基于区块链的分布式EHR细粒度可追溯方案

doi:10.11959/j.issn.1000-436x.2021033

通信学报 ›› 2021, Vol. 42 ›› Issue (5): 205-215.doi: 10.11959/j.issn.1000-436x.2021033

所属专题：区块链

基于区块链的分布式EHR细粒度可追溯方案

应作斌¹, 斯元平², 马建峰²^,¹, 刘西蒙⁴

¹ 安徽大学计算机科学与技术学院，安徽合肥 230601
² 安徽大学物质科学与信息技术研究院，安徽合肥 230601
³ 西安电子科技大学网络与信息安全学院，陕西西安 710071
⁴ 福州大学数学与计算机科学学院，福建福州 350108

修回日期:2020-11-10 出版日期:2021-05-25 发布日期:2021-05-01
作者简介:应作斌（1982- ），男，安徽芜湖人，博士，安徽大学讲师，主要研究方向为云安全、应用密码学等
斯元平（1994- ），女，安徽安庆人，安徽大学硕士生，主要研究方向为应用密码学、区块链技术等
马建峰（1963- ），男，陕西西安人，博士，西安电子科技大学教授、博士生导师，主要研究方向为计算机系统安全、移动与无线安全、系统可生存性和可信计算
刘西蒙（1988- ），男，陕西西安人，博士，福州大学教授，主要研究方向为云安全、应用密码学、大数据安全等
基金资助:
安徽省教育厅重点基金资助项目(KJ2018A0031);国家自然科学基金资助项目(62072109);国家自然科学基金资助项目(U1804263);国家自然科学基金资助项目(61702105)

Blockchain-based distributed EHR fine-grained traceability scheme

Zuobin YING¹, Yuanping SI², Jianfeng MA²^,¹, Ximeng LIU⁴

¹ School of Computer Science and Technology, Anhui University, Hefei 230601, China
² Institutes of Physical and Information Technology, Anhui University, Hefei 230601, China
³ School of Network and Information Security, Xidian University, Xi’an 710071, China
⁴ School of Mathematics and Computer Science, Fuzhou University, Fuzhou 350108, China

Revised:2020-11-10 Online:2021-05-25 Published:2021-05-01
Supported by:
The Key Project of Anhui Provincial Department of Education(KJ2018A0031);The National Natural Science Foundation of China(62072109);The National Natural Science Foundation of China(U1804263);The National Natural Science Foundation of China(61702105)

摘要/Abstract

摘要：

针对电子健康档案（EHR）在分布式系统中的密钥管理及用户身份追溯问题，提出了一种基于区块链的分布式EHR细粒度可追溯方案。结合变色龙哈希和零知识证明技术实现区块链上节点的注册与身份证明的生成，从而实现区块链上恶意用户的追溯。针对密钥管理的单点故障问题，设计了分布式密文策略的属性基加密方案实现安全细粒度的数据访问控制，设置多个解密机构区块链节点联合分发用户节点的属性私钥。安全性分析表明，基于区块链的可追溯分布式密钥生成属性基加密算法是随机预言机模型下自适应安全的，并通过实验证明了所提方案的可行性和实用性。

关键词: 电子健康档案, 区块链, 追溯, 密钥管理, 细粒度访问控制

Abstract:

Aiming at the key management of electronic health records (EHR) in a distributed system and user identity tracing issues, a distributed EHR fine-grained traceability scheme based on blockchain was proposed.Combining chameleon hash and zero-knowledge proof technology, the registration of nodes on the blockchain and the generation of identity certificates were realized, and the traceability of malicious users on the blockchain was realized.Besides, given the single point of failure problem of key management, the attribute-based encryption scheme of distributed ciphertext strategy was designed to achieve secure and fine-grained data access control, and multiple decryption agency blockchain nodes were set up to jointly distribute the attribute private keys of user nodes.The security analysis shows that the traceable distributed key generation attribute-based encryption algorithm based on the blockchain is adaptively secure under the random oracle model, and through experiments, the feasibility and practicability of the proposed scheme are shown.

Key words: EHR, blockchain, tracking, key management, fine-grained access control

中图分类号:

TP309

应作斌, 斯元平, 马建峰, 刘西蒙. 基于区块链的分布式EHR细粒度可追溯方案[J]. 通信学报, 2021, 42(5): 205-215.

Zuobin YING, Yuanping SI, Jianfeng MA, Ximeng LIU. Blockchain-based distributed EHR fine-grained traceability scheme[J]. Journal on Communications, 2021, 42(5): 205-215.

图/表 11

图1

表1

主要参数及含义"

参数	含义
λ/MSK	安全参数/主密钥
pp/GP	公共参数/全局参数
$A_{i} / {PK}_{A_{i}} / {PK}_{{att}_{j}}$	解密机构/对应的公钥/属性公钥
u_id / regmess	用户节点的真实身份/节点的注册信息
(conf,pers)	节点的公开和保密信息对
pk_chame,sk_chame	变色龙哈希的公私钥对
${cert}_{u_{i d}}$	节点的身份证明
$(M, ρ)$	访问策略

表1

图2

图3

图4

表2

图5

图6

表3

图7

表4

EHR加密数据与解密数据通信开销"

阶段	通信开销
用户节点数据加密	$3 \| S \| \times \| G_{1} \| + \| G_{2} \|$
访问授权与解密	$3 \| S_{{sk}_{u}} \| \times \| G_{1} \|$

表4

参考文献 30

[1]	OVERGAARD S M . Harnessing the power of data in health[R]. Palo Alto:Stanford University, 2017.
[2]	ZYSKIND G , NATHAN O , PENTLAND A . Decentralizing privacy:using blockchain to protect personal data[C]// 2015 IEEE Security and Privacy Workshops. Piscataway:IEEE Press, 2015: 180-184.
[3]	ZAGHLOUL E , LI T T , MUTKA M W ,et al. Bitcoin and blockchain:security and privacy[J]. IEEE Internet of Things Journal, 2020,7(10): 10288-10313.
[4]	PANDEY P , LITORIYA R . Implementing healthcare services on a large scale:challenges and remedies based on blockchain technology[J]. Health Policy and Technology, 2020,9(1): 69-78.
[5]	JIANG J X , BAI G . Evaluation of causes of protected health information breaches[J]. JAMA Internal Medicine, 2019,179(2): 265-267.
[6]	NAKAMOTO S . Bitcoin:a peer-to-peer electronic cash system[R]. 2008.
[7]	FENG Q , HE D B , ZEADALLY S ,et al. A survey on privacy protection in blockchain system[J]. Journal of Network and Computer Applications, 2019,126: 45-58.
[8]	王明生, 曹鹤阳, 李佩瑶 . 基于区块链的去中心化信贷系统及应用[J]. 通信学报, 2019,40(8): 169-177.
	WANG M S , CAO H Y , LI P Y . Decentralized credit system based on blockchain and its application[J]. Journal on Communications, 2019,40(8): 169-177.
[9]	XU J , XUE K P , LI S H ,et al. Healthchain:a blockchain-based privacy preserving scheme for large-scale health data[J]. IEEE Internet of Things Journal, 2019,6(5): 8770-8781.
[10]	熊金波, 毕仁万, 陈前昕 ,等. 边缘协作的轻量级安全区域建议网络[J]. 通信学报, 2020,41(10): 188-201.
	XIONG J B , BI R W , CHEN Q X ,et al. Towards edge-collaborative,lightweight and secure region proposal network[J]. Journal on Communications, 2020,41(10): 188-201.
[11]	史锦山, 李茹 . 物联网下的区块链访问控制综述[J]. 软件学报, 2019,30(6): 1632-1648.
	SHI J S , LI R . Survey of blockchain access control in Internet of Things[J]. Journal of Software, 2019,30(6): 1632-1648.
[12]	LIANG W , LONG J , WENG T H ,et al. TBRS:a trust based recommendation scheme for vehicular CPS network[J]. Future Generation Computer Systems, 2019,92: 383-398.
[13]	AZARIA A , EKBLAW A , VIEIRA T ,et al. MedRec:using blockchain for medical data access and permission management[C]// 2016 2nd International Conference on Open and Big Data. Piscataway:IEEE Press, 2016: 25-30.
[14]	DAGHER G G , MOHLER J , MILOJKOVIC M ,et al. Ancile:privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology[J]. Sustainable Cities and Society, 2018,39: 283-297.
[15]	XIA Q , SIFAH E , SMAHI A ,et al. BBDS:blockchain-based data sharing for electronic medical records in cloud environments[J]. Information, 2017,8(2): 44.
[16]	FAN K , WANG S Y , REN Y H ,et al. MedBlock:efficient and secure medical data sharing via blockchain[J]. Journal of Medical Systems, 2018,42(8): 1-11.
[17]	HUSSEIN A F , ARUNKUMAR N , RAMIREZ-GONZALEZ G ,et al. A medical records managing and securing blockchain based system supported by a Genetic Algorithm and Discrete Wavelet Transform[J]. Cognitive Systems Research, 2018,52: 1-11.
[18]	闫玺玺, 原笑含, 汤永利 ,等. 基于区块链且支持验证的属性基搜索加密方案[J]. 通信学报, 2020,41(2): 187-198.
	YAN X X , YUAN X H , TANG Y L ,et al. Verifiable attribute-based searchable encryption scheme based on blockchain[J]. Journal on Communications, 2020,41(2): 187-198.
[19]	WANG G J , LIU Q , WU J . Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[C]// The 17th ACM Conference on Computer and Communications Security. New York:ACM Press, 2010: 735-737.
[20]	PASUPULETI S K , ALPHONSE P J A , PREMKAMAL P K . Efficient revocable CP-ABE for big data access control in cloud computing[J]. International Journal of Security and Networks, 2019,14(3): 119.
[21]	LEWKO A , WATERS B . Decentralizing attribute-based encryption[M]. Berlin: Springer, 2011.
[22]	HU S , LI J , ZHANG Y . Improving security and privacy-preserving in multi-authorities ciphertext-policy attribute-based encryption[J]. KSII Transactions on Internet and Information Systems, 2018,12(10): 5100-5119.
[23]	LI J G , HU S Z , ZHANG Y C . Two-party attribute-based key agreement protocol with constant-size ciphertext and key[J]. Security and Communication Networks, 2018,2018: 1-10.
[24]	ATENIESE G , FAONIO A , MAGRI B ,et al. Certified bitcoins[M]. Cham: Springer International Publishing, 2014.
[25]	GARMAN C , GREEN M , MIERS I . Accountable privacy for decentralized anonymous payments[C]// International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2016: 81-98.
[26]	BEN S E , CHIESA A , GARMAN C ,et al. Zerocash:decentralized anonymous payments from bitcoin[C]// 2014 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2014: 459-474.
[27]	PEDERSEN T P , . Non-interactive and information-theoretic secure verifiable secret sharing[C]// Annual International Cryptology Conference. Berlin:Springer, 1991: 129-140.
[28]	GENNARO R , JARECKI S , KRAWCZYK H ,et al. Secure distributed key generation for discrete-log based cryptosystems[C]// International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 1999: 295-310.
[29]	RAMANI V , KUMAR T , BRACKEN A ,et al. Secure and efficient data accessibility in blockchain based healthcare systems[C]// 2018 IEEE Global Communications Conference. Piscataway:IEEE Press, 2018: 206-212.
[30]	NGUYEN D C , PATHIRANA P N , DING M ,et al. Blockchain for secure EHRs sharing of mobile cloud based E-health systems[J]. IEEE Access, 2019,7: 66792-66806.

功能	安全	隐私	用户认证	密钥管理	可追溯
文献[15]方案	√	√	√	×	数据追溯
文献[29]方案	√	√	×	×	数据追溯
文献[30]方案	√	√	×	×	×
本文方案	√	√	√	DKG	ID追溯

Merkle树深度	pk_mess/KB	vk_mess/B	pk_cert/MB	vk_cert/KB	?_cert/B	?_mess/B
10	663	665	103	11	341	341
20	663	665	171	11	341	341
30	663	665	237	11	341	341

基于区块链的分布式EHR细粒度可追溯方案

Blockchain-based distributed EHR fine-grained traceability scheme

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 30

相关文章 15

Metrics

推荐阅读 0

[1]	张海波, 曹钰坤, 刘开健, 王汝言. 车联网中基于区块链的分布式信任管理方案[J]. 通信学报, 2023, 44(5): 148-157.
[2]	刘雪娇, 钟强, 夏莹杰. 基于双层分片区块链的车联网跨信任域高效认证方案[J]. 通信学报, 2023, 44(5): 213-223.
[3]	冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233.
[4]	夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123.
[5]	蒋丽, 谢胜利, 田辉. 面向数字孪生边缘网络的区块链分片及资源自适应优化机制[J]. 通信学报, 2023, 44(3): 12-23.
[6]	戴千一, 张斌, 郭松, 徐开勇. 基于多分类器集成的区块链网络层异常流量检测方法[J]. 通信学报, 2023, 44(3): 66-80.
[7]	经普杰, 王良民, 董学文, 张玉书, 王骞, Muhammad Sohail. 分层跨链结构：一种面向区块链系统监管的可行架构[J]. 通信学报, 2023, 44(3): 93-104.
[8]	刘雪娇, 曹天聪, 夏莹杰. 区块链架构下高效的车联网跨域数据安全共享研究[J]. 通信学报, 2023, 44(3): 186-197.
[9]	黄冬艳, 李琨. 多地址的时间型区块链隐蔽通信方法研究[J]. 通信学报, 2023, 44(2): 148-159.
[10]	金伟, 李凤华, 余铭洁, 郭云川, 周紫妍, 房梁. 面向HDFS的密钥资源控制机制[J]. 通信学报, 2022, 43(9): 27-41.
[11]	杨亚涛, 刘德莉, 刘培鹤, 曾萍, 肖嵩. BFV-Blockchainvoting：支持BFV全同态加密的区块链电子投票系统[J]. 通信学报, 2022, 43(9): 100-111.
[12]	冯霞, 崔凯平, 谢晴晴, 王良民. VANET中基于区块链的分布式匿名认证方案[J]. 通信学报, 2022, 43(9): 134-147.
[13]	李雷孝, 杜金泽, 林浩, 高昊昱, 杨艳艳, 高静. 区块链网络隐蔽信道研究进展[J]. 通信学报, 2022, 43(9): 209-223.
[14]	熊礼治, 朱蓉, 付章杰. 基于交易构造和转发机制的区块链网络隐蔽通信方法[J]. 通信学报, 2022, 43(8): 176-187.
[15]	杜瑞忠, 张添赫, 石朋亮. 基于区块链且支持数据共享的密文策略隐藏访问控制方案[J]. 通信学报, 2022, 43(6): 168-178.