计算机科学 ›› 2018, Vol. 45 ›› Issue (10): 172-177.doi: 10.11896/j.issn.1002-137X.2018.10.032

• 信息安全 • 上一篇    下一篇

灵活访问且模糊可搜索的EHR云服务系统

闫铭1, 张应辉1,2,3, 郑东1,2, 吕柳迪1, 苏昊楠1   

  1. 西安邮电大学无线网络安全技术国家工程实验室 西安710121 1
    卫士通摩石实验室 北京100070 2
    密码科学技术国家重点实验室 北京100878 3
  • 收稿日期:2017-09-11 出版日期:2018-11-05 发布日期:2018-11-05
  • 作者简介:闫 铭(1991-),男,硕士生,主要研究方向为网络安全与云存储;张应辉(1985-),男,博士,副教授,主要研究方向为公钥密码学、云存储安全、无线网络安全;郑 东(1964-),男,博士,教授,主要研究方向为基于编码的密码学、云存储安全;吕柳迪(1992-),女,硕士,主要研究方向为网络与信息安全;苏昊楠(1991-),女,硕士生,主要研究方向为网络与信息安全。
  • 基金资助:
    国家自然科学基金项目(61472472,61402366),陕西省自然科学基础研究计划项目(2015JQ6236,2013JZ020)资助

Flexibly Accessed and Vaguely Searchable EHR Cloud Service System

YAN Ming1, ZHANG Ying-hui1,2,3, ZHENG Dong1,2, LV Liu-di1, SU Hao-nan1   

  1. National Engineering Laboratory for Wireless Security,Xi’an University of Posts and Telecommunications,Xi’an 710121,China 1
    Westone Cryptologic Research Center,Beijing 100070,China 2 State Key Laboratory of Cryptology,Beijing 100878,China 3
  • Received:2017-09-11 Online:2018-11-05 Published:2018-11-05

摘要: 在电子健康记录系统(E-Healthcare Record Systems,EHRS)中,一些方案利用密钥策略ABE(KP-ABE)来保护隐私。由用户指定一个访问策略,密文只有与访问策略相匹配时才能被解密。现有的KP-ABE要求在生成密钥期间必须先确定访问策略,这在EHRS中是不可行的,因为有时访问策略在密钥生成后才被决定。基于KP-ABE,提出一种灵活访问且模糊可搜索的EHR云服务系统。该系统不仅实现了基于关键字容错的云端密文搜索,而且允许用户重新定义访问策略并为之生成密钥,因此一个精确的访问策略将不再是必需的。最后,证明了该方案的安全性。

关键词: 电子健康记录, 访问控制, 关键字容错, 模糊搜索, 属性加密

Abstract: In e-healthcare record systems (EHRS),some schemes exploit key-policy ABE (KP-ABE)to protect privacy.An access policy is specified by the user,and the ciphertexts can be decrypted only when they match users’ access plicy.The existing KP-ABE requires that the access policies should be confirmed first during key generation,which is not always practicable in EHRS,because the policies are sometimes confirmed after key generation.Based on KP-ABE,this paper proposed a flexibly accessed and vaguely searchable EHR cloud service system.This system not only fulfills the cloud ciphertext search based on keyword fault-tolerant technique,but also allows users to redefine their access policies and generates keys for the redefined ones,hence,a precise policy is no longer necessary.Finally,the scheme was proved to be secure.

Key words: Access control, Attribute-based encryption, E-healthcare record, Keyword fault tolerant, Vaguely searchable

中图分类号: 

  • TP309
[1]HOHENBERGER S,WATERS B.Attribute-Based Encryption with Fast Decryption[M]∥Public-Key Cryptography-PKC 2013.Springer Berlin Heidelberg,2013:162-179.
[2]ZHANG Y H,ZHENG D,LI J,et al.Attribute directly-revocable attribute-based encryption with constant ciphertext length[J].Journal of Cryptologic Research,2014,1(5):465-480.(in Chinese)
张应辉,郑东,李进,等.密文长度恒定且属性直接可撤销的基于属性的加密[J].密码学报,2014,1(5):465-480.
[3]LI S,XU M Z.Attribute-based searchable encryption scheme[J].Chinese Journal of Computers,2014,37(5):1017-1024.(in Chinese)
李双,徐茂智.基于属性的可搜索加密方案[J].计算机学报,2014,37(5):1017-1024.
[4]LI M,YU S,ZHENG Y,et al.Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption[J].IEEE Transactions on Parallel & Distri-buted Systems,2012,24(1):131-143.
[5]GOYAL V,JAIN A,PANDEY O,et al.Bounded Ciphertext Policy Attribute Based Encryption[M]∥Automata,Languages and Programming.DBLP,2008:579-591.
[6]WATERS B.Ciphertext-Policy Attribute-Based Encryption:An Expressive,Efficient,and Provably Secure Realization[C]∥Public Key Cryptograpy-PKC 2011.Springer Berlin Heidelberg,2011:53-70.
[7]DENG H,WU Q,QIN B,et al.Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts[J].Information Sciences,2014,275(11):370-384.
[8]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]∥Proceedings of ACM CCS.2006:89-98.
[9]ROUSELAKIS Y,WATERS B.Practical constructions and new proof methods for large universe attribute-based encryption[C]∥ACM Sigsac Conference on Computer & Communications Security.ACM,2013:463-474.
[10]LEWKO A,WATERS B.Unbounded HIBE and Attribute- Based Encryption[C]∥International Conference on Theory and Applications of Cryptographic Techniques:Advances in Crypto-logy.Springer-Verlag,2011:547-567.
[11]JUNG T,LI X Y,WAN Z,et al.Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption[J].IEEE Transactions on Information Forensics & Security,2014,10(1):190-199.
[12]SUN W,WANG B,CAO N,et al.Privacy-preserving multi-keyword text search in the cloud supporting similarity-based ran-king[J].IEEE Transactions on Parallel & Distributed Systems,2014,25(11):3025-3035.
[13]SUN W,LIU X,LOU W,et al.Catch you if you lie to me:Effi- cient verifiable conjunctive keyword search over large dynamic encrypted cloud data[C]∥IEEE Conference on Proc of the Computer Communications (INFOCOM).IEEE,2015:2110-2118.
[14]YANG B,PANG X Q,DU J Q,et al.Effective Error-Tolerant Keyword Search for Secure Cloud Computing[J].Journal of Computer Science and Technology,2014,29(1):81-89.
[15]WAN Z,LIU J,DENG R H.HASBE:A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing[M].New York:IEEE Press,2012.
[16]LEWKO A,OKAMOTO T,SAHAI A,et al.Fully Secure Functional Encryption:Attribute-Based Encryption and (Hierarchical)Inner Product Encryption[M]∥Advances in Cryptology-EUROCRYPT 2010.Springer Berlin Heidelberg,2010:62-91.
[17]WATERS B.Dual System Encryption:RealizingFully Secure IBE and HIBE under Simple Assumptions[C]∥International Cryptology Conference on Advances in Cryptology.Springer-Verlag,2009:619-636.
[1] 郭鹏军, 张泾周, 杨远帆, 阳申湘.
飞机机内无线通信网络架构与接入控制算法研究
Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft
计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220
[2] 阳真, 黄松, 郑长友.
基于区块链与改进CP-ABE的众测知识产权保护技术研究
Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE
计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075
[3] 高诗尧, 陈燕俐, 许玉岚.
云环境下基于属性的多关键字可搜索加密方案
Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing
计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214
[4] 郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪.
基于区块链的工业控制系统角色委派访问控制机制
Blockchain-based Role-Delegation Access Control for Industrial Control System
计算机科学, 2021, 48(9): 306-316. https://doi.org/10.11896/jsjkx.210300235
[5] 程学林, 杨小虎, 卓崇魁.
基于组织架构的数据权限控制模型研究与实现
Research and Implementation of Data Authority Control Model Based on Organization
计算机科学, 2021, 48(6A): 558-562. https://doi.org/10.11896/jsjkx.200700127
[6] 潘瑞杰, 王高才, 黄珩逸.
云计算下基于动态用户信任度的属性访问控制
Attribute Access Control Based on Dynamic User Trust in Cloud Computing
计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013
[7] 曹萌, 于洋, 梁英, 史红周.
基于区块链的大数据交易关键技术与发展趋势
Key Technologies and Development Trends of Big Data Trade Based on Blockchain
计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163
[8] 何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳.
多云环境中基于属性加密的高效多关键词检索方案
Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment
计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026
[9] 李杭, 李维华, 陈伟, 杨仙明, 曾程.
基于Node2vec和知识注意力机制的诊断预测
Diagnostic Prediction Based on Node2vec and Knowledge Attention Mechanisms
计算机科学, 2021, 48(11A): 630-637. https://doi.org/10.11896/jsjkx.210300070
[10] 徐堃, 付印金, 陈卫卫, 张亚男.
基于区块链的云存储安全研究进展
Research Progress on Blockchain-based Cloud Storage Security Mechanism
计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015
[11] 王静宇, 刘思睿.
大数据风险访问控制研究进展
Research Progress on Risk Access Control
计算机科学, 2020, 47(7): 56-65. https://doi.org/10.11896/jsjkx.190700157
[12] 顾荣杰, 吴治平, 石焕.
基于TFR 模型的公安云平台数据分级分类安全访问控制模型研究
New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model
计算机科学, 2020, 47(6A): 400-403. https://doi.org/10.11896/JsJkx.191000066
[13] 潘恒, 李景峰, 马君虎.
可抵御内部威胁的角色动态调整算法
Role Dynamic Adjustment Algorithm for Resisting Insider Threat
计算机科学, 2020, 47(5): 313-318. https://doi.org/10.11896/jsjkx.190800051
[14] 王辉, 刘玉祥, 曹顺湘, 周明明.
融入区块链技术的医疗数据存储机制
Medical Data Storage Mechanism Integrating Blockchain Technology
计算机科学, 2020, 47(4): 285-291. https://doi.org/10.11896/jsjkx.190400001
[15] 屠袁飞,张成真.
面向云端的安全高效的电子健康记录
Secure and Efficient Electronic Health Records for Cloud
计算机科学, 2020, 47(2): 294-299. https://doi.org/10.11896/jsjkx.181202256
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!