Page 72 - Read Online
P. 72
Jiang et al. J Surveill Secur Saf 2020;1:61-78 I http://dx.doi.org/10.20517/jsss.2020.09 Page 65
the security model of the proposed one-way anonymous auditing protocol. In Section 5, a detailed
description of the proposed scheme is demonstrated. After that, a security analysis is presented in Section 6.
In addition, performance analysis of our stereo storage structure assisted one-way anonymous auditing
protocol in e-health system is given in Section 7. Finally, Section 8 concludes the findings of the paper.
2 PRELIMINARIES
Necessary preliminaries mainly including some definitions and basic properties about bilinear pairing and
one-way anonymous key agreement required for this paper are introduced in this section.
2.1 Bilinear pairing
Let G and G be two groups of the same prime order q. Let G be an additive group, and let G be a
1
2
2
1
2
multiplicative group. A mapping e on (G , G ): G → G satisfying the following properties is named a
2
1
2
1
[28]
cryptographic bilinear map .
2.1.1 Bilinearity
)
*
ab
ab
( e aP ,bQ ) = e ( ,P Q for all , ∈GPQ 1and , ∈ Z . This can be expressed in the following manner. For ,, ∈GPQ R 1 ,
q
( ,) ( ,)R e Q R .
( + eP Q R eP ,) = eP − 1
,) =
( ,) ( ,)R e Q R and ( − eP Q R
2.1.2 Non-degeneracy
If is a generator of G , then e( P , P ) is a generator of G . That is to say, e( P , P ) ≠ 1.
P
2
1
2.1.3 Computability
e is efficiently computable.
2.2 One-way anonymous key agreement
[29]
One-way anonymous key agreement was proposed by Kate et al. . Suppose Alice ID and Bob ID are
A
B
.
clients of the same key generation center, whose master secret is s and d = s H(ID) for clients with their
i
i
identity ID. Then, clients can compute a shared key by using their own privacy key and the identity ID
of the other participant. What is more, suppose Alice wants to remain anonymous with Bob. Hereafter,
the key agreement protocol process can be roughly divided into the following two parts: (1) first, Alice
)
computes Q A = H (ID and Q B = H (ID . Finally, randomly chooses an integer r A ∈ Z , computes P A = rQ A
*
)
⋅
A
R
A
q
B
)
,
as Alice’s pseudonym and sends it to Bob; (2) after received Alice’s pseudonym, Bob computes K AB = ( eP d .
A
B
Then, Alice and Bob have the same shared key K AB = ( e d A ,Q B ) = eQ A ,Q B ) A rs ⋅ = e ( ,P d B ).
(
A
3 SYSTEM MODEL AND DATA STRUCTURE
3.1 System model
Stereo storage structure assisted one-way anonymous auditing scheme in e-health system involves four
entities: key generation center, users, the third-party auditor, and cloud server. Figure 1 illustrates the
relationship between those four entities.
3.1.1 User
In our model, patients and physicians are considered as the two main electronic health system (EHS)-
related personnel types. For instance, when a patient seeks a diagnosis through interview by a physician in
EHS, the patient needs to inform the physician of his or her own information at first. To realize the privacy
protection of the patient’s identity, our scheme will set up a false name for the patient based on the patient’s
identity ID to interact with the physician. A physician needs to generate patients’ electronic health records
(EHRs), which contains basic information about the physician and the patient as well as the patient’s
medical data, and upload it to the cloud. Although physicians and patients are two different entities, their
