Secure medical data management with privacy-preservation and authentication properties in smart healthcare system

The potential of combining Internet-of-Medical-Things technology with medical cloud storage can greatly improve the current smart healthcare environment. But some critical obstacles arise when developing the two technologies. One of the most difficult aspects is how to efficiently guarantee medical data’s privacy and authentication since the biomedical sensors (BMSs), implanted on patient’s body, have very limited battery life and computing abilities. Another one is to check the integrity of data stored on medical cloud. In this paper, we propose a secure and lightweight, especially for the BMSs, data management model for healthcare system, in which a BMS only needs to perform symmetric encryption consisting of XOR and message-authentication-code (MAC) operations. The adopted encryption technique ensures the privacy and authentication of medical data. Moreover, an aggregated homomorphic certificateless signature scheme is also proposed for the personal-assisted device and server device, which guarantees the public verifiability of medical data stored on cloud. Meanwhile, the certificateless property naturally implies that the whole system is immune to key-escrow attack. Finally, the detailed performance analysis and comparisons with related works show that our proposed system is very competitive in terms of communication overheads and computational costs.