计算机科学

计算机科学 ›› 2022, Vol. 49 ›› Issue (3): 77-85.doi: 10.11896/jsjkx.210800001

• 新兴分布式计算技术与系统* 上一篇    下一篇

支持访问策略隐藏和密钥追踪的轻量级医疗数据共享方案

王梦宇1, 殷新春1,2, 宁建廷3,4   

  1. 1 扬州大学信息工程学院 江苏 扬州225127
    2 扬州大学广陵学院 江苏 扬州225128
    3 福建师范大学计算机与网络空间安全学院 福州350007
    4 中国科学院信息安全国家重点实验室 北京100093
  • 收稿日期:2021-07-30 修回日期:2021-09-04 出版日期:2022-03-15 发布日期:2022-03-15
  • 通讯作者: 殷新春(xcyin@yzu.edu.cn)
  • 作者简介:(MZ120200892@yzu.edu.cn)
  • 基金资助:
    国家自然科学基金(61972094)

Lightweight Medical Data Sharing Scheme with Access Policy Hiding and Key Tracking

WANG Meng-yu1, YIN Xin-chun1,2, NING Jian-ting3,4   

  1. 1 College of Information Engineering,Yangzhou University,Yangzhou,Jiangsu 225127,China
    2 Guangling College of Yangzhou University,Yangzhou,Jiangsu 225128,China
    3 College of Computer and Cyber Security,Fujian Normal University,Fuzhou 350007,China
    4 State Key Laboratory of Information Security,Chinese Academy of Sciences,Beijing 100093,China
  • Received:2021-07-30 Revised:2021-09-04 Online:2022-03-15 Published:2022-03-15
  • About author:WANG Meng-yu,born in 1997,postgraduate,is a member of China Computer Federation.His main research interests include attribute based encryption and information safety.
    YIN Xin-chun,born in 1962,Ph.D,professor,Ph.D supervisor,is a senior member of China Computer Federation.His main research interests include cryptology,software quality assurance and high performance computing.
  • Supported by:
    National Natural Science Foundation of China(61972094).

PDF (PC)

506

摘要: 在传统的密文策略属性基加密(Ciphertext-Policy Attribute-Based,CP-ABE)方案中,访问策略是显式存在的,这可能会泄露数据所有者的隐私,在医疗场景中会给数据所有者带来潜在的安全隐患,因此支持访问策略隐藏的方案被陆续提出。但是多数方案在实现解密测试的过程中需要生成冗余密文或密钥组件,增加了数据所有者的计算开销和数据用户的存储开销。同时,恶意用户可能会受利益驱使,泄露其解密密钥。为了解决以上问题,提出了一个支持访问策略隐藏和密钥追踪的轻量级医疗数据共享方案。首先,采用SGX(Software Guard Extensions)技术,预先将部分主密钥存放在Enclave中,便于准确且快速地计算出测试结果,避免生成冗余密文和密钥组件;然后,为了降低用户的计算开销,同时保证解密结果的正确性和完整性,采用可验证外包技术;最后,通过在数据用户的解密密钥中嵌入身份标识实现了密钥追踪。性能分析表明,该方案在功能和开销上都具备一定的优势,安全性分析证明了该方案在选择明文攻击下是安全的。

关键词: 策略隐藏, 解密测试, 可验证外包, 密钥追踪

Abstract: In the traditional ciphertext-policy attribute-based encryption (CP-ABE) scheme,the access policy exists together with the ciphertext.This may leak the privacy of the data owner and bring potential security risks to the data owner in medicalscena-rios Therefore,solutions supporting access policy hiding have been proposed.However,most solutions need to generate redundant ciphertexts or key components in the process of implementing the decryption test,which increases the computing overhead of data owners and the storage overhead of data users.At the same time,malicious users may be motivated by its own interest to reveal their decryption keys.In order to solve the problems above,a lightweight medical data sharing scheme with access policy hiding and key tracking is proposed.Firstly,part of the master key is stored in the Enclave in advance by using software guard extensions(SGX) technology,so that the test results can be calculated accurately and quickly,and the generation of redundant ciphertexts and key components are avoided.Then,verifiable outsourcing technology is employed to reduce user’s computing overhead,ensuring the correctness and completeness of decryption result.Finally,key tracking is realized by embedding the identity identifier in the decryption key of the data user.Performance analysis shows that the proposed scheme has certain advantages in terms of function and computing.The security analysis proves that the proposed scheme is secure under the selected plaintext attack.

Key words: Decryption test, Key tracking, Strategy hiding, Verifiable outsourcing

中图分类号: 

  • TP309
[1]HU G,ZHANG L,MU Y,et al.An expressive “test-decrypt-verify” attribute-based encryption scheme with hidden policy for smart medical cloud[J].IEEE Systems Journal,2021,15(1):365-376.
[2]TANG H F.Research on security access and privacy protection mechanism in medical cloud[D].Xi’an:Xidian University,2020.
[3]NIUS U,LIU W K,CHEN L X,et al.Data Sharing Scheme ofElectronic Medical Record Based on Proxy Re-Encryption[J].Computer Engineering,2021,47(6):164-171.
[4]SAHAI A,WATERS B.Fuzzy identity-based encryption [C]//Proceedings of the 2005 Annual International Conference on the Theory and Applications of Cryptographic Techniques,LNCS 3494.Berlin:Springer,2005:457-473.
[5]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.New York:ACM,2006:89-98.
[6]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy.Piscataway:IEEE,2007:321-334.
[7]LEWKO A,OKAMOTO T,SAHAI A,et al.Fully secure functional encryption:attribute-based encryption and (hierarchical) inner product encryption[C]//Proceedings of the 29th Annual International Conference on Theory and Applications of Cryptographic Techniques.2010:62-91.
[8]CHEUNG L,NEWPORT C.Provably secure ciphertext policyABE[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.ACM,2007:456-465.
[9]NISHIDE T,YONEYAMA K,OHTA K.Attribute-based en-cryption with partially hidden encryptor-specified access structures[C]//Proceedings of the 2008 International Conference on Applied Cryptography and Net-work Security.Springer-Verlag,2008:111-129.
[10]LAI J,DENG R H,LI Y.Expressive CP-ABE with partially hidden access structures [C]//Proceedings of the 7th ACM Symposium on Information,Computer and Communications Security.New York:ACM,2012:18-19.
[11]CUI H,DENG R,LAI J,et al.An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures,revisited[J].Computer Networks,2018,133:157-165.
[12]NING J,HUANG X,SUSILO W,et al.Dual access control forcloud-based data storage and sharing[J/OL].IEEE Transactions on Dependable and Secure Computing.https://doi.org/10.1109/TDSC.2020.3011525.
[13]ZHU X D,ZHANG Y Y,YAO R K,et al.Research on Government Information Opening and Sharing Model and Application Based on Blockchain[J].Journal of Chongqing Technology and Business University(Natural Science Edition),2020,37(5):122-128.
[14]HUANG Z Z,ZHANG X D,ZHAO J H,et al.Design of know-ledge sharing mechanism based on blockchain[J].Journal of Chongqing University of Technology(Natural Science),2021,35(9):143-151.
[15]NING J,DONG X,CAO Z,et al.White-box traceable cipher-text-policy attribute-based encryption supporting flexible attri-butes[J].IEEE Transactions on Information Forensics & Security,2015,10(6):1274-1288.
[16]ZENG P,ZHANG Z,LU R,et al.Efficient policy-hiding andlarge universe attribute-based encryption with public traceability for internet of medical things[J].IEEE Internet of Things Journal,2021,8(13):10963-10972.
[17]MCKEEN F,ALEXANDROVICH I,BERENZON A,et al.Innovative instructions and software model for isolated execution[J/OL].Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy.https://doi.org/10.1145/2487726.2488368.
[18]XIE Y,MIAO F Y,BAI J F.Secret sharing scheme with general access structure based on integer programming[J].Computer Engineering,2019,45(6):165-170.
[19]ROUSELAKIS Y,WATERS B.Practical constructions and new proof methods for large universe attribute-based encryption[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security.2013:463-474.
[20]BONEH D,BOYEN X,SHACHAM H.Short group signatures[C]//Proceeding of the 24th Annual International Cryptology Conference.2004:41-55.
[21]SHINDE S,CHUA Z L,NARAYANAN V,et al.Preventingyour faults from telling your secrets:defenses against pigeonhole attacks[C]//Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security.2016:317-328.
[22]FISCH B,VINAYAGAMURTHY D,BONEH D,et al.Iron:functional encryption using Intel SGX[C]//Proceedings of the 2017 ACM SIGSAC Conference.2017:765-782.
[23]ROUSELAKIS Y,WATERS B.New constructions and proofmethods for large universe attribute-based encryption[C]//Proceedings of the ACM Conference on Computer and Communications Security.2013:463-474.
[24]LIU L,LAI J,DENG R,et al.Ciphertext-policy attribute-based encryption with partially hidden access structure and its application to privacy-preserving electronic medical record system in cloud environment[C]//Proceedings of the Security and Communication Networks.2016:4897-4913.
[25]CARO D A,LOVINO V.Java pairing based cryptography[C]//Proceedings of the 2011 IEEE Symposium on Computers and Communications.2011:850-855.
[1] 刘胜杰, 王静.
云环境下SNS隐私保护方案
Privacy Preserving Scheme for SNS in Cloud Environment
计算机科学, 2019, 46(2): 133-138. https://doi.org/10.11896/j.issn.1002-137X.2019.02.021
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发