SPOT: Secure and Privacy-preserving prOximiTy protocol for e-healthcare systems

TL;DR

SPOT is a novel protocol for e-healthcare that ensures secure, privacy-preserving proximity detection, preventing malicious collusion, supporting user anonymity, and demonstrating practical efficiency through detailed security analysis.

Contribution

It introduces SPOT, the first protocol to prevent malicious collusion and false positives while maintaining user privacy and scalability in e-healthcare proximity systems.

Findings

SPOT effectively prevents malicious user collusion.

The protocol supports user anonymity and unlinkability.

Implementation shows acceptable computational and communication overhead.

Abstract

This paper introduces SPOT, a Secure and Privacy-preserving prOximity based protocol for e-healthcare systems. It relies on a distributed proxy-based approach to preserve users' privacy and a semi-trusted computing server to ensure data consistency and integrity. The proposed protocol ensures a balance between security, privacy and scalability. As far as we know, in terms of security, SPOT is the first one to prevent malicious users from colluding and generating false positives. In terms of privacy, SPOT supports both anonymity of users being in proximity of infected people and unlinkability of contact information issued by the same user. A concrete construction based on structure-preserving signatures and NIWI proofs is proposed and a detailed security and privacy analysis proves that SPOT is secure under standard assumptions. In terms of scalability, SPOT's procedures and algorithms are implemented to show its efficiency and practical usability with acceptable computation and communication overhead.