Journal of Computer Applications ›› 2023, Vol. 43 ›› Issue (5): 1518-1526.DOI: 10.11772/j.issn.1001-9081.2022050733

• Cyber security • Previous Articles     Next Articles

Hierarchical access control and sharing system of medical data based on blockchain

Meng CAO1,2, Sunjie YU1,2, Hui ZENG1,2, Hongzhou SHI1()   

  1. 1.Beijing Key Laboratory of Mobile Computing and Pervasive Device (Institute of Computing Technology,Chinese Academy of Sciences),Beijing 100190,China
    2.School of Computer Science and Technology,University of Chinese Academy of Sciences,Beijing 100049,China
  • Received:2022-05-23 Revised:2022-08-18 Accepted:2022-08-19 Online:2022-09-23 Published:2023-05-10
  • Contact: Hongzhou SHI
  • About author:CAO Meng, born in 1997, M. S. candidate. Her research interests include information security, blockchain.
    YU Sunjie, born in 1998, M. S. candidate. Her research interests include information security, blockchain.
    ZENG Hui, born in 1998, M. S. candidate. His research interests include information security, blockchain.
    SHI Hongzhou, born in 1971, Ph. D., senior engineer. His research interests include internet of things security, big data.


曹萌1,2, 余孙婕1,2, 曾辉1,2, 史红周1()   

  1. 1.移动计算与新型终端北京市重点实验室(中国科学院计算技术研究所), 北京 100190
    2.中国科学院大学 计算机科学与技术学院, 北京 100049
  • 通讯作者: 史红周
  • 作者简介:曹萌(1997—),女,河南郑州人,硕士研究生,CCF会员,主要研究方向:信息安全、区块链


Focusing on coarse granularity of access control, low sharing flexibility and security risks such as data leakage of centralized medical data sharing platform, a blockchain-based hierarchical access control and sharing system of medical data was proposed. Firstly, medical data was classified according to sensitivity, and a Ciphertext-Policy Attribute-Based Hierarchical Encryption (CP-ABHE) algorithm was proposed to achieve access control of medical data with different sensitivity. In the algorithm, access control trees were merged and symmetric encryption methods were combinined to improve the performance of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) algorithm, and the multi-authority center was used to solve the key escrow problem. Then, the medical data sharing mode based on permissioned blockchain was used to solve the centralized trust problem of centralized sharing platform. Security analysis shows that the proposed system ensures the security of data during the data sharing process, and can resist user collusion attacks and authority collusion attacks. Experimental results also show that the proposed CP-ABHE algorithm has lower computational cost than CP-ABE algorithm, the maximum average delay of the proposed system is 7.8 s, and the maximum throughput is 236 transactions per second, which meets the expected performance requirements.

Key words: medical big data, blockchain, access control, data sharing, smart contract, Attribute-Based Access Control (ABAC)


针对当前医疗数据共享时访问控制粒度过粗、共享灵活性低、集中式医疗数据共享平台存在数据泄露的安全隐患等问题,提出一种基于区块链的医疗数据分级访问控制与共享系统。首先,对医疗数据按照敏感度分级,并提出了密文策略属性基分级加密(CP-ABHE)算法,实现对不同敏感度医疗数据的访问控制。该算法使用合并访问控制树和结合对称加密方法提升密文策略属性基加密(CP-ABE)算法的性能,并使用多授权中心解决密钥托管问题。然后,采用基于许可区块链的医疗数据共享模式解决集中式共享平台存在的中心化信任问题。安全性分析结果表明,所提系统在数据共享过程中保证了数据的安全性,可以抵御用户合谋攻击和权威合谋攻击。实验结果表明,CP-ABHE算法拥有比CP-ABE算法更低的计算开销,所提系统的最大平均时延为7.8 s,最高吞吐量为每秒处理236个事务,符合预期性能要求。

关键词: 医疗大数据, 区块链, 访问控制, 数据共享, 智能合约, 基于属性的访问控制

CLC Number: