医疗场景下基于属性的可净化可协同数据共享方案  被引量：1

作　　者：王政 王经纬 殷新春[1,2,4] WANG Zheng;WANG Jingwei;YIN Xinchun(College of Information Engineering,Yangzhou University,Yangzhou,Jiangsu 225127,China;Guangling College,Yangzhou University,Yangzhou,Jiangsu 225128,China;College of Cyberspace Security,Jinan University,Guangzhou 510632,China;Henan Key Laboratory of Network Cryptography Technology,Zhengzhou 450001,China)

机构地区：[1]扬州大学信息工程学院,江苏扬州225127 [2]扬州大学广陵学院,江苏扬州225128 [3]暨南大学网络空间安全学院,广州510632 [4]河南省网络密码技术重点实验室,郑州450001

出　　处：《计算机科学》2024年第10期416-424,共9页Computer Science

基　　金：河南省网络密码技术重点实验室(LNCT2022A17)。

摘　　要：密文策略属性基加密(Ciphertext Policy Attribute-Based Encryption,CP-ABE)方案能够实现对密文的细粒度访问控制,确保只有经过授权的用户才能访问数据,从而保证数据的安全。然而,随着云计算和物联网技术在医疗行业的广泛应用,传统的CP-ABE方案在新型医疗物联网场景下逐渐无法满足数据共享在访问策略表达和密文安全性方面的需求,如多学科会诊、患者隐私数据存储等。为此,文中提出一种基于属性的可净化可协同数据共享方案,通过密文净化机制可以有效应对恶意数据拥有者的威胁。此外,该方案可以在访问结构中指定协助结点,使得具有不同属性的多个用户可以合作进行数据访问。安全分析表明,所提方案在选择明文攻击下具有不可区分安全性;性能分析表明,本文方案与其他方案相比,计算开销更低。Ciphertext policy attribute-based encryption(CP-ABE)is a mechanism that enables secure fine-grained access control of encrypted data,ensuring that only authorized users can access the data and avoiding unauthorized access and leakage in cloud environments to guarantee the safety of data.However,with the rapid development of cloud computing and IoT technology,traditional CP-ABE scheme is gradually unable to meet requirements of data sharing in terms of access policy expression and ciphertext security requirements in new medical IoT applications,such as multidisciplinary consultation,patient privacy data storage.This paper proposes an attribute-based sanitizable and collaborative sharing scheme in medical scenarios,which can effectively deal with malicious data owners by sanitizing ciphertext.Additionally,this method can specify collaborative nodes in the access structure,allowing users with different attribute sets to collaborate to obtain access rights.Security analysis shows that the proposed scheme has indistinguishable security under chosen plaintext attack.Performance analysis shows that compared with other schemes,the proposed scheme has lower computational overhead.

关 键 词：云计算 访问策略 可净化 可协同 恶意数据拥有者 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]