个人健康记录云管理系统中支持用户撤销的细粒度访问控制

刘琴; 刘旭辉; 胡柏霜; 张少波

doi:10.11999/JEIT160621

个人健康记录云管理系统中支持用户撤销的细粒度访问控制

doi: 10.11999/JEIT160621

1.
(湖南大学信息科学与工程学院长沙 410082) ②(中南大学信息科学与工程学院长沙 410083) ③(湖南科技大学计算机科学与工程学院湘潭 411201)

基金项目:

国家自然科学基金(61632009, 61402161)，湖南省科技厅项目(2015JJ3046)，赛尔网络下一代互联网技术创新项目(NGII 20150408)

计量
- 文章访问数: 1280
- HTML全文浏览量: 149
- PDF下载量: 368
- 被引次数: 0
出版历程
- 收稿日期: 2016-06-12
- 修回日期: 2016-12-07
- 刊出日期: 2017-05-19

Fine-grained Access Control with User Revocation in Cloud-based Personal Health Record System

1.
(College of Computer Science and Electronic Engineering, Hunan University, Changsha 410082, China)

Funds:

The National Natural Science Foundation of China (61632009, 61402161), The Hunan Provincial Natural Science Foundation of China (2015JJ3046), The CERNET Innovation Project (NGII20150408)

摘要

摘要: 随着云计算的发展，越来越多的用户在使用个人健康记录(PHR)云管理系统，由于PHR包含了患者的隐私信息，因此一般在将PHR上传到云平台之前会先对其进行加密。基于比较的加密(CBE)在基于属性的访问策略中实现了时间比较，然而CBE加密时间与访问策略中的属性数目线性增长，从而导致其开销过大；同时，方案难以实时撤销用户的访问权限。该文提出支持用户撤销的细粒度访问控制(FGUR)方案，通过将属性层次引入到CBE中，同时结合广播密文策略的基于属性加密(BCP-ABE)，高效地实现PHR云管理系统中的细粒度访问控制及用户实时撤销。实验结果表明，与CBE相比，FGUR方案在加密开销和动态访问权限方面具有更好的性能。
- 云计算 /
- 个人健康记录 /
- 基于比较的加密 /
- 属性层次 /
- 用户撤销
Abstract: With the development of cloud computing, more and more users employ cloud-based Personal Health Record (PHR) systems. The PHR is correlated with patient privacy, thus existing research suggests to encrypt PHRs before outsourcing. Comparison-Based Encryption (CBE) realizes time comparison in attribute-based access policy, however, the time for encryption is linearly with the number of attributes in the access policy. Therefore, the cost of the scheme is extensive; besides, the scheme is difficult to revoke the user's access privileges in real time. To realize efficiently a fine-grained access control and user revocation for PHRs in clouds, a Fine-Grained access control with User Revocation (FGUR) scheme is proposed by incorporating Broadcast Ciphertext-Policy Attribute-Based Encryption (BCP-ABE) and an attribute hierarchy into CBE. The experiment results show that the FGUR scheme has better performance in terms of the encryption cost and dynamic access privilege, compared with CBE.
- Cloud computing /
- Personal Health Record (PHR) /
- Comparison-Based Encryption (CBE) /
- Attribute hierarchy /
- User revocation

HTML全文

参考文献(14)

TANG P C, ASH J S, and BATES D W. Personal health records: Definitions, benefits, and strategies for overcoming barriers to adoption[J]. Journal of the American Medical Informatics Association, 2006, 13(2): 121-126. doi: 10.1197/ jamia.M2025.

GUO L, ZHANG C, SUN J, et al. PAAS: A privacy- preserving attribute-based authentication system for ehealth networks[C]. Distributed Computing Systems (ICDCS), 2012 IEEE 32nd International Conference, Macau, China, 2012: 224-233.

ARMBRUST M, FOX A, GRIFFITH R, et al. A view of cloud computing[J]. Communications of the ACM, 2010, 53(4): 50-58. doi: 10.1145/1721654.1721672.

WANG G, LIU Q, and WU J. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[C]. Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, USA, 2010: 735-737.

BALAMURUGAN B, KRISHNA P V, KUMAR N S, et al. An Efficient Framework for Health System Based on Hybrid Cloud with ABE-Outsourced Decryption[M]. India: Springer India, 2015: 41-49.

SANGEETHA D, VIJAYAKUMAR V, THIRUNAVUKKARASU V, et al. Enhanced Security of PHR System in Cloud Using Prioritized Level Based Encryption[M]. Germany: Springer Berlin Heidelberg, 2014: 57-69.

YAO X, LIN Y, LIU Q, et al. Efficient and privacy-preserving search in multi-source personal health record clouds[C]. 2015 IEEE Symposium on Computers and Communication(ISCC), Larnaca, Cyprus, 2015: 803-808.

BOLDYREVA A, CHENETTE N, and ONEILL A. Order-preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions[M]. Germany: Springer Berlin Heidelberg, 2011: 578-595.

王尚平, 余小娟, 张亚玲. 具有两个可撤销属性列表的密钥策略的属性加密方案[J]. 电子与信息学报, 2016, 38(6): 1406-1411. doi: 10.11999/JEIT150845.

WANG Shangping, YU Xiaojuan, and ZHANG Yaling. Revocable key-policy attribute-based encryption scheme with two revocation lists[J]. Journal of Electronics Information Technology, 2016, 38(6): 1406-1411. doi: 10.11999/JEIT 150845.

李双, 徐茂智. 基于属性的可搜索加密方案[J]. 计算机学报, 2014, 37(5): 1017-1024. doi: 10.3724/SP.J.1016.2014.01017.

LI Shuang and XU Maozhi. Attribute-based public encryption with keyword search[J]. Chinese Journal of Computers, 2014, 37(5): 1017-1024. doi: 10.3724/SP.J.1016. 2014.01017.

ZHU Y, HU H, AHN G J, et al. Comparison-based encryption for fine-grained access control in clouds[C]. Proceedings of the Second ACM Conference on Data and Application Security and Privacy, San Antonio, USA, 2012: 105-116.

ATTRAPADUNG N and IMAI H. Conjunctive Broadcast and Attribute-based Encryption[M]. Germany: Springer Berlin Heidelberg, 2009: 248-265.

施引文献

资源附件(0)

访问统计