轻量级可搜索医疗数据共享方案  被引量：8

作　　者：殷新春[1,2] 王梦宇 宁建廷 YIN Xinchun;WANG Mengyu;NING Jianting(College of Information Engineering,Yangzhou University,Yangzhou 225127,China;Guangling College of Yangzhou University,Yangzhou 225128,China;College of Computer and Cyber Security,Fujian Normal University,Fuzhou 350007,China;State Key Laboratory of Information Security,Chinese Academy of Sciences,Beijing 100093,China)

机构地区：[1]扬州大学信息工程学院,江苏扬州225127 [2]扬州大学广陵学院,江苏扬州225128 [3]福建师范大学计算机与网络空间安全学院,福建福州350007 [4]中国科学院信息安全国家重点实验室,北京100093

出　　处：《通信学报》2022年第5期110-122,共13页Journal on Communications

基　　金：国家自然科学基金资助项目(No.62032005,No.61972094);福建省自然科学基金资助项目(No.2020J02016)。

摘　　要：支持策略隐藏和关键字搜索的属性基加密方案在医疗场景中具有良好的应用前景。然而,现有的此类方案大多不支持大属性域或采用“与门”结构,限制了访问控制的可扩展性和灵活性,并且许多方案无法抵抗离线字典猜测攻击。此外,属性基加密涉及大量的双线性配对运算,对于计算资源受限的用户设备来说使用非常不便。提出一种轻量级可搜索医疗数据共享方案。该方案在支持关键字搜索和策略隐藏的基础上采用大属性域和线性秘密共享结构,提高了访问控制的可扩展性和灵活性;采用IntelSGX技术对数据进行重加密,实现抗离线字典猜测攻击;将解密计算开销降低到恒定的常数级,适用于计算资源受限的用户设备。最后证明了所提方案具备选择明文不可区分安全性并且可以抵抗离线字典猜测攻击。The attribute-based encryption scheme supporting policy hiding and keyword search had a good application prospect in medical scenarios.However,most of the existing schemes did not support large attribute university or adopt the"AND gate"structure,which limited their scalability and flexibility of access control,and many schemes could not resist offline dictionary guessing attacks.In addition,attribute-based encryption involved a large number of bilinear pairing operations,which was inconvenient for user equipment with limited computing resources.A lightweight searchable medical data sharing scheme was proposed.Based on the support for keyword search and policy hiding,a large attribute university and a linear secret sharing structure were adopted to improve the scalability and flexibility of access control.The Intel SGX was used to re-encrypt data to achieve anti-offline dictionary guessing attack.The computational overhead of decryption was reduced to a constant level,which was suitable for user equipment with limited computing resources.Finally,it is proved that the proposed scheme has the security of selecting plaintext indistinguishable and can resist offline dictionary guessing attacks.

关 键 词：轻量级 策略隐藏 关键字搜索 属性基加密 大属性域 离线字典猜测攻击 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]