基于区块链的多权限属性隐藏电子病历共享方案

doi:10.11959/j.issn.2096-109x.2022044

网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (4): 66-76.doi: 10.11959/j.issn.2096-109x.2022044

• 专栏：区块链系统、智能合约与应用安全 • 上一篇下一篇

基于区块链的多权限属性隐藏电子病历共享方案

金琳¹, 田有亮¹^,²

¹ 贵州大学计算机科学与技术学院贵州贵阳 550025
² 贵州省公共大数据重点实验室贵州贵阳 550025

修回日期:2022-06-27 出版日期:2022-08-15 发布日期:2022-08-01
作者简介:金琳（1997− ），女，云南曲靖人，贵州大学硕士生，主要研究方向为属性加密、区块链
田有亮（1982− ），男，贵州盘县人，博士，贵州大学教授、博士生导师，主要研究方向为算法博弈论、密码学与安全协议、大数据隐私保护与区块链技术等
基金资助:
国家自然科学基金(61662009);贵州省教育厅科技拔尖人才支持项目([2016]060);贵州省科技重大专项计划(20183001);贵州省科技计划项目([2017]5788);教育部—中国移动科研基金研发项目(MCM20170401);贵州大学培育项目([2017]5788);数据共享应用的块数据融合分析理论与安全管控模型研究(U1836205);面向大数据应用的区块链关键技术研究([2019]1098)

Multi-authority attribute hidden for electronic medical record sharing scheme based on blockchain

Lin JIN¹, Youliang TIAN¹^,²

¹ College of Computer Science and Technology, Guizhou University, Guiyang 550025, China
² State Key Laboratory of Public Big Data, Guizhou University, Guiyang 550025, China

Revised:2022-06-27 Online:2022-08-15 Published:2022-08-01
Supported by:
The National Natural Science Foundation of China(61662009);Guizhou Provincial Department of Education Science and Technology Top-notch Talent Support Project([2016]060);Science and Technology Major Support Program of Guizhou Province(20183001);Guizhou Provincial Science and Technology Plan Project([2017]5788);Ministry of Education-China Mobile Research Fund Project(MCM20170401);Guizhou University Cultivation Project([2017]5788);Re-search on Block Data Fusion Analysis Theory and Security Management Model of Data Sharing Application(U1836205);Re-search on Key Technologies of Blockchain for Big Data Applications([2019]1098)

摘要/Abstract

摘要：

现阶段，不同医院之间没有数据交换共享，容易形成数据孤岛。同时，区域医疗数据含有大量患者的敏感信息，这些数据的公开获取、共享及流通会导致恶意篡改、窃取、滥用与所有权丢失，从而泄露患者隐私。由于庞大的医疗数据量以及医疗数据的非结构化，一些具有较强针对性的恶意攻击更加难以防范与追责，如对医疗数据的窃取、篡改、勒索等恶意攻击。针对以上问题，提出一种基于区块链的多权限属性隐藏电子病历共享方案，以实现共享电子病历的细粒度访问的同时，保证患者隐私安全。引入多授权属性加密（MA-ABE）算法，利用多权限机构管理分散属性，同时通过哈希函数来识别不同用户，可以有效抵抗不同权限用户之间的共谋攻击；利用线性秘密共享方案（LSSS）实现属性的部分隐藏，将属性分为属性名与属性值两部分，以保护属性隐私；结合区块链公开透明、不易篡改等特性，设计访问策略可更新算法，基于访问策略更新算法追加策略区块，将新的访问策略上传至区块链中形成策略可更新溯源链，在隐藏策略条件下实现分布式和可信赖的访问控制管理，同时实现数据隐私保护和用户行为的可追溯。通过安全性证明和实验分析，所提方案能在有效保护属性隐私的同时，降低计算开销。

关键词: 属性隐藏, 区块链, 属性加密, 隐私保护, 数据共享

Abstract:

Currently, there is no data exchanging and sharing between different hospitals, and it is easy to form data islands.At the same time, regional medical data contains a large amount of sensitive information of patients.The public acquisition, sharing and circulation of these data will lead to malicious tampering, theft, abuse and loss of ownership, thereby revealing patient privacy.In addition, the size of medical data is enormous and the data is unstructured, then it is more difficult to prevent and hold accountable some highly targeted malicious attacks, such as malicious attacks on medical data theft, tampering, and extortion.In view of the above problems, a blockchain-based on multi-authority attribute hidden electronic medical record sharing scheme was proposed to achieve fine-grained access to shared electronic medical records while ensuring patient privacy.The Multi-Authorization Attribute Encryption (MA-ABE) algorithm was introduced, which used multi-authority organizations to manage decentralized attributes.It also used hash functions to identify different users, in order to effectively resist collusion attacks between users with different authorizations.Besides, the linear secrets sharing scheme (LSSS) was used to realize partial hiding of attributes, and the attributes were divided into two parts:attribute name and attribute value.In addition, combined with the characteristics of blockchain openness, transparency and tamper-proof, the design of access policy can update the algorithm.Based on the access policy update algorithm, the policy block was added.The new access policy was uploaded to the blockchain to form a policy update traceability chain, which can realize distributed and reliable access control management under the condition of hidden policy.It can also support data privacy protection at the same time, and traceability of user behavior.The theoretical proof and experimental analysis have proved that this scheme protect attribute privacy effectively, while reduces computational overhead.

Key words: hidden attribute, blockchain, attribute encryption, privacy protection, data sharing

中图分类号:

TP393

金琳, 田有亮. 基于区块链的多权限属性隐藏电子病历共享方案[J]. 网络与信息安全学报, 2022, 8(4): 66-76.

Lin JIN, Youliang TIAN. Multi-authority attribute hidden for electronic medical record sharing scheme based on blockchain[J]. Chinese Journal of Network and Information Security, 2022, 8(4): 66-76.

图/表 6

表1

方案参数Table 1 Scheme parameters"

参数	含义
θ	属性加密算法的系统安全参数
PK_aid	机构aid的系统主公钥
SK_aid	机构aid的系统主私钥
GP	全局参数
S_aid,uid	对应机构aid的用户uid的属性集
GID	参与者的身份唯一标识
K_aid,uid	对应机构aid的用户uid的属性密钥
UK_uid	用户uid的身份认证密钥
TK_i,uid	用户uid的转换密钥
M_i	l×n型访问矩阵 $M$ 的第i行
ρ (i)	函数ρ将矩阵 $M$ 的第i行映射到属性
s	秘密共享密钥
λ	秘密共享份额
v	加密算法所选择的随机向量
m	待加密的明文
σ	用户签名
CT	密文
IT	中间密文
En(s)	保留加密信息

表1

图1

图2

表2

图3

图4

参考文献 34

[1]	SAHAI A , WATERS B R . Fuzzy identity-based encryption[C]// 24th Annual International Conference on Theory and Applications of Cryptographic Techniques. 2004: 457-473.
[2]	LI H , YANG Y , DAI Y ,et al. Achieving secure and efficient dynamic searchable symmetric encryption over medical cloud data[J]. IEEE Transactions on Cloud Computing, 2020,8(2): 484-494.
[3]	LI H , LIU D , DAI Y ,et al. Personalized search over encrypted data with efficient and secure updates in mobile clouds[J]. IEEE Transactions on Emerging Topics in Computing, 2018,6(1): 97-109.
[4]	WANG S , ZHANG Y , ZHANG Y . A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems[J]. IEEE Access, 2018,6: 38437-38450.
[5]	GOYAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// 13th ACM conference on Computer and Communications Security. 2006: 89-98.
[6]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// 2007 IEEE Symposium on Security and Privacy (SP '07). 2007: 321-334.
[7]	ZHANG Y , ZHENG D , DENG R H . Security and privacy in smart health:Efficient policy-hiding attribute-based access control[J]. IEEE Internet Things, 2018,5(3): 2130-2145.
[8]	WU A , ZHANG Y , ZHENG X ,et al. Efficient and privacy-preserving traceable attribute-based encryption in blockchain[J]. Ann.Telecommun., 2019,74(7-8): 401-411.
[9]	MIAO Y , MA J , LIU X ,et al. Lightweight fi-ne-grained search over encrypted data in fog computing[J]. IEEE Transactions on Services Computing, 2019,12(5): 772-785.
[10]	CHASE M , . Multi-authority attribute-based encryption[C]// Proceedings of Cryptography Conference on Theory of Cryptography (TCC'07). 2007: 515-534.
[11]	LIN H , CAO Z F , LIANG X . Secure threshold multi-authority attribute-based encryption without a central authority[C]// Proceedings of International Conference on Cryptology. 2008: 426-436.
[12]	LEWKO A , WATERS B . Decentralizing attribute-based encryption[C]// Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques. 2011: 568-588.
[13]	QIAN H L , LI J G , ZHANG Y C ,et al. Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation[J]. International Journal of Information Security, 2015(14): 487-497.
[14]	ZHONG H , ZHU W , XU Y ,et al. Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage[J]. Soft Computing A Fusion of Foundations Methodologies ＆Applicaitons, 2018,22(1): 243-251.
[15]	YAN X , LIU Y , LI Z ,et al. Multi-authority attribute-based encryption scheme with policy dynamic updating[J]. Journal on Communications, 2017,38(10): 94-101.
[16]	ZHANG P , CHEN Z , LIU J K ,et al. An efficient access control scheme with outsourcing capability and attribute update for fog computing[J]. Future Generation Computer Systems, 2018,78: 753-762.
[17]	DI FRANCESCO MAESA D , MORI P , RICCI L . A blockchain based approach for the definition of auditable access control systems[J]. Computers ＆ Security, 2019,84: 93-119.
[18]	LI R , SONG T , MEI B ,et al. Blockchain for large-scale internet of things data storage and protection[J]. IEEE Transactions on Services Computing, 2019,12(5): 762-771.
[19]	DORRI A , KANHERE S S , JURDAK R ,et al. Blockchain for IoT security and privacy:The case study of a smart home[C]// 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). 2017: 618-623.
[20]	DING S , CAO J , LI C ,et al. A novel attribute-based access control scheme using blockchain for IoT[J]. IEEE Access, 2019,7: 38431-38441.
[21]	MAESA D D F , MORI P , RICCI L . Blockchain based access control[C]// 2017 IFIP International Conference on Distributed Applications and Interoperable Systems. 2017: 206-220.
[22]	LAI J , DENG R H , LI Y . Fully secure cyphertext-policy hiding CP-ABE[C]// 2011 International Conference on Information Security Practice and Experience. 2011: 24-39.
[23]	WANG H , NING J , HUANG X ,et al. Secure fine-grained encrypted keyword search for e-healthcare cloud[C]// IEEE Transactions on Dependable and Secure Computing. 2021: 1307-13019.
[24]	CUI H , DENG R H , WU G ,et al. An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures[C]// 2016 International Conference on Provable Security. 2016: 19-38.
[25]	YANG K , HAN Q , LI H ,et al. An efficient and fine-grained big data access control scheme with privacy-preserving policy[J]. IEEE Internet Things, 2017,4(2): 563-571.
[26]	NISHIDE T , YONEYAMA K , OHTA K . Attribute-based encryption with partially hidden encryptor-specified access structures[C]// 2008 International Conference on Applied Cryptography and Network Security. 2008: 111-129.
[27]	HUR J . Attribute-based secure data sharing with hidden policies in smart grid[J]. IEEE Transactions on Parallel\＆ Distributed Systems, 2013,24(11): 2171-2180.
[28]	QI H , YING H Z , HUI L . Efficient and robust attribute-based encryption supporting access policy hiding in Internet of Things[J]. Future Generation Computer Systems, 2018,83: 269-277.
[29]	WANG Y , FAN K . Effective CP-ABE with hidden access policy[J]. Journal of Computer Research and Development, 2019,56(10): 2151-2159.
[30]	LIU Y , DU R . Efficient partially policy-hidden with multi-authority for access control scheme in Internet of Things[C]// 2020 International Conference on Networking and Network Applications (NaNA). 2020: 375-380.
[31]	YANG K , JIA X , REN K . Secure and verifiable policy update out-sourcing for big data access control in the cloud[J]. IEEE Transactions on Parallel and Distributed Systems, 2015,26(12): 3461-3470.
[32]	LIU D , LI H , YANG Y ,et al. Achieving multi-authority access control with efficient attribute revocation in smart grid[C]// 2014 IEEE Inter-national Conference on Communications. 2014: 634-639.
[33]	HUANG X F , TAO Q , QIN B D ,et al. Multi-authority attribute based encryption scheme with revocation[C]// 2015 IEEE International Conference on Computer Communication ＆ Networks. 2015: 1-5.
[34]	田有亮, 杨科迪, 王缵 ,等. 基于属性加密的区块链数据溯源算法[J]. 通信学报, 2019,40(11): 101-111.
	TIAN Y L , YANG K D , WANG Z ,et al. Algorithm of blockchain data provenance based on ABE[J]. Journal on Communications, 2019,40(11): 101-111.

方案	授权类型	访问结构	隐藏策略	外包解密	访问策略更新
文献[23]	多授权	LSSS	是	否	否
文献[24]	单授权	AND	否	是	否
文献[25]	多授权	LSSS	是	否	否
本文方案	多授权	LSSS	是	是	是

基于区块链的多权限属性隐藏电子病历共享方案

Multi-authority attribute hidden for electronic medical record sharing scheme based on blockchain

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 34

相关文章 15

Metrics

推荐阅读 0

[1]	陈赛特, 李卫海, 姚远志, 俞能海. 轻量级K匿名增量近邻查询位置隐私保护算法[J]. 网络与信息安全学报, 2023, 9(3): 60-72.
[2]	蔡召, 荆涛, 任爽. 以太坊钓鱼诈骗检测技术综述[J]. 网络与信息安全学报, 2023, 9(2): 21-32.
[3]	肖敏, 毛发英, 黄永洪, 曹云飞. 基于属性签名的车载网匿名信任管理方案[J]. 网络与信息安全学报, 2023, 9(2): 33-45.
[4]	许建龙, 林健, 黎宇森, 熊智. 分布式用户隐私保护可调节的云服务个性化QoS预测模型[J]. 网络与信息安全学报, 2023, 9(2): 70-80.
[5]	王贺立, 闫巧. 基于交易记录特征的自私挖矿检测方案[J]. 网络与信息安全学报, 2023, 9(2): 104-114.
[6]	余北缘, 任珊瑶, 刘建伟. 区块链资产窃取攻击与防御技术综述[J]. 网络与信息安全学报, 2023, 9(1): 1-17.
[7]	孙哲, 宁洪, 殷丽华, 方滨兴. 基于教学实训靶场的“数据隐私保护”课程建设初探[J]. 网络与信息安全学报, 2023, 9(1): 178-188.
[8]	唐飞, 甘宁, 阳祥贵, 王金洋. 基于区块链与国密SM9的抗恶意KGC无证书签名方案[J]. 网络与信息安全学报, 2022, 8(6): 9-19.
[9]	白雪, 秦宝东, 郭瑞, 郑东. 基于SM2的两方协作盲签名协议[J]. 网络与信息安全学报, 2022, 8(6): 39-51.
[10]	肖敏, 姚涛, 刘媛妮, 黄永洪. 具有隐私保护的动态高效车载云管理方案[J]. 网络与信息安全学报, 2022, 8(6): 70-83.
[11]	卢晨昕, 陈兵, 丁宁, 陈立全, 吴戈. 具有紧凑标签的基于身份匿名云审计方案[J]. 网络与信息安全学报, 2022, 8(6): 156-168.
[12]	明盛智, 朱建明, 隋智源, 张娴. 信息增值机制下在线医疗隐私保护策略[J]. 网络与信息安全学报, 2022, 8(6): 169-177.
[13]	姜涛, 徐航, 王良民, 马建峰. 支持受损数据定位与恢复的动态群用户可证明存储[J]. 网络与信息安全学报, 2022, 8(5): 75-87.
[14]	林丹, 林凯欣, 吴嘉婧, 郑子彬. 基于字节码的以太坊智能合约分类方法[J]. 网络与信息安全学报, 2022, 8(5): 111-120.
[15]	张娴, 朱建明, 隋智源, 明盛智. 数字货币交易匿名性与监管的博弈分析[J]. 网络与信息安全学报, 2022, 8(5): 150-157.