120574119901119909(0) (5)



119865119909 = prod119899isin119878119909

119865119899Δ 1198951198781015840119909 (0)

= prod119899isin119878119909


= prod119899isin119878119909

119890 (119892 119892)119903sdot119901119909(119895)sdotΔ 1198951198781015840119909 (0) = 119890 (119892 119892)119903119901119909(0) (6)


119865 = 119863119890119888119903119910119901119905119873119900119889119890 (CTℎAK1015840 119877) = 119890 (119892 119892)120574119901119877(0)= 119890 (119892 119892)120574119904

(7)


119861 = 119890 (1198631 1198623)119890 (1198632 1198624) =119890 (119892120574ℎ120576 119892119904+119905)119890 (119892120576 ℎ119904+119905) = 119890 (119892 119892)120574(119904+119905)

119860 = 119861119865 =119890 (119892 119892)120574(119904+119905)119890 (119892 119892)120574119904 = 119890 (119892 119892)120574119905

(8)



119890 (119892120573119905 119892(120572+120574)120573) (9)






(10)







where


(120572 + 1198671 (ID119894))


1198671 (ID119894)) (12)


119890 (119906 V)119896 (13)




1198771 = 1198633 sdot 119908119887 = 1198921120593 sdot 1199081198871198772 = V119905

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1199051015840) sdot 119892119887(14)


11986210158401 = 1198621119890 (1198771 1198625) =HK sdot 119890 (119892 119892)120572119905119890 (1198921120593 sdot 119908119887 119892120593120572119905)

= HK sdot 119890 (119908119887 119892minus120593120572119905) (15)


RTℎ = (1198621015840 = 119862 = SEHK (119898ℎ) 11986210158401 = HK


1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1199051015840) sdot 119892119887 11986210158404 = 1198626 = 119908120593120572119905)

(16)


1198771 = 1198701 sdot 119908119897 = 1199061120587 sdot 1199081198971198772 = V119896

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1198961015840) sdot V119897(17)


11986210158401 = 1198621119890 (1198771 1198623) =CK sdot 119890 (119906 V)119896119890 (1199061120587 sdot 119908119897 V120587119896)

= CK sdot 119890 (119908119897 Vminus120587119896) (18)


RT119888 = (1198621015840 = 119862 = SECK (119898119888) 11986210158401 = CK


1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1198961015840) sdot V119897 11986210158404 = 1198624 = 119908120587119896)

(19)



1198701015840 = 119890 (119870 11986210158402) = 119890 (1199061(120572+1198671(ID1015840)) V1199051015840 sdot(120572+1198671(ID1015840)))= 119890 (119906 V)1199051015840

(20)


119885 = 119862101584031198672 (1198701015840) =1198672 (119890 (119906 V)1199051015840) sdot 1198921198871198672 (119890 (119906 V)1199051015840) = 119892119887 (21)







6 Security Analysis

























0

20

40

60

80

100

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)




0

50

100

150

200

250

300C

ompu

tatio

n tim

e (m

s)



8 Conclusion






Acknowledgments


References
































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation












3 Preliminaries





















Data owner

Healthcare analyzer

Social user

Data ownerSensor

Sensor

Social ciphertext

Health ciphertext

Social ciphertext

Health ciphertext



ciphertext

Authorization

H l h l d S i l l d

Social ciphertext

Health ciphertext

Data ownerSensor






























5 Construction




AK = (119863 = 119892(120572+120574)120573 1198631 = 119892120574ℎ120576 1198632 = 119892120576 1198633= 1198921120593 1198634 = 119892120593120572 1198635= 119908120593120572 119863119895 = 1198921205741198671 (119895)119903119895 1198631015840119895 = 119892119903119895119895isin119878)

(1)


SK = (119870 = 1198921(120572+1198671(119868119863)) 1198701 = 1199061120587 1198702 = V120587 1198703= 119908120587) (2)






CT1015840 = (119879 11986210158403 = 119892119904 11986210158404 = ℎ119904 1198627= 119862119910 = 119892119901119910(0) 1198621015840119910 = 1198671 (attr119910)119901119910(0)

119910isin119884)

(3)



119910isin119884)

(4)



119863119890119888119903119910119901119905119873119900119889119890 (CTℎAK1015840 119909) = 119890 (119863119911 119862119909)119890 (1198631015840119911 1198621015840119909)

= 119890 (1198921205741198671 (119911)119903119911 119892119901119909(0))119890 (119892119903119911 1198671 (attr119909)119901119909(0)) = 119890 (119892 119892)

120574119901119909(0) (5)



119865119909 = prod119899isin119878119909

119865119899Δ 1198951198781015840119909 (0)

= prod119899isin119878119909


= prod119899isin119878119909

119890 (119892 119892)119903sdot119901119909(119895)sdotΔ 1198951198781015840119909 (0) = 119890 (119892 119892)119903119901119909(0) (6)


119865 = 119863119890119888119903119910119901119905119873119900119889119890 (CTℎAK1015840 119877) = 119890 (119892 119892)120574119901119877(0)= 119890 (119892 119892)120574119904

(7)


119861 = 119890 (1198631 1198623)119890 (1198632 1198624) =119890 (119892120574ℎ120576 119892119904+119905)119890 (119892120576 ℎ119904+119905) = 119890 (119892 119892)120574(119904+119905)

119860 = 119861119865 =119890 (119892 119892)120574(119904+119905)119890 (119892 119892)120574119904 = 119890 (119892 119892)120574119905

(8)



119890 (119892120573119905 119892(120572+120574)120573) (9)






(10)







where


(120572 + 1198671 (ID119894))


1198671 (ID119894)) (12)


119890 (119906 V)119896 (13)




1198771 = 1198633 sdot 119908119887 = 1198921120593 sdot 1199081198871198772 = V119905

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1199051015840) sdot 119892119887(14)


11986210158401 = 1198621119890 (1198771 1198625) =HK sdot 119890 (119892 119892)120572119905119890 (1198921120593 sdot 119908119887 119892120593120572119905)

= HK sdot 119890 (119908119887 119892minus120593120572119905) (15)


RTℎ = (1198621015840 = 119862 = SEHK (119898ℎ) 11986210158401 = HK


1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1199051015840) sdot 119892119887 11986210158404 = 1198626 = 119908120593120572119905)

(16)


1198771 = 1198701 sdot 119908119897 = 1199061120587 sdot 1199081198971198772 = V119896

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1198961015840) sdot V119897(17)


11986210158401 = 1198621119890 (1198771 1198623) =CK sdot 119890 (119906 V)119896119890 (1199061120587 sdot 119908119897 V120587119896)

= CK sdot 119890 (119908119897 Vminus120587119896) (18)


RT119888 = (1198621015840 = 119862 = SECK (119898119888) 11986210158401 = CK


1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1198961015840) sdot V119897 11986210158404 = 1198624 = 119908120587119896)

(19)



1198701015840 = 119890 (119870 11986210158402) = 119890 (1199061(120572+1198671(ID1015840)) V1199051015840 sdot(120572+1198671(ID1015840)))= 119890 (119906 V)1199051015840

(20)


119885 = 119862101584031198672 (1198701015840) =1198672 (119890 (119906 V)1199051015840) sdot 1198921198871198672 (119890 (119906 V)1199051015840) = 119892119887 (21)







6 Security Analysis

























0

20

40

60

80

100

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)




0

50

100

150

200

250

300C

ompu

tatio

n tim

e (m

s)



8 Conclusion






Acknowledgments


References
































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











Data owner

Healthcare analyzer

Social user

Data ownerSensor

Sensor

Social ciphertext

Health ciphertext

Social ciphertext

Health ciphertext



ciphertext

Authorization

H l h l d S i l l d

Social ciphertext

Health ciphertext

Data ownerSensor






























5 Construction




AK = (119863 = 119892(120572+120574)120573 1198631 = 119892120574ℎ120576 1198632 = 119892120576 1198633= 1198921120593 1198634 = 119892120593120572 1198635= 119908120593120572 119863119895 = 1198921205741198671 (119895)119903119895 1198631015840119895 = 119892119903119895119895isin119878)

(1)


SK = (119870 = 1198921(120572+1198671(119868119863)) 1198701 = 1199061120587 1198702 = V120587 1198703= 119908120587) (2)






CT1015840 = (119879 11986210158403 = 119892119904 11986210158404 = ℎ119904 1198627= 119862119910 = 119892119901119910(0) 1198621015840119910 = 1198671 (attr119910)119901119910(0)

119910isin119884)

(3)



119910isin119884)

(4)



119863119890119888119903119910119901119905119873119900119889119890 (CTℎAK1015840 119909) = 119890 (119863119911 119862119909)119890 (1198631015840119911 1198621015840119909)

= 119890 (1198921205741198671 (119911)119903119911 119892119901119909(0))119890 (119892119903119911 1198671 (attr119909)119901119909(0)) = 119890 (119892 119892)

120574119901119909(0) (5)



119865119909 = prod119899isin119878119909

119865119899Δ 1198951198781015840119909 (0)

= prod119899isin119878119909


= prod119899isin119878119909

119890 (119892 119892)119903sdot119901119909(119895)sdotΔ 1198951198781015840119909 (0) = 119890 (119892 119892)119903119901119909(0) (6)


119865 = 119863119890119888119903119910119901119905119873119900119889119890 (CTℎAK1015840 119877) = 119890 (119892 119892)120574119901119877(0)= 119890 (119892 119892)120574119904

(7)


119861 = 119890 (1198631 1198623)119890 (1198632 1198624) =119890 (119892120574ℎ120576 119892119904+119905)119890 (119892120576 ℎ119904+119905) = 119890 (119892 119892)120574(119904+119905)

119860 = 119861119865 =119890 (119892 119892)120574(119904+119905)119890 (119892 119892)120574119904 = 119890 (119892 119892)120574119905

(8)



119890 (119892120573119905 119892(120572+120574)120573) (9)






(10)







where


(120572 + 1198671 (ID119894))


1198671 (ID119894)) (12)


119890 (119906 V)119896 (13)




1198771 = 1198633 sdot 119908119887 = 1198921120593 sdot 1199081198871198772 = V119905

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1199051015840) sdot 119892119887(14)


11986210158401 = 1198621119890 (1198771 1198625) =HK sdot 119890 (119892 119892)120572119905119890 (1198921120593 sdot 119908119887 119892120593120572119905)

= HK sdot 119890 (119908119887 119892minus120593120572119905) (15)


RTℎ = (1198621015840 = 119862 = SEHK (119898ℎ) 11986210158401 = HK


1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1199051015840) sdot 119892119887 11986210158404 = 1198626 = 119908120593120572119905)

(16)


1198771 = 1198701 sdot 119908119897 = 1199061120587 sdot 1199081198971198772 = V119896

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1198961015840) sdot V119897(17)


11986210158401 = 1198621119890 (1198771 1198623) =CK sdot 119890 (119906 V)119896119890 (1199061120587 sdot 119908119897 V120587119896)

= CK sdot 119890 (119908119897 Vminus120587119896) (18)


RT119888 = (1198621015840 = 119862 = SECK (119898119888) 11986210158401 = CK


1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1198961015840) sdot V119897 11986210158404 = 1198624 = 119908120587119896)

(19)



1198701015840 = 119890 (119870 11986210158402) = 119890 (1199061(120572+1198671(ID1015840)) V1199051015840 sdot(120572+1198671(ID1015840)))= 119890 (119906 V)1199051015840

(20)


119885 = 119862101584031198672 (1198701015840) =1198672 (119890 (119906 V)1199051015840) sdot 1198921198871198672 (119890 (119906 V)1199051015840) = 119892119887 (21)







6 Security Analysis

























0

20

40

60

80

100

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)




0

50

100

150

200

250

300C

ompu

tatio

n tim

e (m

s)



8 Conclusion






Acknowledgments


References
































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation


















5 Construction




AK = (119863 = 119892(120572+120574)120573 1198631 = 119892120574ℎ120576 1198632 = 119892120576 1198633= 1198921120593 1198634 = 119892120593120572 1198635= 119908120593120572 119863119895 = 1198921205741198671 (119895)119903119895 1198631015840119895 = 119892119903119895119895isin119878)

(1)


SK = (119870 = 1198921(120572+1198671(119868119863)) 1198701 = 1199061120587 1198702 = V120587 1198703= 119908120587) (2)






CT1015840 = (119879 11986210158403 = 119892119904 11986210158404 = ℎ119904 1198627= 119862119910 = 119892119901119910(0) 1198621015840119910 = 1198671 (attr119910)119901119910(0)

119910isin119884)

(3)



119910isin119884)

(4)



119863119890119888119903119910119901119905119873119900119889119890 (CTℎAK1015840 119909) = 119890 (119863119911 119862119909)119890 (1198631015840119911 1198621015840119909)

= 119890 (1198921205741198671 (119911)119903119911 119892119901119909(0))119890 (119892119903119911 1198671 (attr119909)119901119909(0)) = 119890 (119892 119892)

120574119901119909(0) (5)



119865119909 = prod119899isin119878119909

119865119899Δ 1198951198781015840119909 (0)

= prod119899isin119878119909


= prod119899isin119878119909

119890 (119892 119892)119903sdot119901119909(119895)sdotΔ 1198951198781015840119909 (0) = 119890 (119892 119892)119903119901119909(0) (6)


119865 = 119863119890119888119903119910119901119905119873119900119889119890 (CTℎAK1015840 119877) = 119890 (119892 119892)120574119901119877(0)= 119890 (119892 119892)120574119904

(7)


119861 = 119890 (1198631 1198623)119890 (1198632 1198624) =119890 (119892120574ℎ120576 119892119904+119905)119890 (119892120576 ℎ119904+119905) = 119890 (119892 119892)120574(119904+119905)

119860 = 119861119865 =119890 (119892 119892)120574(119904+119905)119890 (119892 119892)120574119904 = 119890 (119892 119892)120574119905

(8)



119890 (119892120573119905 119892(120572+120574)120573) (9)






(10)







where


(120572 + 1198671 (ID119894))


1198671 (ID119894)) (12)


119890 (119906 V)119896 (13)




1198771 = 1198633 sdot 119908119887 = 1198921120593 sdot 1199081198871198772 = V119905

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1199051015840) sdot 119892119887(14)


11986210158401 = 1198621119890 (1198771 1198625) =HK sdot 119890 (119892 119892)120572119905119890 (1198921120593 sdot 119908119887 119892120593120572119905)

= HK sdot 119890 (119908119887 119892minus120593120572119905) (15)


RTℎ = (1198621015840 = 119862 = SEHK (119898ℎ) 11986210158401 = HK


1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1199051015840) sdot 119892119887 11986210158404 = 1198626 = 119908120593120572119905)

(16)


1198771 = 1198701 sdot 119908119897 = 1199061120587 sdot 1199081198971198772 = V119896

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1198961015840) sdot V119897(17)


11986210158401 = 1198621119890 (1198771 1198623) =CK sdot 119890 (119906 V)119896119890 (1199061120587 sdot 119908119897 V120587119896)

= CK sdot 119890 (119908119897 Vminus120587119896) (18)


RT119888 = (1198621015840 = 119862 = SECK (119898119888) 11986210158401 = CK


1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1198961015840) sdot V119897 11986210158404 = 1198624 = 119908120587119896)

(19)



1198701015840 = 119890 (119870 11986210158402) = 119890 (1199061(120572+1198671(ID1015840)) V1199051015840 sdot(120572+1198671(ID1015840)))= 119890 (119906 V)1199051015840

(20)


119885 = 119862101584031198672 (1198701015840) =1198672 (119890 (119906 V)1199051015840) sdot 1198921198871198672 (119890 (119906 V)1199051015840) = 119892119887 (21)







6 Security Analysis

























0

20

40

60

80

100

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)




0

50

100

150

200

250

300C

ompu

tatio

n tim

e (m

s)



8 Conclusion






Acknowledgments


References
































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











CT1015840 = (119879 11986210158403 = 119892119904 11986210158404 = ℎ119904 1198627= 119862119910 = 119892119901119910(0) 1198621015840119910 = 1198671 (attr119910)119901119910(0)

119910isin119884)

(3)



119910isin119884)

(4)



119863119890119888119903119910119901119905119873119900119889119890 (CTℎAK1015840 119909) = 119890 (119863119911 119862119909)119890 (1198631015840119911 1198621015840119909)

= 119890 (1198921205741198671 (119911)119903119911 119892119901119909(0))119890 (119892119903119911 1198671 (attr119909)119901119909(0)) = 119890 (119892 119892)

120574119901119909(0) (5)



119865119909 = prod119899isin119878119909

119865119899Δ 1198951198781015840119909 (0)

= prod119899isin119878119909


= prod119899isin119878119909

119890 (119892 119892)119903sdot119901119909(119895)sdotΔ 1198951198781015840119909 (0) = 119890 (119892 119892)119903119901119909(0) (6)


119865 = 119863119890119888119903119910119901119905119873119900119889119890 (CTℎAK1015840 119877) = 119890 (119892 119892)120574119901119877(0)= 119890 (119892 119892)120574119904

(7)


119861 = 119890 (1198631 1198623)119890 (1198632 1198624) =119890 (119892120574ℎ120576 119892119904+119905)119890 (119892120576 ℎ119904+119905) = 119890 (119892 119892)120574(119904+119905)

119860 = 119861119865 =119890 (119892 119892)120574(119904+119905)119890 (119892 119892)120574119904 = 119890 (119892 119892)120574119905

(8)



119890 (119892120573119905 119892(120572+120574)120573) (9)






(10)







where


(120572 + 1198671 (ID119894))


1198671 (ID119894)) (12)


119890 (119906 V)119896 (13)




1198771 = 1198633 sdot 119908119887 = 1198921120593 sdot 1199081198871198772 = V119905

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1199051015840) sdot 119892119887(14)


11986210158401 = 1198621119890 (1198771 1198625) =HK sdot 119890 (119892 119892)120572119905119890 (1198921120593 sdot 119908119887 119892120593120572119905)

= HK sdot 119890 (119908119887 119892minus120593120572119905) (15)


RTℎ = (1198621015840 = 119862 = SEHK (119898ℎ) 11986210158401 = HK


1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1199051015840) sdot 119892119887 11986210158404 = 1198626 = 119908120593120572119905)

(16)


1198771 = 1198701 sdot 119908119897 = 1199061120587 sdot 1199081198971198772 = V119896

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1198961015840) sdot V119897(17)


11986210158401 = 1198621119890 (1198771 1198623) =CK sdot 119890 (119906 V)119896119890 (1199061120587 sdot 119908119897 V120587119896)

= CK sdot 119890 (119908119897 Vminus120587119896) (18)


RT119888 = (1198621015840 = 119862 = SECK (119898119888) 11986210158401 = CK


1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1198961015840) sdot V119897 11986210158404 = 1198624 = 119908120587119896)

(19)



1198701015840 = 119890 (119870 11986210158402) = 119890 (1199061(120572+1198671(ID1015840)) V1199051015840 sdot(120572+1198671(ID1015840)))= 119890 (119906 V)1199051015840

(20)


119885 = 119862101584031198672 (1198701015840) =1198672 (119890 (119906 V)1199051015840) sdot 1198921198871198672 (119890 (119906 V)1199051015840) = 119892119887 (21)







6 Security Analysis

























0

20

40

60

80

100

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)




0

50

100

150

200

250

300C

ompu

tatio

n tim

e (m

s)



8 Conclusion






Acknowledgments


References
































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation














where


(120572 + 1198671 (ID119894))


1198671 (ID119894)) (12)


119890 (119906 V)119896 (13)




1198771 = 1198633 sdot 119908119887 = 1198921120593 sdot 1199081198871198772 = V119905

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1199051015840) sdot 119892119887(14)


11986210158401 = 1198621119890 (1198771 1198625) =HK sdot 119890 (119892 119892)120572119905119890 (1198921120593 sdot 119908119887 119892120593120572119905)

= HK sdot 119890 (119908119887 119892minus120593120572119905) (15)


RTℎ = (1198621015840 = 119862 = SEHK (119898ℎ) 11986210158401 = HK


1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1199051015840) sdot 119892119887 11986210158404 = 1198626 = 119908120593120572119905)

(16)


1198771 = 1198701 sdot 119908119897 = 1199061120587 sdot 1199081198971198772 = V119896

1015840 sdot(120572+1198671(ID1015840))

1198773 = 1198672 (119890 (119906 V)1198961015840) sdot V119897(17)


11986210158401 = 1198621119890 (1198771 1198623) =CK sdot 119890 (119906 V)119896119890 (1199061120587 sdot 119908119897 V120587119896)

= CK sdot 119890 (119908119897 Vminus120587119896) (18)


RT119888 = (1198621015840 = 119862 = SECK (119898119888) 11986210158401 = CK


1015840)) 11986210158403 = 1198773= 1198672 (119890 (119906 V)1198961015840) sdot V119897 11986210158404 = 1198624 = 119908120587119896)

(19)



1198701015840 = 119890 (119870 11986210158402) = 119890 (1199061(120572+1198671(ID1015840)) V1199051015840 sdot(120572+1198671(ID1015840)))= 119890 (119906 V)1199051015840

(20)


119885 = 119862101584031198672 (1198701015840) =1198672 (119890 (119906 V)1199051015840) sdot 1198921198871198672 (119890 (119906 V)1199051015840) = 119892119887 (21)







6 Security Analysis

























0

20

40

60

80

100

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)




0

50

100

150

200

250

300C

ompu

tatio

n tim

e (m

s)



8 Conclusion






Acknowledgments


References
































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation















6 Security Analysis

























0

20

40

60

80

100

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)




0

50

100

150

200

250

300C

ompu

tatio

n tim

e (m

s)



8 Conclusion






Acknowledgments


References
































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation

























0

20

40

60

80

100

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)






0

50

100

150

200

250

300

Com

puta

tion

time (

ms)




0

50

100

150

200

250

300C

ompu

tatio

n tim

e (m

s)



8 Conclusion






Acknowledgments


References
































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation













Acknowledgments


References
































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation

















RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









secure and privacy-preserving data sharing and collaboration in...

Documents