mHealth中可追踪多授权机构基于属性的访问控制方案

doi:10.11959/j.issn.1000-436x.2018100

通信学报 ›› 2018, Vol. 39 ›› Issue (6): 1-10.doi: 10.11959/j.issn.1000-436x.2018100

• 学术论文 • 下一篇

mHealth中可追踪多授权机构基于属性的访问控制方案

李琦^1,^2,³,朱洪波^2,⁴,熊金波⁵,莫若⁶

¹ 南京邮电大学计算机学院、软件学院、网络空间安全学院，江苏南京 210023
² 南京邮电大学物联网技术与应用协同创新中心，江苏南京 210003
³ 南京邮电大学江苏省大数据安全与智能处理重点实验室，江苏南京 210023
⁴ 南京邮电大学通信与信息工程学院，江苏南京 210003
⁵ 福建师范大学数学与信息学院，福建福州 350117
⁶ 西安电子科技大学网络与信息安全学院，陕西西安 710071

修回日期:2018-05-08 出版日期:2018-06-01 发布日期:2018-07-09
作者简介:李琦（1989-），男，江苏淮安人，博士，南京邮电大学讲师，主要研究方向为基于属性的密码学与访问控制技术。|朱洪波（1956-），男，江苏扬州人，南京邮电大学教授、博士生导师，主要研究方向为泛在无线通信与物联网技术、宽带无线通信、无线通信与电磁兼容。|熊金波（1981-），男，湖南益阳人，博士，福建师范大学副教授、硕士生导师，主要研究方向为云数据安全、移动数据安全等。|莫若（1990-），男，陕西渭南人，西安电子科技大学博士生，主要研究方向为数字签名。
基金资助:
国家自然科学基金资助项目(61502248);国家自然科学基金资助项目(61427801);国家自然科学基金资助项目(61402109);国家自然科学基金资助项目(61602365);国家自然科学基金资助项目(61370078);中国博士后科学基金资助项目(2018M632350);南京邮电大学引进人才科研启动基金资助项目(NY215008)

Multi-authority attribute-based access control system in mHealth with traceability

Qi LI^1,^2,³,Hongbo ZHU^2,⁴,Jinbo XIONG⁵,Ruo MO⁶

¹ School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
² Jiangsu Innovative Coordination Center of Internet of Things,Nanjing University of Posts and Telecommunications,Nanjing 210003,China
³ Jiangsu Key laboratory of Big Data Security ＆Intelligent Processing,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
⁴ College of Telecommunications ＆Information Engineering,Nanjing University of Posts and Telecommunications,Nanjing 210003,China
⁵ College of Mathematics and Informatics,Fujian Normal University,Fuzhou 350117,China
⁶ School of Cyber Engineering,Xidian University,Xi’an 710071,China

Revised:2018-05-08 Online:2018-06-01 Published:2018-07-09
Supported by:
The National Natural Science Foundation of China(61502248);The National Natural Science Foundation of China(61427801);The National Natural Science Foundation of China(61402109);The National Natural Science Foundation of China(61602365);The National Natural Science Foundation of China(61370078);The Postdoctoral Science Foundation Project of China(2018M632350);NUPTSF(NY215008)

摘要/Abstract

摘要：

移动健康护理作为一种新兴的技术给个人健康档案的分享提供了极大的便利，也给其隐私带来了极大的风险。基于属性的加密体制能够对加密数据实现细粒度的访问控制，有效地保护了个人健康档案的隐私。然而，目前基于属性的访问控制方案要么缺乏有效的恶意用户追踪机制，要么只支持单个授权机构。针对该问题，提出了一个移动健康护理环境下适应性安全的可追踪多授权机构基于属性的访问控制方案，该方案在合数群上构造，支持任意单调的线性秘密共享机制的访问策略，基于子群判定假设证明了该方案在标准模型下是适应性安全的，基于k-SDH假设证明了该方案的可追踪性，性能分析表明了该方案的实用性。

关键词: 属性加密, 多机构, 可追踪, 适应性安全, 移动健康护理

Abstract:

Mobile healthcare (mHealth) is an emerging technology which facilitates the share of personal health records (PHR),however,it also brings the risk of the security and privacy of PHR.Attribute-based encryption (ABE) is regarded as a new cryptology to enhance fine-grained access control over encrypted data.However,existing attribute-based mHealth systems either lack of efficient traceable approach,or support only single authority.A traceable multi-authority attribute-based access control mHealth scheme was proposed,which was constructed over composite order groups and supports any monotonic access structures described by linear secret sharing scheme (LSSS).The adaptive security was proved under subgroup decisional assumptions.The traceability was proved under k-strong Diffie-Hellman (k-SDH) assumption.The performance analysis indicates that the proposed scheme is efficient and available.

Key words: attribute-based encryption, multi-authority, traceable, adaptively secure, mHealth

中图分类号:

TP309

李琦,朱洪波,熊金波,莫若. mHealth中可追踪多授权机构基于属性的访问控制方案[J]. 通信学报, 2018, 39(6): 1-10.

Qi LI,Hongbo ZHU,Jinbo XIONG,Ruo MO. Multi-authority attribute-based access control system in mHealth with traceability[J]. Journal on Communications, 2018, 39(6): 1-10.

图/表 5

图1

表1

表2

表3

表4

参考文献 19

[1]	PANAYIOTOU C , SAMARAS G . A mobile agent approach for ubiquitous and personalized eHealth information systems[J]. Personalisation for E, 2008:792.
[2]	ZHANG K , YANG K , LIANG X ,et al. Security and privacy for mobile healthcare networks[J]. IEEE Wireless Communications, 2015,22(4): 104-112.
[3]	SAHAI A , WATERS B . Fuzzy identity-based encryption[C]// Advances in Cryptology EUROCRYPT 2005,Lecture Notes in Computer Science. 2005: 457-473.
[4]	GOYAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// The 13th ACM conference on Computer and communications security. 2006: 89-98.
[5]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// Symposium on Security and Privacy. 2007: 321-334.
[6]	HAHN C , KWON H , HUR J . Efficient attribute-based secure data sharing with hidden policies and traceability in mobile health networks[J]. Mobile Information Systems, 2016:13.
[7]	ALSHEHRI S , RADZISZOWSKI S , AND RAJ R . Secure access for healthcare data in the cloud using ciphertext-policy attribute-based encryption[C]// IEEE 28th International Conference on Data Engineering Workshops (ICDEW ’12), 2012: 143-146.
[8]	CHASE M , . Multi-authority attribute based encryption[M]// Theory of Cryptography. Springer Berlin Heidelberg, 2007: 515-534.
[9]	CHASE M , CHOW S S M . Improving privacy and security in multi-authority attribute-based encryption[C]// Conference on Computer and Communications Security. 2009: 121-130.
[10]	LI M , YU S , ZHENG Y ,et al. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption[J]. IEEE Transactions on Parallel ＆ Distributed Systems, 2012,24(1): 131-143.
[11]	LEWKO A , WATERS B . Decentralizing attribute-based encryption[C]// International Conference on the Theory and Applications of Cryptographic Techniques. 2010: 568-588.
[12]	LIU Z , CAO Z , HUANG Q ,et al. Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles[C]// European Conference on Research in Computer Security. 2011: 278-297.
[13]	LI Q , MA J , LI R ,et al. Secure,efficient and revocable multi-authority access control system in cloud storage[J]. Computers ＆ Security, 2016,59(C): 45-59.
[14]	LIU Z , CAO Z , WONG D S . White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures[J]. IEEE Transactions on Information Forensics and Security, 2013,8(1): 76-88.
[15]	LI J , HUANG Q , CHEN X ,et al. Multi-authority ciphertext-policy attribute-based encryption with accountability[C]// The 6th ACM Symposium on Information,Computer and Communications Security. 2011: 386-390.
[16]	GUAN Z , LI J , ZHANG Y ,et al. An efficient traceable access control scheme with reliable key delegation in mobile cloud computing[J]. EURASIP Journal on Wireless Communications and Networking, 2016,2016(1):208.
[17]	LEWKO A , OKAMOTO T , SAHAI A ,et al. Fully secure functional encryption:attribute-based encryption and (hierarchical) inner product encryption[C]// International Conference on Theory and Applications of Cryptographic Techniques. 2010: 62-91.
[18]	BEIMEL A . Secure schemes for secret sharing and key distribution[J]. DSc Dissertation, 1996.
[19]	CARO A D , IOVINO V . jPBC:Java pairing based cryptography[J]. Proceedings - International Symposium on Computers and Communications, 2011,22(3): 850-855.

标号	属性密文	PHR密文
ID	CT	EN_PHR

步骤	文献[13]的计算开销	文献[14]的计算开销	本文的计算开销
初始化	(\|U\|+\|F_U\|)E ₁+\|F_U\|P	(\|U\|+1)E ₁+1P	(\|U\|+\|F_U\|+1)E ₁+\|F_U\|P
加密	(3\|W\|+1)E ₁+1E₂	(3\|W\|+2)E ₁+1E₂	(3\|W\|+2)E ₁+1E₂
密钥生成	(2\|F_E\|+\|S\|+2)E ₁	(\|S\|+4)E ₁	(2\|F_E\|+\|S\|+2)E ₁
解密	1E ₂	2E ₁+\|I\|E₂+(2\|I\|+1)P	2E ₁+\|I\|E₂+(2\|I\|+1)P
追踪	无	2E ₁+(2\|S_T\|+5)P	2E₁+(2\|S _T\|+3\|F_T\|+2)P

步骤		方案的计算开销/s
步骤	文献[13]	文献[14]	本文
初始化	96.75	90.55	97.64
加密	28.25	29.18	29.14
密钥生成	19.58	12.46	19.56
解密	0.08	16.41	16.40
追踪	无	18.28	26.20

mHealth中可追踪多授权机构基于属性的访问控制方案

Multi-authority attribute-based access control system in mHealth with traceability

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 19

相关文章 15

Metrics

推荐阅读 0

方案	访问策略	多授权机构	安全模型	可追踪性
文献[6]	与门	否	选择性	是
文献[12]	LSSS	是	适应性	否
文献[13]	LSSS	是	适应性	否
文献[14]	LSSS	否	适应性	是
文献[15]	与门	是	选择性	是
文献[16]	树	否	选择性	是
本文	LSSS	是	适应性	是

[1]	韩益亮, 郭凯阳, 吴日铭, 刘凯. 格上基于OBDD访问结构的抗密钥滥用属性加密方案[J]. 通信学报, 2023, 44(1): 75-88.
[2]	董江涛, 闫沛文, 杜瑞忠. 雾计算中基于无配对CP-ABE可验证的访问控制方案[J]. 通信学报, 2021, 42(8): 139-150.
[3]	彭长根, 彭宗凤, 丁红发, 田有亮, 刘荣飞. 具有可撤销功能的属性协同访问控制方案[J]. 通信学报, 2021, 42(5): 75-86.
[4]	杜瑞忠, 闫沛文, 刘妍. 雾计算中细粒度属性更新的外包计算访问控制方案[J]. 通信学报, 2021, 42(3): 160-170.
[5]	闫玺玺,何旭,刘涛,叶青,于金霞,汤永利. 抗密钥委托滥用的可追踪属性基加密方案[J]. 通信学报, 2020, 41(4): 150-161.
[6]	李学俊,张丹,李晖. 可高效撤销的属性基加密方案[J]. 通信学报, 2019, 40(6): 32-39.
[7]	冯朝胜,罗王平,秦志光,袁丁,邹莉萍. 支持多种特性的基于属性代理重加密方案[J]. 通信学报, 2019, 40(6): 177-189.
[8]	丁晟,曹进,李晖. 基于OBDD访问结构的无配对CP-ABE方案[J]. 通信学报, 2019, 40(12): 1-8.
[9]	田有亮,杨科迪,王缵,冯涛. 基于属性加密的区块链数据溯源算法[J]. 通信学报, 2019, 40(11): 101-111.
[10]	杜瑞忠,石朋亮,何欣枫. 基于覆写验证的云数据确定性删除方案[J]. 通信学报, 2019, 40(1): 130-140.
[11]	柳欣,徐秋亮,张斌,张波. 基于直接匿名证明的k次属性认证方案[J]. 通信学报, 2018, 39(12): 113-133.
[12]	齐芳,李艳梅,汤哲. 可撤销和可追踪的密钥策略属性基加密方案[J]. 通信学报, 2018, 39(11): 63-69.
[13]	张恩,裴瑶瑶,杜蛟. 基于RLWE的密文策略属性代理重加密[J]. 通信学报, 2018, 39(11): 129-137.
[14]	宋衍,韩臻,李建军,韩磊. 支持安全共享的云存储系统研究[J]. 通信学报, 2017, 38(Z1): 88-96.
[15]	伍祈应,马建峰,李辉,张俊伟,姜奇,苗银宾. 支持用户撤销的多关键字密文查询方案[J]. 通信学报, 2017, 38(8): 183-193.