基于区块链的医疗信息属性加密访问控制方案

郑丽娟; 刘佳琪; 陶亚男; 章睿; 张宇; 吴朋钢; 尤军考

引用本文：

郑丽娟,刘佳琪,陶亚男,章睿,张宇,吴朋钢,尤军考.基于区块链的医疗信息属性加密访问控制方案[J].信息安全学报,2023,8(1):93-107 [点击复制]
ZHENG Lijuan,LIU Jiaqi,TAO Yanan,ZHANG Rui,ZHANG Yu,WU Penggang,YOU Junkao.Medical Information Attribute Encryption Access Control Scheme Based on Blockchain[J].Journal of Cyber Security,2023,8(1):93-107 [点击复制]

本文已被：浏览 2752次下载 2447次	码上扫一扫！
基于区块链的医疗信息属性加密访问控制方案
郑丽娟^1,2, 刘佳琪¹, 陶亚男¹, 章睿², 张宇¹, 吴朋钢¹, 尤军考³
0 字体:加大+\|默认\|缩小-
(1.石家庄铁道大学信息科学与技术学院石家庄中国 050043;2.中国科学院信息工程研究所, 信息安全国家重点实验室北京中国 100093;3.中国移动通信集团河北有限公司政企客户部石家庄中国 050021)

摘要:

医疗信息的访问互通有助于医生掌握转诊患者的病情, 及时准确地为患者提供医疗服务。然而医疗数据涉及到患者的隐私, 存在数据泄露的风险, 一旦泄露不仅会损害医疗机构的声誉, 还会影响患者的个人生活, 并且医疗信息大多由医疗机构管理, 患者对自己医疗数据的使用情况并不知情。访问控制是医疗信息共享中重要的安全机制, 其中, 基于属性的加密机制可以实现细粒度的访问控制, 但是仍存在属性授权集中、解密开销大和追溯难的问题。区块链技术在实现分布式医疗机构节点间信任建立和数据共享方面有很多优势。因此, 针对上述问题, 本文从医疗数据共享场景下患者敏感信息保护的需求出发, 结合区块链技术对医疗信息的访问控制机制进行研究, 提出了一个基于区块链的医疗信息属性加密访问控制方案, 建立了多授权机构的访问控制模型, 避免了单一授权带来的信任问题; 设计了代理解密算法, 降低了终端的解密开销, 提高了解密效率; 支持访问者的属性撤销, 实现了患者对医疗数据的灵活控制; 同时, 利用区块链自身优势实现了对属性授权机构的追溯问责。安全性分析与性能分析表明, 所提方案在随机预言机模型下是静态安全的, 且具有更低的计算开销和存储开销。

关键词: 区块链医疗信息 CP-ABE 访问控制

DOI：10.19363/J.cnki.cn10-1380/tn.2023.01.07

投稿时间：2021-09-28修订日期：2022-01-19

基金项目:本课题得到信息安全国家重点实验室开放课题(No. 2021-MS-09); 石家庄铁道大学研究生创新资助项目(No. YC2021074)资助。

Medical Information Attribute Encryption Access Control Scheme Based on Blockchain

ZHENG Lijuan^1,2, LIU Jiaqi¹, TAO Yanan¹, ZHANG Rui², ZHANG Yu¹, WU Penggang¹, YOU Junkao³

(1.School of Information Science and Technology, Shijiazhuang Tiedao University, Shijiazhuang 050043, China;2.State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;3.Department of Enterprise Customer, China Mobile Communications Corporation Hebei Co., Ltd, Shijiazhuang 050021, China)

Abstract:

The access and intercommunication of medical information helps doctors to grasp the patient's condition when the patient goes to the different hospitals, and provides convenience for medical services. However, the medical data involves patients' privacy, and there is a risk of data leakage. Once the medical data is leaked, it will not only damage the reputation of medical institutions, but also affect the personal life of patients. Moreover, most medical information is managed by medical institutions, and patients are not aware of the use of their own medical data. The access control is an important security mechanism in the medical data sharing scenario. Among them, the attribute-based encryption mechanism can realize fine-grained access control, but it has the problems of centralized attribute authorization, large decryption overhead, and difficulty in traceability. The blockchain technology has many advantages in establishing trust and sharing data among nodes in distributed medical institutions. Therefore, in order to solve these problems, in this paper, based on the demand of patient sensitive information protection in the medical data sharing scenario, the access control mechanism of medical information is studied with blockchain technology, and a medical information attribute encryption access control scheme based on blockchain is proposed. The access control model of multiple authorization agencies is established to avoid the trust problem caused by single authorization, and a proxy decryption algorithm is designed to reduce the terminal decryption cost and the decryption efficiency is improved. The scheme supports the revocation of visitors' attributes and realizes the flexible control of medical data by data owners. At the same time, it uses the advantages of blockchain itself to achieve traceability accountability of attribute authorization institutions. The security and performance analysis shows that the proposed scheme is statically secure under the random oracle model, and has better system performance and computing efficiency.

Key words: blockchain medical information CP-ABE access control