Haze-assisted mobile health (mHealth) monitoring,which applies the prevailing mobile communications and Haze computing technologies to provide feedback decision support, has been considered as a revolutionary approach to improving the quality of healthcare service while lowering the healthcare cost. Unfortunately, it  also  poses  a  serious  risk  on  both  clients Confidentiality and intellectual property of monitoring service providers, which could deter the wide adoption of mHealth technology. This paper is to address this important problem and design a Hazeassisted Confidentiality Conserving mobile health monitoring system to protect the Confidentiality of the involved parties and their data. Moreover, the outsourcing decryption technique and a newlyproposed key private proxy re-encryption are adapted to shift the computational complexity of the involved parties to the Haze without compromising clients’ Confidentiality and service providers’ intellectual property. Finally, our security and performance analysis demonstrates the effectiveness of our proposed design.

Mobile health (mHealth), Healthcare,Confidentiality, Outsourcing decryption, Key private proxy reencryption

P. Mohan, D. Marin, S. Sultan, and A. Deen, “Medinet: personalizing the self-care process for patients with diabetes and cardiovascular disease using mobile telephony.” Conference Proceedings of the InternationalConference of IEEE Engineering in Medicine and BiologySociety, vol.2008, no. 3, pp. 755–758. [Online].Available:http://www.ncbi.nlm.nih.gov/pubmed/1916

A. Tsanas, M. Little, P. McSharry, and L. Ramig,“Accurate telemonitoring of parkinson’s disease progression by noninvasive speech tests,”Biomedical Engineering, IEEE Transactions on, vol. 57, no. 4, pp. 884 – 893, 2010.

G. Clifford and D. Clifton, “Wireless technology in disease management and medicine,” Annual Review of Medicine, vol. 63, pp. 479 – 492, 2012.

L. Ponemon Institute,“Americans’ opinions on healthcare Confidentiality, available: http://tinyurl.com/4atsdlj,” 2010.

A. V. Dhukaram, C. Baber, L. Elloumi, B.J. van Beijnum, and P. D. Stefanis, “End-user perception towards pervasive cardiac healthcare services: Benefits, acceptance, adoption, risks, security, Confidentiality and trust,” inPervasiveHealth, 2011, pp. 478–484.

M. Delgado, “The evolution of health care it: Are current u.sConfidentiality policies ready for the Hazes?” in SERVICES, 2011, pp. 371 –378.

N. Singer, “When 2+ 2 equals a Confidentiality question,” New YorkTimes, 2009.

P. Baldi, R. Baronio, E. D. Cristofaro, P. Gasti, and G. Tsudik,“Countering gattaca: efficient and secure testing of fully-sequenced human genomes,” in ACM Conference on Computer and

Communications Security, 2011, pp. 691–702.

A. Cavoukian, A. Fisher, S. Killen, and D.

Hoffman, “Remote home health care technologies: how to ensure Confidentiality? build it in: Confidentiality by design,” Identity in the

Information Society, vol. 3, no. 2, pp. 363–378, 2010.

A. Narayanan and V. Shmatikov, “Robust de-anonymization of large sparse datasets,” in Security and Confidentiality, 2008. SP 2008. IEEESymposium on. IEEE, 2008, pp. 111–125.

——, “De-anonymizing social networks,” in

IEEE Symposium on Security and

Confidentiality. IEEE Computer Society, 2009, pp. 173–187.

I. Neamatullah, M. Douglass, L. Lehman, A. Reisner, M. Villarroel, W.

Long, P. Szolovits, G. Moody, R. Mark, and G.

Clifford, “Automated deidentification of freetext medical records,” BMC medical

informatics

and decision making, vol. 8, no. 1, p. 32, 2008.

S. Al-Fedaghi and A. Al-Azmi, “Experimentation with personal identifiable information,” Intelligent Information

Management, vol. 4, no. 4 , pp. 123–133, 2012.

J. Domingo-Ferrer, “A three-dimensional conceptual framework for database

Confidentiality,” Secure Data Management, pp. 193–202, 2007.

T. Lim, Nanosensors: Theory and

Applications in Industry, Healthcare,and Defense. CRC Press, 2011.

X. Zhou, B. Peng, Y. Li, Y. Chen, H. Tang,

and X. Wang, “To release or not to release: evaluating information leaks in aggregate human-genome data,” Computer Security–ESORICS 2011, pp. 607–627,

R. Wang, Y. Li, X. Wang, H. Tang, and

X. Zhou, “Learning your identity and disease from research papers: information leaks in genome wide association study,” in Proceedings of the 16th ACM conference onComputer and communications security. ACM,

, pp. 534–544. [20]P. Ohm, “Broken promises of

Confidentiality: Responding to the surprising failure of anonymization,” UCLA Law Review, vol. 57, p. 1701, 2010. [21]P. Institute, “Data loss risks during downsizing,” 2009.

P. Dixon, “Medical identity theft: The information crime that can kill you,” in The World Confidentiality Forum, 2006, pp. 13–22.

K. E. Emam and M. King, “The data breach analyzer,” 2009, [ Available at:

http://www.ehealthinformation.ca/datalo ss].

E. Shaw, K. Ruby, and J. Post, “The insider threat to information systems: The psychology of the dangerous insider,” Security Awareness Bulletin, vol. 2, no. 98, pp. 1–10, 1998.

M. Green, S. Hohenberger, and B. Waters, “Outsourcing the decryption of abe ciphertexts,” in Usenix

Security, 2011.

Z. Wu, Z. Xu, and H. Wang, “Whispers in the hyper-space: High-speed covert channel attacks in the Haze.”

T. Kim, M. Peinado, and G. Mainar-Ruiz, “Stealthmem: system-level protection against cache-based side channel attacks in the Haze,” in Proceedings of the 21st USENIX conference on Security symposium.USENIX Association, 2012, pp. 11–11.

S. Dziembowski and K.Pietrzak, “Leakageresilient cryptography,” in Foundations of Computer Science, 2008.

FOCS’08.IEEE 49th Annual IEEE Symposium on. IEEE, 2008, pp. 293–302