计算机科学 ›› 2018, Vol. 45 ›› Issue (10): 172-177.doi: 10.11896/j.issn.1002-137X.2018.10.032
闫铭1, 张应辉1,2,3, 郑东1,2, 吕柳迪1, 苏昊楠1
YAN Ming1, ZHANG Ying-hui1,2,3, ZHENG Dong1,2, LV Liu-di1, SU Hao-nan1
摘要: 在电子健康记录系统(E-Healthcare Record Systems,EHRS)中,一些方案利用密钥策略ABE(KP-ABE)来保护隐私。由用户指定一个访问策略,密文只有与访问策略相匹配时才能被解密。现有的KP-ABE要求在生成密钥期间必须先确定访问策略,这在EHRS中是不可行的,因为有时访问策略在密钥生成后才被决定。基于KP-ABE,提出一种灵活访问且模糊可搜索的EHR云服务系统。该系统不仅实现了基于关键字容错的云端密文搜索,而且允许用户重新定义访问策略并为之生成密钥,因此一个精确的访问策略将不再是必需的。最后,证明了该方案的安全性。
中图分类号:
[1]HOHENBERGER S,WATERS B.Attribute-Based Encryption with Fast Decryption[M]∥Public-Key Cryptography-PKC 2013.Springer Berlin Heidelberg,2013:162-179. [2]ZHANG Y H,ZHENG D,LI J,et al.Attribute directly-revocable attribute-based encryption with constant ciphertext length[J].Journal of Cryptologic Research,2014,1(5):465-480.(in Chinese) 张应辉,郑东,李进,等.密文长度恒定且属性直接可撤销的基于属性的加密[J].密码学报,2014,1(5):465-480. [3]LI S,XU M Z.Attribute-based searchable encryption scheme[J].Chinese Journal of Computers,2014,37(5):1017-1024.(in Chinese) 李双,徐茂智.基于属性的可搜索加密方案[J].计算机学报,2014,37(5):1017-1024. [4]LI M,YU S,ZHENG Y,et al.Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption[J].IEEE Transactions on Parallel & Distri-buted Systems,2012,24(1):131-143. [5]GOYAL V,JAIN A,PANDEY O,et al.Bounded Ciphertext Policy Attribute Based Encryption[M]∥Automata,Languages and Programming.DBLP,2008:579-591. [6]WATERS B.Ciphertext-Policy Attribute-Based Encryption:An Expressive,Efficient,and Provably Secure Realization[C]∥Public Key Cryptograpy-PKC 2011.Springer Berlin Heidelberg,2011:53-70. [7]DENG H,WU Q,QIN B,et al.Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts[J].Information Sciences,2014,275(11):370-384. [8]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]∥Proceedings of ACM CCS.2006:89-98. [9]ROUSELAKIS Y,WATERS B.Practical constructions and new proof methods for large universe attribute-based encryption[C]∥ACM Sigsac Conference on Computer & Communications Security.ACM,2013:463-474. [10]LEWKO A,WATERS B.Unbounded HIBE and Attribute- Based Encryption[C]∥International Conference on Theory and Applications of Cryptographic Techniques:Advances in Crypto-logy.Springer-Verlag,2011:547-567. [11]JUNG T,LI X Y,WAN Z,et al.Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption[J].IEEE Transactions on Information Forensics & Security,2014,10(1):190-199. [12]SUN W,WANG B,CAO N,et al.Privacy-preserving multi-keyword text search in the cloud supporting similarity-based ran-king[J].IEEE Transactions on Parallel & Distributed Systems,2014,25(11):3025-3035. [13]SUN W,LIU X,LOU W,et al.Catch you if you lie to me:Effi- cient verifiable conjunctive keyword search over large dynamic encrypted cloud data[C]∥IEEE Conference on Proc of the Computer Communications (INFOCOM).IEEE,2015:2110-2118. [14]YANG B,PANG X Q,DU J Q,et al.Effective Error-Tolerant Keyword Search for Secure Cloud Computing[J].Journal of Computer Science and Technology,2014,29(1):81-89. [15]WAN Z,LIU J,DENG R H.HASBE:A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing[M].New York:IEEE Press,2012. [16]LEWKO A,OKAMOTO T,SAHAI A,et al.Fully Secure Functional Encryption:Attribute-Based Encryption and (Hierarchical)Inner Product Encryption[M]∥Advances in Cryptology-EUROCRYPT 2010.Springer Berlin Heidelberg,2010:62-91. [17]WATERS B.Dual System Encryption:RealizingFully Secure IBE and HIBE under Simple Assumptions[C]∥International Cryptology Conference on Advances in Cryptology.Springer-Verlag,2009:619-636. |
[1] | 郭鹏军, 张泾周, 杨远帆, 阳申湘. 飞机机内无线通信网络架构与接入控制算法研究 Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft 计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220 |
[2] | 阳真, 黄松, 郑长友. 基于区块链与改进CP-ABE的众测知识产权保护技术研究 Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE 计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075 |
[3] | 高诗尧, 陈燕俐, 许玉岚. 云环境下基于属性的多关键字可搜索加密方案 Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing 计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214 |
[4] | 郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪. 基于区块链的工业控制系统角色委派访问控制机制 Blockchain-based Role-Delegation Access Control for Industrial Control System 计算机科学, 2021, 48(9): 306-316. https://doi.org/10.11896/jsjkx.210300235 |
[5] | 程学林, 杨小虎, 卓崇魁. 基于组织架构的数据权限控制模型研究与实现 Research and Implementation of Data Authority Control Model Based on Organization 计算机科学, 2021, 48(6A): 558-562. https://doi.org/10.11896/jsjkx.200700127 |
[6] | 潘瑞杰, 王高才, 黄珩逸. 云计算下基于动态用户信任度的属性访问控制 Attribute Access Control Based on Dynamic User Trust in Cloud Computing 计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013 |
[7] | 曹萌, 于洋, 梁英, 史红周. 基于区块链的大数据交易关键技术与发展趋势 Key Technologies and Development Trends of Big Data Trade Based on Blockchain 计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163 |
[8] | 何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳. 多云环境中基于属性加密的高效多关键词检索方案 Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment 计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026 |
[9] | 李杭, 李维华, 陈伟, 杨仙明, 曾程. 基于Node2vec和知识注意力机制的诊断预测 Diagnostic Prediction Based on Node2vec and Knowledge Attention Mechanisms 计算机科学, 2021, 48(11A): 630-637. https://doi.org/10.11896/jsjkx.210300070 |
[10] | 徐堃, 付印金, 陈卫卫, 张亚男. 基于区块链的云存储安全研究进展 Research Progress on Blockchain-based Cloud Storage Security Mechanism 计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015 |
[11] | 王静宇, 刘思睿. 大数据风险访问控制研究进展 Research Progress on Risk Access Control 计算机科学, 2020, 47(7): 56-65. https://doi.org/10.11896/jsjkx.190700157 |
[12] | 顾荣杰, 吴治平, 石焕. 基于TFR 模型的公安云平台数据分级分类安全访问控制模型研究 New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model 计算机科学, 2020, 47(6A): 400-403. https://doi.org/10.11896/JsJkx.191000066 |
[13] | 潘恒, 李景峰, 马君虎. 可抵御内部威胁的角色动态调整算法 Role Dynamic Adjustment Algorithm for Resisting Insider Threat 计算机科学, 2020, 47(5): 313-318. https://doi.org/10.11896/jsjkx.190800051 |
[14] | 王辉, 刘玉祥, 曹顺湘, 周明明. 融入区块链技术的医疗数据存储机制 Medical Data Storage Mechanism Integrating Blockchain Technology 计算机科学, 2020, 47(4): 285-291. https://doi.org/10.11896/jsjkx.190400001 |
[15] | 屠袁飞,张成真. 面向云端的安全高效的电子健康记录 Secure and Efficient Electronic Health Records for Cloud 计算机科学, 2020, 47(2): 294-299. https://doi.org/10.11896/jsjkx.181202256 |
|