個(gè)人健康記錄云管理系統(tǒng)中支持用戶撤銷的細(xì)粒度訪問控制

劉琴; 劉旭輝; 胡柏霜; 張少波

doi:10.11999/JEIT160621

個(gè)人健康記錄云管理系統(tǒng)中支持用戶撤銷的細(xì)粒度訪問控制

doi: 10.11999/JEIT160621 cstr: 32379.14.JEIT160621

1.
(湖南大學(xué)信息科學(xué)與工程學(xué)院長(zhǎng)沙 410082) ②(中南大學(xué)信息科學(xué)與工程學(xué)院長(zhǎng)沙 410083) ③(湖南科技大學(xué)計(jì)算機(jī)科學(xué)與工程學(xué)院湘潭 411201)

基金項(xiàng)目:

國(guó)家自然科學(xué)基金(61632009, 61402161)，湖南省科技廳項(xiàng)目(2015JJ3046)，賽爾網(wǎng)絡(luò)下一代互聯(lián)網(wǎng)技術(shù)創(chuàng)新項(xiàng)目(NGII 20150408)

計(jì)量
- 文章訪問數(shù): 1365
- HTML全文瀏覽量: 165
- PDF下載量: 370
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2016-06-12
- 修回日期: 2016-12-07
- 刊出日期: 2017-05-19

Fine-grained Access Control with User Revocation in Cloud-based Personal Health Record System

1.
(College of Computer Science and Electronic Engineering, Hunan University, Changsha 410082, China)

Funds:

The National Natural Science Foundation of China (61632009, 61402161), The Hunan Provincial Natural Science Foundation of China (2015JJ3046), The CERNET Innovation Project (NGII20150408)

摘要

摘要: 隨著云計(jì)算的發(fā)展，越來越多的用戶在使用個(gè)人健康記錄(PHR)云管理系統(tǒng)，由于PHR包含了患者的隱私信息，因此一般在將PHR上傳到云平臺(tái)之前會(huì)先對(duì)其進(jìn)行加密?；诒容^的加密(CBE)在基于屬性的訪問策略中實(shí)現(xiàn)了時(shí)間比較，然而CBE加密時(shí)間與訪問策略中的屬性數(shù)目線性增長(zhǎng)，從而導(dǎo)致其開銷過大；同時(shí)，方案難以實(shí)時(shí)撤銷用戶的訪問權(quán)限。該文提出支持用戶撤銷的細(xì)粒度訪問控制(FGUR)方案，通過將屬性層次引入到CBE中，同時(shí)結(jié)合廣播密文策略的基于屬性加密(BCP-ABE)，高效地實(shí)現(xiàn)PHR云管理系統(tǒng)中的細(xì)粒度訪問控制及用戶實(shí)時(shí)撤銷。實(shí)驗(yàn)結(jié)果表明，與CBE相比，F(xiàn)GUR方案在加密開銷和動(dòng)態(tài)訪問權(quán)限方面具有更好的性能。
- 云計(jì)算 /
- 個(gè)人健康記錄 /
- 基于比較的加密 /
- 屬性層次 /
- 用戶撤銷
Abstract: With the development of cloud computing, more and more users employ cloud-based Personal Health Record (PHR) systems. The PHR is correlated with patient privacy, thus existing research suggests to encrypt PHRs before outsourcing. Comparison-Based Encryption (CBE) realizes time comparison in attribute-based access policy, however, the time for encryption is linearly with the number of attributes in the access policy. Therefore, the cost of the scheme is extensive; besides, the scheme is difficult to revoke the user's access privileges in real time. To realize efficiently a fine-grained access control and user revocation for PHRs in clouds, a Fine-Grained access control with User Revocation (FGUR) scheme is proposed by incorporating Broadcast Ciphertext-Policy Attribute-Based Encryption (BCP-ABE) and an attribute hierarchy into CBE. The experiment results show that the FGUR scheme has better performance in terms of the encryption cost and dynamic access privilege, compared with CBE.
- Cloud computing /
- Personal Health Record (PHR) /
- Comparison-Based Encryption (CBE) /
- Attribute hierarchy /
- User revocation

HTML全文

參考文獻(xiàn)(14)

TANG P C, ASH J S, and BATES D W. Personal health records: Definitions, benefits, and strategies for overcoming barriers to adoption[J]. Journal of the American Medical Informatics Association, 2006, 13(2): 121-126. doi: 10.1197/ jamia.M2025.

GUO L, ZHANG C, SUN J, et al. PAAS: A privacy- preserving attribute-based authentication system for ehealth networks[C]. Distributed Computing Systems (ICDCS), 2012 IEEE 32nd International Conference, Macau, China, 2012: 224-233.

ARMBRUST M, FOX A, GRIFFITH R, et al. A view of cloud computing[J]. Communications of the ACM, 2010, 53(4): 50-58. doi: 10.1145/1721654.1721672.

WANG G, LIU Q, and WU J. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[C]. Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, USA, 2010: 735-737.

BALAMURUGAN B, KRISHNA P V, KUMAR N S, et al. An Efficient Framework for Health System Based on Hybrid Cloud with ABE-Outsourced Decryption[M]. India: Springer India, 2015: 41-49.

SANGEETHA D, VIJAYAKUMAR V, THIRUNAVUKKARASU V, et al. Enhanced Security of PHR System in Cloud Using Prioritized Level Based Encryption[M]. Germany: Springer Berlin Heidelberg, 2014: 57-69.

YAO X, LIN Y, LIU Q, et al. Efficient and privacy-preserving search in multi-source personal health record clouds[C]. 2015 IEEE Symposium on Computers and Communication(ISCC), Larnaca, Cyprus, 2015: 803-808.

BOLDYREVA A, CHENETTE N, and ONEILL A. Order-preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions[M]. Germany: Springer Berlin Heidelberg, 2011: 578-595.

王尚平, 余小娟, 張亞玲. 具有兩個(gè)可撤銷屬性列表的密鑰策略的屬性加密方案[J]. 電子與信息學(xué)報(bào), 2016, 38(6): 1406-1411. doi: 10.11999/JEIT150845.

WANG Shangping, YU Xiaojuan, and ZHANG Yaling. Revocable key-policy attribute-based encryption scheme with two revocation lists[J]. Journal of Electronics Information Technology, 2016, 38(6): 1406-1411. doi: 10.11999/JEIT 150845.

李雙, 徐茂智. 基于屬性的可搜索加密方案[J]. 計(jì)算機(jī)學(xué)報(bào), 2014, 37(5): 1017-1024. doi: 10.3724/SP.J.1016.2014.01017.

LI Shuang and XU Maozhi. Attribute-based public encryption with keyword search[J]. Chinese Journal of Computers, 2014, 37(5): 1017-1024. doi: 10.3724/SP.J.1016. 2014.01017.

ZHU Y, HU H, AHN G J, et al. Comparison-based encryption for fine-grained access control in clouds[C]. Proceedings of the Second ACM Conference on Data and Application Security and Privacy, San Antonio, USA, 2012: 105-116.

ATTRAPADUNG N and IMAI H. Conjunctive Broadcast and Attribute-based Encryption[M]. Germany: Springer Berlin Heidelberg, 2009: 248-265.

相關(guān)文章

施引文獻(xiàn)

資源附件(0)

訪問統(tǒng)計(jì)