Compliance with HIPAA and GDPR in Certificateless-Based Authenticated Key Agreement Using Extended Chaotic Maps

Abstract

Electronically protected health information is held in computerized healthcare records that contain complete healthcare information and are easily shareable or retrieved by various health care providers via the Internet. The two most important concerns regarding their use involve the security of the Internet and the privacy of patients. To protect the privacy of patients, various regions of the world maintain privacy standards. These are set, for example, by the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the General Data Protection Regulation (GDPR) in Europe. Most recently developed authenticated key agreement schemes for HIPAA and GDPR privacy/security involve modular exponential computations or scalar multiplications on elliptic curves to provide higher security, but they are computationally heavy and therefore costly to implement. Recent studies have shown that cryptosystems that use modular exponential computation and scalar multiplication on elliptic curves are less efficient than those based on Chebyshev chaotic maps. Therefore, this investigation develops a secure and efficient non-certificate-based authenticated key agreement scheme that uses lightweight operations, including Chebyshev chaotic maps and hash operations. The proposed scheme overcomes the limitations of alternative schemes, is computationally more efficient, and provides more functionality. The proposed scheme complies with the privacy principles of HIPAA and GDPR.