The Pseudonymous Certificates for Healthcare Systems

TL;DR

This paper introduces a pseudonymous certificate system for healthcare that enhances data security and privacy using modified butterfly key expansion and elliptic curve cryptography, ensuring efficient and secure device identification and data transmission.

Contribution

It proposes a novel pseudonymous certificate framework for healthcare systems, modifying BKE and applying ECC to improve security and efficiency in device authentication and data integrity.

Findings

System verified for security strength using NIST standards

Key expansion time allows over 18 keys per second at 256-bit security

Enhanced privacy and data integrity in healthcare device communication

Abstract

This study mainly modifies the butterfly key expansion (BKE) mechanism and applies it to the healthcare system. The system mainly includes a Root Certificate Authority (RCA), an Enrollment Certificate Authority (ECA), a Pseudonym Certificate Authority (PCA), a Registration Authority (RA), and End Entities (EEs)(i.e. user devices). Certificates can be issued by the RCA to the ECA, PCA, and RA to make them legal entities in the system. The ECA then issues device certificates (similar to identification cards for devices) to the EEs (e.g. blood pressure monitors). When patients use EEs to measure physiological information, the RA verifies that the EE is legal based on the issued multiple pseudonym certificates by the PCA. The EE then uses the pseudonym certificates to send physiological information to the RA, ensuring data integrity and non-repudiation, while also preventing identity information from being stolen. To verify the pseudonymous certificate-based healthcare system proposed in this study, the security of the system was verified using the security strengths defined by the National Institute of Standards and Technology (NIST) in the United States. Furthermore, as the BKE mechanism is primarily based on Elliptic Curve Cryptography (ECC), this study also verified the efficiency under different security strengths. Furthermore, under 256 of security strength, the mean computation time of key expansion is between 24186.584 microseconds and 57894.552 microseconds, so more than 18 public keys could be generated in one second.