Jiang et al. J Surveill Secur Saf 2020;1:61-78  I  http://dx.doi.org/10.20517/jsss.2020.09                                          Page 63

               Motivation of this paper: Medical data include patients’ information such as admissions, discharges,
               transfers, e-health system patient records, diagnoses, treatments, medical images, economic/financial
               data, and so on. The quality, confidentiality, and integrity of medical data will affect the real-time, short-
               term, and long-term performance of the application. First, it will directly affect the daily management
               and treatment of patients. Second, the application of software and systems for obtaining information and
               decision support may be affected. Third, there are unknown impacts data storage failure may cause on
               medical research which can lead to irreparable consequences. At present, researchers have designed many
               protection schemes for data in the cloud. However, there is no complete data protection scheme specially
               designed for medical data.


               1.1  Our contributions
               To solve the above security protection problem of cloud medical data, this paper designs a one-way
               anonymous auditing protocol in the e-health system. The contributions of this paper can be summarized as
               follows.


               1.1 1  A novel stereo storage structure is proposed to assist the auditing protocol in the e-health system
               As stated above, medical data consists of a variety of data types. Therefore, we propose a novel data storage
               structure to store medical data, which can achieve fast search of data. In addition, the design of this
               structure saves the storage overhead of index tables.

               1.1.2  A one-way anonymous e-health system model is presented
               In view of the current status of the medical environment, for better protection of the privacy of patients, we
               propose an e-health system model that supports one-way anonymity, which means patients in this system
               model can keep their identities anonymous. Simultaneously, medical personnel identity information is
               disclosed in the system, so that patients can find the responsible person when a medical accident occurs.

               1.1.3  An auditing protocol aiming to support both physician and patient validation is provided
               This scheme innovatively enables patients and attending physicians to independently verify the integrity
               of their commonly relevant medical data. In other words, both patients and their attending physicians
               can verify whether medical data file in the cloud is correct and complete. In addition, it can promote
               information exchange and mutual supervision between physicians and patients.


               1.2 Related works
               In the past few years, data integrity in the cloud has received much attention as a core security issue.
               Hereafter, abundant security models and data protection schemes have been proposed by researchers
                                                                                                        [12]
               around the world to solve the integrity audit problem of outsourced data [10,11] . In 2003, Deswarte et al.
               first put forward the theoretical model of remote verification of data integrity of untrusted servers based
               on the Diffie-Hellman key agreement protocol. The proposed model consists of only two entities, the user
               and the cloud server provider. The user can directly initiate data integrity verification to the cloud service
               provider, laying a foundation for the subsequent cloud data auditing protocol. At that time, cloud storage
               was not yet widespread, and only a few users outsourced a small amount of data on remote servers, so that
               the protocol did not take into account a situation where a large community of users are storing a great deal
               of data on cloud servers which we see today. Once the data stored by the user on the remote server is too
               large, the computing overhead on the user side cannot be borne by ordinary computers, and the protocol
               cannot work normally. Thus, to solve that problem, a third-party auditor entity is introduced to validate the
               integrity of the outsourced data in the cloud.


               With a growing number of users using the storage service on the cloud, cloud data auditing protocols are
                                                                                                        [13]
               rapidly being developed, and many scholars are proposing plentiful valuable solutions. In 2007, Ateniese et al.