Page 76 - Read Online
P. 76
Jiang et al. J Surveill Secur Saf 2020;1:61-78 I http://dx.doi.org/10.20517/jsss.2020.09 Page 69
Table 1. Main notations in the proposed scheme
Notation Description
Four hash functions
H 1 , H 2 , H 3 , H 4
msk The master secret key
The secret key of user i
d i
The pseudonym of user i
P i
The session key of user A and B
K AB
KAB The auditing secret key of user A and B
{}σ
t, {s i } ∈ [1, ]n The file tag and set of block authenticators
ii
The warrant, version number, and time stamp of outsourced files
Λ, V N , T N
The i-th block j-th sector data of file
c i,j
5.1 System setup: Setup
Once taking a security parameter as input, the KGC randomly selects two multiplicative cyclic groups G
and G with prime order q, where g is a generator of G. e: G × G → G denotes a bilinear map. After that,
T
T
a
the KGC picks an integer ∈a R Z at random and computes g 1 = g where ∈g G.
*
q
Next,νν 1 , , , ,ν u 1 ⋅⋅⋅ u s ∈ G are uniformly chosen at random. Four collision-resistant hash functions
,,
R
0
*
*
,
are chosen as follows: HH H 4 :{0,1} → G and H 3 :{0,1} → {0,1} . So, the system public parameter is
,
1
2
,
,
,
,
PP = (,g g g 2 , , ,νν , , , ,uν 1 ⋅⋅⋅ u ∈ R G , H H H H 4 ). Finally, the master secret key msk is set as msk = g 2 a
1
3
2
1
s
0
1
with g 2 ∈G and keeps the msk in secret by the KGC.
5.2 Registration: KeyGen
The KGC runs the KeyGen algorithm to yield a shared secret key for users with the msk and public
parameter PP. The registration procedure consists of two phases: PrivacyKeyGen and SecretKeyGen.
(1) PrivacyKeyGen: First, the KGC generates and distributes the corresponding private key for every user
who may be a patient or a consultant in e-healthy system. In detail, the KGC computes Q based on user’s
i
identity as Q i = H 1 (ID i ). Then, KGC calculates user privacy key as:
d i = g a 2 ⋅ H 1 (ID i ) (1)
For example, KGC independently yields a private key d for patient A, and a private key d for the attending
B
A
physician B. Then, the KGC sends d to ID . After receiving the d , user validates ID by calculating:
i i i i
?
,
e ( ,)=d g ( e g g 1 ) (⋅e H 1 (ID i ),)g (2)
i
2
If the above equation is true, the user ID adopts the private key d ; otherwise, the KGC fails to generate a
i
valid privacy key. i
*
(2) SecretKeyGen: To protect the identity of patient A, patient A randomly chooses a numberr A ∈ Z ,
q
R
creates a pseudonym P A = rQ , and sends it instead of his or her actual identity to B. Then, A and B
⋅
A
A
can calculate a session key K , and this algorithm produces a secret key KAB for auditing. The specific
AB
algorithm is as follows:
,
K AB = ( e d A ,Q B ) = e (P d B ) (3)
A
KAB = g 2 a ⋅ H 2 (K AB )
5.3 Storage: Extract
The storage procedure contains the following three phases: WarrantGen, AuthenticatorGen, and TagGen.
(1) WarrantGen: When user uploads or updates a new medical data, the corresponding file information will
be updated. For confirming some additional information about the source, type, and consistency of the files
