| 摘要: |
| 随着新冠疫情的持续发展, 许多国家和地区都对确诊患者及密接者的个人信息数据和位置数据进行了严密的监管。与此同时, 如何在共享患者必要信息的同时, 确保患者及密接者的个人隐私不被泄露, 访问过程透明化、可溯源、数据不被篡改, 已成为当今亟需解决的关键问题。基于此, 本文提出了一种可追责的医疗属性通行证(AMAP)访问控制方案, 方案首先将区块链与基于属性的访问控制模型相结合, 在引入区块链对访问过程进行溯源的同时, 将访问控制策略和访问时系统中的关键步骤以智能合约的形式部署到区块链上, 使整个系统既能保障用户对数据的安全访问, 又能够对整个访问过程进行溯源。特别地, 方案引入了医疗属性通行证模块, 用户以通行证的方式申请访问, 避免了传统访问控制模型中主体属性与访问控制策略的多次匹配,在实现医疗数据细粒度访问控制的同时, 一定程度上提高了访问效率。最后, 通过安全性分析表明本方案可以抵抗拒绝服务攻击、恶意篡改攻击、单点失效攻击、主体伪装攻击、重放攻击等。实验及性能分析表明本方案与其他方案相比, 在相同访问控制策略的情况下访问次数越多, 本方案的优势越明显; 在相同访问次数情况下访问控制策略个数越多, 本方案的优势越明显。 |
| 关键词: 信息安全 区块链 AMAP 细粒度 访问控制 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2023.01.04 |
| Received:September 27, 2021Revised:December 20, 2021 |
| 基金项目:本课题得到国家自然科学基金(No. 62102312), 陕西省自然科学基础研究计划资助项目(No. 2021JQ-722), 陕西省高校科协青年人才托举计划(No. 20210119), 陕西省教育厅科研计划项目(No. 20JK0906)资助。 |
|
| Research on Medical Data Access Control and Security Sharing in Public Health Events |
| HAN Gang,WANG Jiaqian,LUO wei,LV Yingze |
| School of Cyberspace Security, Xi'an University of Posts and Telecommunications, Xi'an 710121, China;National Engineering Laboratory for Wireless Network Security Technology, Xi'an 710000, China |
| Abstract: |
| With the continuous developing of the COVID-2019, more and more countries and regions have strictly supervised the personal information and location data of confirmed patients and their close contacts. At the same time, how to share the necessary information of patients while ensuring that the personal privacy of patients and their close contacts is not leaked, the access process is transparent, traceable, and data is not tampered with, has become a key issue that needs to be solved urgently. Based on this, we propose an accountable medical attribute pass (AMAP) access control scheme in this paper. The scheme first combines the blockchain with an attribute-based access control model. While introducing the blockchain to trace the source of the access process, the access control strategy and key steps in the access system are deployed on the blockchain in the form of smart contracts, so that the entire system can not only ensure the safe access of users to data, but also trace the source of the entire access process. In particular, the solution introduces the medical attribute pass module. Users apply for access in the form of a pass, which avoids multiple matches between subject attributes and access control strategies in the traditional access control model. While achieving fine-grained access control to medical data, a certain degree Improved access efficiency. Finally, the security analysis shows that this scheme can resist denial of service attacks, malicious tampering attacks, single point of failure attacks, main body masquerading attacks, replay attacks, etc. Experiments and performance analysis show that this solution is compared with other solutions. Under the same access control strategy, the more access times, the more obvious the advantages of this solution; the more access control strategies have the same access control strategy, the more effective the solution is. The more obvious the advantages. |
| Key words: information security blockchain AMAP fine-grained access control |
