自助式医疗诊断方案外文文献

Computers Tkachenko et al 2017 can well solve the diffi culty in medical treatment and has already shown great potential in reducing the healthcare cost Moreover smart wearable devices are booming rapidly and are widely used in recent years Moshaddique et al 2012 A patient can easily and conveniently get the medical health data by these devices such as blood pressure monitors heart rate monitors temperature measurement respiration endoscope capsule smart belts and so on Nowadays a few smart wearable devices have presented some advices on health management Hossain and Muhammad 2016 Corresponding author E mail addresses 1543353849 D Li xfl iao X Liao txiang T Xiang wjh2015 J Wu 281774945 J Le which saves an amount of time for the patients They present pa tients medical data in digital form which enables the patients to conduct medical queries and diagnoses through Internet Intel ligent Medical The framework of self serviced medical diagnosis is shown in Fig 1 the health service provider i e the hospital is responsi ble for collecting a large amount of historical medical diagnostic data Using different machine learning algorithms the health ser vice provider can train a diagnostic model from these collected data This model can be used to diagnose and predict whether healthcare users are infected with a specifi c disease Based on this model rural residents can access the expert healthcare service at home i e they use their smartphones to submit their medical data and obtain the diagnostic result Certainly these medical data contain sensitive information of the patients such as blood pressure and heart rate Unexpected data leakage of these medical data may cause signifi cant psycho logical harm to the patients or even threaten their lives which becomes the main obstacle to online self serviced medical diag nosis For example the Patient Home Monitoring a US company that provides home medical services to the patients has a 47 5G https doi org 10 1016 j cose 2019 101701 0167 4048 2019 Elsevier Ltd All rights reserved 2 D Li X Liao and T Xiang et al Computers Schwartz and Reidenberg 1996 However the practicality of these methods is limited and it is diffi cult to achieve our ideal security goals We also note that the owner ship of the medical data is unknown this ambiguity in attribution may become a legal hazard in tracking privacy preserving medi cal data Therefore the patients are still worried about the disclo sure of their personal medical information and expect an effec tive approach to protect their privacy The known medical diag nostic techniques that protect the patients privacy usually include third party encryption of cloud storage and anonymization tech niques Boxcryptor Online and SpiderOak Online are software of the third party encryption of cloud storage respectively which are based on the third party cloud platform and enable the patients to obtain the fi nal results but they do not essentially ensure to protect the patients privacy data against threats from the platform itself Moreover they are designed for protecting data at the stor age level only The traditional anonymization techniques such as k anonymity Sweeney 2002 and l diversity Machanavajjhala et al 2006 have obfuscated sensitive information through desensitiza tion rules However these techniques distort the data and make it unsuitable for critical diagnoses which can lead to misdiagnosis to a large extent Recently Sun et al 2014 proposed a privacy preserving self helped medical diagnosis scheme based on oblivi ous transfer This scheme greatly benefi ts the patients and relieves the heavy pressure of the hospital but it requires a lot of secret keys which may lead to an extra computational cost and manage ment of the secret keys also becomes a heavy burden for the pa tients In general the construction of 1 out n oblivious transfer protocols requires a large number of exponential operations in a fi nite group and this may be a huge burden for the embedded de vices with limited computing power Guo et al 2018 proposed a privacy preserving online medical prediagnosis scheme under the cloud environment This scheme greatly benefi ts the patients to know their own physical conditions It can diagnose whether peo ple are healthy or not but it cannot diagnose whether people get that kind of disease Therefore we focus on designing a secure and practical scheme to protect the patient s privacy without revealing the confi dentiality of the diagnostic system in a privacy preserving self serviced medical diagnosis scheme To achieve these security goals we discuss medical privacy data protection in both the pa tient side and the hospital side and we require that the hospital cannot reason the patients privacy during the process of diagno sis and the patients cannot know information about the hospital s medical diagnostic mode at the same time 1 4 Main contributions Our main contributions in this paper can be summarized as fol lows 1 To the contrary of the traditional mode of medical diagnosis which is inclined to doctors behavior our proposed scheme builds a virtual medical diagnostic platform centered on pa tients This platform focuses on prevention of disease and emphasizes patient centered continuously medical services and concentrates on establishing long term trust relation ships between doctors and patients With an increasing fo cus on privacy issues the platform can make the patients rely rarely on doctors and become more advanced and sci entifi c 2 Different from traditional disease diagnostic mode which the patients must go to the hospital our proposed scheme links with the Internet Intelligent Medical and provides an online disease diagnostic platform The diagnostic plat form fi rstly diagnoses the patient s disease then the Inter D Li X Liao and T Xiang et al Computers they are patients and hospital server respectively First the patient needs to obtain access by the hospital s privacy preserving access control Once the patient has been given access to the hospital he she can perform the operation as follows As can be seen from the above the medical health data of the patients is obtained from smart wearable devices To do effective disease matching opera tions on these data which will be encrypted the patient fi rst uses HE to encrypt his her medical health data Meanwhile the hospital server uses HE and symmetric encryption algorithms i e AES to encrypt the disease trait data in the hospital s disease database and the treatment methods of disease respectively Then the hospital sends the decrypting key m of disease treatment method to the patients Once a patient wants to diagnose which disease he she suffers from the patient will interact with the hospital server and the hospital server executes most of the operations pertaining to the diagnostic process over the ciphertexts and returns the best treatment of the matching ciphertext to the patient And the pa tient uses the decrypting key m to decrypt the matching ciphertext to obtain the disease treatment method Next we elaborate on the disease diagnostic methodology uti lized in our privacy preserving self serviced medical diagnostic system model in detail First we assume that each patient can comfortably and con veniently obtain his own medical health data such as heart beat blood pressure and body temperature from smart wearable de vices and he she has been given access to the hospital Then these data are presented as vector form called query vector Here we name heart beat blood pressure body temperature etc as pa rameter items and their corresponding health data as parameter values For example Q q 1 q 2 q n is the query vector of the patients where q j j 1 2 n are the necessary parameters for the hospital to diagnose the disease and p j is the parameter value of the patients medical health data Then the hospital establishes a medical disease database DB d i i 1 2 m through past records of the previous patient s diagnosis where m is the capacity of the medical disease database d i i 1 2 m here is presented as a triple d i i T i r i i 1 2 m where i is the index of the disease T i t i 1 t i 2 t in is the trait vector of the disease d i which includes the multi dimensional data vector of all the parameters needed for the diagnosis and r i indi cates the fi nal diagnostic result of the hospitals including a brief description of the disease such as the disease name disease clini cal manifestation the doctors advices prescriptions corresponding to the i th disease d i For these parameters some brief explanations are as follows 1 Q It is the query vector of the patients and includes all the necessary parameter items for a disease diagnosis such as body temperature blood pressure and heart beat Since the patients may visit different hospitals whose medical levels are different Therefore the query vectors of the same pa tient from the different hospitals are different Moreover the hospitals medical levels always need improvement when the patient goes to the same hospital at different time the query vectors of the same patient may also be different Therefore each parameter item Q q 1 q 2 q n of the query vector should be determined by the trait vector T i of the hospital 4 D Li X Liao and T Xiang et al Computers 2 In the process of self serviced medical diagnosis the pri vacy of patients medical health data should be protected to the maximum extent Feasibility The feasibility of the diagnostic results should be guaranteed In order to provide high quality self serviced medi cal diagnosis the designed privacy preserving self serviced medi cal diagnosis scheme should not be compromised the feasibility of diagnostic results Therefore the proposed scheme should achieve high feasibility 3 Preliminaries In this section we fi rst review the knowledge of secure multi party computation which serves as the basis of our proposed self serviced medical diagnosis scheme Then we introduce the bilinear pairings and homomorphic encryption technique 3 1 Secure multi party computation To the contrary of traditional technique our scheme ensures security and integrity of communication or storage and only de fends against external attacks such as eavesdroppers stole pa tients medical health data and hospitals disease diagnostic mode at the same time SMC considers both internal and external at tacks when allowing n distrustful parties to work together for col laborative computation without revealing their own private data Cheung and Nguyen 2007 The history of SMC is widespread since Yao has introduced it in his Yao s Millionaire Problem Yao 1982 and later experienced many developments by Gol dreich Goldwasser etc There are many important theoretical re sults Beaver and Goldwasser 1989 Goldwasser 1997 and prac tical applications about SMC Currently its applications have in volved a wide range of areas such as Privacy Preserving Data Mining PPDM Qiu et al 2017 Verykios et al 2004 Yong et al 20 0 0 Privacy Preserving Cooperative Scientifi c Computa tion PPCSC Du and Atallah 2001a Privacy Preserving Informa tion Retrieval PIR Cachin et al 1999 Ghinita et al 2008 and Privacy Protection Database Query PPDQ Du and Atallah 2001b These applications have made SMC become a research focus on in ternational cryptography research in recent years Since the STC Secure Two Party Computation is a special case of SMC and our scheme only involves two parties patients and hospitals In the following we only consider the two party case and the basic framework is two participants m 1 and m 2 They co operate to compute the function y f x 1 x 2 for obtaining the re sults without disclosing their private inputs x 1 and x 2 3 2 Bilinear pairings Let n be a prime number and let G and G T be two multiplica tive cyclic groups with the same order n Note that the n q 1 q 2 is the product of two primes q 1 and q 2 and let g be a generator of G Defi nition 1 A bilinear pairing on G G T is a map e G G G T that satisfi es the following conditions 1 bilinearity For all u v G and a b Z n we have e u a v b e u v ab 2 nondegeneracy e g g 1 G T 3 computability e u v can be computed effi ciently for all u v G D Li X Liao and T Xiang et al Computers Gentry and Boneh 2009 Waters 2013 cannot be used yet in practice Our proposed self serviced medical diagnosis scheme only involves the addition operation of HE Therefore we choose an additively homomorphic encryption scheme in this pa per which is defi ned as follows Defi nition 2 Additively Homomorphic Encryption A public key encryption scheme Enc is additively homomorphic if it has a valid operation that is not dominated by any secret keys For any pair of plaintexts x 1 x 2 Enc x 1 Enc x 2 Enc x 1 x 2 The symbol indicates that the product of any pair of ci phertexts x 1 and x 2 equals to the addition of the ciphertexts x 1 and x 2 For the sake of simplicity is used instead of in the following Note that when one calculates ciphertext of nx which actually adds x with n times it is expressed as E nc x n E nc nx 4 Our proposed scheme In this section we introduce how our privacy preserving self serviced medical diagnosis scheme allows patients to make self serviced medical diagnoses with their own medical health data in detail The core of the framework for our scheme can be summa rized in Fig 3 and the simplifi ed fl ow chart of the self serviced medical diagnosis scheme is shown in Fig 4 The proposed scheme is divided into four phases the privacy preserving access control stage the data input stage the compu tation stage and the output stage Next we describe these four stages in detail Privacy preserving access control stage Here we use the DAC strategy to realize the privacy preserving access control First we assume that the patient has submitted a registration to the hospital When a patient asks about his her ill ness the hospital fi rst authenticates the patient s identity which is as follows To achieve the authentication the patient P fi rst chooses x Z n as a secret key sk computes g x as a public key pk and chooses two secure cryptographic hash functions H where H 0 1 Z q In addition the patient P makes a signature as Si g P H I D P P timestamp sk by using his her private key sk where timestamp is the current timestamp which can resist the potential replay attack If a patient P wants to access a hospital s disease treatment re sources the hospital fi rst checks the timestamp and the signature Fig 3 Privacy preserving self serviced medical diagnosis scheme Fig 4 Simplifi ed fl ow chart of the scheme Sig P to verify its validity such as verifying whether e g Si g P e pk H I D P P timestamp If it does hold the signature is ac cepted since e g Si g P e g H I D P P timestamp sk e pk H I D P P timestamp 6 D Li X Liao and T Xiang et al Computers the other is the plaintext in unsecure transmission channel is easily eavesdropped Fortunately the data in our scheme and the other two schemes are all encrypted and the trans mission channel is assumed to be secure thus all of the three schemes are secure to resist external eavesdropping attacks 4 Replaying attack In our scheme we introduce a privacy preserving access control where the identity authentication as an important part of the privacy preserving access control can defend against the replaying attack since we have added the timestamp However the other two schemes do not in volve patient s identifi cation which focus on how to protect the data Therefore they cannot defend against the replaying attack In conclusion our privacy preserving medical diagnosis scheme can resist more types of attacks and has relative higher security which is conductive to protecting patient s privacy and confi den tiality of the diagnostic model 8 Related work In this section we briefl y analyze the existing technologies for data privacy protection Li et al 2016 proposed a privacy preserving data over collection in the smart city which is purely based on the mobile cloud framework Different from our data privacy protection method their work divides the privacy data into privacy protec tion level from 1 to 3 such as the privacy protection level of lo cation data is 3 photo data is 3 or 2 and audio and video data is 1 Their scheme divides the privacy data into privacy protection level from 1 to 3 which is an active approach to obliterate the data over collection and the security of user s data can be signifi cantly improved However the fi rst step of their approach is that the data must be classifi ed It is not easy to achieve this classifi cation Moreover it is very complicated to classify a kind of data into different levels of privacy preserving For example a user s al bum has two photos in it One is a picture of an ordinary fi le that can be downloaded online and the other is a printed picture of confi dential data Obviously the two pictures should be assigned different levels of privacy preserving but the computer can hardly tell the difference between the two photos Dai et al 2017 In our scheme many diffi culties arising from the classifi cation of user s data privacy protection are avoided and the scheme also makes the data privacy protection of users be more easily realized Ref Machanavajjhala et al 2006 Sweeney 2002 are based on traditional data anonymization techniques which protect the patient s identity by removing personal identifi es such as the user s name and address Other approaches are blurring quasi identifi es such as age and gender within subpopulation These approaches have advocated the least amount of irreversible anonymization operation on the premise of not revealing user pri vacy reducing the probability that the attacker obtains sensitive information of the user and ensuring the authenticity of the data Anonymized data can be securely shared with third parties and even posted to the network However the patient s query data al ways contain personal privacy data such as blood types It lim ited the patient to enjoy a high qua