Page 82 - Read Online
P. 82
Jiang et al. J Surveill Secur Saf 2020;1:61-78 I http://dx.doi.org/10.20517/jsss.2020.09 Page 75
Table 2. Characteristics comparison with related schemes
Schemes Public verifiability Certificate management simplification Privacy protection Dynamic operations
Worku et al. [17] √ × √ √
Garg et al. [19] √ × × √
Daniel and Vasanthi [25] √ × √ ×
Zhao et al. [27] × √ × ×
Jiang et al. (this study) √ √ √ √
Table 3. Computational overhead of the proposed scheme
Phases KGC User (physician) User (patient) TPA CS
Setup 2 / / / /
KeyGen(a) + 2 + + T 2 + + T / /
KeyGen(b) / + + + 2 + q + / /
Extract(a) / 3 + 2 + 2 T + 2 + + (l + 1) / /
Extract(b) / + + (s + 1) / / /
Audit(b) / / / / n|I| q + n(|I| - 1) +
(|I| - 1) + |I|
Audit(c) / / / (s + 1) + + (|I| - 1) + /
3 + 3 T + (s + 1) + T
KGC: Key generation center; TPA: third-party auditor; CS: cloud server
Therefore, the computation overhead of (e g g is not contained in Table 3. Furthermore, the
,
)
2
1
symbols .S Sign and .S Vrf are used to denote the signature and verification file tag processes. Hereafter, as
shown in Table 3, Setup is a system preprocessing phase, which is performed by KGC and needs 2 . In
the algorithm of KeyGen(a), KGC needs + operations to generate a privacy key for user, and both the
physician and the patient need 2 + + T operations to verify the validity of the private key distributed
by KGC. In the algorithm of KeyGen(b), the patient performs one operation and one q operation more
than the physician to generate a pseudonym. To process a medical file, patient firstly yields a warrant for
the physician, which needs 2 + + ( + 1) operations. Then, the physician verifies the validity of the
warrant, which needs 3 + 2 + 2 T + operations. denotes the string length of warrant. The amount
of file data blocks and sectors are expressed as n and s. After that, physician performs another + + (s
+ 1) operation to generate a block authenticator. After receiving a challenge from TPA, CS executes n |I|
+ n (|I| - 1) + (|I| - 1) + |I| operations to yield a proof P, where the |I| is indicated as a set of non-
q
empty challenge file randomly selected by TPA for auditing. Finally, TPA performs (s + 1) + + (|I| - 1)
+ 3 + 3 + (s + 1) + T operations to verify data integrity in the cloud.
T
Figure 4 shows the computational cost of each entity in the proposed scheme for auditing an outsourced
medical file with various numbers of data blocks. In this scheme, the time costs of TPA to prepare a
challenge |I| is not taken into account, for TPA can sample a series of random elements by running offline.
In the experiments, we set = 160 in this scheme and each file block consists of 160 sectors, which means
that it has around 4 KB of size. Moreover, we compare the efficiency of processing a 1 MB file by set
challenge data block as 20, 40, ... , 100, 200, respectively.
The simulation results of Figure 4 demonstrate that the computational cost of the user is independent of
the number of data blocks in the file in carrying out the extraction algorithm. Specifically, this experiment
of our scheme only considers the case that patients generate warrants for files, which can be verified by
physicians and generate file tags for those files, so the calculation cost of physicians is slightly higher than
that of patients, which is in line with the theoretical computational overhead analysis of the proposed
scheme shown in Table 3. In addition, if it is necessary, the division of work between the physician and
the patient is interchangeable during the file processing phase. After that, in the audit phase, TPA has
transferred part of the calculate task to CS. Therefore, we can conclude that, as shown in Figure 4, with the
increase of data blocks, the calculation cost of CS increases gradually.
