| 摘要: |
| 云服务给电子病历数据的共享带来了很多便利, 由于云上数据共享依赖于第三方的云计算基础设施, 外包存储的数据面临着各种安全问题, 如给云服务器带来巨大的存储压力、外包数据可能会面临着被篡改或者丢失删除的威胁。当检索外包的数据时, 用户外包数据中可能包含用户的隐私, 加密的数据无法支持用户细粒度的检索, 这些问题成为云上数据共享服务中亟待解决的。因此本文提出了一种区块链辅助的基于属性的电子病历共享方案, 该方案采用基于属性的加密技术, 在策略隐藏的基础上实现了电子病历数据的机密性和细粒度访问控制。采用可搜索加密技术对多关键字进行加密, 提高了搜索准确度, 并将关键字密文上传到区块链中, 节省了存储开销, 由于区块链的不可篡改性, 保证数据的安全性, 实现了可授权用户对密文的安全搜索。为了防止云服务器向用户返回部分或不正确的密文, 用户与云交互验证了密文的正确性。该算法将大量的运算外包给云服务器, 降低了数据访问用户的计算负担。此外, 功能和安全分析表明, 所提方案满足多种功能安全需求, 并在标准模型下, 基于困难问题证明了方案在选择访问策略和选择明文攻击下具有不可区分性。通过数值和理论分析表明该方案在陷门生成阶段和搜索阶段具有较好计算效率, 极大地提高了多关键字可搜索加密方案的搜索效率。同时, 该方案在具备多特性的情况下存储开销有所减少, 更适用于电子病历的数据共享场景。 |
| 关键词: 区块链 云存储 基于属性的加密 可搜索加密 电子病历 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2025.09.10 |
| 投稿时间:2023-10-10修订日期:2024-03-07 |
| 基金项目:本课题得到国家自然科学基金项目(No. 61663041, No. 61901201, No. 61762058, No. 62002050, No. 61872060, No. 62241207, No.62262060); 甘肃省科技计划 项目(No. 22JR5RA158, No. 22JR5RA350); 甘肃省高校教 师创新基金项 目(No. 2023A-041, No.2023-ZD-234); 甘肃省教育厅产业支撑计划项目(No. 2022CYZC-17); 甘肃省教育厅高校创新基金项目(No. 2023A-041); 2023 年度兰州市科技发展计划项目(No. 2023-ZD-234)资助。 |
|
| Blockchain-based Electronic Health Record Data Sharing Scheme with Integrity Verification |
| LI Yahong,LI Qiang,LI Zhewei,WANG Caifen,YANG Xiaodong |
| School of Electronic and Information Engineering, Lanzhou Jiaotong University, Lanzhou 730000, China;School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chendu 610054, China;Big Data and Internet Academy, Shenzhen University of Technology, Shenzhen 518118, China;School of Computer Science and Engineering, Northwestern Normal University, Lanzhou 730000, China |
| Abstract: |
| Cloud services have brought a lot of conveniences to the sharing of electronic medical record data. However, cloud data sharing relies on third-party cloud computing infrastructure, leading to various security issues for outsourced storage data, such as enormous storage pressure on cloud servers, and the threat of tampering or loss and deletion of outsourced data. When retrieving outsourced data, user outsourced data may contain user privacy information, and encrypted data cannot support fine-grained retrieval. These issues have become urgent issues in cloud based data sharing services. In this paper, a blockchain-assisted attribute-based encryption scheme is proposed for electronic medical record sharing. In this scheme, on the basis of policy hiding, confidentiality and fine-grained access control of electronic medical record data are achieved by attribute-based encryption. To save storage costs, using searchable encryption technology to encrypt multi-keywords improves search accuracy, and the keywords ciphertext is uploaded to blockchain. Due to the immutability of the blockchain, data security is ensured, and authorized users can safely search for ciphertext. In order to prevent cloud servers from returning partial or incorrect ciphertext to users, users interact with the cloud to verify the correctness of the ciphertext. To reduce the computational burden on data access users, this algorithm outsources a large amount of computation to cloud servers. In addition, functional and safety analysis indicate that that the proposed scheme meets functional security requirements. Under the random oracle model, based on the decisional q-parallel BDHE assumption, it is proved that the scheme can guarantee the security of indistinguishability against selective access policy and chosen plaintext attacks. Numerical analysis indicates that the scheme has better computational efficiency in the trapdoor generation stage and search stage, greatly improving the search efficiency of multi keywords searchable encryption schemes. Meanwhile, the storage cost is reduced when the scheme has multi-features which are suitable for data sharing scenarios in electronic health records. |
| Key words: cloud storage attribute-based encryption searchable encryption electronic health record |
