在线问诊环境下细粒度双边访问控制方案  被引量：3

作　　者：李艺昕 张应辉[1,2] 胡凌云 郑东[1,2,3] LI Yixin;ZHANG Yinghui;HU Lingyun;ZHENG Dong(School of Cyberspace Security,Xi’an University of Posts and Telecommunications,Xi’an 710121,China;National Engineering Laboratory for Wireless Security,Xi’an University of Posts and Telecommunications,Xi’an 710121,China;Westone Cryptologic Research Center,Beijing 100070,China)

机构地区：[1]西安邮电大学网络空间安全学院,西安710121 [2]西安邮电大学无线网络安全技术国家工程实验室,西安710121 [3]卫士通摩石实验室,北京100070

出　　处：《计算机工程与应用》2022年第17期139-147,共9页Computer Engineering and Applications

基　　金：国家自然科学基金(62072369,62072371,61772418);陕西省创新能力支撑计划(2020KJXX-052);陕西省特支计划青年拔尖人才支持计划;陕西省重点研发计划项目(2019KW-053,2020ZDLGY08-04,2021ZDLGY06-02)。

摘　　要：随着在线问诊技术不断发展,越来越多的患者选择在线咨询自己的病情,由于患者通常会二次甚至多次在线咨询病情,这不仅会导致病历信息发生泄漏,而且会使医护人员的工作量剧增。为此需要对病人的病历信息进行加密处理,并在此条件下提高医护人员的工作效率。目前已有的ABE方案只能通过患者制定访问控制策略对医护人员进行选择从而保护自己的隐私信息,而医护人员只能从大量的病历中逐一检索出自己需要的信息,导致其工作量剧增。针对以上问题提出了一种支持细粒度双边访问控制的密文策略属性基加密方案,并结合区块链技术与IPFS存储技术对数据进行存储。该方案对病人的病历信息进行加密后上传至IPFS系统中,并将由IPFS系统生成的唯一哈希索引上传至区块链中。利用属性基加密技术在保护用户隐私同时,实现细粒度的双边访问控制。安全性分析表明,该方案在随机谕言机模型下具有选择明文攻击下的不可区分性。仿真结果表明,与类似方案相比,所提方案提高了用户的计算效率。With the continuous development of online consultation technology, more and more patients choose to consult their conditions online. As patients usually consult their conditions twice or even several times online, this will not only lead to the leakage of medical record information, but also make the workload of medical staff increase dramatically.Therefore, it is necessary to encrypt the patient’ s medical record information and improve the working efficiency of medical staff under this condition. At present, the existing ABE scheme can only protect their privacy information by selecting medical staff through the access control strategy developed by patients, and medical staff can only retrieve the information they need one by one from a large number of medical records, resulting in a sharp increase in their workload.To solve the above problems, a ciphertext policy attribute-based encryption scheme supporting fine-grained bilateral access control is proposed, and the data is stored by combining blockchain technology and IPFS storage technology. In this scheme, the patient’s medical record information is encrypted and uploaded to the IPFS system, and the unique hash index generated by the IPFS system is uploaded to the blockchain. Attribute-based encryption is used to protect user privacy and achieve fine-grained bilateral access control. The security analysis shows that the scheme is indistinguishable under the selective plaintext attack in the random oracle-machine model. Simulation results show that the proposed scheme improves the user’s computing efficiency compared with similar schemes.

关 键 词：属性加密 区块链 访问控制 星际文件系统(IPFS) 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]