تأمين حريم خصوصي انتها به انتها در سامانه¬هاي پايش سلامت مبتني بر اينترنت اشياء

Preserving patients’ privacy is one of the most important challenges in IoT-based healthcare systems. Although patient privacy has been widely addressed in previous work, there is a lack of a comprehensive end-to-end approach that simultaneously preserves the location and data privacy of patients assuming that system entities are untrusted. Most of the past researches assume that parts of this end-to-end system are trustworthy while privacy may be threatened by insider threats. In this research, we propose two end-to-end privacy preserving scheme for the patients assuming that all main entities of the healthcare system are untrusted concerning the resource restrictions of the sensors. Only the allowed users can access the real identity and the location of patients alongside their healthcare information. The first proposed scheme is a centralized approach that provides data/location privacy and anonymity for the patients, and can limit the disclosure of location information to a number of end users. The mentioned method provides patient privacy by distributing sensitive data between system entities. In the second scheme, a hierarchical three-layered blockchain, the zero-knowledge proof, and the ring signature method are used to achieve end-to-end data and location privacy and anonymity of patients. The immutability and distributed nature of the blockchain ensures privacy and the data integrity of patients as well as providing health services in a distributed manner. So, the problems such as a single point of failure are eliminated. The intuitive and formal security analysis in AVISPA show that the proposed methods provide authentication, anonymity, untraceability, data integrity and access control and the resistance against impersonation, replay, modification, eavesdropping, man-in-the-middle, and collusion attack. The eva‎luation results of the first proposed method compared to other similar methods show a reduction in both communication overhead of the sensors and the end-to-end delay. Moreover, the second proposed method is compared to a recent blockchain-based method and the first scheme. Compared to the recent blockchain-based method, the computational overhead and delay of the authentication and data transfer phase are a bit higher. Instead, the proposed method reduces memory usage of gateways and diminishes the computational overhead and delay of information access phase in compared to the previous blockchain-based method. Moreover, compared to the first proposed method, it decreases about 25% in communication overhead and 22% improvement in memory usage of gateways, in average. Moreover, performance assessments show that the proposed protocols provide more security and end-to-end privacy services to the patients against of external attackers and internal threats while the computation overhead of the sensors and consequently their energy consumption remains at an acceptable level compared to the literature.

6

31528