Blockchain-Enabled EHR Framework for Internet of Medical Things

The Internet of Medical Things (IoMT) offers an infrastructure made of smart medical equipment and software applications for healthcare services. Through the internet, the IoMT is capable of providing remote medical diagnosis and timely health services. The patients can use their smart devices to create, store and share their electronic health records (EHR) with a variety of medical personnel including medical doctors and nurses. However, unless the underlying commination within IoMT is secured, malicious users can intercept, modify and even delete the sensitive EHR data of patients. Patients also lose full control of their EHR since most healthcare services within IoMT are constructed under a centralized platform outsourced in the cloud. Therefore, it is appealing to design a decentralized, auditable and secure EHR system that guarantees absolute access control for the patients while ensuring privacy and security. Using the features of blockchain including decentralization, auditability and immutability, we propose a secure EHR framework which is mainly maintained by the medical centers. In this framework, the patients’ EHR data are encrypted and stored in the servers of medical institutions while the corresponding hash values are kept on the blockchain. We make use of security primitives to offer authentication, integrity and confidentiality of EHR data while access control and immutability is guaranteed by the blockchain technology. The security analysis and performance evaluation of the proposed framework confirms its efficiency.     

An End-to-End Authentication Scheme for Healthcare IoT Systems Using WMSN

The healthcare internet of things (IoT) system has dramatically reshaped this important industry sector. This system employs the latest technology of IoT and wireless medical sensor networks to support the reliable connection of patients and healthcare providers. The goal is the remote monitoring of a patient’s physiological data by physicians. Moreover, this system can reduce the number and expenses of healthcare centers, make up for the shortage of healthcare centers in remote areas, enable consultation with expert physicians around the world, and increase the health awareness of communities. The major challenges that affect the rapid deployment and widespread acceptance of such a system are the weaknesses in the authentication process, which should maintain the privacy of patients, and the integrity of remote medical instructions. Current research results indicate the need of a flexible authentication scheme. This study proposes a scheme with enhanced security for healthcare IoT systems, called an end-to-end authentication scheme for healthcare IoT systems, that is, an E2EA. The proposed scheme supports security services such as a strong and flexible authentication process, simultaneous anonymity of the patient and physician, and perfect forward secrecy services. A security analysis based on formal and informal methods demonstrates that the proposed scheme can resist numerous security-related attacks. A comparison with related authentication schemes shows that the proposed scheme is efficient in terms of communication, computation, and storage, and therefore cannot only offer attractive security services but can reasonably be applied to healthcare IoT systems.     

基于统一社会信用代码的移动终端机构身份认证关键技术研究

本文立足于统一社会信用代码的基本特性，结合WPKI为技术核心的移动安全认证技术体系，提出一种基于移动终端的机构身份认证技术解决方案，搭建一套移动终端的身份认证技术框架，为组织机构开展移动终端网上办事、电子商务、电子政务等活动提供安全、高效、可靠的身份认证技术支撑，拓展统一社会信用代码在社会治理和经济活动中的应用。     

ExpressionHash: Securing Telecare Medical Information Systems Using BioHashing

The COVID-19 outbreak and its medical distancing phenomenon have effectively turned the global healthcare challenge into an opportunity for Telecare Medical Information Systems. Such systems employ the latest mobile and digital technologies and provide several advantages like minimal physical contact between patient and healthcare provider, easy mobility, easy access, consistent patient engagement, and cost-effectiveness. Any leakage or unauthorized access to users’ medical data can have serious consequences for any medical information system. The majority of such systems thus rely on biometrics for authenticated access but biometric systems are also prone to a variety of attacks like spoofing, replay, Masquerade, and stealing of stored templates. In this article, we propose a new cancelable biometric approach which has tentatively been named as “Expression Hash” for Telecare Medical Information Systems. The idea is to hash the expression templates with a set of pseudo-random keys which would provide a unique code (expression hash). This code can then be serving as a template for verification. Different expressions would result in different sets of expression hash codes, which could be used in different applications and for different roles of each individual. The templates are stored on the server-side and the processing is also performed on the server-side. The proposed technique is a multi-factor authentication system and provides advantages like enhanced privacy and security without the need for multiple biometric devices. In the case of compromise, the existing code can be revoked and can be directly replaced by a new set of expression hash code. The well-known JAFFE (The Japanese Female Facial Expression) dataset has been for empirical testing and the results advocate for the efficacy of the proposed approach.     

A Novel Anonymous Authentication Scheme Based on Edge Computing in Internet of Vehicles

The vehicular cloud computing is an emerging technology that changes vehicle communication and underlying traffic management applications. However, cloud computing has disadvantages such as high delay, low privacy and high communication cost, which can not meet the needs of real-time interactive information of Internet of vehicles. Ensuring security and privacy in Internet of Vehicles is also regarded as one of its most important challenges. Therefore, in order to ensure the user information security and improve the real-time of vehicle information interaction, this paper proposes an anonymous authentication scheme based on edge computing. In this scheme, the concept of edge computing is introduced into the Internet of vehicles, which makes full use of the redundant computing power and storage capacity of idle edge equipment. The edge vehicle nodes are determined by simple algorithm of defining distance and resources, and the improved RSA encryption algorithm is used to encrypt the user information. The improved RSA algorithm encrypts the user information by reencrypting the encryption parameters . Compared with the traditional RSA algorithm, it can resist more attacks, so it is used to ensure the security of user information. It can not only protect the privacy of vehicles, but also avoid anonymous abuse. Simulation results show that the proposed scheme has lower computational complexity and communication overhead than the traditional anonymous scheme.     

Efficient Hierarchical Multi-Server Authentication Protocol for Mobile Cloud Computing

With the development of communication technologies, various mobile devices and different types of mobile services became available. The emergence of these services has brought great convenience to our lives. The multi-server architecture authentication protocols for mobile cloud computing were proposed to ensure the security and availability between mobile devices and mobile services. However, most of the protocols did not consider the case of hierarchical authentication. In the existing protocol, when a mobile user once registered at the registration center, he/she can successfully authenticate with all mobile service providers that are registered at the registration center, but real application scenarios are not like this. For some specific scenarios, some mobile service providers want to provide service only for particular users. For this reason, we propose a new hierarchical multi-server authentication protocol for mobile cloud computing. The proposed protocol ensures only particular types of users can successfully authenticate with certain types of mobile service providers. The proposed protocol reduces computing and communication costs by up to 42.6% and 54.2% compared to two superior protocols. The proposed protocol can also resist the attacks known so far.     

Secure Multifactor Remote Access User Authentication Framework for IoT Networks

The term IoT refers to the interconnection and exchange of data among devices/sensors. IoT devices are often small, low cost, and have limited resources. The IoT issues and challenges are growing increasingly. Security and privacy issues are among the most important concerns in IoT applications, such as smart buildings. Remote cybersecurity attacks are the attacks which do not require physical access to the IoT networks, where the attacker can remotely access and communicate with the IoT devices through a wireless communication channel. Thus, remote cybersecurity attacks are a significant threat. Emerging applications in smart environments such as smart buildings require remote access for both users and resources. Since the user/building communication channel is insecure, a lightweight and secure authentication protocol is required. In this paper, we propose a new secure remote user mutual authentication protocol based on transitory identities and multi-factor authentication for IoT smart building environment. The protocol ensures that only legitimate users can authenticate with smart building controllers in an anonymous, unlinkable, and untraceable manner. The protocol also avoids clock synchronization problem and can resist quantum computing attacks. The security of the protocol is evaluated using two different methods: (1) informal analysis; (2) model check using the automated validation of internet security protocols and applications (AVISPA) toolkit. The communication overhead and computational cost of the proposed are analyzed. The security and performance analysis show that our protocol is secure and efficient.     

基于接入控制器模式的公共无线局域网安全体系设计

公共无线局域网面临网络安全、用户数据保护、身份认证、移动管理及网络服务等多方面的挑战。将现有的公共无线局域网分为WISP—owned,Operator—owned以及for Enterprise 3种类型,并分别讨论了各种类型的特征及其架构。在此基础上提出一种基于接入控制器模式的通用安全体系,可应用于目前大多数类型的公共无线局域网。提出了一种802．1X和Web认证的混合型认证协议,该协议在进行Web认证时将利用802．1X协商后产生的密钥进行,可有效地抵抗窃取服务、基站伪装、消息窃听等攻击,并与现有公共无线局域网Web认证相兼容。     

Authentication mechanism over the integrated UMTS network and WLAN platform using the cross-layer bootstrap

The 3G mobile data network provides always-on and ubiquitous connectivity for subscribers. Although the service coverage area in wireless local area network (WLAN) is much smaller than that in a 3G mobile data network, the data transmission rate in WLAN can be from 2 to 54 Mbps, which is much faster than 3G mobile network. Obviously, the relationship between the 3G mobile data network and WLAN is complementary in terms of service coverage and data transmission rate. Therefore integration of 3G mobile network and WLAN can offer subscribers higher speed wireless service in hot spots and ubiquitous connectivity in 3G mobile data network. An authentication mechanism over the loose coupled integration mechanism using a cross-layer bootstrap is proposed. The benefits of the proposed mechanism are (a) integrating Universal Mobile Telecommunication System network and WLAN using the existing protocols denned in 3GPP, IETF and IEEE 802. Hi, (b) the use of the Extension Authentication Protocol authentication method is flexible, (c) reduction of the authentication signalling when a subscriber roams from one access point (AP) to another AP and (d) user identity privacy protection.     

Lightweight Authentication Protocol Based on Physical Unclonable Function

In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.     

Security policies and trust in ubiquitous computing

Ubiquitous environments comprise resource-constrained mobile and wearable devices and computational elements embedded in everyday artefacts. These are connected to each other using both infrastructure-based as well as short-range ad hoc networks. Limited Internet connectivity limits the use of conventional security mechanisms such as public key infrastructures and other forms of server-centric authentication. Under these circumstances, peer-to-peer interactions are well suited for not just information interchange, but also managing security and privacy. However, practical solutions for protecting mobile devices, preserving privacy, evaluating trust and determining the reliability and accuracy of peer-provided data in such interactions are still in their infancy. Our research is directed towards providing stronger assurances of the reliability and trustworthiness of information and services, and the use of declarative policy-driven approaches to handle the open and dynamic nature of such systems. This paper provides an overview of some of the challenges and issues, and points out directions for progress.     

Lightweight Mobile Clients Privacy Protection Using Trusted Execution Environments for Blockchain

Nowadays, as lightweight mobile clients become more powerful and widely used, more and more information is stored on lightweight mobile clients, user sensitive data privacy protection has become an urgent concern and problem to be solved. There has been a corresponding rise of security solutions proposed by researchers, however, the current security mechanisms on lightweight mobile clients are proven to be fragile. Due to the fact that this research field is immature and still unexplored in-depth, with this paper, we aim to provide a structured and comprehensive study on privacy protection using trusted execution environment (TEE) for lightweight mobile clients. This paper presents a highly effective and secure lightweight mobile client privacy protection system that utilizes TEE to provide a new method for privacy protection. In particular, the prototype of Lightweight Mobile Clients Privacy Protection Using Trusted Execution Environments (LMCPTEE) is built using Intel software guard extensions (SGX) because SGX can guarantee the integrity, confidentiality, and authenticity of private data. By putting lightweight mobile client critical data on SGX, the security and privacy of client data can be greatly improved. We design the authentication mechanism and privacy protection strategy based on SGX to achieve hardware-enhanced data protection and make a trusted connection with the lightweight mobile clients, thus build the distributed trusted system architecture. The experiment demonstrates that without relying on the performance of the blockchain, the LMCPTEE is practical, feasible, low-performance overhead. It can guarantee the privacy and security of lightweight mobile client private data.     

An intelligent IoT with cloud centric medical decision support system for chronic kidney disease prediction

At present days, Internet of Things (IoT) and cloud platforms become widely used in various healthcare applications. The enormous quantity of data produced by the IoT devices in the healthcare sector can be examined on the cloud platform instead of dependent on restricted storage and computation resources exist in the mobile gadgets. For offering effective medicinal services, in this article, an online medical decision support system (OMDSS) is introduced for chronic kidney disease (CKD) prediction. The presented model involves a set of stages namely data gathering, preprocessing, and classification of medical data for the prediction of CKD. For classification, logistic regression (LR) model is applied for classifying the data instances into CKD and non-CKD. In addition, for tuning the parameters of LR, Adaptive Moment Estimation (Adam), and adaptive learning rate optimization algorithm is applied. The performance of the introduced model is examined using a benchmark CKD dataset. The experimental outcome observed the superior characteristics of the presented model on the applied dataset.     

Privacy Protection Algorithm for the Internet of Vehicles Based on Local Differential Privacy and Game Model

In recent years, with the continuous advancement of the intelligent process of the Internet of Vehicles (IoV), the problem of privacy leakage in IoV has become increasingly prominent. The research on the privacy protection of the IoV has become the focus of the society. This paper analyzes the advantages and disadvantages of the existing location privacy protection system structure and algorithms, proposes a privacy protection system structure based on untrusted data collection server, and designs a vehicle location acquisition algorithm based on a local differential privacy and game model. The algorithm first meshes the road network space. Then, the dynamic game model is introduced into the game user location privacy protection model and the attacker location semantic inference model, thereby minimizing the possibility of exposing the regional semantic privacy of the k-location set while maximizing the availability of the service. On this basis, a statistical method is designed, which satisfies the local differential privacy of k-location sets and obtains unbiased estimation of traffic density in different regions. Finally, this paper verifies the algorithm based on the data set of mobile vehicles in Shanghai. The experimental results show that the algorithm can guarantee the user’s location privacy and location semantic privacy while satisfying the service quality requirements, and provide better privacy protection and service for the users of the IoV.     

Why do people want to use location-based application for emergency situations? The extension of UTAUT perspectives

This study aims to determine the factors that influence user intention to use location-based emergency applications. The Unified Theory of Acceptance and Use of Technology (UTAUT) is used as a fundamental theory by adding other relevant variables: trust, privacy concern, and fear of crime. Data were collected through questionnaires distributed to the users of the X-Igent Panic Button application. A total of 348 data were collected online using random sampling and processed using structural equation modeling. This study concludes that this application adoption's determinant factors are performance expectancy, trust, social influence, fear of crime, and collection as privacy concerns. These factors become significant predictors of behavioral intention by explaining about 60.5% of the total variation. The study also concludes that trust in services or service providers has the most significant positive impact on the behavioral intention to use location-based mobile applications in emergencies.     

基于用户自助理念的医疗服务系统设计研究

目的论述用户自助理念下构建医疗服务系统的可行性与必要性,探讨更具合理性、人性化的医疗系统服务设计,致力于给患者带来更好的医疗用户体验。方法运用服务设计中用户行程图的方法拆解用户就诊行为细节,论述现有医疗服务体系的不足之处,从用户行为角度出发,依靠互联网+,剖析每一类细节,设计一套更大程度满足用户需求的就医体验服务,并阐明设计的可实施性。结论用户自助式医疗服务体系能够创新医疗服务模式、优化医疗服务流程,使医疗机构资源配置更加合理,为用户构建一个便捷、智能、规范、可靠、开放的自助医疗服务环境。从用户出发、以用户为中心的自助式智慧医疗服务体系有助于提高医护人员工作效率、改善医患矛盾,提升患者用户体验。     

Efficient Authentication Scheme for UAV-Assisted Mobile Edge Computing

Preserving privacy is imperative in the new unmanned aerial vehicle (UAV)-assisted mobile edge computing (MEC) architecture to ensure that sensitive information is protected and kept secure throughout the communication. Simultaneously, efficiency must be considered while developing such a privacy-preserving scheme because the devices involved in these architectures are resource constrained. This study proposes a lightweight and efficient authentication scheme for the UAV-assisted MEC environment. The proposed scheme is a hardware-based password-less authentication mechanism that is based on the fact that temporal and memory-related efficiency can be significantly improved while maintaining the data security by adopting a hardware-based solution with a simple implementation. The proposed scheme works in four stages: system initialization, EU registration, EU authentication, and session establishment. It is implemented as a single hardware chip comprising registers and XOR gates, and it can run the entire process in one clock cycle. Consequently, the proposed scheme has significantly higher efficiency in terms of runtime and memory consumption compared to other prevalent methods in the area. Simulations are conducted to evaluate the proposed authentication algorithm. The results show that the scheme has an average execution time of 0.986 ms and consumes average memory of 34 KB. The hardware execution time is approximately 0.39 ns, which is a significantly less than the prevalent schemes, whose execution times range in milliseconds. Furthermore, the security of the proposed scheme is examined, and it is resistant to brute-force attacks. Around 1.158 × 10⁷⁷ trials are required to overcome the system’s security, which is not feasible using fastest available processors.     

User Profile System Based on Sentiment Analysis for Mobile Edge Computing

Emotions of users do not converge in a single application but are scattered across diverse applications. Mobile devices are the closest media for handling user data and these devices have the advantage of integrating private user information and emotions spread over different applications. In this paper, we first analyze user profile on a mobile device by describing the problem of the user sentiment profile system in terms of data granularity, media diversity, and server-side solution. Fine-grained data requires additional data and structural analysis in mobile devices. Media diversity requires standard parameters to integrate user data from various applications. A server-side solution presents a potential risk when handling individual privacy information. Therefore, in order to overcome these problems, we propose a general-purposed user profile system based on sentiment analysis that extracts individual emotional preferences by comparing the difference between public and individual data based on particular features. The proposed system is built based on a sentiment hierarchy, which is created by using unstructured data on mobile devices. It can compensate for the concentration of single media, and analyze individual private data without the invasion of privacy on mobile devices.     

Improved Multileader Optimization with Shadow Encryption for Medical Images in IoT Environment

Nowadays, security plays an important role in Internet of Things (IoT) environment especially in medical services’ domains like disease prediction and medical data storage. In healthcare sector, huge volumes of data are generated on a daily basis, owing to the involvement of advanced health care devices. In general terms, health care images are highly sensitive to alterations due to which any modifications in its content can result in faulty diagnosis. At the same time, it is also significant to maintain the delicate contents of health care images during reconstruction stage. Therefore, an encryption system is required in order to raise the privacy and security of healthcare data by not leaking any sensitive data. The current study introduces Improved Multileader Optimization with Shadow Image Encryption for Medical Image Security (IMLOSIE-MIS) technique for IoT environment. The aim of the proposed IMLOSIE-MIS model is to accomplish security by generating shadows and encrypting them effectively. To do so, the presented IMLOSIE-MIS model initially generates a set of shadows for every input medical image. Besides, shadow image encryption process takes place with the help of Multileader Optimization (MLO) with Homomorphic Encryption (IMLO-HE) technique, where the optimal keys are generated with the help of MLO algorithm. On the receiver side, decryption process is initially carried out and shadow image reconstruction process is conducted. The experimentation analysis was carried out on medical images and the results inferred that the proposed IMLOSIE-MIS model is an excellent performer compared to other models. The comparison study outcomes demonstrate that IMLOSIE-MIS model is robust and offers high security in IoT-enabled healthcare environment.     

Evolution of connected health: a network perspective

In this study, the evolution of the connected health concept is analysed and visualized to investigate the ever-tightening relationship between health and technology as well as emerging possibilities regarding delivery of healthcare services. A scientometric analysis was undertaken to investigate the trends and evolutionary relations between health and information systems through the queries in the Web of Science database using terms related to health and information systems. To understand the evolutionary relation between different concepts, scientometric analyses were conducted within five-year intervals using the VantagePoint, SciMAT, and CiteSpace II software. Consequently, the main stream of publications related to the connected health concept matching telemedicine cluster was determined. All other developments in health and technologies were discussed around this main stream across years. The trends obtained through the analysis provide insights about the future of healthcare and technology relationship particularly with rising importance of privacy, personalized care along with mobile networks and mobile infrastructure.