云辅助医疗物联网中支持策略隐藏的可搜索属性加密方案  

作　　者：郭瑞 杨鑫 贾晨阳 王俊茗 GUO Rui;YANG Xin;JIA Chen-Yang;WANG Jun-Ming(School of Cyberspace Security,Xi’an University of Posts and Telecommunications,Xi’an 710121,China;National Engineering Research Center for Secured Wireless,Xi’an University of Posts and Telecommunications,Xi’an 710121,China)

机构地区：[1]西安邮电大学网络空间安全学院,西安710121 [2]西安邮电大学无线网络安全技术国家工程研究中心,西安710121

出　　处：《密码学报(中英文)》2025年第1期49-68,共20页Journal of Cryptologic Research

基　　金：国家自然科学基金(62072369);陕西省重点研发计划(2020ZDLGY08-04);陕西省创新能力支持计划(2020KJXX-052);陕西省自然科学基础研究计划(2024JC-YBMS-545)。

摘　　要：云辅助医疗物联网系统是智慧医疗领域发展的新趋势,患者隐私数据通常以密态的形式外包存储于云端,这将导致数据拥有者失去对自身数据的控制权限,并带来数据检索不便.针对上述问题,本文提出了一种支持策略隐藏的可搜索属性加密方案,结合密文策略属性加密与公钥可搜索加密的优势,确保云辅助(cloud-assisted Internet of Medical Things,IoMT)系统中共享数据的机密性,实现了敏感数据的细粒度访问控制并支持关键字搜索.并且,利用在线/离线加密和外包解密等方法降低了资源受限设备的计算开销,使得密文策略的属性加密方案可以在云辅助IoMT系统中实施.同时,引入策略隐藏技术,将属性加密访问策略中的属性值隐藏于密文中,防止数据拥有者的隐私泄露.在安全性方面,证明本方案的密文信息在选定访问结构和选择明文攻击下具有不可区分性,以及陷门信息在选择关键字攻击下具有不可区分性.最后,利用JPBC(Javapairing-based cryptography)密码库对本方案与其他相关方案在功能特性、通信开销和计算开销等方面进行对比,结果表明本方案在密钥生成和加密阶段计算效率更高且存储开销更低.Cloud-assisted Internet of Medical Things(IoMT)system is a new trend in the development of smart medical care.Nevertheless,patients’privacy data is usually outsourced and stored in the cloud in a confidential form,which will cause the data owner to lose control over their own data and cause inconvenience in patient data retrieval.Aiming at the above issues,this study proposes a searchable attribute-based encryption scheme that supports policy hiding.This scheme combines the advantages of ciphertext-policy attribute-based encryption and public key searchable encryption to ensure the confidentiality of shared data in the cloud-assisted IoMT system,realize fine-grained access control of sensitive data,and support keyword search.Moreover,the computing overhead of resourceconstrained devices is reduced by using methods such as online/offline encryption and outsourced decryption,so that the ciphertext-policy attribute-based encryption scheme can be implemented in the cloud-assisted IoMT system.Meanwhile,policy hiding technology is used to prevent the privacy of the data owner from leaking by hiding attribute values in the ciphertext.In terms of security,it is proved that the ciphertext information of this scheme is indistinguishable under chosen access structure and chosen plaintext attacks,and the trapdoor information is indistinguishable under chosen keyword attacks.Finally,Java Pairing-Based Cryptography Library(JPBC)is used to compare this scheme with other related schemes in terms of functional characteristics,communication overhead,and computing overhead.The results show that the proposed scheme has higher computational efficiency and lower storage overhead in key generation and encryption stages.

关 键 词：在线/离线属性加密 外包解密 可搜索加密 策略隐藏 云辅助IoMT系统 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]