霧運算醫療環境下電子健康紀錄安全存取之身分驗證及密鑰協議

黃尹姿; Yin-Tzu Huang

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88872

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	王勝德	zh_TW
dc.contributor.advisor	Sheng-De Wang	en
dc.contributor.author	黃尹姿	zh_TW
dc.contributor.author	Yin-Tzu Huang	en
dc.date.accessioned	2023-08-16T16:08:39Z	-
dc.date.available	2023-11-09	-
dc.date.copyright	2023-08-16	-
dc.date.issued	2023	-
dc.date.submitted	2023-08-09	-
dc.identifier.citation	References [1]P. C. Tang, M. Ralston, M.F. Arrigotti, L. Qureshi, J. Graham, Comparison of Methodologies for Calculating Quality Measures Based on Administrative Data Versus Clinical Data from an Electronic Health Record System: Implications for Performance Measures, J. Am. Med. Inf. Assoc. 14 (1) (2007) 10-15. [2]A. Bahga, V.K. Madisetti, A Cloud-based Approach for Interoperable Electronic Health Records (EHRs), IEEE J. Biomed. Health Inf. 17 (5) (2013) 894-906. [3]D. Kelly, J. Condell, K. Curran, B. Caulfield, A Multimodal Smartphone Sensor System for Behaviour Measurement and Health Status Inference, Inf. Fusion 53 (2020) 43–54. [4]C. H. Tseng, R. J. Chen, S. Y. Tsai, T. R. Wu, W. J. Tsaur, H. W. Chiu, C. Y. Yang, Y. S. Lo, Exploring the COVID-19 Pandemic as a Catalyst for Behavior Change Among Patient Health Record App Users in Taiwan: Development and Usability Study, Journal of Medical Internet Research 24 (2022). [5]Y. T. Huang, D. L. Chiang, T. S. Chen, S. D. Wang, F. P. Lai, Y. D. Li, Lagrange Interpolation-driven Access Control Mechanism: Towards Secure and Privacypreserving Fusion of Personal Health Records, Know.-Based Syst., 236 (2021) 107679. [6]M. Green, S. Hohenberger, B. Waters, et al., Outsourcing the Decryption of ABE Ciphertexts, in: USENIX Security Symposium, Aug 2011(3) 34-49. [7]Q. Huang, Y. Yang, M. Shen, Secure and Efficient Data Collaboration with Hierarchical Attribute-based Encryption in Cloud Computing, Future Gener. Comput. Syst. 72 (2017) 239-249. [8]H.A. Al Hamid, S.M.M. Rahman, M.S. Hossain, A. Almogren, A. Alamri, A Security Model for Preserving the Privacy of Medical Big Data in a Healthcare Cloud Using a Fog Computing Facility with Pairing-Based Cryptography, IEEE Access 5 (2017) 22313-22328. [9]B. Farahani, F. Firouzi, V. Chang, M. Badaroglu, N. Constant, K. Mankodiya, Towards Fog-driven IoT Ehealth: Promises and Challenges of IoT in Medicine and Healthcare, Badaroglu, Future Gener. Comput. Syst. 78 (2018) 659-676. [10]A. Alrawais, A. Alhothaily, C. Hu, X. Cheng, Fog Computing for the Internet of Things: Security and Privacy Issues, IEEE Internet Comput. 21 (2017) 34-42. [11]Y. Ming, T. Zhang, Efficient Privacy-preserving Access Control Scheme in Electronic Health Records System, Sensors 18(10) (2018) 3520. [12]A. Castiglione, A. De Santis, B. Masucci, F. Palmieri, X. Huang, A. Castiglione, Supporting Dynamic Updates in Storage Clouds with the Akl–Taylor Scheme, Inform. Sci. 387 (2017) 56-74. [13]R.S. Sandhu, Role-based access control, Advances in Computers 46 (1998) 237–286. 6. A. Sahai, B. Waters, Fuzzy Identity-based Encryption, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer (2005) 457-473. [14]V. Goyal, O. Pandey, A. Sahai, B. Waters, Attribute-based Encryption for Fine-grained Access Control of Encrypted Data, in: Proceedings of the 13th ACM Conference on Computer and Communications Security (2006) 89-98. [15]Q. Zhang, H. Zhong, J. Cui, L. Ren, W. Shi, AC4AV: A Flexible and Dynamic Access Control Framework for Connected and Autonomous Vehicles, IEEE Internet Things J. 8 (3) (2020) 1946-1958. [16]X. Yao, Z. Chen, Y. Tian, A Lightweight Attribute-based Encryption Scheme for the Internet of Things, Future Gener. Comput. Syst. 49 (2015) 104-112. [17]T. M. Ghazal, M. K. Hasan, S. N. H. S. Abdullah, K. A. A. Bakar and H. Al Hamadi, Private Blockchain-based Encryption Framework Using Computational Intelligence Approach, Egypt. Inform. J. 23 (4) (2022) 69-75. [18]Y. Liu, Y. Zhang, J. Ling, Z. Liu, Secure and Fine-grained Access Control on E-healthcare Records in Mobile Cloud Computing, Future Gener. Comput. Syst. 78 (2018) 1020-1026. [19]F. Rezaeibagha, Y. Mu, Distributed Clinical Data Sharing via Dynamic Access-control Policy Transformation, Int. J. Med. Inform. 89 (2016) 25-31. [20]Y. Zheng, Digital Signcryption or How to Achieve Cost (signature & encryption)≪ cost (signature)+ cost (encryption), in: Annual International Cryptology Conference, Springer (1997)165-179. [21]Y. S. Rao, R. Dutta, Efficient Attribute-based Signature and Signcryption Realizing Expressive Access Structures, Int. J. Inf. Secur. 15 (2016) 81-109. [22]X. Liang, Z. Cao, H. Lin, J. Shao, Attribute based proxy re-encryption with delegating capabilities, in: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, 2009, pp. 276-286. [23]S. Tuli, N. Basumatary, S.S. Gill, M. Kahani, R.C. Arya, G.S. Wander, R. Buyya, HealthFog: An Ensemble Deep Learning Based Smart Healthcare System for Automatic Diagnosis of Heart Diseases in Integrated IoT and Fog Computing Environments, Future Gener. Comput. Syst. 104 (2020) 187-200. [24]F. M. Awaysheh, M. N. Aladwan, M. Alazab, S. Alawadi, J. C. Cabaleiro, and T. F. Pena, Security by Design for Big Data Frameworks over Cloud Computing, IEEE Trans. Eng. Manage., (2021) 1-18. [25]A. Ceccarelli, M. Cinque, C. Esposito, L. Foschini, and P. Lollini, FUSION—Fog Computing and Blockchain for Trusted Industrial Internet of Things, IEEE Trans. Eng. Manage., (2020) 2020 1-15. [26]K. E. Psannis, B. B. Gupta, and C. L. Stergiou, IoT-based Big Data Secure Management in the Fog over a 6G Wireless Network, IEEE Internet Things J., 8 (7) (2021) 5164-5171. [27]B. D. Deebak, A. Turjman, L. Mostarda, Seamless Secure Anonymous Authentication for Cloud-based Mobile Edge Computing. Comput. Electr. Eng. (87) (2020) 106782. [28]S. Shukla, S. 'akur, S. Hussain, J. G. Breslin, and S. M. Jameel, Identification and Authentication in Healthcare Internet-of-'ings Using Integrated Fog Computing Based Blockchain Model, Internet of Things, 15 (2021), Article ID 100422. [29]L. Lyu, K. nandakumar,B. Rubinstrin, J. Jin, J. Bedo, andM. Palaniswami, PPFA: Privacy Preserving Fog-enable Aggregation in Smart Grid, IEEE Trans. Ind. Informat., 14 (8) (2018) 3733-3744. [30]M. Nikooghadam, H. Amintoosi, A Secure and Robust Elliptic Curve Cryptography-based Mutual Authentication Scheme for Session Initiation Protocol, Secur. Privacy, 3 (1) (2020) e92. [31]P. Shabisha, A. Braeken, P. Kumar, K. Steenhaut, Fog-orchestrated and Server-controlled Anonymous Group Authentication and Key Agreement, IEEE Access, 7 (2019) 150247-150261. [32] Y. T. Huang, T. S. Chen, S. D. Wang, Authenticated Key Agreement Scheme for Fog Computing in a Health-care Environment, IEEE Access, 11 (2023) 46871 – 46881 [33]A. Ara, M. Al-Rodhaan, Y. Tian, and A. Al-Dhelaan, A Secure Privacy Preserving Data Aggregation Scheme Based on Bilinear Elgamal Cryptosystem for Remote Health Monitor System,” IEEE Access, 99 (2017) 12601-12617. [34]J. Sun, X. Zhu, and Y. Fang, Privacy Preserving in Emergency Response Based on Wireless Body Sensor Networks, in Proc. IEEE GLOBECOM, (2012) 1-6. [35]D. He, N. Kumar, S. Zeadally, A. Vinel, and L. Yang, Efficient and Privacy-preserving Data Aggregation Scheme for Smart Grid Against Internal Adversaries, IEEE Trans. Smart Grid, 8 (5) (2017) 2411-2419. [36]Y. Guo, Z. Zhang, Y. Guo, Fog-centric Authenticated Key Agreement Scheme Without Trusted Parties. IEEE Syst. J., 15 (4) (2021) 5057-5066. [37]C. Fan, J. Huang, M. Zhong, R. Hsu, W. Chen, J. Lee, Rehand: Secure Region-based Fast Handover with User Anonymity for Small Cell Networks in Mobile Communications. IEEE Trans. Inf. Forensics Secur., 15 (2020) 927-942. [38]R. Saurabh, S. O. Mohammad, M. Dheerendra, A. Mishra, and Y. S Rao, Efficient Design of an Authenticated Key Agreement Protocol for Dew-assisted IoT Systems, J. Supercomputing, 78 (2022) 3696-3714. [39]A. B. Amor, M. Abid, A. Meddeb, A Privacy-preserving Authentication Scheme in an Edge-fog Environment. in: 2017 14th International Conference on Computer Systems and Applications (AICCSA). 2017. IEEE. [40]W. C. Chen, Y. T. Huang, S. D. Wang, Provable Secure Group Key Establishment Scheme for Fog Computing, IEEE Access, 9 (2021) 158682-158694. [41]D. Quadling, Lagrange’s interpolation formula, Math. Gaz. 50 (1966) 372-375. [42]J. Katz, Y. Lindell, Introduction to Modern Cryptography. Boca Raton, FL, USA: CRC Press, 2014. [43]D. Brown, Standards for Efficient Cryptography, SEC 1: Elliptic Curve Cryptography, Released Standard Version, May 2009. [44]M. Bellare, D. Pointcheval, and P. Rogaway, Authenticated Key Exchange Secure Against Dictionary Attacks, in: Advances in Cryptology— EUROCRYPT, vol. 1807. Heidelberg, Germany: Springer (2000) 139-155. [45]R. Canetti and H. Krawczyk, Analysis of Key-exchange Protocols and Their Use for Building Secure Channels,’ in Advances in Cryptology— EUROCRYPT, vol. 2045. Heidelberg, Germany: Springer (2011) 453-474. [46]B. LaMacchia, K. Lauter, and A. Mityagin, Stronger Security of Authenticated Key Exchange, in Proc. Int. Conf. Provable Secur. (PROVSEC), vol. 4784. Heidelberg, Germany, (2007) 1-16. [47]M. Kim, A. Fujioka, and B. Ustaoglu, Strongly Secure Authenticated Key Exchange without NAXOS’ Approach, in Proc. Int. Workshop Secur. (IWSEC), vol. 5824. Heidelberg, Germany, (2009) 174-191. [48]T. Y. Wu and Y.M. Tseng, An ID-based Mutual Authentication and Key Exchange Protocol for Low-power Mobile Devices, Comput. J. 53(7) (2010) 1062-1070. [49]Y. M. Tseng, S. S. Huang, T. T. Tsai, and J. H. Ke, List-free ID-based Mutual Authentication and Key Agreement Protocol for Multiserver Architectures, IEEE Trans. Emerg. Topics Comput. 4(1) (2016) 102-112. [50]Y. Ma, Y. Ma and Qi. Cheng, Cryptanalysis and Enhancement of an Authenticated Key Agreement Protocol for Dew-Assisted IoT Systems, Secur. Commun. Netw., 2022 (2022), Article ID 7125491. [51]X. Jia, D. He, N. Kumar, K. Kwang, R. Choo, Authenticated Key Agreement Scheme for Fog-driven IoT Healthcare System, Wirel. Netw., 25 (8) (2019) 4737-4750. [52]I. Indu, P.R. Anand, Hybrid authentication and authorization model for web based applications, in: International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), IEEE, 2016, pp. 1187-1191. [53]E. Yuan, J. Tong, Attributed based access control (ABAC) for web services, in: IEEE International Conference on Web Services (ICWS’05), IEEE (2005) 2. [54]R. Sandhu, D. Ferraiolo, R. Kuhn, The NIST model for role-based access control: towards a unified standard, in: ACM Workshop on Role-Based Access Control, ACM Press, 2000, pp. 47-63. [55]D. R. Kuhn, E. J. Coyne, T. R. Weil, Adding attributes to role-based access control, Computer, 43 (2010) 79–81. [56]E. Chickowski, Healthcare Unable to Keep Up with Insider Threats, Dark Reading, 2012, Accessed: May 12, 2018. [Online]. Available: https://www.darkreading.com/vulnerabilities---threats/healthcare-unableto- keep-up-with-insider-threats/d/d-id/1137610?. [57]M. Ali, A. Abbas, M.U.S. Khan, S.U. Khan, SeSPHR: a methodology for secure sharing of personal health records in the cloud, IEEE Trans. Cloud Comput. 9 (2018) 347-359. [58]T. S. Chen, C. H. Liu, T. L. Chen, C. S. Chen, J. G. Bau, T. C. Lin, Secure dynamic access control scheme of PHR in cloud computing, J. Med. Syst. 36 (2012) 4005-4020.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88872	-
dc.description.abstract	隨著資訊科技的不斷發展，醫療資訊系統能即時提供個人的醫療記錄。為了確保儲存在雲端資料庫的電子健康紀錄（EHRs）的隱私，論文中首先提出基於拉格朗日插值多項式的存取機制，以確保醫療健康資訊的完整性和機密性。此方式嚴格控制系統使用者的訪問權限，根據授權角色的差異，每位使用者所能存取的檔案並不相同。透過這個方式，有效地防止未經授權的使用者越級存取電子健康紀錄，增加潛在攻擊者非法進入資料庫，和竊取敏感醫療資訊的難度。此機制運作於霧運算環境中，將部分驗證運算轉交給霧節點，以減輕雲端伺服器的計算負擔。此外隨著5G的普及，電子健康紀錄的數據來源也可能來自物聯網終端設備，但在霧運算環境下也存在安全相關問題，終端設備和霧節點容易受到駭客攻擊，進而導致敏感用戶資訊的外洩。因此，身份驗證和密鑰交換成為霧運算環境中需要考慮的議題。論文中提出的第二個方法則使用橢圓曲線密碼學，於霧運算環境中建立驗證和密鑰協定。此方法起初由雲端伺服器驗證霧節點的身份和合法性，而後便由霧節點對通訊的其餘終端設備進行驗證，從而減輕了雲端伺服器的計算負擔。透過此方式，雲端伺服器將驗證終端設備的任務轉移給霧節點。在完成身份驗證後，霧節點便會分配傳輸所需使用的金鑰，以增加訊息傳輸過程中的安全性，從而增強霧運算環境中醫療數據的隱私。	zh_TW
dc.description.abstract	With the continuous development of information technology, the medical information system can now instantly provide individuals with their medical records. Secure access control is vital in facilitating convenient and secure information sharing. To address the security concerns and ensure the privacy of Electronic Health Records (EHRs) stored in cloud databases, the Lagrange-interpolation-driven access control mechanism is the first proposed method. This approach ensures the confidentiality and integrity of healthcare information, as it strictly regulates privacy settings and access authority for each user. This mechanism prevents unauthorized access to EHRs, making it more difficult for potential attackers to compromise the database and steal sensitive medical information. This mechanism operates in a fog-driven environment; part of the verification operation is handed over to fog nodes; therefore, it can reduce the calculation of the cloud server. In addition, with the rise of 5G communication, the data source of EHRs may also come from IoT devices. However, fog computing exists new security issues, particularly identity authentication. Fog computing needs to overcome the significant challenges of authentication and key exchange. Therefore, in the second method, the structure of the mutual authentication key establishment scheme based on elliptic curve cryptography for fog computing is proposed. After the process of mutual authentication, fog node will distribute the key used for transmission. Moreover, fog nodes will authenticate the device and distribute the established session key which can strengthen the security of message transmission and medical data privacy in the fog computing environment.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-08-16T16:08:39Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2023-08-16T16:08:39Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	口試委員會審定書 i 誌謝 ii 中文摘要 iii Abstract iv Content v List of Figures vii List of Table viii Chapter I Introduction 1 1.1. Research Background 1 1.2 Research Objective 5 1.3 Organization 8 Chapter II Related Work 9 2.1 EHRs Access Control Scheme 9 2.2 Healthcare 4.0 11 2.3 Authenticated Key Agreement in Fog Computing Environment 11 Chapter III Mathematical Background 14 3.1. Lagrange Interpolation Polynomials 14 3.2. Elliptic Curve Cryptosystem (ECC) 14 3.3 Extended Canetti-Krawczyk Adversary Model 16 Chapter IV Access Control Mechanism for Electronic Health Records 17 4.1. The Proposed System Architecture 17 4.2. Secure Dynamic Access Control Scheme within the EHRs Methodology 18 4.3. Example 25 4.4. Dynamic Access Control 28 4.5. Security Analysis 32 Chapter V Secret Key Agreement and Establishment 41 5.1 Initialization Phase 41 5.2 Device Registration 43 5.3 Fog Registration 44 5.4 Mutual Authentication and Key Establish Phase 45 5.5 Inter-Fog Authentication 49 5.6 Security Analysis 50 5.7 Proof of Security 53 Chapter VI Discussion and Analysis 55 Chapter VII Conclusion 62 References 63	-
dc.language.iso	en	-
dc.subject	存取控制	zh_TW
dc.subject	金鑰協定	zh_TW
dc.subject	霧運算	zh_TW
dc.subject	電子健康紀錄	zh_TW
dc.subject	醫療資訊系統	zh_TW
dc.subject	Electronic Health Records	en
dc.subject	Fog Computing	en
dc.subject	Key Agreement	en
dc.subject	Medical Information System	en
dc.subject	Access Control	en
dc.title	霧運算醫療環境下電子健康紀錄安全存取之身分驗證及密鑰協議	zh_TW
dc.title	Secure Access Control and Identity Authentication in Fog-Driven Environment for Electronic Health Records	en
dc.type	Thesis	-
dc.date.schoolyear	111-2	-
dc.description.degree	博士	-
dc.contributor.oralexamcommittee	雷欽隆;鄧惟中;陳澤雄;蕭旭君;鐘玉芳	zh_TW
dc.contributor.oralexamcommittee	Chin-Laung Lei;Wei-Chung Teng;Tzer-Shyong Chen;Hsu-Chun Hsiao;Yu-Fang Chung	en
dc.subject.keyword	存取控制,醫療資訊系統,電子健康紀錄,霧運算,金鑰協定,	zh_TW
dc.subject.keyword	Access Control,Medical Information System,Electronic Health Records,Fog Computing,Key Agreement,	en
dc.relation.page	69	-
dc.identifier.doi	10.6342/NTU202303193	-
dc.rights.note	同意授權(限校園內公開)	-
dc.date.accepted	2023-08-10	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	電機工程學系	-
dc.date.embargo-lift	2028-08-07	-
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-111-2.pdf 未授權公開取用	1.77 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。