抗共谋攻击的多授权电子健康记录共享方案

doi:10.12263/DZXB.20220769

电子学报

• •

抗共谋攻击的多授权电子健康记录共享方案

王经纬¹^,³, 吴静雯¹, 殷新春¹^,²^,³

^1.扬州大学信息工程学院, 江苏扬州 225127
^2.扬州大学广陵学院, 江苏扬州 225128
^3.广东省信息安全技术重点实验室, 广东广州 510275

收稿日期:2022-07-01 修回日期:2022-11-21 出版日期:2023-01-28
- 通讯作者:
- 殷新春
- 作者简介:
- 王经纬　男，1993年12月出生于江苏省镇江市.现为扬州大学信息工程学院博士生.主要研究方向为属性基加密. E-mail: M160437@yzu.edu.cn
  吴静雯　女，1996年3月出生于江苏省扬州市.主要研究方向为车联网安全、属性基加密.E-mail: 2052229781@qq.com
  殷新春（通讯作者）　男，1962年2月出生于江苏省姜堰市.现为扬州大学信息工程学院博士生导师，教授.主要研究方向为密码学、软件质量保障、高性能计算. Email: xcyin@yzu.edu.cn
- 基金资助:
- 广东省信息安全技术重点实验室开放基金 (2020B1212060078)

Collusion-Resistant Multi-Authority Electronic Health Records Sharing Scheme

WANG Jing-wei¹^,³, WU Jing-wen¹, YIN Xin-chun¹^,²^,³

^1.College of Information Engineering，Yangzhou University，Yangzhou，Jiangsu 225127，China
^2.Guangling College of Yangzhou University，Yangzhou，Jiangsu 225128，China
^3.Guangdong Provincial Key Laboratory of Information Security Technology，Guangzhou，Guangdong 510275，China

Received:2022-07-01 Revised:2022-11-21 Online:2023-01-28
- Corresponding author:
- YIN Xin-chun
- Supported by:
- The Opening Project of Guangdong Provincial Key Laboratory of Information Security Technology (2020B1212060078)

摘要/Abstract

摘要：

为解决属性基加密方案中用户权限变更不灵活以及无法抵抗共谋攻击的问题，本文提出一种抗共谋攻击的多授权电子健康记录共享方案.采用版本控制的方式实现属性撤销，属性授权中心为非撤销用户提供更新密钥并更新密文，而没有更新密钥的用户将无法继续获取数据.为了保证数据访问的效率，系统将大部分计算外包至云服务器执行.此外，所有属性授权中心需要生成各自的公私钥对以抵抗共谋攻击.本方案在随机谕言模型下满足选择明文攻击不可区分安全，与其他多中心方案相比，功能更加实用且解密开销至少降低了45.9%.

关键词: 属性基加密, 多授权中心, 抗共谋攻击, 属性撤销, 外包解密, 外包可验证

Abstract:

To achieve flexible user revocation and collusion attack resistance, this paper proposes a collusion- resistant multi-authority EHRs(Electronic Health Records) sharing scheme. Version control is used to achieve user revocation. Attribute authorities need to distribute update keys for non-revoked users as well as update the ciphertexts in the cloud, and users without update keys will not be able to access data. To guarantee the performance of data retrieval, most of the computation is outsourced to the cloud. Besides, all the attribute authorities need to generate a pair of public key and secret key to resist collusion attacks. The proposed scheme is indistinguishably secure against chosen-plaintext attack under the random oracle model. Compared to other multi-authority schemes, the proposed scheme is practical in function and the overhead of the decryption is reduced by at least 45.9%.

Key words: attribute-based encryption, multi-authority, anti-collusion attack, attribute revocation, outsource decryption, outsource verification

中图分类号:

TP309.7

王经纬, 吴静雯, 殷新春. 抗共谋攻击的多授权电子健康记录共享方案[J]. 电子学报, DOI: 10.12263/DZXB.20220769.

WANG Jing-wei, WU Jing-wen, YIN Xin-chun. Collusion-Resistant Multi-Authority Electronic Health Records Sharing Scheme[J]. Acta Electronica Sinica, DOI: 10.12263/DZXB.20220769.

图/表 4

参考文献 24

1	沈剑, 周天祺, 等. 云数据安全保护方法综述[J]. 计算机研究与发展, 2021, 58(10): 2079-2098.
	SHEN Jian, ZHOU Tianqi, et al. Protection methods for cloud data security[J]. Journal of Computer Research and Development, 2021, 58(10): 2079-2098. (in Chinese)
2	冯登国, 张敏, 等. 云计算安全研究[J]. 软件学报, 2011, 22(01): 71-83.
	FENG Dengguo, ZHANG Min, et al. Study on cloud computing security[J]. Journal of Software, 2011, 22(01): 71-83. (in Chinese)
3	张玉清, 王晓菲, 等. 云计算环境安全综述[J]. 软件学报, 2016, 27(06): 1328-1348.
	ZHANG Yuqing, WANG Xiaofei, et al. Survey on cloud computing security[J]. Journal of Software, 2016, 27(06): 1328-1348. (in Chinese)
4	LI H W, YANG Y, et al. Achieving secure and eﬀicient dynamic searchable symmetric encryption over medical cloud data[J]. IEEE Transactions on Cloud Computing, 2020, 8(2): 484-494.
5	GE C P, SUSILO W, et al. Revocable attribute-based encryption with data integrity in clouds[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 19(05): 2864-2872.
6	牛淑芬, 谢亚亚, 等. 区块链上基于云辅助的属性基可搜索加密方案[J]. 计算机研究与发展, 2021, 58(04): 811-821.
	NIU Shufen, XIE Yaya, et al. Cloud-assisted attribute- based searchable encryption scheme on blockchain[J]. Journal of Computer Research and Development, 2021, 58(04): 811-821. (in Chinese)
7	OSTROVSKY R, SAHAI A, et al. Attribute-based encryption with non-monotonic access structures[C]//Proceedings of the 2007 ACM Conference on Computer and Communications Security. New York: ACM, 2007: 195-203.
8	HE K, GUO J, et al. Attribute-based hybrid boolean keyword search over outsourced encrypted data[J]. IEEE Transactions on Dependable and Secure Computing, 2020, 17(6): 1207-1217.
9	佘维, 霍丽娟, 等. 一种可隐藏敏感文档和发送者身份的区块链隐蔽通信模型[J]. 电子学报, 2022, 50(04): 1002-1013.
	SHE Wei, HUO Li-juan, et al. A blockchain-based covert communication model for hiding sensitive documents and sender identity[J]. Acta Electronica Sinica, 2022, 50(04): 1002-1013. (in Chinese)
10	赵志远, 朱智强, 等. 属性可撤销且密文长度恒定的属性基加密方案[J]. 电子学报, 2018, 46(10): 2391-2399.
	ZHAO Zhi-yuan, ZHU Zhi-qiang, et al. Attribute-based encryption with attribute revocation and constant-size ciphertext[J]. Acta Electronica Sinica, 2018, 46(10): 2391-2399. (in Chinese)
11	BETHENCOURT J, SAHAI A, et al. Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy. Los Alamitos: IEEE Computer Society, 2007: 321-334.
12	WATERS B. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization[C]//Proceedings of the 14th International Conference on Practice and Theory in Public Key Cryptography. Berlin: Springer, 2011: 53-70.
13	ZENG P, ZHANG Z T, et al. Efficient policy-hiding and large universe attribute-based encryption with public traceability for internet of medical things[J]. IEEE Internet of Things Journal, 2021, 8(13): 10963-10972.
14	LEWKO A B, WATERS B. Decentralizing attribute-based encryption[C]//Proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2011: 568-588.
15	ROUSELAKIS Y, WATERS B. Efficient statically-secure large-universe multi-authority attribute-based encryption[C]//Proceedings of the 19th International Conference on Financial Cryptography and Data Security. Berlin: Springer, 2015: 315-332.
16	仲红, 崔杰, 等. 高效且可验证的多授权机构属性基加密方案[J]. 软件学报, 2018, 29(7): 2006-2017.
	ZHONG Hong, CUI Jie, et al. Efficient and verifiable muti-authority attribute based encryption scheme[J]. Journal of Software, 2018, 29(7): 2006-2017. (in Chinese)
17	MIAO Y, DENG R, et al. Multi-authority attribute-based keyword search over encrypted cloud data[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(4): 1667-1680.
18	WEI J H, CHEN X F, et al. Rs-habe: revocable-storage and hierarchical attribute-based access scheme for secure sharing of e-health records in public cloud[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(5): 2301-2315.
19	闫玺玺, 刘媛, 等. 支持隐私保护的多机构属性基加密方案[J]. 计算机研究与发展, 2018, 55(04): 846-853.
	YAN Xixi, LIU Yuan, et al. Multi-authority attribute-based encryption scheme with privacy protection[J]. Journal of Computer Research and Development, 2018, 55(04): 846-853. (in Chinese)
20	YANG K, JIA X H. Expressive, efficient, and revocable data access control for multi-authority cloud storage[J]. IEEE Transactions on Parallel and Distributed System, 2014, 25(7): 1735-1744.
21	VARRI U S, KASANI S, et al. FELT-ABKS: fog-enabled lightweight traceable attribute-based keyword search over encrypted data[J]. IEEE Internet of Things, 2022, 9(10): 7559-7517.
22	CHEN J W, MA H D. Efficient decentralized attribute-based access control for cloud storage with user revocation[C]//Proceeding of the IEEE International Conference on Communications. Piscataway: IEEE, 2014: 3782-3787.
23	HAN D Z, PAN N N, et al. A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(1): 316-327.
24	AKINYELE J A, GARMAN C, et al. Charm: a framework for rapidly prototyping cryptosystems[J]. Journal of Cryptographic Engineering, 2013, 3(02): 111-128.

方案	撤销	多授权中心	外包解密	外包可验证	抗共谋攻击	选择明文攻击
文献[15]	×	√	×	×	×	√
文献[16]	×	√	√	√	√	√
文献[17]	属性撤销	√	×	×	√	√
文献[19]	×	√	×	×	×	√
文献[20]	属性撤销	√	×	×	√	√
文献[21]	属性撤销	×	×	×	√	√
文献[22]	用户撤销	√	×	×	√	√
文献[23]	用户撤销	×	×	×	√	√
CM-EHRS	属性撤销	√	√	√	√	√

方案	撤销	多授权中心	外包解密	外包可验证	抗共谋攻击	选择明文攻击
文献[15]	×	√	×	×	×	√
文献[16]	×	√	√	√	√	√
文献[17]	属性撤销	√	×	×	√	√
文献[19]	×	√	×	×	×	√
文献[20]	属性撤销	√	×	×	√	√
文献[21]	属性撤销	×	×	×	√	√
文献[22]	用户撤销	√	×	×	√	√
文献[23]	用户撤销	×	×	×	√	√
CM-EHRS	属性撤销	√	√	√	√	√

方案	私钥生成	加密	外包解密	用户解密
文献[15]	0.01104i	0.0078279t+0.0001386	0.0043422t	-
文献[16]	0.01155a+0.00762i	0.00735t+0.0092793	0.0072222t+0.0033686	0.0048786
文献[18]	0.0063a +0.00552i	0.0063t+0.0000693a+0.0022386	0.0036565t+0.0013379a+0.0001386	-
文献[19]	0.0063i	0.0042t+0.0014072a+0.0021693	0.0012686t+0.0006343a+0.0001386	-
CM-EHRS	0.01104i	0.0055271t+0.0001386	0.0018336t	0.0002079

方案	私钥生成	加密	外包解密	用户解密
文献[15]	0.01104i	0.0078279t+0.0001386	0.0043422t	-
文献[16]	0.01155a+0.00762i	0.00735t+0.0092793	0.0072222t+0.0033686	0.0048786
文献[18]	0.0063a +0.00552i	0.0063t+0.0000693a+0.0022386	0.0036565t+0.0013379a+0.0001386	-
文献[19]	0.0063i	0.0042t+0.0014072a+0.0021693	0.0012686t+0.0006343a+0.0001386	-
CM-EHRS	0.01104i	0.0055271t+0.0001386	0.0018336t	0.0002079

[1]	佘维, 霍丽娟, 刘炜, 张志鸿, 宋轩, 田钊. 一种可隐藏敏感文档和发送者身份的区块链隐蔽通信模型[J]. 电子学报, 2022, 50(4): 1002-1013.
[2]	晋云霞, 杨贺昆, 冯朝胜, 刘帅南, 李航, 邹莉萍, 万国根. 一种支持解密外包的KP-ABE方案[J]. 电子学报, 2020, 48(3): 561-567.
[3]	赵志远, 朱智强, 王建华, 孙磊. 属性可撤销且密文长度恒定的属性基加密方案[J]. 电子学报, 2018, 46(10): 2391-2399.
[4]	王于丁, 杨家海. DACPCC:一种包含访问权限的云计算数据访问控制方案[J]. 电子学报, 2018, 46(1): 236-244.
[5]	陈丹伟, 邵菊, 樊晓唯, 陈林铃, 何利文. 基于MAH-ABE的云计算隐私保护访问控制[J]. 电子学报, 2014, 42(4): 821-827.

抗共谋攻击的多授权电子健康记录共享方案

Collusion-Resistant Multi-Authority Electronic Health Records Sharing Scheme

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 24

相关文章 5

编辑推荐

Metrics