信息网络安全 ›› 2023, Vol. 23 ›› Issue (7): 9-21.doi: 10.3969/j.issn.1671-1122.2023.07.002

• 技术研究 • 上一篇    下一篇

云边缘环境中基于属性加密的可验证EMR外包解决方案

石润华, 谢晨露()   

  1. 华北电力大学控制与计算机工程学院,北京 102206
  • 收稿日期:2023-04-20 出版日期:2023-07-10 发布日期:2023-07-14
  • 通讯作者: 谢晨露 E-mail:372238228@qq.com
  • 作者简介:石润华(1974—),男,安徽,教授,博士,主要研究方向为量子信息安全。|谢晨露(1997—),女,山东,硕士研究生,主要研究方向为数据外包加密与访问控制
  • 基金资助:
    国家自然科学基金(61772001)

Verifiable Outsourcing EMR Scheme with Attribute-Based Encryption in Cloud-Edge Environments

SHI Runhua, XIE Chenlu()   

  1. School of Control and Computer Engineering, North China Electric Power University, Beijing 102206, China
  • Received:2023-04-20 Online:2023-07-10 Published:2023-07-14
  • Contact: XIE Chenlu E-mail:372238228@qq.com

摘要:

随着云计算和边缘计算的兴起,基于属性的加密(ABE)算法是一种很有应用价值的加密方法,它可以为云存储的电子病历(EMR)提供细粒度的访问控制策略。然而,在ABE中,访问控制越精细,所需属性的数量就越大,相应需要更高的加密计算成本。为了减轻数据拥有者的加密负担,文章设计了一种可验证的外包加密方案,其中数据拥有者侧雾节点完全负责ABE的加密计算,同时用户侧雾节点帮助合法的数据使用者执行相应的解密计算。此外,文章引入代理重加密以及在线索引与离线陷门技术,其中代理重加密实现电子病历的双重访问控制,而在线索引与离线陷门保证了合法用户的匿名性。最后,在区块链、管理服务器和属性机构的协助下,该方案能够验证雾节点外包加密和云存储密文的正确性。实验结果表明,该方案的数据拥有者加密时间最少,实现了减少数据拥有者加密负担,同时满足了细粒度访问控制和加密消息的可验证性。

关键词: 属性基加密, 可验证性, 外包加密, 访问控制, 边缘计算

Abstract:

With emerging of cloud and edge computing, attribute-based encryption (ABE) is a promising cryptographic primitive, which can provide a fine-grained access control strategy for Electronic Medical Record (EMR) in the cloud sever. However, in ABE, the finer the access control is, the bigger the number of required attributes is. Accordingly, it requires the higher encryption costs. In order, to reduce the encryption burden of data owner, we first presented a verifiable outsourcing ABE scheme, in which a fog node in the data owner side is fully responsible for the encryption of ABE, and another fog node in the user side assisted data users to perform the corresponding decryption. Furthermore, this paper introduced the proxy re-encryption algorithm, online indexing, and offline trapdoor, where proxy re-encryption algorithm is aimed to achieve the dual access control for EMRs, and online indexing and offline trapdoor ensure the anonymity of legitimate users. Finally, with the help of blockchain, management server and attribute authority, the scheme can verify the honesty of fog nodes and the correctness of the ciphertext. The experimental results show that the data owner of our scheme has the low encryption time, while this scheme reduces the encryption burden of the data owner, achieves finer grained access control, and realizes the verifiability of the ciphertext.

Key words: attribute-based encryption, verifiability, outsourcing encryption, access control, edge computing

中图分类号: