计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (10): 416-424.doi: 10.11896/jsjkx.230700187

• 信息安全 • 上一篇    下一篇

医疗场景下基于属性的可净化可协同数据共享方案

王政1,4, 王经纬3, 殷新春1,2,4   

  1. 1 扬州大学信息工程学院 江苏 扬州 225127
    2 扬州大学广陵学院 江苏 扬州 225128
    3 暨南大学网络空间安全学院 广州 510632
    4 河南省网络密码技术重点实验室 郑州 450001
  • 收稿日期:2023-07-25 修回日期:2024-01-10 出版日期:2024-10-15 发布日期:2024-10-11
  • 通讯作者: 殷新春(xcyin@yzu.edu.cn)
  • 作者简介:(zhengwyd@163.com)
  • 基金资助:
    河南省网络密码技术重点实验室( LNCT2022A17)

Attribute-based Sanitizable and Collaborative Data Sharing Scheme in Medical Scenarios

WANG Zheng1,4, WANG Jingwei3, YIN Xinchun1,2,4   

  1. 1 College of Information Engineering,Yangzhou University,Yangzhou,Jiangsu 225127,China
    2 Guangling College,Yangzhou University,Yangzhou,Jiangsu 225128,China
    3 College of Cyberspace Security,Jinan University,Guangzhou 510632,China
    4 Henan Key Laboratory of Network Cryptography Technology,Zhengzhou 450001,China
  • Received:2023-07-25 Revised:2024-01-10 Online:2024-10-15 Published:2024-10-11
  • About author:WANG Zheng,born in 1998,postgra-duate.His main research interest is attribute based encryption.
    YIN Xinchun,born in 1962,Ph.D,professor,Ph.D supervisor.His main research interests include cryptology and high performance computing.
  • Supported by:
    Henan Key Laboratory of Network Cryptography Technology(LNCT2022A17).

PDF (PC)

227

摘要: 密文策略属性基加密(Ciphertext Policy Attribute-Based Encryption,CP-ABE)方案能够实现对密文的细粒度访问控制,确保只有经过授权的用户才能访问数据,从而保证数据的安全。然而,随着云计算和物联网技术在医疗行业的广泛应用,传统的 CP-ABE 方案在新型医疗物联网场景下逐渐无法满足数据共享在访问策略表达和密文安全性方面的需求,如多学科会诊、患者隐私数据存储等。为此,文中提出一种基于属性的可净化可协同数据共享方案,通过密文净化机制可以有效应对恶意数据拥有者的威胁。此外,该方案可以在访问结构中指定协助结点,使得具有不同属性的多个用户可以合作进行数据访问。安全分析表明,所提方案在选择明文攻击下具有不可区分安全性;性能分析表明,本文方案与其他方案相比,计算开销更低。

关键词: 云计算, 访问策略, 可净化, 可协同, 恶意数据拥有者

Abstract: Ciphertext policy attribute-based encryption(CP-ABE) is a mechanism that enables secure fine-grained access control of encrypted data,ensuring that only authorized users can access the data and avoiding unauthorized access and leakage in cloud environments to guarantee the safety of data.However,with the rapid development of cloud computing and IoT technology,traditional CP-ABE scheme is gradually unable to meet requirements of data sharing in terms of access policy expression and ciphertext security requirements in new medical IoT applications,such as multidisciplinary consultation,patient privacy data storage.This paper proposes an attribute-based sanitizable and collaborative sharing scheme in medical scenarios,which can effectively deal with malicious data owners by sanitizing ciphertext.Additionally,this method can specify collaborative nodes in the access structure,allowing users with different attribute sets to collaborate to obtain access rights.Security analysis shows that the proposed scheme has indistinguishable security under chosen plaintext attack.Performance analysis shows that compared with other schemes,the proposed scheme has lower computational overhead.

Key words: Cloud computing, Access policy, Sanitizable, Collaborative, Malicious data owner

中图分类号: 

  • TP309
[1]SHEN J,ZHOU T,HE D,et al.Block Design-based Key Agreement for Group Data Sharing in Cloud Computing[J].IEEE Transactions on Dependable and Secure Computing,2017,16(6):996-1010.
[2]LIN X J,SUN L,QU H.Cryptanalysis of An Anonymous and Traceable Group Data Sharing in Cloud Computing[J].IEEE Transactions on Information Forensics and Security,2021,16:2773-2775.
[3]LAN C,WANG C,LI H,et al.Comments on “Attribute-based Data Sharing Scheme Revisited in Cloud Computing” [J].IEEE Transactions on Information Forensics and Security,2021,16:2579-2580.
[4]WU Y,WANG X,SUSILO W,et al.Efficient Server-aided Secure Two-party Computation in Heterogeneous Mobile Cloud Computing[J].IEEE Transactions on Dependable and Secure Computing,2020,18(6):2820-2834.
[5]ZHANG L,MENG X,CHOO K K R,et al.Privacy-preserving Cloud Establishment and Data Dissemination Scheme for Vehi-cular Cloud[J].IEEE Transactions on Dependable and Secure Computing,2018,17(3):634-647.
[6]DING W X,YAN Z,DENG R H.Privacy-preserving Data Processing with Flexible Access Control[J].IEEE Transactions on Dependable and Secure Computing,2017,17(2):363-376.
[7]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy Attribute-Based Encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy S&P 2007.Piscataway:IEEE,2007:321-334.
[8]MA H,ZHANG R,WAN Z,et al.Verifiable and ExculpableOutsourced Attribute-based Encryption for Access Control in Cloud Computing[J].IEEE Transactions on Dependable and Secure Computing,2015,14(6):679-692.
[9]XUE K,CHEN W,LI W,et al.Combining Data Owner-side and Cloud-side Access Control for Encrypted Cloud Storage[J].IEEE Transactions on Information Forensics and Security,2018,13(8):2062-2074.
[10]ZHOU L,VARADHARAJAN V,HITCHENS M.AchievingSecure Role-based Access Control on Encrypted Data in Cloud Storage[J].IEEE Transactions on Information Forensics and Security,2013,8(12):1947-1960.
[11]WANG J W,NING J T,XU S M,et al.Searchable Attribute-based Encryption Scheme for Dynamic User Groups[J].Journal of Software,2023,34(4):1907-1925.
[12]NING J,CAO Z,DONG X,et al.Auditable σ-time Outsourced Attribute-based Encryption for Access Control in Cloud Computing[J].IEEE Transactions on Information Forensics and Secu-rity,2017,13(1):94-105.
[13]SAHAI A,WATERS B.Fuzzy Identity-based Encryption[C]//Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin/Heidelberg:Springer,2005:457-473.
[14]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based Encryption for Fine-grained Access Control of Encrypted Data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.2006:89-98.
[15]LUO F,WANG H,LIN C,et al.ABAEKS:Attribute-Based Au-thenticated Encryption with Keyword Search over Outsourced Encrypted Data[J].IEEE Transactions on Information Forensics and Security,2023,18:4970-4983.
[16]YANG K,SHU J,XIE R.Efficient and Provably Secure Data Selective Sharing and Acquisition in Cloud-Based Systems[J].IEEE Transactions on Information Forensics and Security,2023,18:71-84.
[17]FERNÁNDEZ M,JAIMUNK J,THURAISINGHAM B.A Privacy-Preserving Architecture and Data-Sharing Model for Cloud-IoT Applications[J].IEEE Transactions on Dependable and Secure Computing,2023,20(4):3495-3507.
[18]XUE K,GAI N,HONG J,et al.Efficient and Secure Attribute-based Access Control with Identical Sub-policies Frequently Used in Cloud Storage[J].IEEE Transactions on Dependable and Secure Computing,2020,19(1):635-646.
[19]KARIMI L,ALDAIRI M,JOSHI J,et al.An Automatic Attri-bute-based Access Control Policy Extraction from Access Logs[J].IEEE Transactions on Dependable and Secure Computing,2021,19(4):2304-2317.
[20]XU S,NING J,LI Y,et al.A Secure EMR Sharing System with Tamper Resistance and Expressive Access Control[J].IEEE Transactions on Dependable and Secure Computing,2023,20(1):53-67.
[21]GUO H,ZHANG Z,XU J,et al.Accountable Proxy Re-encryption for Secure Data Sharing[J].IEEE Transactions on Depen-dable and Secure Computing,2018,18(1):145-159.
[22]CAO Z,WANG H,ZHAO Y.AP-PRE:Autonomous Path ProxyRe-encryption and Its Applications[J].IEEE Transactions on Dependable and Secure Computing,2017,16(5):833-842.
[23]LIANG K,AU M H,LIU J K,et al.A DFA-based Functional Proxy Re-encryption Scheme for Secure Public Cloud Data Sharing[J].IEEE Transactions on Information Forensics and Secu-rity,2014,9(10):1667-1680.
[24]GE C,LIU Z,XIA J,et al.Revocable Identity-based Broadcast Proxy Re-encryption for Data Sharing in Clouds[J].IEEE Transactions on Dependable and Secure Computing,2019,18(3):1214-1226.
[25]ATENIESE G,CHOU D H,DE MEDEIROS B,et al.Saniti-zable Signatures [C]//Proceedings of the 10th European Symp on Research in Computer Security.Berlin:Springer,2005:159-177.
[26]AGRAWAL S,KUMAR S,SHAREEF A,et al.Sanitizable Signatures with Strong Transparency in the Standard Model [C]//Proceedings of the 5th International Conferenceon Information Security and Cryptology.Berlin:Springer,2009:93-107.
[27]MO R,MA J F,LIU X M,et al.FABSS:Attribute-based Sanitizable Signature for Flexible Access Structure [C]//Procee-dings of the 19th Int Conf on Information and Communications Security.Berlin:Springer,2018:39-50.
[28]SUSILO W,JIANG P,LAI J,et al.Sanitizable Access Control System for Secure Cloud Storage Against Malicious Data Publishers[J].IEEE Transactions on Dependable and Secure Computing,2021,19(3):2138-2148.
[29]BLAZY O,BROUILHET L,CONCHON E,et al.Anonymous Attribute-based Designated Verifier Signature[J].Journal of Ambient Intelligence and Humanized Computing,2023,14(10):1-11.
[30]TASSA T.Hierarchical Threshold Secret Sharing[J].Journal of Cryptology,2007,20:237-264.
[31]LI M T,HUANG X Y,LIU J K,et al.GO-ABE:Group-oriented Attribute-based Encryption[M].Cham:Springer International Publishing,2014.
[32]ILIA P,CARMINATI B,FERRARI E,et al.SAMPAC:Socially-aware Collaborative Multi-party Access Control[C]//7th ACM on Conference on Data and Application Security and Privacy.New York:ACM Press,2017:71-82.
[33]BOBBA R,KHURANA H,PRABHAKARAN M.Attribute-sets:A Practically Motivated Enhancement to Attribute-based Encryption[C]//14th European Conference on Research in Computer Security.Berlin:Springer,2009:587-604.
[34]XUE Y,XUE K,GAI N,et al.An Attribute-based Controlled Collaborative Access Control Scheme for Public Cloud Storage[J].IEEE Transactions on Information Forensics and Security,2019,14(11):2927-2942.
[35]PENG C G,PENG Z F,DING H F,et al.Attribute-based Revocable Collaborative Access Control Scheme[J].Journal on Communications.2021,42(5):75-86.
[36]CARO A D,IOVINO V.jPBC:Java Pairing Based Cryptography [C]//2011 IEEE Symposium on Computers and Communications(ISCC).IEEE,2011:850-855.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发