Abstract
Mobile patient monitoring systems monitor and treat chronic
diseases by collecting health data from wearable sensors through mobile
devices carried out by patients. In the future, these systems may be
hosted by a third-party service provider. This would open a number of
security and ID privacy issues. One of these issues is the inference attack.
This attack allows a single service provider from inferring the patient’s
identity by collecting a number of contextual information about the patient
such as the pattern of interaction with the service provider. Thus a
security and ID privacy mechanisms must be deployed. In this paper, we
propose a framework called Secure and Privacy-Preserving Data Collection
(SPDC) that allows the patient to encrypt the data and then upload
the encrypted data on di↵erent service providers rather than one while
allowing an anonymous linkage for the patient’s data which are scattered
across di↵erent service providers. In this framework, each patient is allowed
to select the service providers involved in the data collection, assigns
one as the home while the others consider foreign. The patient uses
the foreign to upload data while the home is responsible for anonymously
collecting the patient’s data from multiple foreign service providers and
deliver them to the healthcare provider. This framework also shows a
novel mechanism to conduct anonymous authentication across di↵erent
distributed service provides. The framework has been analyzed against
the specified design requirements and security threats.
diseases by collecting health data from wearable sensors through mobile
devices carried out by patients. In the future, these systems may be
hosted by a third-party service provider. This would open a number of
security and ID privacy issues. One of these issues is the inference attack.
This attack allows a single service provider from inferring the patient’s
identity by collecting a number of contextual information about the patient
such as the pattern of interaction with the service provider. Thus a
security and ID privacy mechanisms must be deployed. In this paper, we
propose a framework called Secure and Privacy-Preserving Data Collection
(SPDC) that allows the patient to encrypt the data and then upload
the encrypted data on di↵erent service providers rather than one while
allowing an anonymous linkage for the patient’s data which are scattered
across di↵erent service providers. In this framework, each patient is allowed
to select the service providers involved in the data collection, assigns
one as the home while the others consider foreign. The patient uses
the foreign to upload data while the home is responsible for anonymously
collecting the patient’s data from multiple foreign service providers and
deliver them to the healthcare provider. This framework also shows a
novel mechanism to conduct anonymous authentication across di↵erent
distributed service provides. The framework has been analyzed against
the specified design requirements and security threats.
| Original language | English |
|---|---|
| Title of host publication | 15th International Conference on Critical Information Infrastructures Security (CRITIS 2020) |
| Publication status | Accepted/In press - 26 Jun 2020 |
| Event | 15th International Conference on Critical Information Infrastructures Security - Bristol, United Kingdom Duration: 2 Sept 2020 → 3 Sept 2020 |
Conference
| Conference | 15th International Conference on Critical Information Infrastructures Security |
|---|---|
| Abbreviated title | CRITIS 2020 |
| Country/Territory | United Kingdom |
| City | Bristol |
| Period | 2/09/20 → 3/09/20 |