摘要
在传统的密文策略属性基加密(Ciphertext-Policy Attribute-Based,CP-ABE)方案中,访问策略是显式存在的,这可能会泄露数据所有者的隐私,在医疗场景中会给数据所有者带来潜在的安全隐患,因此支持访问策略隐藏的方案被陆续提出。但是多数方案在实现解密测试的过程中需要生成冗余密文或密钥组件,增加了数据所有者的计算开销和数据用户的存储开销。同时,恶意用户可能会受利益驱使,泄露其解密密钥。为了解决以上问题,提出了一个支持访问策略隐藏和密钥追踪的轻量级医疗数据共享方案。首先,采用SGX(Software Guard Extensions)技术,预先将部分主密钥存放在Enclave中,便于准确且快速地计算出测试结果,避免生成冗余密文和密钥组件;然后,为了降低用户的计算开销,同时保证解密结果的正确性和完整性,采用可验证外包技术;最后,通过在数据用户的解密密钥中嵌入身份标识实现了密钥追踪。性能分析表明,该方案在功能和开销上都具备一定的优势,安全性分析证明了该方案在选择明文攻击下是安全的。
In the traditional ciphertext-policy attribute-based encryption(CP-ABE)scheme,the access policy exists together with the ciphertext.This may leak the privacy of the data owner and bring potential security risks to the data owner in medicalscena-rios Therefore,solutions supporting access policy hiding have been proposed.However,most solutions need to generate redundant ciphertexts or key components in the process of implementing the decryption test,which increases the computing overhead of data owners and the storage overhead of data users.At the same time,malicious users may be motivated by its own interest to reveal their decryption keys.In order to solve the problems above,a lightweight medical data sharing scheme with access policy hiding and key tracking is proposed.Firstly,part of the master key is stored in the Enclave in advance by using software guard extensions(SGX)technology,so that the test results can be calculated accurately and quickly,and the generation of redundant ciphertexts and key components are avoided.Then,verifiable outsourcing technology is employed to reduce user’s computing overhead,ensuring the correctness and completeness of decryption result.Finally,key tracking is realized by embedding the identity identifier in the decryption key of the data user.Performance analysis shows that the proposed scheme has certain advantages in terms of function and computing.The security analysis proves that the proposed scheme is secure under the selected plaintext attack.
作者
王梦宇
殷新春
宁建廷
WANG Meng-yu;YIN Xin-chun;NING Jian-ting(College of Information Engineering,Yangzhou University,Yangzhou,Jiangsu 225127,China;Guangling College of Yangzhou University,Yangzhou,Jiangsu 225128,China;College of Computer and Cyber Security,Fujian Normal University,Fuzhou 350007,China;State Key Laboratory of Information Security,Chinese Academy of Sciences,Beijing 100093,China)
出处
《计算机科学》
CSCD
北大核心
2022年第3期77-85,共9页
Computer Science
基金
国家自然科学基金(61972094)。
关键词
策略隐藏
解密测试
可验证外包
密钥追踪
Strategy hiding
Decryption test
Verifiable outsourcing
Key tracking
