Table 3.
Summary for e-health data security and privacy studies.
| Ref. | Target Security Concern | Target Security Requirement | Security Solution | Strength | Weakness |
|---|---|---|---|---|---|
| [21] | - Unauthorized access - Data disclosure - Data tampering |
- Access restriction - Confidentiality - Anonymity - Accountability |
- Access Control - Anonymization |
Anonymization and access control according to the sensitivity of e-health data | The current anonymization method has some vulnerabilities that could lead to re-identification |
| [22] | - Unauthorized access - Data disclosure - Data loss - Data tampering - Data forgery |
- Access restriction - Confidentiality - Integrity - Availability - Accountability |
- Access Control - Blockchain (Hyperledger Fabric) |
No single point of failure (SPoF) problem and the emergency scenario is considered | Emergency access permission could be abused and access control requires a transaction fee |
| [23] | - Unauthorized access - Data disclosure - Data loss - Data tampering - Data forgery |
- Access restriction - Confidentiality - Integrity |
- Access Control - Blockchain (Ethereum) |
No SPoF problem and employing an off-chain scaling method to solve the scalability problem of blockchain | Lack of fine-grained access control and access control requires a transaction fee |
| [24] | - Unauthorized access - Data disclosure - Data loss - Data tampering - Data forgery |
- Access restriction - Confidentiality - Integrity - Accountability |
- Access Control - AES - Blockchain |
A user can revoke permission to access their e-health data from medical staff at any time | Symmetric key was shared to control access; therefore, once a key has been shared with someone or compromised, the key should be updated and related e-health data should be re-encrypted |
| [27] | - Data disclosure | - Confidentiality | - AES - RSA - Steganography |
Discrete wavelet transform is compatible with compression and has resistance to geometric distortions | IoT is a target environment; however, AES and RSA that require high computational power were used |
| [28] | - Data disclosure | - Confidentiality | - Quaternion-based Encryption | Fast computation speed for the encryption of a large volume of e-health data | The computation speed could be increased if the decomposition process were omitted |
| [29] | - Data disclosure | - Confidentiality | - ECEM-based Encryption | Differential attack resistance | Performance should be evaluated on diverse medical images |
| [36] | - Data disclosure - Data tampering - Data loss - Data forgery |
- Confidentiality - Integrity - Anonymity - Accountability |
- AES - Blockchain |
No SPoF problem and medical data can be securely preserved with the blockchain | The transaction fee is relatively high compared to conventional data storage |
| [37] | - Data disclosure - Data tampering - Data loss - Data forgery |
- Access restriction - Confidentiality - Integrity - Anonymity - Accountability |
- Access Control - Blockchain |
Efficient consensus mechanism and access control protocol for e-health data were also proposed | Access should be able to be delegated to related medical staff or other people in a secure manner for flexible data sharing |
| [38] | - Data disclosure - Data tampering - Data loss - Data forgery |
- Integrity - Accountability |
- Blockchain | Blockchain only records URLs instead of medical images that have a large data size | Since real images are stored in the hospital’s database, both the blockchain and endpoints should be properly protected |
| [39] | - Data disclosure | - Confidentiality | - Rijndael encryption - Steganography |
Fast processing time and high embedding capacity based on LSB | Message capacity could be increased with noise cancellation and data reduction |
| [40] | - Data disclosure - Data tampering |
- Confidentiality - Integrity |
- AES - Steganography |
It considered both confidentiality and integrity and had high capacity, robustness, and imperceptibility | An error control mechanism should be adopted for a robust steganography method |
| [41] | - Data disclosure - Data tampering - Data forgery |
- Confidentiality - Integrity |
- Watermarking | Resistance to sharpening and blurring attacks while maintaining acceptable imperceptibility | A tracking key that makes the proposed scheme reversible has to be transmitted with each medical image |
| [42] | - Data disclosure - Data tampering - Data forgery |
- Confidentiality - Integrity |
- Watermarking | Proposes an effective scheme to localize and restore tampered pixels and regions | Various tampering attacks on image resizing, skewing, and rotating should be studied |