mHealth中细粒度策略隐藏和可追踪去中心访问控制方案  

作　　者：王静怡 阚海斌[1,2,3] Wang Jingyi;Kan Haibin(School of Computer Science,Fudan University,Shanghai 200433;Shanghai Engineering Research Center of Blockchain,Shanghai 200433;Yiwu Research Institute of Fudan University,Yiwu,Zhejiang 322099)

机构地区：[1]复旦大学计算机科学技术学院,上海200433 [2]上海市区块链工程技术研究中心,上海200433 [3]复旦大学义乌研究院,浙江义乌322099

出　　处：《计算机研究与发展》2024年第6期1525-1535,共11页Journal of Computer Research and Development

基　　金：国家重点研发计划项目(2019YFB2101703);国家自然科学基金项目(62272107,U19A2066);上海市科技创新行动计划项目(21511102200);广东省重点领域研发计划项目(2020B0101090001)。

摘　　要：基于属性基加密的访问控制协议在个人健康档案共享中发挥着越来越重要的作用.但传统的基于密文策略属性基加密的访问控制方案存在着些许问题.首先,中心化的属性授权机构的抗风险能力低.其次,随密文发送未隐藏的访问策略可能会泄露患者的隐私.此外,传统方案难以追踪恶意泄露密钥的用户.为解决上述问题,提出一种适用于mHealth中细粒度策略隐藏和可追踪去中心访问控制方案.实现了去中心化的属性授权机构.属性由属性名称和属性值2部分构成,在加密阶段属性值隐藏在密文中,只对外公开通用的属性名称.当密钥遭到恶意泄露时,监管机构利用身份映射表可以追踪到恶意的用户.经过实验模拟和对比分析,所提方案在安全性方面和性能上适用于实际的mHealth环境.With the rapid development of Internet technology,the emergence of mobile health(mHealth)is expected to improve the quality of medical care.However,data security and user privacy issues in the mHealth field have not been fully resolved.The access control protocol based on ciphertext-policy attribute-based encryption(CP-ABE)is a promising technique for the sharing of personal health records(PHRs).However,direct adoption of the traditional CP-ABE in mHealth causes many problems.Firstly,centralized attribute authority has low ability to resist risks.Secondly,the access policies are in cleartext and leak the patient’s privacy in the encrypted PHRs.Finally,it is difficult for the traditional CP-ABE scheme to track down the user who intentionally discloses the private key.Therefore,to solve these problems,we propose a fine-grained policy-hiding and traceable decentralized access control in mHealth.This scheme implements a decentralized attribute authority mechanism.Each attribute is expressed by an attribute name and an attribute value.In the encryption phase,the attribute value is hidden in ciphertext and only generic attribute name is exposed.When the private key is maliciously leaked,the regulator can use the identity mapping table to trace the malicious user.Through experimental simulation and comparative analysis,our scheme is suitable for the actual mHealth environment in terms of security and performance.

关 键 词：属性基加密(ABE) 区块链 访问控制 策略隐藏 可追踪性 去中心化 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]