个人健康记录云管理系统中支持用户撤销的细粒度访问控制

doi:10.11999/JEIT160621

摘要
图/表
参考文献(12)
相关文章 (15)

全文: PDF (287 KB)
输出: BibTeX | EndNote (RIS)

摘要

随着云计算的发展，越来越多的用户在使用个人健康记录(PHR)云管理系统，由于PHR包含了患者的隐私信息，因此一般在将PHR上传到云平台之前会先对其进行加密。基于比较的加密(CBE)在基于属性的访问策略中实现了时间比较，然而CBE加密时间与访问策略中的属性数目线性增长，从而导致其开销过大；同时，方案难以实时撤销用户的访问权限。该文提出支持用户撤销的细粒度访问控制(FGUR)方案，通过将属性层次引入到CBE中，同时结合广播密文策略的基于属性加密(BCP-ABE)，高效地实现PHR云管理系统中的细粒度访问控制及用户实时撤销。实验结果表明，与CBE相比，FGUR方案在加密开销和动态访问权限方面具有更好的性能。

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	刘琴
	刘旭辉
	胡柏霜
	张少波

关键词 ：云计算, 个人健康记录, 基于比较的加密, 属性层次, 用户撤销

Abstract：

With the development of cloud computing, more and more users employ cloud-based Personal Health Record (PHR) systems. The PHR is correlated with patient privacy, thus existing research suggests to encrypt PHRs before outsourcing. Comparison-Based Encryption (CBE) realizes time comparison in attribute-based access policy, however, the time for encryption is linearly with the number of attributes in the access policy. Therefore, the cost of the scheme is extensive; besides, the scheme is difficult to revoke the user's access privileges in real time. To realize efficiently a fine-grained access control and user revocation for PHRs in clouds, a Fine-Grained access control with User Revocation (FGUR) scheme is proposed by incorporating Broadcast Ciphertext-Policy Attribute-Based Encryption (BCP-ABE) and an attribute hierarchy into CBE. The experiment results show that the FGUR scheme has better performance in terms of the encryption cost and dynamic access privilege, compared with CBE.

Key words： Cloud computing Personal Health Record (PHR) Comparison-Based Encryption (CBE) Attribute hierarchy User revocation

收稿日期: 2016-06-12 出版日期: 2017-01-22

PACS:

TP393

基金资助:

国家自然科学基金(61632009, 61402161)，湖南省科技厅项目(2015JJ3046)，赛尔网络下一代互联网技术创新项目(NGII 20150408)

通讯作者: 刘琴：女，1982年生，助理教授，博士，研究方向为云计算、大数据和隐私保护. E-mail: gracelq628@hnu.edu.cn

作者简介: 刘琴：女，1982年生，助理教授，博士，研究方向为云计算、大数据和隐私保护. 刘旭辉：男，1990年生，硕士，研究方向为云安全. 胡柏霜：女，1993年生，硕士，研究方向为云安全. 张少波：男，1979年生，讲师，博士生，研究方向为隐私保护和云安全.

引用本文:

刘琴,刘旭辉,胡柏霜,张少波. 个人健康记录云管理系统中支持用户撤销的细粒度访问控制[J]. 电子与信息学报, 2017, 39(5): 1206-1212. LIU Qin, LIU Xuhui, HU Baishuang, ZHANG Shaobo. Fine-grained Access Control with User Revocation in Cloud-based Personal Health Record System. JEIT, 2017, 39(5): 1206-1212.

链接本文:

http://jeit.ie.ac.cn/CN/10.11999/JEIT160621 或 http://jeit.ie.ac.cn/CN/Y2017/V39/I5/1206

[1]	TANG P C, ASH J S, and BATES D W. Personal health records: Definitions, benefits, and strategies for overcoming barriers to adoption[J]. Journal of the American Medical Informatics Association, 2006, 13(2): 121-126. doi: 10.1197/ jamia.M2025.
[2]	GUO L, ZHANG C, SUN J, et al. PAAS: A privacy- preserving attribute-based authentication system for ehealth networks[C]. Distributed Computing Systems (ICDCS), 2012 IEEE 32nd International Conference, Macau, China, 2012: 224-233.
[3]	ARMBRUST M, FOX A, GRIFFITH R, et al. A view of cloud computing[J]. Communications of the ACM, 2010, 53(4): 50-58. doi: 10.1145/1721654.1721672.
[4]	WANG G, LIU Q, and WU J. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[C]. Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, USA, 2010: 735-737.
[5]	BALAMURUGAN B, KRISHNA P V, KUMAR N S, et al. An Efficient Framework for Health System Based on Hybrid Cloud with ABE-Outsourced Decryption[M]. India: Springer India, 2015: 41-49.
[6]	SANGEETHA D, VIJAYAKUMAR V, THIRUNAVUKKARASU V, et al. Enhanced Security of PHR System in Cloud Using Prioritized Level Based Encryption[M]. Germany: Springer Berlin Heidelberg, 2014: 57-69.
[7]	YAO X, LIN Y, LIU Q, et al. Efficient and privacy-preserving search in multi-source personal health record clouds[C]. 2015 IEEE Symposium on Computers and Communication(ISCC), Larnaca, Cyprus, 2015: 803-808.
[8]	BOLDYREVA A, CHENETTE N, and O’NEILL A. Order-preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions[M]. Germany: Springer Berlin Heidelberg, 2011: 578-595.
[9]	王尚平, 余小娟, 张亚玲. 具有两个可撤销属性列表的密钥策略的属性加密方案[J]. 电子与信息学报, 2016, 38(6): 1406-1411. doi: 10.11999/JEIT150845.
	WANG Shangping, YU Xiaojuan, and ZHANG Yaling. Revocable key-policy attribute-based encryption scheme with two revocation lists[J]. Journal of Electronics & Information Technology, 2016, 38(6): 1406-1411. doi: 10.11999/JEIT 150845.
[10]	李双, 徐茂智. 基于属性的可搜索加密方案[J]. 计算机学报, 2014, 37(5): 1017-1024. doi: 10.3724/SP.J.1016.2014.01017.
	LI Shuang and XU Maozhi. Attribute-based public encryption with keyword search[J]. Chinese Journal of Computers, 2014, 37(5): 1017-1024. doi: 10.3724/SP.J.1016. 2014.01017.
[11]	ZHU Y, HU H, AHN G J, et al. Comparison-based encryption for fine-grained access control in clouds[C]. Proceedings of the Second ACM Conference on Data and Application Security and Privacy, San Antonio, USA, 2012: 105-116.
[12]	ATTRAPADUNG N and IMAI H. Conjunctive Broadcast and Attribute-based Encryption[M]. Germany: Springer Berlin Heidelberg, 2009: 248-265.