智慧健康中基于属性的访问控制方案

doi:10.11772/j.issn.1001-9081.2018071528

计算机应用 ›› 2018, Vol. 38 ›› Issue (12): 3471-3475.DOI: 10.11772/j.issn.1001-9081.2018071528

智慧健康中基于属性的访问控制方案

李琦^1,2, 熊金波³, 黄利智¹, 王煊¹, 毛启铭¹, 姚岚午⁴

1. 南京邮电大学计算机学院、软件学院、网络空间安全学院, 南京 210023;
2. 南京邮电大学物联网技术与应用协同创新中心, 南京 210003;
3. 福建师范大学数学与信息学院, 福州 350117;
4. 南京邮电大学通信与信息工程学院, 南京 210023

收稿日期:2018-07-23 修回日期:2018-09-14 出版日期:2018-12-10 发布日期:2018-12-15
通讯作者: 熊金波
作者简介:李琦(1989-),男,江苏淮安人,讲师,博士,CCF会员,主要研究方向:基于属性的密码学、访问控制技术;熊金波(1981-),男,湖南益阳人,博士,副教授,CCF会员,主要研究方向:云数据安全、移动数据安全;黄利智(1994-),女,江苏常熟人,硕士研究生,主要研究方向:密码学、图像识别。
基金资助:
国家自然科学基金资助项目（61502248，61872088）；中国博士后科学基金资助项目（2018M632350）；南京邮电大学大学生科技创新训练计划项目（XYB2018201）。

Attribute-based access control scheme in smart health

LI Qi^1,2, XIONG Jinbo³, HUANG Lizhi¹, WANG Xuan¹, MAO Qiming¹, YAO Lanwu⁴

1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210023, China;
2. Jiangsu Innovative Coordination Center of Internet of Things, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210003, China;
3. College of Mathematics and Informatics, Fujian Normal University, Fuzhou Fujian 350117, China;
4. College of Telecommunications & Information Engineering, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210023, China

Received:2018-07-23 Revised:2018-09-14 Online:2018-12-10 Published:2018-12-15
Contact: 熊金波
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61502248, 61872088), the Postdoctoral Science Foundation of China (2018M632350), and the Technology Innovation Training Program for College Students of Nanjing University of Posts and Telecommunications (XYB2018201).

摘要/Abstract

摘要： 针对智慧健康（S-health）中个人健康档案（PHR）的隐私保护问题，提出了一种外包解密可验证并可代理的基于属性的访问控制方案。首先，利用密文策略属性基加密（CP-ABE）方法，实现PHR的细粒度访问控制；其次，通过将复杂的解密计算外包至云服务器，并利用授权机构来验证云服务器返回的部分解密密文（PDC）的正确性；然后，基于代理方法，受限用户可将外包解密及验证委托给第三方用户执行而不泄露隐私；最后，在标准模型下证明了方案的自适应安全性。理论分析结果表明，用户端解密仅需执行一次指数运算，该方案具有较强的安全性与实用性。

关键词: 智慧健康, 个人健康档案, 密文策略属性基加密, 可验证外包解密, 代理

Abstract: Aiming at preserving the privacy of Personal Health Record (PHR) in Smart health (S-health), an attribute-based access control scheme with verifiable outsourced decryption and delegation was proposed. Firstly, the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) was used to realize fine-grained access control of PHR. Secondly, the most complicated decryption was outsourced to the cloud server, and the authorized agency was used to verify the correctness of Partial Decryption Ciphertext (PDC) returned by the cloud server. Then, based on the delegation method, the outsourcing decryption and authentication could be delegated to third-party users without revealing privacy by restricted users. Finally, the adaptive security of the proposed scheme was proved under the standard model. The theoretical analysis results show that the decryption of user side only needs to perform one exponential operation, so that the proposed scheme has strong security and practicability.

Key words: Smart health (S-health), Personal Health Record (PHR), Ciphertext-Policy Attribute-Based Encryption (CP-ABE), verifiable outsourced decryption, delegation

中图分类号:

TP309

李琦, 熊金波, 黄利智, 王煊, 毛启铭, 姚岚午. 智慧健康中基于属性的访问控制方案[J]. 计算机应用, 2018, 38(12): 3471-3475.

LI Qi, XIONG Jinbo, HUANG Lizhi, WANG Xuan, MAO Qiming, YAO Lanwu. Attribute-based access control scheme in smart health[J]. Journal of Computer Applications, 2018, 38(12): 3471-3475.

参考文献

[1] XIONG J B, REN J, CHEN L, et al. Enhancing privacy and availability for data clustering in intelligent electrical service of IoT[J/OL].[2018-03-26]. IEEE Internet of Things Journal, 2018. https://ieeexplore.ieee.org/document/8370699.
[2] LIU X, DENG R, CHOO K K R, et al. Privacy-preserving out-sourced calculation toolkit in the cloud[J/OL]. IEEE Transactions on Dependable & Secure Computing, 2018[2018-03-26]. https://ieeexplore.ieee.org/document/8318625.
[3] ZHANG Y H, ZHENG D, DENG R H. Security and privacy in smart health:efficient policy-hiding attribute-based access control[J]. IEEE Internet of Things Journal, 2018, 5(3):2130-2145.
[4] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques, LNCS 3494. Berlin:Springer, 2005:457-473.
[5] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy. Piscataway, NJ:IEEE, 2007:321-334.
[6] ZHOU Z B, HUANG D J, WANG Z J. Efficient privacy-preserving ciphertext-policy attribute based encryption and broadcast encryption[J]. IEEE Transactions on Computers, 2014, 64(1):126-138.
[7] 李琦,马建峰,熊金波,等.一种素数阶群上构造的自适应安全的多授权机构CP-ABE方案[J].电子学报,2014,42(4):696-702.(LI Q, MA J F, XIONG J B, et al. An adaptively secure multi-authority ciphertext-policy ABE scheme on prime order groups[J]. Acta Electronica Sinica, 2014, 42(4):696-702.)
[8] WATERS B. Ciphertext-policy attribute-based encryption:An expressive, efficient, and provably secure realization[C]//Proceedings of the 2011 International Workshop on Public Key Cryptography, LNCS 6571. Berlin:Springer, 2011:53-70.
[9] GREEN M, HOHENBERGER S, WATERS B. Outsourcing the decryption of ABE ciphertexts[C]//Proceedings of the 20th USENIX Conference on Security. Berkeley, CA:USENIX Association, 2011:34-34.
[10] LAI J Z, DENG R H, GUAN C W, et al. Attribute-based encryption with verifiable outsourced decryption[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(8):1343-1354.
[11] NING J T, CAO Z F, DONG X L, et al. Auditable σ-time outsourced attribute-based encryption for access control in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2018, 13(1):94-105.
[12] LI J G, WANG Y, ZHANG Y C, et al. Full verifiability for outsourced decryption in attribute based encryption[J/OL]. IEEE Transactions on Services Computing, 2017[2018-03-26]. https://ieeexplore.ieee.org/document/7936626.
[13] LEWKO A, OKAMOTO T, SAHAI A, et al. Fully secure functional encryption:attribute-based encryption and (hierarchical) inner product encryption[C]//Proceedings of the 29th Annual International Conference on Theory and Applications of Cryptographic Techniques, LNCS 6110. Berlin:Springer, 2010:62-91.
[14] LIU Z, CAO Z F, WONG D C S. White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures[J]. IEEE Transactions on Information Forensics and Security. 2013, 8(1):76-88.

[1]	陈家豪, 殷新春. 基于云雾计算的可追踪可撤销密文策略属性基加密方案[J]. 计算机应用, 2021, 41(6): 1611-1620.
[2]	谷正川, 郭渊博, 方晨. 基于代理重加密的消息队列遥测传输协议端到端安全解决方案[J]. 计算机应用, 2021, 41(5): 1378-1385.
[3]	张利华, 王欣怡, 胡方舟, 黄阳, 白甲义. 基于双联盟链的智能电网数据共享模型[J]. 计算机应用, 2021, 41(4): 963-969.
[4]	李莉, 杨鸿飞, 董秀则. 基于身份多条件代理重加密的文件分级访问控制方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3251-3256.
[5]	薛锋, 史旭华, 史非凡. 基于代理模型的差分进化约束优化[J]. 计算机应用, 2020, 40(4): 1091-1096.
[6]	罗文俊, 闻胜莲, 程雨. 基于区块链的电子医疗病历共享方案[J]. 计算机应用, 2020, 40(1): 157-161.
[7]	王海勇, 彭垚, 郭凯璇. 云存储中基于代理重加密的CP-ABE访问控制方案[J]. 计算机应用, 2019, 39(9): 2611-2616.
[8]	张恩, 金刚刚. 基于同态加密和Bloom过滤器的云外包多方隐私集合比较协议[J]. 计算机应用, 2018, 38(8): 2256-2260.
[9]	蔡梦娟, 陈兴蜀, 金鑫, 赵成, 殷明勇. 基于硬件虚拟化的虚拟机进程代码分页式度量方法[J]. 计算机应用, 2018, 38(2): 305-309.
[10]	刘荣, 潘洪志, 刘波, 祖婷, 方群, 何昕, 王杨. 基于密文策略属性基加密算法的云存储数据更新方法[J]. 计算机应用, 2018, 38(2): 348-351.
[11]	左黎明, 陈祚松, 夏萍萍, 易传佳. 高效的可证安全短代理签名方案[J]. 计算机应用, 2018, 38(12): 3455-3461.
[12]	陈建, 沈潇军, 姚一杨, 邢雅菲, 琚小明. 基于密文策略属性基加密系统访问机制的缓存替换策略[J]. 计算机应用, 2017, 37(10): 2964-2967.
[13]	郝伟, 杨晓元, 王绪安, 吴立强. 条件型非对称跨加密系统的代理重加密方案[J]. 计算机应用, 2016, 36(9): 2452-2458.
[14]	郝伟, 杨晓元, 王绪安, 张英男, 吴立强. 适用于移动用户高效访问外包数据的非对称代理重加密方案[J]. 计算机应用, 2016, 36(8): 2225-2230.
[15]	张新鹏, 许春香, 张新颜, 赛伟, 韩兴阳, 刘国平. 基于代理重签名的支持用户可撤销的云存储数据公共审计方案[J]. 计算机应用, 2016, 36(7): 1816-1821.

智慧健康中基于属性的访问控制方案

Attribute-based access control scheme in smart health

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics