计算机应用 ›› 2020, Vol. 40 ›› Issue (1): 157-161.DOI: 10.11772/j.issn.1001-9081.2019060994

• 网络空间安全 • 上一篇    下一篇

基于区块链的电子医疗病历共享方案

罗文俊, 闻胜莲, 程雨   

  1. 重庆邮电大学 计算机科学与技术学院, 重庆 400065
  • 收稿日期:2019-06-12 修回日期:2019-09-01 出版日期:2020-01-10 发布日期:2019-09-27
  • 通讯作者: 闻胜莲
  • 作者简介:罗文俊(1966-),男,重庆合川人,教授,博士,主要研究方向:网络空间安全、密码学;闻胜莲(1995-),女,重庆荣昌人,硕士研究生,主要研究方向:区块链、密码学;程雨(1995-),男,山西朔州人,硕士研究生,主要研究方向:区块链。
  • 基金资助:
    国家自然科学基金资助项目(61672004,61702067)。

Blockchain-based electronic health record sharing scheme

LUO Wenjun, WEN Shenglian, CHENG Yu   

  1. College of Computer Science and Technology, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
  • Received:2019-06-12 Revised:2019-09-01 Online:2020-01-10 Published:2019-09-27
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61672004, 61702067).

摘要: 针对当前各医疗相关机构间数据共享困难、数据隐私易泄露等问题,提出了一个基于区块链的电子医疗病历(EHR)共享方案。首先,基于区块链不可篡改、去中心化、分布式存储的特点,设计了基于区块链的EHR数据共享模型,采用区块链网络和分布式数据库共同存储加密的EHR及相关访问控制策略,防止EHR数据被篡改和泄露;其次,将分布式密钥生成(DKG)技术与基于身份的代理重加密(IBPRE)技术相结合,设计了数据安全共享协议,协议使用委托权益证明(DPOS)算法选取代理节点,重加密EHR,实现单对用户间的数据共享。安全性分析表明,所提方案能够抵抗身份伪装和重放攻击。仿真实验与对比分析表明,DPOS算法的效率高于工作量证明(POW)算法,略低于实用拜占庭容错(PBFT)算法,但所提方案去中心化程度更高,耗费算力较小。

关键词: 电子医疗病历, 区块链, 基于身份的代理重加密, 分布式密钥生成, 数据共享

Abstract: To solve the problems such as data sharing difficulty, data privacy disclosure of data sharing between medical institutions, a blockchain-based Electronic Health Record (EHR) sharing scheme was proposed. Firstly, based on the blockchain characteristics of non-tampering, decentralization and distributed storage, a blockchain-based EHR data sharing model was designed. The blockchain network and distributed database were used to jointly store the encrypted EHR and the related access control policies, preventing the modification and leakage of EHR data. Secondly, the Distributed Key Generation (DKG) and Identity-Based Proxy Re-Encryption (IBPRE) were combined to design a data secure sharing protocol. The Delegated Proof of Stake (DPOS) algorithm was used in this protocol to select the proxy node, which re-encrypted the EHR to achieve the data sharing between single pair of users. The safety analyses show that the proposed scheme can resist the fake identity and the replay attack. Simulation experiments and comparative analyses show that DPOS algorithm has the efficiency higher than Proof of Work (POW) algorithm, and slightly lower than the Practical Byzantine Fault Tolerance (PBFT) algorithm, but the proposed scheme is more decentralized and costs less computing power.

Key words: Electronic Health Record (EHR), blockchain, Identity-Based Proxy Re-Encryption (IBPRE), Distributed Key Generation (DKG), data sharing

中图分类号: