网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (4): 66-76.doi: 10.11959/j.issn.2096-109x.2022044

• 专栏:区块链系统、智能合约与应用安全 • 上一篇    下一篇

基于区块链的多权限属性隐藏电子病历共享方案

金琳1, 田有亮1,2   

  1. 1 贵州大学计算机科学与技术学院 贵州 贵阳 550025
    2 贵州省公共大数据重点实验室 贵州 贵阳 550025
  • 修回日期:2022-06-27 出版日期:2022-08-15 发布日期:2022-08-01
  • 作者简介:金琳(1997− ),女,云南曲靖人,贵州大学硕士生,主要研究方向为属性加密、区块链
    田有亮(1982− ),男,贵州盘县人,博士,贵州大学教授、博士生导师,主要研究方向为算法博弈论、密码学与安全协议、大数据隐私保护与区块链技术等
  • 基金资助:
    国家自然科学基金(61662009);贵州省教育厅科技拔尖人才支持项目([2016]060);贵州省科技重大专项计划(20183001);贵州省科技计划项目([2017]5788);教育部—中国移动科研基金研发项目(MCM20170401);贵州大学培育项目([2017]5788);数据共享应用的块数据融合分析理论与安全管控模型研究(U1836205);面向大数据应用的区块链关键技术研究([2019]1098)

Multi-authority attribute hidden for electronic medical record sharing scheme based on blockchain

Lin JIN1, Youliang TIAN1,2   

  1. 1 College of Computer Science and Technology, Guizhou University, Guiyang 550025, China
    2 State Key Laboratory of Public Big Data, Guizhou University, Guiyang 550025, China
  • Revised:2022-06-27 Online:2022-08-15 Published:2022-08-01
  • Supported by:
    The National Natural Science Foundation of China(61662009);Guizhou Provincial Department of Education Science and Technology Top-notch Talent Support Project([2016]060);Science and Technology Major Support Program of Guizhou Province(20183001);Guizhou Provincial Science and Technology Plan Project([2017]5788);Ministry of Education-China Mobile Research Fund Project(MCM20170401);Guizhou University Cultivation Project([2017]5788);Re-search on Block Data Fusion Analysis Theory and Security Management Model of Data Sharing Application(U1836205);Re-search on Key Technologies of Blockchain for Big Data Applications([2019]1098)

摘要:

现阶段,不同医院之间没有数据交换共享,容易形成数据孤岛。同时,区域医疗数据含有大量患者的敏感信息,这些数据的公开获取、共享及流通会导致恶意篡改、窃取、滥用与所有权丢失,从而泄露患者隐私。由于庞大的医疗数据量以及医疗数据的非结构化,一些具有较强针对性的恶意攻击更加难以防范与追责,如对医疗数据的窃取、篡改、勒索等恶意攻击。针对以上问题,提出一种基于区块链的多权限属性隐藏电子病历共享方案,以实现共享电子病历的细粒度访问的同时,保证患者隐私安全。引入多授权属性加密(MA-ABE)算法,利用多权限机构管理分散属性,同时通过哈希函数来识别不同用户,可以有效抵抗不同权限用户之间的共谋攻击;利用线性秘密共享方案(LSSS)实现属性的部分隐藏,将属性分为属性名与属性值两部分,以保护属性隐私;结合区块链公开透明、不易篡改等特性,设计访问策略可更新算法,基于访问策略更新算法追加策略区块,将新的访问策略上传至区块链中形成策略可更新溯源链,在隐藏策略条件下实现分布式和可信赖的访问控制管理,同时实现数据隐私保护和用户行为的可追溯。通过安全性证明和实验分析,所提方案能在有效保护属性隐私的同时,降低计算开销。

关键词: 属性隐藏, 区块链, 属性加密, 隐私保护, 数据共享

Abstract:

Currently, there is no data exchanging and sharing between different hospitals, and it is easy to form data islands.At the same time, regional medical data contains a large amount of sensitive information of patients.The public acquisition, sharing and circulation of these data will lead to malicious tampering, theft, abuse and loss of ownership, thereby revealing patient privacy.In addition, the size of medical data is enormous and the data is unstructured, then it is more difficult to prevent and hold accountable some highly targeted malicious attacks, such as malicious attacks on medical data theft, tampering, and extortion.In view of the above problems, a blockchain-based on multi-authority attribute hidden electronic medical record sharing scheme was proposed to achieve fine-grained access to shared electronic medical records while ensuring patient privacy.The Multi-Authorization Attribute Encryption (MA-ABE) algorithm was introduced, which used multi-authority organizations to manage decentralized attributes.It also used hash functions to identify different users, in order to effectively resist collusion attacks between users with different authorizations.Besides, the linear secrets sharing scheme (LSSS) was used to realize partial hiding of attributes, and the attributes were divided into two parts:attribute name and attribute value.In addition, combined with the characteristics of blockchain openness, transparency and tamper-proof, the design of access policy can update the algorithm.Based on the access policy update algorithm, the policy block was added.The new access policy was uploaded to the blockchain to form a policy update traceability chain, which can realize distributed and reliable access control management under the condition of hidden policy.It can also support data privacy protection at the same time, and traceability of user behavior.The theoretical proof and experimental analysis have proved that this scheme protect attribute privacy effectively, while reduces computational overhead.

Key words: hidden attribute, blockchain, attribute encryption, privacy protection, data sharing

中图分类号: 

No Suggested Reading articles found!