计算机科学 ›› 2022, Vol. 49 ›› Issue (3): 77-85.doi: 10.11896/jsjkx.210800001
王梦宇1, 殷新春1,2, 宁建廷3,4
WANG Meng-yu1, YIN Xin-chun1,2, NING Jian-ting3,4
摘要: 在传统的密文策略属性基加密(Ciphertext-Policy Attribute-Based,CP-ABE)方案中,访问策略是显式存在的,这可能会泄露数据所有者的隐私,在医疗场景中会给数据所有者带来潜在的安全隐患,因此支持访问策略隐藏的方案被陆续提出。但是多数方案在实现解密测试的过程中需要生成冗余密文或密钥组件,增加了数据所有者的计算开销和数据用户的存储开销。同时,恶意用户可能会受利益驱使,泄露其解密密钥。为了解决以上问题,提出了一个支持访问策略隐藏和密钥追踪的轻量级医疗数据共享方案。首先,采用SGX(Software Guard Extensions)技术,预先将部分主密钥存放在Enclave中,便于准确且快速地计算出测试结果,避免生成冗余密文和密钥组件;然后,为了降低用户的计算开销,同时保证解密结果的正确性和完整性,采用可验证外包技术;最后,通过在数据用户的解密密钥中嵌入身份标识实现了密钥追踪。性能分析表明,该方案在功能和开销上都具备一定的优势,安全性分析证明了该方案在选择明文攻击下是安全的。
中图分类号:
[1]HU G,ZHANG L,MU Y,et al.An expressive “test-decrypt-verify” attribute-based encryption scheme with hidden policy for smart medical cloud[J].IEEE Systems Journal,2021,15(1):365-376. [2]TANG H F.Research on security access and privacy protection mechanism in medical cloud[D].Xi’an:Xidian University,2020. [3]NIUS U,LIU W K,CHEN L X,et al.Data Sharing Scheme ofElectronic Medical Record Based on Proxy Re-Encryption[J].Computer Engineering,2021,47(6):164-171. [4]SAHAI A,WATERS B.Fuzzy identity-based encryption [C]//Proceedings of the 2005 Annual International Conference on the Theory and Applications of Cryptographic Techniques,LNCS 3494.Berlin:Springer,2005:457-473. [5]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.New York:ACM,2006:89-98. [6]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy.Piscataway:IEEE,2007:321-334. [7]LEWKO A,OKAMOTO T,SAHAI A,et al.Fully secure functional encryption:attribute-based encryption and (hierarchical) inner product encryption[C]//Proceedings of the 29th Annual International Conference on Theory and Applications of Cryptographic Techniques.2010:62-91. [8]CHEUNG L,NEWPORT C.Provably secure ciphertext policyABE[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.ACM,2007:456-465. [9]NISHIDE T,YONEYAMA K,OHTA K.Attribute-based en-cryption with partially hidden encryptor-specified access structures[C]//Proceedings of the 2008 International Conference on Applied Cryptography and Net-work Security.Springer-Verlag,2008:111-129. [10]LAI J,DENG R H,LI Y.Expressive CP-ABE with partially hidden access structures [C]//Proceedings of the 7th ACM Symposium on Information,Computer and Communications Security.New York:ACM,2012:18-19. [11]CUI H,DENG R,LAI J,et al.An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures,revisited[J].Computer Networks,2018,133:157-165. [12]NING J,HUANG X,SUSILO W,et al.Dual access control forcloud-based data storage and sharing[J/OL].IEEE Transactions on Dependable and Secure Computing.https://doi.org/10.1109/TDSC.2020.3011525. [13]ZHU X D,ZHANG Y Y,YAO R K,et al.Research on Government Information Opening and Sharing Model and Application Based on Blockchain[J].Journal of Chongqing Technology and Business University(Natural Science Edition),2020,37(5):122-128. [14]HUANG Z Z,ZHANG X D,ZHAO J H,et al.Design of know-ledge sharing mechanism based on blockchain[J].Journal of Chongqing University of Technology(Natural Science),2021,35(9):143-151. [15]NING J,DONG X,CAO Z,et al.White-box traceable cipher-text-policy attribute-based encryption supporting flexible attri-butes[J].IEEE Transactions on Information Forensics & Security,2015,10(6):1274-1288. [16]ZENG P,ZHANG Z,LU R,et al.Efficient policy-hiding andlarge universe attribute-based encryption with public traceability for internet of medical things[J].IEEE Internet of Things Journal,2021,8(13):10963-10972. [17]MCKEEN F,ALEXANDROVICH I,BERENZON A,et al.Innovative instructions and software model for isolated execution[J/OL].Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy.https://doi.org/10.1145/2487726.2488368. [18]XIE Y,MIAO F Y,BAI J F.Secret sharing scheme with general access structure based on integer programming[J].Computer Engineering,2019,45(6):165-170. [19]ROUSELAKIS Y,WATERS B.Practical constructions and new proof methods for large universe attribute-based encryption[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security.2013:463-474. [20]BONEH D,BOYEN X,SHACHAM H.Short group signatures[C]//Proceeding of the 24th Annual International Cryptology Conference.2004:41-55. [21]SHINDE S,CHUA Z L,NARAYANAN V,et al.Preventingyour faults from telling your secrets:defenses against pigeonhole attacks[C]//Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security.2016:317-328. [22]FISCH B,VINAYAGAMURTHY D,BONEH D,et al.Iron:functional encryption using Intel SGX[C]//Proceedings of the 2017 ACM SIGSAC Conference.2017:765-782. [23]ROUSELAKIS Y,WATERS B.New constructions and proofmethods for large universe attribute-based encryption[C]//Proceedings of the ACM Conference on Computer and Communications Security.2013:463-474. [24]LIU L,LAI J,DENG R,et al.Ciphertext-policy attribute-based encryption with partially hidden access structure and its application to privacy-preserving electronic medical record system in cloud environment[C]//Proceedings of the Security and Communication Networks.2016:4897-4913. [25]CARO D A,LOVINO V.Java pairing based cryptography[C]//Proceedings of the 2011 IEEE Symposium on Computers and Communications.2011:850-855. |
[1] | 刘胜杰, 王静. 云环境下SNS隐私保护方案 Privacy Preserving Scheme for SNS in Cloud Environment 计算机科学, 2019, 46(2): 133-138. https://doi.org/10.11896/j.issn.1002-137X.2019.02.021 |
|