An Authentic and Privacy-Preserving Scheme Towards E-Health Data Transmission Service

• Published in: IEEE transactions on services computing Vol. 17; no. 5; pp. 1969 - 1982
• Main Authors: Fan, Qing, Xie, Yumeng, Zhang, Chuan, Liu, Ximeng, Zhu, Liehuang
• Format: Journal Article
• Language: English
• Published: IEEE 01.09.2024
• Subjects: data authenticity; Data models; Data privacy; E-health system; epochal signature; Fans; Medical services; privacy-preserving; Protection; Regulation; Threat modeling
• ISSN: 1939-1374; 2372-0204
• DOI: 10.1109/TSC.2024.3451145

The e-health system enables online healthcare by supporting health data transmission services on medical platforms. Considering the frequent privacy breaches in e-health systems and the issuance of relevant regulations, it is important to ensure the authenticity and privacy of health data. Existing e-health systems either fail to provide data authenticity or neglect privacy protection after patients leave the system. In this article, we put forward a secure and efficient e-health system for data transmission, named PPED, to solve this dilemma. In PPED, we explore a regular signature and a forward-secure signature, which guarantee data authenticity and give the signature a valid period. Then, a specific epochal signature scheme is designed by combining two signature schemes with the time-lock puzzle. Since expired epochal signatures are forgeable, patients after leaving the e-health system can forge expired signatures to deny their relationship with the signed data, thus achieving privacy protection. Detailed security analysis demonstrates the PPED realizes data authenticity and user privacy. Extensive experiments evaluate our system and the results show it is practical in terms of running time.