Hierarchical access control and sharing system of medical data based on blockchain

doi:10.11772/j.issn.1001-9081.2022050733

Journal of Computer Applications ›› 2023, Vol. 43 ›› Issue (5): 1518-1526.DOI: 10.11772/j.issn.1001-9081.2022050733

• Cyber security • Previous Articles Next Articles

Hierarchical access control and sharing system of medical data based on blockchain

Meng CAO¹^,², Sunjie YU¹^,², Hui ZENG¹^,², Hongzhou SHI¹()

^1.Beijing Key Laboratory of Mobile Computing and Pervasive Device （Institute of Computing Technology，Chinese Academy of Sciences），Beijing 100190，China
^2.School of Computer Science and Technology，University of Chinese Academy of Sciences，Beijing 100049，China

Received:2022-05-23 Revised:2022-08-18 Accepted:2022-08-19 Online:2022-09-23 Published:2023-05-10
Contact: Hongzhou SHI
About author:CAO Meng， born in 1997， M. S. candidate. Her research interests include information security， blockchain.
YU Sunjie， born in 1998， M. S. candidate. Her research interests include information security， blockchain.
ZENG Hui， born in 1998， M. S. candidate. His research interests include information security， blockchain.
SHI Hongzhou， born in 1971， Ph. D.， senior engineer. His research interests include internet of things security， big data.

基于区块链的医疗数据分级访问控制与共享系统

曹萌¹^,², 余孙婕¹^,², 曾辉¹^,², 史红周¹()

^1.移动计算与新型终端北京市重点实验室(中国科学院计算技术研究所), 北京 100190
^2.中国科学院大学计算机科学与技术学院, 北京 100049

通讯作者: 史红周
作者简介:曹萌（1997—），女，河南郑州人，硕士研究生，CCF会员，主要研究方向：信息安全、区块链
余孙婕（1998—），女，浙江宁波人，硕士研究生，主要研究方向：信息安全、区块链
曾辉（1998—），男，江西赣州人，硕士研究生，主要研究方向：信息安全、区块链
史红周（1971—），男，陕西眉县人，高级工程师，博士，CCF会员，主要研究方向：物联网安全、大数据。hzshi@ict.ac.cn

Abstract

Abstract:

Focusing on coarse granularity of access control， low sharing flexibility and security risks such as data leakage of centralized medical data sharing platform， a blockchain-based hierarchical access control and sharing system of medical data was proposed. Firstly， medical data was classified according to sensitivity， and a Ciphertext-Policy Attribute-Based Hierarchical Encryption （CP-ABHE） algorithm was proposed to achieve access control of medical data with different sensitivity. In the algorithm， access control trees were merged and symmetric encryption methods were combinined to improve the performance of Ciphertext-Policy Attribute-Based Encryption （CP-ABE） algorithm， and the multi-authority center was used to solve the key escrow problem. Then， the medical data sharing mode based on permissioned blockchain was used to solve the centralized trust problem of centralized sharing platform. Security analysis shows that the proposed system ensures the security of data during the data sharing process， and can resist user collusion attacks and authority collusion attacks. Experimental results also show that the proposed CP-ABHE algorithm has lower computational cost than CP-ABE algorithm， the maximum average delay of the proposed system is 7.8 s， and the maximum throughput is 236 transactions per second， which meets the expected performance requirements.

Key words: medical big data, blockchain, access control, data sharing, smart contract, Attribute-Based Access Control (ABAC)

摘要：

针对当前医疗数据共享时访问控制粒度过粗、共享灵活性低、集中式医疗数据共享平台存在数据泄露的安全隐患等问题，提出一种基于区块链的医疗数据分级访问控制与共享系统。首先，对医疗数据按照敏感度分级，并提出了密文策略属性基分级加密（CP-ABHE）算法，实现对不同敏感度医疗数据的访问控制。该算法使用合并访问控制树和结合对称加密方法提升密文策略属性基加密（CP-ABE）算法的性能，并使用多授权中心解决密钥托管问题。然后，采用基于许可区块链的医疗数据共享模式解决集中式共享平台存在的中心化信任问题。安全性分析结果表明，所提系统在数据共享过程中保证了数据的安全性，可以抵御用户合谋攻击和权威合谋攻击。实验结果表明，CP-ABHE算法拥有比CP-ABE算法更低的计算开销，所提系统的最大平均时延为7.8 s，最高吞吐量为每秒处理236个事务，符合预期性能要求。

关键词: 医疗大数据, 区块链, 访问控制, 数据共享, 智能合约, 基于属性的访问控制

CLC Number:

TP309

Meng CAO, Sunjie YU, Hui ZENG, Hongzhou SHI. Hierarchical access control and sharing system of medical data based on blockchain[J]. Journal of Computer Applications, 2023, 43(5): 1518-1526.

曹萌, 余孙婕, 曾辉, 史红周. 基于区块链的医疗数据分级访问控制与共享系统[J]. 《计算机应用》唯一官方网站, 2023, 43(5): 1518-1526.

Figures/Tables 15

Fig. 1 Blockchain-based data sharing process

Fig. 2 Basic structures of KP-ABE and CP-ABE

Fig. 3 CP-ABE access control tree structure

Fig. 4 Architecture of data sharing system

Fig. 5 Medical data sharing model

Tab. 1 Collection of user attributes

属性分类	属性值
使用者类型	Research-Institute， Insurance-Company， Hospital， Person
使用者专业等级	A， B， C

Fig. 6 Schematic diagram of access control tree transformation

Fig. 7 Network node architecture of system

Fig. 8 Latency and throughput of Query transactions

Fig. 9 Latency and throughput of Invoke transactions

Tab. 2 Symbol description

符号	含义
$C 0$	$G 0$ 元素长度
$C 1$	$G 1$ 元素长度
$C p$	$Z p$ 元素长度
$k$	用户属性个数
$t$	低（中）敏感数据访问策略包含的属性个数
$t'$	低（中）敏感数据访问策略树的中间节点数
$t ″$	低（中）敏感数据访问策略树的中间节点包含的孩子数
$l$	系统包含的属性个数
$n$	属性授权机构数
$e 0$	在 $G 0$ 上的指数运算
$e 1$	在 $G 1$ 上的指数运算
$e$	双线性对映射运算
$s$	用户最短解密路径的叶子节点数
$s'$	用户最短解密路径的中间节点数

Tab. 2 Symbol description

符号	含义
$C 0$	$G 0$ 元素长度
$C 1$	$G 1$ 元素长度
$C p$	$Z p$ 元素长度
$k$	用户属性个数
$t$	低（中）敏感数据访问策略包含的属性个数
$t'$	低（中）敏感数据访问策略树的中间节点数
$t ″$	低（中）敏感数据访问策略树的中间节点包含的孩子数
$l$	系统包含的属性个数
$n$	属性授权机构数
$e 0$	在 $G 0$ 上的指数运算
$e 1$	在 $G 1$ 上的指数运算
$e$	双线性对映射运算
$s$	用户最短解密路径的叶子节点数
$s'$	用户最短解密路径的中间节点数

Tab. 3 Function comparison

方案来源	分级访问控制	多权威	抵抗合谋攻击
文献［29］	×	×	×
文献［35］	×	√	×
文献［36］	√	×	×
本文	√	√	√

Tab. 4 Storage cost comparison

方案来源	系统公钥长度	主密钥长度	用户密钥长度	密文长度
文献［29］	$2 C 0 + C 1$	$C 0 + C p$	$(2 k + 1) C 0$	$(4 t + 2) C 0 + 2 C 1$
文献［35］	$4 C 0 + C 1$	$C 0 + C p$	$(2 k + 1) C 0$	$(4 t + 2) C 0 + 2 C 1$
文献［37］	$l ⋅ C 0 + C 1$	$(n + 1) C 0 + l ⋅ C p$	$(4 k + 4) C 0$	$(2 t + 4) C 0 + (t' ⋅ t ″ + 2) C 1$
本文	$2 C 0 + C 1$	$2 C p$	$(2 k + 1) C 0$	$(2 t + 2) C 0 + 2 C 1$

Tab. 4 Storage cost comparison

方案来源	系统公钥长度	主密钥长度	用户密钥长度	密文长度
文献［29］	$2 C 0 + C 1$	$C 0 + C p$	$(2 k + 1) C 0$	$(4 t + 2) C 0 + 2 C 1$
文献［35］	$4 C 0 + C 1$	$C 0 + C p$	$(2 k + 1) C 0$	$(4 t + 2) C 0 + 2 C 1$
文献［37］	$l ⋅ C 0 + C 1$	$(n + 1) C 0 + l ⋅ C p$	$(4 k + 4) C 0$	$(2 t + 4) C 0 + (t' ⋅ t ″ + 2) C 1$
本文	$2 C 0 + C 1$	$2 C p$	$(2 k + 1) C 0$	$(2 t + 2) C 0 + 2 C 1$

Tab. 5 Computational cost comparison

方案来源	密钥生成	加密	解密
文献［29］	$(2 k + 2) e 0$	$(4 t + 2) e 0 + 2 e 1$	$(4 s + 2) e + 2 s' ⋅ e 1$
文献［35］	$(2 k + 3) e 0$	$(6 t + 2) e 0 + 2 e 1$	$(4 s + 2) e + 2 s' ⋅ e 1$
文献［37］	$(4 k + 2) e 0$	$(2 t + 4) e 0 + (2 t ″ ⋅ t' + 2) e 1$	$(2 k + 2) e + (2 s' + 2 t ″ ⋅ t' + 2 + 8) e 1$
本文	$(2 k + 4) e 0$	$(2 t + 2) e 0 + 2 e 1$	$(2 s + 2) e + s' ⋅ e 1$

Tab. 5 Computational cost comparison

方案来源	密钥生成	加密	解密
文献［29］	$(2 k + 2) e 0$	$(4 t + 2) e 0 + 2 e 1$	$(4 s + 2) e + 2 s' ⋅ e 1$
文献［35］	$(2 k + 3) e 0$	$(6 t + 2) e 0 + 2 e 1$	$(4 s + 2) e + 2 s' ⋅ e 1$
文献［37］	$(4 k + 2) e 0$	$(2 t + 4) e 0 + (2 t ″ ⋅ t' + 2) e 1$	$(2 k + 2) e + (2 s' + 2 t ″ ⋅ t' + 2 + 8) e 1$
本文	$(2 k + 4) e 0$	$(2 t + 2) e 0 + 2 e 1$	$(2 s + 2) e + s' ⋅ e 1$

Fig. 10 Influence of attribute number and data volume on performance of CP-ABHE and CP-ABE algorithms

References 38

1	林世才. 医疗信息化的福建实践［J］. 人口与计划生育， 2018（9）：45-47.
	LIN S C. Fujian practice of medical informatization［J］. Population and Family Planning， 2018（9）： 45-47.
2	SURAHMAT， TENGGONO A. Analysis of server virtualization service performance using Citrix Xenserver［J］. Journal of Physics： Conference Series， 2020， 1500： No.012098. 10.1088/1742-6596/1500/1/012098
3	何延哲，付嵘. 275位艾滋病感染者个人信息泄露事件再次警示：安全是健康医疗大数据的核心基础［J］. 中国经济周刊， 2016（30）：79-81.
	HE Y Z， FU R. The disclosure of personal information of 275 people infected with AIDS once again warns that safety is the core foundation of health care big data［J］. China Economic Weekly， 2016（30）： 79-81.
4	SEH A H， ZAROUR M， ALENEZI M， et al. Healthcare data breaches： insights and implications［J］. Healthcare， 2020， 8（2）： 133. 10.3390/healthcare8020133
5	木须.对系统安全防护重视不够国外多家医疗机构遭到勒索软件攻击［J］.信息安全与通信保密，2016（5）：68-69.
	MU X. Insufficient attention to system security protection， many foreign medical institutions were attacked by blackmail software［J］. Information Security and Communications Privacy， 2016（5）： 68-69.
6	赵延红，原宝华，梁军.区块链技术在医疗领域中的应用探讨［J］.中国医学教育技术，2018，32（1）：1-7. 10.13566/j.cnki.cmet.cn61-1317/g4.201801001
	ZHAO Y H， YUAN B H， LIANG J. Application of blockchain technology in medical field［J］. China Medical Education Technology， 2018， 32（1）： 1-7. 10.13566/j.cnki.cmet.cn61-1317/g4.201801001
7	ZHOU J Y， TANG F Y， ZHU H， et al. Distributed data vending on blockchain［C］// Proceedings of the 2018 IEEE International Conference on Internet of Things and IEEE Green Computing and Communications and IEEE Cyber， Physical and Social Computing and IEEE Smart Data. Piscataway： IEEE， 2018： 1100-1107. 10.1109/cybermatics_2018.2018.00201
8	XIONG W， XIONG L. Smart contract based data trading mode using blockchain and machine learning［J］. IEEE Access， 2019， 7： 102331-102344. 10.1109/access.2019.2928325
9	DAI W Q， DAI C K， CHOO K K R， et al. SDTE： a secure blockchain-based data trading ecosystem［J］. IEEE Transactions on Information Forensics and Security， 2020， 15： 725-737. 10.1109/tifs.2019.2928256
10	ZHAO Y Q， YU Y， LI Y N， et al. Machine learning based privacy-preserving fair data trading in big data market［J］. Information Sciences， 2019， 478： 449-460. 10.1016/j.ins.2018.11.028
11	郑序颖.区块链首次落地医疗场景：常州医联体化解信息孤岛困境［J］.科技新时代，2017（4）：61-61.
	ZHENG X Y. The first application of blockchain to the medical scene： Changzhou medical treatment consortium resolves the dilemma of information islands［J］. New Era of Science and Technology， 2017（4）： 61-61.
12	METTLER M. Blockchain technology in healthcare： the revolution starts here［C］// Proceedings of the IEEE 18th International Conference on e-Health Networking， Applications and Services. Piscataway： IEEE， 2016： 1-3. 10.1109/healthcom.2016.7749510
13	KIYOMOTO S， RAHMAN M S， BASU A. On blockchain-based anonymized dataset distribution platform［C］// Proceedings of the IEEE 15th International Conference on Software Engineering Research， Management and Applications. Piscataway： IEEE， 2017： 85-92. 10.1109/sera.2017.7965711
14	AZARIA A， EKBLAW A， VIEIRA T， et al. MedRec： using blockchain for medical data access and permission management［C］// Proceedings of the 2nd International Conference on Open and Big Data. Piscataway： IEEE， 2016： 25-30. 10.1109/obd.2016.11
15	王于丁，杨家海，徐聪，等. 云计算访问控制技术研究综述［J］. 软件学报， 2015， 26（5）：1129-1150. 10.13328/j.cnki.jos.004820
	WANG Y D， YANG J H， XU C， et al. Survey on access control technologies for cloud computing［J］. Journal of Software， 2015， 26（5）： 1129-1150. 10.13328/j.cnki.jos.004820
16	杨茂江. 基于密码和区块链技术的数据交易平台设计［J］. 信息通信技术， 2016， 10（4）： 24-31.
	YANG M J. A design of data trading platform based on cryptology and blockchain technology［J］. Information and Communications Technologies， 2016， 10（4）： 24-31.
17	YUE X， WANG H J， JIN D W， et al. Healthcare data gateways： found healthcare intelligence on blockchain with novel privacy risk control［J］. Journal of Medical Systems， 2016， 40（10）： No.218. 10.1007/s10916-016-0574-6
18	郭子菁，罗玉川，蔡志平，等. 医疗健康大数据隐私保护综述［J］计算机科学与探索， 2021， 15（3）：389-402. 10.3778/j.issn.1673-9418.2009071
	GUO Z J， LUO Y C， CAI Z P， et al. Overview of privacy protection technology of big data in healthcare［J］. Journal of Frontiers of Computer Science and Technology， 2021， 15（3）： 389-402. 10.3778/j.issn.1673-9418.2009071
19	SAHAI A， WATERS B. Fuzzy identity-based encryption［C］// Proceedings of the 2005 Annual International Conference on the Theory and Applications of Cryptographic Techniques， LNCS 3494. Berlin： Springer， 2005： 457-473.
20	WEI J H， CHEN X F， HUANG X Y， et al. RS-HABE： revocable-storage and hierarchical attribute-based access scheme for secure sharing of e-health records in public cloud［J］. IEEE Transactions on Dependable and Secure Computing， 2021， 18（5）： 2301-2315.
21	RIAD K， HAMZA R， YAN H Y. Sensitive and energetic IoT access control for managing cloud electronic health records［J］. IEEE Access， 2019， 7： 86384-86393. 10.1109/access.2019.2926354
22	POURNAGHI S M， BAYAT M， FARJAMI Y. MedSBA： a novel and secure scheme to share medical data based on blockchain technology and attribute-based encryption［J］. Journal of Ambient Intelligence and Humanized Computing， 2020， 11： 4613-4641. 10.1007/s12652-020-01710-y
23	YANG K， JIA X H， REN K， et al. Enabling efficient access control with dynamic policy updating for big data in the cloud［C］// Proceedings of the 2014 IEEE Conference on Computer Communications. Piscataway： IEEE， 2014： 2013-2021. 10.1109/infocom.2014.6848142
24	KAWAI Y. Outsourcing the re-encryption key generation： flexible ciphertext-policy attribute-based proxy re-encryption［C］// Proceedings of the 2015 International Conference on Information Security Practice and Experience， LNCS 9065. Cham： Springer， 2015： 301-315.
25	LAI J Z， DENG R H， YANG Y J， et al. Adaptable ciphertext-policy attribute-based encryption［C］// Proceedings of the 2013 International Conference on Pairing-Based Cryptography， LNCS 8365. Cham： Springer， 2014： 199-214.
26	CACHIN C. Architecture of the Hyperledger blockchain fabric［C/OL］// Proceedings of the 2016 Workshop on Distributed Cryptocurrencies and Consensus Ledgers ［2022-06-20］.. 10.1007/978-3-030-93944-1_13
27	WANG C J， LUO J F. An efficient key-policy attribute-based encryption scheme with constant ciphertext length［J］. Mathematical Problems in Engineering， 2013， 2013： No.810969. 10.1155/2013/810969
28	HAN J G， SUSILO W， MU Y， et al. Privacy-preserving decentralized key-policy attribute-based encryption［J］. IEEE Transactions on Parallel and Distributed Systems， 2012， 23（11）： 2150-2162. 10.1109/tpds.2012.50
29	BETHENCOURT J， SAHAI A， WATERS B. Ciphertext-policy attribute-based encryption［C］// Proceedings of the 2007 IEEE Symposium on Security and Privacy. Piscataway： IEEE， 2007： 321-334. 10.1109/sp.2007.11
30	王皓，郑志华，吴磊，等.自适应安全的外包CP-ABE方案研究［J］.计算机研究与发展，2015，52（10）：2270-2280. 10.7544/issn1000-1239.2015.20150497
	WANG H， ZHENG Z H， WU L， et al. Adaptively secure outsourcing ciphertext-policy attribute-based encryption［J］. Journal of Computer Research and Development， 2015， 52（10）： 2270-2280. 10.7544/issn1000-1239.2015.20150497
31	中国人民解放军总医院. 糖尿病并发症预警数据集［DS/OL］. ［2022-06-30］..
	Chinese PLA General Hospital. Diabetes complications data set［DS/OL］. ［2022-06-30］..
32	Hyperledger Performance and Scale Working Group. Hyperledger blockchain performance metrics［R/OL］. ［2022-06-30］..
33	FAN C X， GHAEMI S， KHAZAEI H， et al. Performance evaluation of blockchain systems： a systematic survey［J］. IEEE Access， 2020， 8： 126927-126950. 10.1109/access.2020.3006078
34	CROMAN K， DECKER C， EYAL I， et al. On scaling decentralized blockchains［C］// Proceedings of the 2016 International Conference on Financial Cryptography and Data Security， LNCS 9604. Berlin： Springer， 2016： 106-125.
35	HUR J. Improving security and efficiency in attribute-based data sharing［J］. IEEE Transactions on Knowledge and Data Engineering， 2013， 25（10）： 2271-2282. 10.1109/tkde.2011.78
36	WANG S L， ZHOU J W， LIU J K， et al. An efficient file hierarchy attribute-based encryption scheme in cloud computing［J］. IEEE Transactions on Information Forensics and Security， 2016， 11（6）： 1265-1277. 10.1109/tifs.2016.2523941
37	LIU X Y， YANG X T， LUO Y K， et al. Anonymous electronic health record sharing scheme based on decentralized hierarchical attribute-based encryption in cloud environment［J］. IEEE Access， 2020， 8： 200180-200193. 10.1109/access.2020.3035468
38	Flaredown. Chronic illness： symptoms， treatments and triggers［DS/OL］. （2021-02-04）［2022-06-30］..

[1]	Yihan WANG, Chen TANG, Lan ZHANG. Anti-fraud and anti-tampering online trading mechanism for bulk stock [J]. Journal of Computer Applications, 2023, 43(4): 1309-1317.
[2]	Juncheng TONG, Bo ZHAO. Review on blockchain smart contract vulnerability detection and automatic repair [J]. Journal of Computer Applications, 2023, 43(3): 785-793.
[3]	Dong SUN, Biao WANG, Yun XU. Design and implementation of block transmission mechanism based on remote direct memory access [J]. Journal of Computer Applications, 2023, 43(2): 484-489.
[4]	Shumin TANG, Yu JIN. Consensus mechanism of voting scheme in blockchain based on Chinese remainder theorem [J]. Journal of Computer Applications, 2023, 43(2): 458-466.
[5]	Xiaoqiong PANG, Yunting WANG, Wenjun CHEN, Pan JIANG, Yanan GAO. Fair and verifiable multi-keyword ranked search over encrypted data based on blockchain [J]. Journal of Computer Applications, 2023, 43(1): 130-139.
[6]	Jindong WANG, Qiang LI. Improved practical Byzantine fault tolerance consensus algorithm based on Raft algorithm [J]. Journal of Computer Applications, 2023, 43(1): 122-129.
[7]	Yangnan GUO, Wenbao JIANG, Shuai YE. Supervisable blockchain anonymous transaction system model [J]. Journal of Computer Applications, 2022, 42(9): 2757-2764.
[8]	Wei LIU, Cong ZHANG, Wei SHE, Xuan SONG, Zhao TIAN. Data trusted traceability method based on Merkle mountain range [J]. Journal of Computer Applications, 2022, 42(9): 2765-2771.
[9]	Hongliang TIAN, Jiayue WANG, Chenxi LI. Data storage scheme based on hybrid algorithm blockchain and node identity authentication [J]. Journal of Computer Applications, 2022, 42(8): 2481-2486.
[10]	Xu WANG, Yumin SHEN, Xiaoyun XIONG, Peng LI, Jinlong WANG. Data management method for building internet of things based on Hashgraph [J]. Journal of Computer Applications, 2022, 42(8): 2471-2480.
[11]	Jie ZHANG, Shanshan XU, Lingyun YUAN. Internet of things access control model based on blockchain and edge computing [J]. Journal of Computer Applications, 2022, 42(7): 2104-2111.
[12]	Chunming TANG, Yuqing CHEN, Zidi ZHANG. Improved consensus algorithm based on binomial swap forest and HotStuff [J]. Journal of Computer Applications, 2022, 42(7): 2112-2117.
[13]	Yang LI, Long XU, Yanqiang LI, Shaopeng LI. Smart contract-based access control architecture and verification for internet of things [J]. Journal of Computer Applications, 2022, 42(6): 1922-1931.
[14]	Yuntao XU, Junwu ZHU, Binwen SUN, Maosheng SUN, Sihai CHEN. Election-based supply chain： a supply chain autonomy framework based on blockchain [J]. Journal of Computer Applications, 2022, 42(6): 1770-1775.
[15]	Zheng DI, Yifan CAO, Chao QIU, Tao LUO, Xiaofei WANG. New computing power network architecture and application case analysis [J]. Journal of Computer Applications, 2022, 42(6): 1656-1661.

Hierarchical access control and sharing system of medical data based on blockchain

基于区块链的医疗数据分级访问控制与共享系统

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 38

Related Articles 15

Recommended Articles

Metrics