支持快速撤销的ABE算法在个人健康记录云中的研究

A Research on ABE Fast Revocation Algorithm for Personal Health Record Cloud

个人健康记录(personal health record,PHR)是一种面向个人健康的信息服务。PHR云的诞生方便了病人及医生随时随地地上传、访问以及使用PHR。尽管方便了健康信息的分享,但PHR云也对用户的隐私造成了巨大的威胁,因此急需一种可以同时提供数据保护与访问控制的技术。基于属性的加密算法(attribute-based encryption,ABE)不仅提供了数据加密功能,还支持灵活的访问控制。为了保证前/后向安全性,ABE必须依赖属性撤销以实现对系统中所有属性的动态维护。然而现有的撤销算法的时间复杂度和空间复杂度较高,这阻碍了ABE在PHR云中的应用。为解决该问题,提出了一种支持快速撤销的密文策略属性加密方案(ciphertext policy attribute-based encryption supporting fast revocation,CP-ABE-FR),使得解密者不需要在线频繁更新私钥,同时减少了解密开销。理论分析证明,CP-ABE-FR能够保证PHR安全性。实验数据表明,基于CP-ABE-FR构建的PHR系统访问控制模型在具备较高的加解密计算效率。

Personal health record(PHR)is an information service for personal health.PHR cloud facilities patients and doctors uploading,accessing and using health records anytime and anywhere.Although PHR system facilities sharing of health records,it could cause much threat to users’privacy.Therefore,a kind of technique that provides both secure data protection and access control is urgently needed in the PHR system.Attribute-based encryption(ABE)provides not only secure data protection but also flexible access control.However,current ABE schemes depend on fairly complicated computation of attribute revocation to guarantee forward/backward secrecy,which hinders its application in the PHR system.To address it,a ciphertext policy attribute-based encryption supporting fast revocation(CP-ABE-FR)is designed so that users even do not need to keep online for private keys updating.Meanwhile,decryption overhead is accordingly reduced.Theoretic analysis demonstrates our method guarantees security of PHR.The simulation shows that based on CP-ABE-FR the access control model of PHR system provides high efficiency in data encryption/decryption.