Page 78 - Read Online
P. 78
Jiang et al. J Surveill Secur Saf 2020;1:61-78 I http://dx.doi.org/10.20517/jsss.2020.09 Page 71
Figure 3. The process of integrity verification
? ∑ ∑ s (9)
e ( , ) σ g = ( e g g 1 ) ∈ i s ⋅ KP i I ∈ i I i s ⋅ ⋅WP ( e ∏ u χ j , g ϑ t )
,
2
j
If the equation (9) is true, the challenged outsourced file in the cloud is verified as intact; otherwise, the
= j
1
challenged file is corrupted. In the above auditing process, TPA can also audit the details of the challenged
file warrant. That is, the proof P, which will be fed back by CS, should contain more file details.
6 SECURITY ANALYSIS
We analyzed the soundness of our scheme at first. That is, if all the entities are honest in this identity-based
one-way anonymous e-health system, then the processed files and log warrants about medical data can be
audited correctly. Then, we propose a simple security analysis for this scheme.
Theorem 1: In an appropriate registration process, the KGC is supposed to generate a correct privacy key
for the user. In addition, the patient always produces a valid log warrant for his or her attending physician
to render certain the authenticity of medical data. If the outsourced file in the cloud is not corrupted or
tampered with, then the proof yielded by CS will be confirmed as valid.
Proof: As shown in Equation (2), we can confirm the correctness directly. Since patient A and the attending
physician B have the shared auditing key, it follows that:
Λ t
(, )α e g = ( e KAB ⋅ (ν 0∏ ν j ζ j ), )g
= j 1
Λ t
= ( e KAB ,) ((ν ⋅g e 0∏ ν ζ j ) ,)g
j
= j 1
= ( e g a 2 ⋅ 2 (K AB ), ) (ν ⋅ H g e 0∏ ν ζ j , g Λ t )
j
= j 1
= (e g g 1 )(⋅ 2 (K AB ), )(ν ⋅eH g e 0∏ ν ζ j , g Λ t )
,
j
2
= j 1
,
= ( e g g 1 )⋅ (ν ⋅ KP e 0∏ ν ζ j , g Λ t )
j
2
= j 1
