Analysis and improvement of a fair remote retrieval protocol for private medical records

摘要

Cloud computing, as a new-generation IT architecture, offers an applicable approach for the medical storage and exchange in electronic health networks. However, it also brings the security and privacy concerns because patients lost physical control of their health information. Therefore, it is critical to maintain fairly retrievable to the private medical records over suspicious cloud servers. Wang proposed a fair remote retrieval (FRR) model to enable an independent third party to secure that it is integrated and retrievable to outsource private medical records. One distinctive feature of FRR is to support and address the medical tangle between hospitals and patients, and employ a committee to recover the necessary original data. Unfortunately, FRR cannot ensure the integrity of the remote medical records as claimed. Specifically, a malicious cloud server could cheat the verifier that its medical information were well-maintained. But in fact, it only holds the hash values of the original data. Moreover, it can generate a valid but malicious response without being detected by the verifier, and all the medical records are discarded with the help of tag queries. Finally, we present an improved protocol named an improved fair remote retrieval protocol (IFR)2 to fix the security minor faults with preserving all the properties of FRR. Copyright © 2015 John Wiley & Sons, Ltd.