Subversion-Resistant Autonomous Path Proxy Re-Encryption With Secure Deduplication for IoMT

The Internet of Medical Things (IoMT) consists of many resource-constrained medical devices that provide patients with medical services anytime and anywhere. In such an environment, the collection and sharing of medical records raise serious security concerns. Although various cryptographic schemes have been proposed, most fail to address two critical threats simultaneously: (i) sensitive data exposure caused by external cloud servers and/or open network environments; (ii) algorithm substitution attacks (ASAs) by internal adversaries. Furthermore, when data owners (e.g., delegators) are inconvenient to process their data, it is desirable to establish a more fine-grained way to delegate encryption rights. To tackle these issues, we propose a subversion-resistant autonomous path proxy re-encryption with an equality test function (SRAP-PRET). Specifically, our scheme allows the delegator to create a multi-hop delegation path in advance with the delegator's preferences, effectively preventing unauthorized access. By deploying a cryptographic reverse firewall zone, SRAP-PRET addresses the problem of information leakage caused by adversaries initiating ASAs. Additionally, SRAP-PRET also supports secure deduplication and efficient data decryption. Security analysis shows that SRAP-PRET provides resistance against ASAs and security against chosen plaintext attacks. Performance evaluations demonstrate that SRAP-PRET offers enhanced security properties without sacrificing efficiency.