电子医疗环境中支持用户隐私保护的访问控制方案  被引量：6

作　　者：苗田田 杨惠杰 沈剑[1,2] Miao Tiantian;Yang Huijie;Shen Jian(Nanjing University of Information Science&Technology,JiangsuNanjing 210044;Cyberspace Security Research Center,Peng Cheng Laboratory,GuangdongShenzhen 518000)

机构地区：[1]南京信息工程大学,江苏南京210044 [2]鹏城实验室网络空间安全研究中心,广东深圳518000

出　　处：《网络空间安全》2019年第10期16-22,共7页Cyberspace Security

基　　金：鹏城实验室网络空间安全研究中心(项目编号：PCL2018KP004);江苏省研究生科研与实践创新计划项目(项目编号：SJKY19_0975)

摘　　要：随着云技术的不断发展,越来越多的医疗机构选择将病人的医疗记录上传到云服务器上,如何保证外包电子医疗记录的安全性和病人的隐私性成为了电子医疗环境中亟需解决的关键问题。然而,目前大部分访问控制方案主要集中于对数据内容安全性的研究,而忽视了用户隐私保护的需求。为解决上述问题,文章基于属性加密技术和不经意传输技术提出了一种适用于电子医疗环境中支持用户隐私保护的访问控制方案,该方案能够在对数据实现细粒度访问控制的同时,保证用户的隐私信息。具体而言,属性加密技术能够保证外包数据不会被恶意用户获取,不经意传输技术则能够对用户属性实现匿名,使得攻击者无法根据用户的属性而推断其隐私信息。最终,安全性和性能分析也证明了所设计方案的优越性。With the continuous development of cloud technologies, more and more medical institutions would like to outsource patient’s electronic medical record(EMR) to the cloud. How to ensure the security of outsourced sensitive data and the privacy of patients has become a key issue to be solved in e-health environment. However, most of the current access control schemes mainly focus on the security of outsourced data content, but pay less attention on the privacy protection of users. To solve the above problems, an oblivious transfer and attribute encryption-based access control scheme with user privacy protection in e-health environment is proposed. In the proposed scheme, not only the fine-grained data access control is supported, but also the user privacy information is ensured. More specifically, attributebased encryption is used for protecting the outsourced data from being obtained by malicious users, and oblivious transfer is employed for the anonymity of users ’attributes and further guaranteeing their privacy information will not be inferred by adversaries. Finally, the security and performance analysis shows the superiority of the proposed scheme.

关 键 词：属性加密 不经意传输 隐私保护 访问控制 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]