基于PBAC模型和IBE的医疗数据访问控制方案

doi:10.11959/j.issn.1000-436x.2015329

摘要/Abstract

摘要：

医疗卫生领域形成的医疗大数据中包含了大量的个人隐私信息，面临着外部攻击和内部泄密的潜在安全隐患。传统的访问控制模型没有考虑用户访问目的在侧重数据隐私的访问控制中的重要作用，现有的对称、非对称加密技术又都存在密钥管理、证书管理复杂的问题。针对这些问题，提出了综合应用PBAC模型和IBE加密技术的访问控制方案，支持针对医疗数据密文的灵活访问控制。通过加入条件目的概念对PBAC模型进行扩展，实现了对目的树的全覆盖；以病患 ID、条件访问位和预期目的作为 IBE 身份公钥进行病患数据加密，只有通过认证并且访问目的符合预期的用户才能获得相应的私钥和加密数据，从而实现对病患信息的访问。实验结果证明，该方案达到了细粒度访问控制和隐私保护的目的，并具有较好的性能。

关键词: 隐私保护, 访问控制, 基于目的, 基于身份加密

Abstract:

Due to the large amount of personal privacy information contained,the medical big data formed in the health care industry was faced with potential threats of both external attacks and internal data leakages.However,traditional access control technology didn’t take into account the important role of user access purpose in the access control schemes that emphasized data privacy,and existing symmetric and asymmetric encryption technologies both face problems such as the complexity of key and certificate management.To address these problems,a novel access control scheme based on PBAC model and IBE encryption technology was proposed,which could provide flexible access control of encrypted medical data.By introducing the concept of conditioned purpose,the PBAC model was extended to achieve full coverage of purpose trees.Furthermore,the scheme used patient ID,conditioned bit and intended purpose as the IBE public key,with which patients’ data were encrypted.Only users who pass the authentication and whose access purposes conform to the intended purposes can obtain the corresponding private keys and the encrypted data,thereby achieving access to patients’ information.Experimental results prove that the scheme can achieve the goals of fine-grained access control and privacy protection with high performance.

张怡婷,傅煜川,杨明,罗军舟. 基于PBAC模型和IBE的医疗数据访问控制方案[J]. 通信学报, 2015, 36(12): 200-211.

Yi-ting ZHANG,Yu-chuan FU,Ming YANG,Jun-zhou LUO. Access control scheme for medical data based on PBAC and IBE[J]. Journal on Communications, 2015, 36(12): 200-211.

图/表 11

图1

表1

图2

表2

图3

图4

图5

表3

表4

图6

图7

参考文献 36

[1]	孟小峰, 慈祥．大数据管理:概念、技术与挑战［J］．计算机研究与发展, 2013,50(1): 146-169. MENG X F , CI X ． Big data management:concepts,techniques and challenges［J］． Journal of Compute Research and Development, 2013,50(1): 146-169.
[2]	冯登国, 张敏, 李昊 . 大数据安全与隐私保护[J]. 计算机学报, 2014,37(1): 246-258. FENG D G , ZHANG M , LI H . Big data security and privacy protection[J]. Chinese Journal of Computers, 2014,37(1): 246-258.
[3]	SHAMIR A . Identity-based cryptosystems and signature schemes[A]. Proc of CYPTO'84[C]. Springer Berlin Heidelberg, 1985. 47-53.
[4]	BONEH D , FRANKLIN M . Identity based encryption from the Weil pairing[A]. Proc of CRYPTO'01[C]. Springer Berlin Heidelberg, 2001. 213-229.
[5]	COCKS C . An identity based encryption scheme based on quadratic residues[A]. Proc of Cryptography and Coding[C]. Springer Berlin Heidelberg, 2001. 360-363.
[6]	SAKAI R , KASAHARA M . ID based cryptosystems with pairing on elliptic curve[J]. 2003，03/54
[7]	CANETTI R , HALEVI S , KATZ J . A forward-secure public-key encryption scheme[A]. Proc of EUROCRYPT'03[C]. Springer Berlin Heidelberg, 2003. 255-271.
[8]	CANETTI R , HALEVI S , KATZ J . Chosen-ciphertext security from identity-based encryption[A]. Proc of Cryptoloty-EUROCRYPT'04[C]. Springer Berlin Heidelberg, 2004. 207-222.
[9]	BONEH D , BOYEN X . Efficient selective-ID secure identity-based encryption without random Oracle[A]. Proc of CryptolotyEUROCRYPT'04[C]. Springer Berlin Heidelberg, 2004. 223-238.
[10]	BONEH D , BOYEN X . Efficient selective identity-based encryption without random oracles[J]. Journal of Cryptology, 2011,24(4): 659-693.
[11]	BONEH D , BOYEN X . Secure identity based encryption without random oracles[A]. Proc of Cryptology-Crypto'04[C]. Springer Berlin Heidelberg, 2004. 443-359.
[12]	WATERS B . Efficient identity-based encryption without random Oracles[A]. Proc of Cryptology-EUROCRYPT'05[C]. Springer Berlin Heidelberg, 2005. 114-127.
[13]	GENTRY C . Practical identity-based encryption without random oracles[A]. Proc of Cryptology- EUROCRYPT'06[C]. Springer Berlin Heidelberg, 2006. 445-464.
[14]	WATERS B . Dual system encryption:realizing fully secure IBE and HIBE under simple assumptions[A]. Proc of Cryptology-CRYPTO'09[C]. Springer Berlin Heidelberg, 2009. 619-636.
[15]	GENTRY C , SILVERBERG A . Hierarchical ID-based cryptography[A]. Proc of Cryptology—ASIACRYPT'02[C]. Springer Berlin Heidelberg, 2002. 548-566.
[16]	LEWKO A , WATERS B . New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts[M]. Theory of Cryptography. Springer Berlin Heidelberg, 2010.
[17]	CHEN J , WEE H . Fully,(almost) tightly secure IBE and dual system groups[A]. Proc of Cryptology–CRYPTO 2013[C]. Springer Berlin Heidelberg, 2013. 435-460.
[18]	CHOW S S M , DODIS Y , ROUSELAKIS Y ,et al. Practical leakage-resilient identity-based encryption from simple assumptions[A]. Proc of the 17th ACM Conference on Computer and Communications Security,CCS’10[C]. Chicago,Illinois,USA, 2010. 152-161.
[19]	YUEN T H , CHOW S S M , ZHANG Y ,et al. Identity-based encryption resilient to continual auxiliary leakage[A]. Proc of Cryptology–EUROCRYPT 2012[C]. Springer Berlin Heidelberg, 2012. 117-134.
[20]	SAHAI A , WATERS B . Fuzzy identity-based encryption[A]. Proc of Cryptology–EUROCRYPT'05[C]. Springer Berlin Heidelberg, 2005. 457-473.
[21]	BOLDYREVA A , GOYAL V , KUMAR V . Identity-based encryption with efficient revocation[A]. Proc of the 15th ACM Conference on Computer and Communications Security[C]. 2008. 417-426.
[22]	SEO J H , EMURA K . Revocable identity-based encryption revisited:security model and construction[A]. Proc of Public-Key Cryptography– PKC 2013[C]. Springer Berlin Heidelberg, 2013. 216-234.
[23]	LI J , LI J , CHEN X ,et al. Identity-based encryption with outsourced revocation in cloud computing[J]. IEEE Transactions on Computers, 2015,64(2): 425-437.
[24]	ABDALLA M , BIRKETT J , CATALANO D ,et al. Wildcarded identity-based encryption[J]. Journal of Cryptology, 2011,24(1): 42-82.
[25]	BEATO F , MEUL S , PRENEEL B . Practical identity-based private sharing for online social networks[J]. Computer Communications, 2015, .
[26]	WU X , XU L , ZHANG X . POSTER:a certificateless proxy re-encryption scheme for cloud-based data sharing[A]. Proc of the 18th ACM Conference on Computer and Communications Security,CCS'11[C]. 2011. 869-872.
[27]	BYUN J W , BERTINO E , LI N . Purpose based access control of complex data for privacy protection[A]. Proc of the 10th ACM Symposium on Access Control Models and Technologies[C]. ACM, 2005. 102-110.
[28]	BYUN J W , LI N . Purpose based access control for privacy protection in relational database systems[J]. The VLDB Journal, 2008,17(4): 603-619.
[29]	YANG N , BARRINGER H , ZHANG N . A purpose-based access control model[A]. Proc of the 3rd International Symposium on Information Assurance and Security (IAS)[C]. IEEE, 2007. 143-148.
[30]	KABIR M E , WANG H . Conditional purpose based access control model for privacy protection[A]. Proc.of the 20th Australasian Conference on Australasian Database[C]. Australian Computer Society,Inc, 2009. 135-142.
[31]	WANG Y , ZHOU Z , LI J . A purpose-involved role-based access control model[A]. Foundations of Intelligent Systems[C]. Springer Berlin Heidelberg, 2014. 1119-1131.
[32]	COLOMBO P , FERRARI E . Enforcement of purpose based access control within relational database management systems[J]. IEEE Transactions on Knowledge and Data Engineering, 2014,26(11): 2703-2716.
[33]	SUN L , WANG H . A purpose-based access control in native XML databases[J]. Concurrency and Computation:Practice and Experience, 2012,24(10): 1154-1166.
[34]	JAFARI M,SAFAVI-NAINI R , FONG P W L ,et al. A framework for expressing and enforcing purpose-based privacy policies[J]. ACM Transactions on Information and System Security, 2014,17(1): 3.
[35]	渠世艳 . 基于目的管理的医疗信息系统访问控制模型研究[D]. 上海:上海交通大学, 2009. QU S Y . Research of Purpose-Based Access Control Model for Hospital Information System[D]. Shanghai:Shanghai Jiaotong University, 2009.
[36]	KABIR M E , WANG H , BERTINO E . A role-involved purpose-based access control model[J]. Information Systems Frontiers, 2012,14(3): 809-82.

访问目的	姓名	年龄	常用住址	电话号码
AP∈IP^*	李刚	28	南京市江宁区东南大学路2号	138 12345678
AP∈ IP⁺	李	20～30	南京市江宁区	138
AP∈IP^x	—	—	—	—

标识	目的名	父节点标识	目的编码	允许目的编码	禁止目的编码
id	name	parent	code	aip_code	pip_code

id	name	parent	code	aip_code	pip_code
1	一般目的	0	0x200	0x3FF	0x3FF
2	医疗主治	1	0x100	0x133	0x333
3	自主调阅	1	0x080	0x080	0x280
4	科学研究	1	0x040	0x04C	0x24C
5	医技	2	0x020	0x020	0x320
6	临床主治	2	0x010	0x013	0x313
7	科学普查	4	0x008	0x008	0x248
8	医学研究	4	0x004	0x004	0x244
9	内科主治	6	0x002	0x002	0x312
10	外科主治	6	0x001	0x001	0x311

数据类型	姓名	年龄	常用住址	电话号码
原始数据	李刚	28～28	南京市江宁区东南大学路2号	138 12345678
泛化数据	李	20～30	南京市江宁区	138