부산대학교 도서관

Recent technological developments in the wearable devices (WDs) and smartphones enabled ubiquitous and always-on monitoring of the users' movements. WDs collect the sensitive and personal information associated with a user's health and send the collected information to the user's terminal or smart device (SD). The SD allows the user to store the collected information on the cloud server (CSE) for subsequent sharing with other users, such as doctors. The data storage and sharing process thus performed is prone to various security challenges, which mandate a reliable and authenticated data storage and a secure data sharing mechanism. This article presents an access control scheme based on an authenticated encryption algorithm, called elliptic curve cryptography, and hash function. The scheme allows users to get authenticated and establish a session key (SK) with CSE. The establishment of SK enables users to securely store the data in the storage module of CSE. Additionally, before storing, the user encrypts the data using a secret key derived from the users' bio-metric information. Moreover, the scheme allows a user to share his data with other users without requiring the security constraints implemented by the cloud service providers. The security of the SK established under the scheme is validated formally through Scyther and the random oracle models. Moreover, informal analysis is conducted, which illustrates that the proposed scheme is resilient against various security attacks. Finally, the proposed scheme is compared with the existing scheme to ensure its efficiency and superior security features.