摘要
医疗数据的高价值和敏感性导致电子医疗数据共享面临访问控制、数据安全、有效监管、隐私泄露等问题,而传统的属性加密可以解决数据共享过程中一对多的访问控制问题,但仍存在效率低下、访问策略失效、泄露敏感信息等挑战。针对以上问题,首先提出了一种隐藏访问策略的属性加密与代理重加密相结合的方案,在防止访问策略泄露隐私的同时,实现了数据的高效动态共享;其次,针对集中式单点故障问题,数据共享过程中缺少监管、区块链存储负载过重的问题,将方案与区块链、智能合约和星际文件系统融合,实现了原始数据密文链下分布式存储与关键信息密文链上共享的低开销模式,建立了支持灵活数据监管,适用于去中心化的医疗数据共享场景的架构;最后,对所提方案进行了安全性证明和存储与计算成本、智能合约开销等性能分析。结果表明,该方案满足选择明文攻击下的安全性并能抵抗合谋攻击。在共享过程中增加了隐私保护和有效监督等功能的同时,效率优于现有的数据共享方案。
The high value and sensitivity of medical data lead to the problems of access control,data security,effective supervision and privacy leakage in electronic medical data sharing.The traditional attribute-based encryption can solve one-to-many access control problems during data sharing,but there are still challenges that need to be solved,such as low efficiency,the invalidation of access policy once it changes slightly,and the leakage of sensitive information from the access policy.To solve the above problems,first,a scheme using the attribute-based encryption with the hidden access policy and proxy re-encryption is proposed,which can prevent privacy from being disclosed by the access policy,but also realizes more efficient and dynamic data sharing.Second,as for the issues of the centralized single point of failure,the lack of supervision in the process of data sharing,and the heavy storage load of blockchain,the scheme is integrated with the blockchain,smart contract and InterPlanetary FileSystem,and it can implement the low-overhead mode of the distributed storage of original data ciphertext off the chain and the sharing of the key information ciphertext on the chain.Then an architecture that supports flexible data supervision is established,which is suitable for decentralized medical data sharing scenarios.Finally,for the proposed scheme,the security proof and performance analysis including storage,computing and smart contract costs are conducted.The results show that the scheme can resist selective plaintext attack and collusion attack.In addition,privacy protection and effective supervision are added in the data sharing process,and at the same time,the efficiency of the proposed scheme is better than that of the existing data sharing schemes.
作者
李雪莲
张夏川
高军涛
向登梅
LI Xuelian;ZHANG Xiachuan;GAO Juntao;XIANG Dengmei(School of Mathematics and Statistics,Xidian University,Xi’an 710071,China;School of Telecommunications Engineering,Xidian University,Xi’an 710071,China)
出处
《西安电子科技大学学报》
EI
CAS
CSCD
北大核心
2022年第1期1-16,共16页
Journal of Xidian University
基金
陕西省重点研发计划(2021ZDLGY06-04)
广西密码学与信息安全重点实验室研究课题(GCIS201802)。
关键词
区块链
属性加密
代理重加密
智能合约
数据共享
blockchain
attribute-based encryption
proxy re-encryption
smart contract
data sharing