An Access Control Scheme for Verifying the Correctness of Outsourcing Encrypted Data in EHR System

doi:10.3969/j.issn.1671-1122.2023.05.009

Abstract

Abstract:

To meet the growing demand for telemedicine services, electronic health record (EHR) systems have become popular in recent years. Data owners can upload EHRs to the cloud for data sharing via mobile devices. However, there can be privacy breaches in EHR systems. Attribute-based encryption (ABE) provided a good solution for the secure sharing of data. Usually, mobile devices have limited computing power and it is very difficult to implement the complex encryption operations of ABE. Therefore, this paper assigned heavy encryption operations to the edge server (ES). However, the ES could be subject to attacks. It was crucial to check whether the ES encrypts the correct plaintext. This paper proposed a double-outsourced lightweight verification scheme based on zero-knowledge proofs to check the correctness of the data in the ES. To prevent EHR information from being leaked to dishonest ESs, this paper combined blockchain with hybrid encryption for more secure data sharing. Experimental results show that the proposed scheme is effective.

Key words: edge computing, access control, EHR systems, zero-knowledge proof, data correctness

CLC Number:

TP309

ZHANG Xiaoxu, SHI Runhua. An Access Control Scheme for Verifying the Correctness of Outsourcing Encrypted Data in EHR System[J]. Netinfo Security, 2023, 23(5): 85-94.

Figures/Tables 6

References 25

[1]	SU Yuan, LI Yanping, ZHANG Kai, et al. A Privacy-Preserving Public Integrity Check Scheme for Outsourced EHRs[J]. Information Sciences, 2021, 542: 112-130. doi: 10.1016/j.ins.2020.06.043 URL
[2]	XU Jian, WEI Laiwen, WU Wei, et al. Privacy-Preserving Data Integrity Verification by Using Lightweight Streaming Authenticated Data Structures for Healthcare Cyber-Physical System[J]. Future Generation Computer Systems, 2020, 108: 1287-1296. doi: 10.1016/j.future.2018.04.018 URL
[3]	SICARI S, RIZZARDI A, DINI G, et al. Attribute-Based Encryption and Sticky Policies for Data Access Control in a Smart Home Scenario: A Comparison on Networked Smart Object Middleware[J]. International Journal of Information Security, 2021, 20(5): 695-713. doi: 10.1007/s10207-020-00526-3
[4]	QIN Xuanmei, HUANG Yongfeng, YANG Zhen, et al. LBAC: A Lightweight Blockchain-Based Access Control Scheme for the Internet of Things[J]. Information Sciences, 2021, 554: 222-235. doi: 10.1016/j.ins.2020.12.035 URL
[5]	WANG Tian, ZHANG Guangxue. A Secure IoT Service Architecture with an Efficient Balance Dynamics Based on Cloud and Edge Computing[J]. IEEE Internet of Things Journal, 2018, 6(3): 4831-4843. doi: 10.1109/JIoT.6488907 URL
[6]	WANG Tian, BHUIYAN M Z A, WANG Guojun, et al. Preserving Balance Between Privacy and Data Integrity in Edge-Assisted Internet of Things[J]. IEEE Internet of Things Journal, 2019, 7(4): 2679-2689. doi: 10.1109/JIoT.6488907 URL
[7]	SANDHU R S, COYNE E J, FEINSTEIN H L, et al. Role-Based Access Control Models[J]. Computer, 1996, 29(2): 38-47.
[8]	HU V C, KUHN D R, FERRAIOLO D F, et al. Attribute-Based Access Control[J]. Computer, 2015, 48(2): 85-88.
[9]	BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-Policy Attribute-Based Encryption[C]// IEEE. 2007 IEEE Symposium on Security and Privacy (SP'07). New York: IEEE, 2007: 321-334.
[10]	GOYAL V, PANDEY O, SAHAI A, et al. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data[C]// ACM. Proceedings of the 13th ACM Conference on Computer and Communications Security. New York: ACM, 2006: 89-98.
[11]	YANG Yifan, SHI Runhua, LI Kunchang, et al. Multiple Access Control Scheme for EHRs Combining Edge Computing with Smart Contracts[J]. Future Generation Computer Systems, 2022, 129: 453-463. doi: 10.1016/j.future.2021.11.002 URL
[12]	ZHANG Qingyan, ZHONG Hong. AC4AV: A Flexible and Dynamic Access Control Framework for Connected and Autonomous Vehicles[J]. IEEE Internet of Things Journal, 2020, 8(3): 1946-1958. doi: 10.1109/JIoT.6488907 URL
[13]	LI Jiguo, YAO Wei, ZHANG Yichen, et al. Flexible and Fine-Grained Attribute-Based Data Storage in Cloud Computing[J]. IEEE Transactions on Services Computing, 2016, 10(5): 785-796. doi: 10.1109/TSC.2016.2520932 URL
[14]	TANG Zhaohui. Secret Sharing-Based IoT Text Data Outsourcing: A Secure and Efficient Scheme[J]. IEEE Access, 2021, 9: 76908-76920. doi: 10.1109/ACCESS.2021.3075282 URL
[15]	SETHI K, PRADHAN A, BERA P. Practical Traceable Multi-Authority CP-ABE with Outsourcing Decryption and Access Policy Updation[J]. Journal of Information Security and Applications, 2020, 51: 102435-102445. doi: 10.1016/j.jisa.2019.102435 URL
[16]	LI Jin, HUANG Xinyi, LI Jingwei, et al. Securely Outsourcing Attribute-Based Encryption with Checkability[J]. IEEE Transactions on Parallel and Distributed Systems, 2013, 25(8): 2201-2210. doi: 10.1109/TPDS.2013.271 URL
[17]	SONG Wenna, XIANG Guangli, LI Ankang, et al. Improved Attribute-Based Encryption Scheme[J]. Computer Science, 2017, 44(1): 167-171. doi: 10.11896/j.issn.1002-137X.2017.01.032
	宋文纳, 向广利, 李安康, 等. 一种改进的属性加密方案[J]. 计算机科学, 2017, 44(1): 167-171. doi: 10.11896/j.issn.1002-137X.2017.01.032
[18]	LIU Peng, HE Qian, LIU Wangyang, et al. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption[J]. Netinfo Security, 2020, 20(3): 90-97.
	刘鹏, 何倩, 刘汪洋, 等. 支持撤销属性和外包解密的 CP-ABE 方案[J]. 信息网络安全, 2020, 20(3): 90-97.
[19]	WANG Le, YANG Zherong, LIU Rongjing, et al. A CP-ABE Privacy Preserving Method for Wearable Devices[J]. Netinfo Security, 2018, 18 (6): 77-84.
	王乐, 杨哲荣, 刘容京, 等. 基于属性加密算法的可穿戴设备系统隐私保护方法研究[J]. 信息网络安全, 2018, 18(6): 77-84.
[20]	ZOU Liping, FENG Chaosheng, QIN Zhiguang, et al. CP-ABE Scheme with Fast Decryption for Public Cloud[J]. Journal of Software, 2020, 31(6): 1817-1828.
	邹莉萍, 冯朝胜, 秦志光, 等. 面向公有云的支持快速解密的CP-ABE方案[J]. 软件学报, 2020, 31(6): 1817-1828.
[21]	CHEN Yu, MA Xuecheng, TANG Cong, et al. PGC: Decentralized Confidential Payment System with Auditability[C]// Springer. European Symposium on Research in Computer Security. Berlin:Springer, 2020:591-610.
[22]	YIN Hongjian, ZHU Yan, WANG Jing, et al. Design and Implementation of a Smart-Contract Voting System Based on Zero-Knowledge Proof[J]. Chinese Journal of Engineering, 2023, 45(4): 632-642.
	殷红建, 朱岩, 王静, 等. 基于零知识证明的智能合约投票系统设计与实现[J]. 工程科学学报, 2023, 45(4): 632-642.
[23]	WATERS B. Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization[C]// Springer. International Workshop on Public Key Cryptography. Berlin:Springer, 2011: 53-70.
[24]	LI Jingwei, JIA Chunfu, LI Jin, et al. Outsourcing Encryption of Attribute-Based Encryption with Mapreduce[C]// Springer. International Conference on Information and Communications Security. Berlin:Springer, 2012: 191-201.
[25]	ZHANG Rui, MA Hui, LU Yao. Fine-Grained Access Control System Based on Fully Outsourced Attribute-Based Encryption[J]. Journal of Systems and Software, 2017, 125: 344-353. doi: 10.1016/j.jss.2016.12.018 URL

方案	外包加密	智能合约验证DU身份	验证ES诚实性
文献[23]方案	×	×	×
文献[24]方案	√	×	×
文献[25]方案	√	×	×
本文方案	√	√	√

方案	文献[23] 方案	文献[24] 方案	文献[25] 方案	本文方案
密钥生成	$\text{(2}+{{S}_{U}}){{E}_{1}}$	$\text{(1}+3{{S}_{U}}){{E}_{1}}$	$\text{(3}+4{{S}_{U}}){{E}_{1}}$	$\text{(3}+{{S}_{U}}){{E}_{1}}$
密文生成	$(1+2C){{E}_{1}}+{{E}_{2}}$	$4C{{E}_{1}}$	$(1+5C){{E}_{1}}+{{E}_{2}}$	$(2+2C){{E}_{1}}+2{{E}_{2}}$
解密	$\text{(1+2s)}e\text{+(}s){{E}_{2}}$	$\text{(2s)}e\text{+(}s){{E}_{2}}$	$\text{(1+2s)}e\text{+(4}s+2){{E}_{2}}$	$\text{(2+s)}e\text{+(}s){{E}_{2}}$
零知识交互	—	—	—	$\text{4}{{E}_{2}}$

方案	文献[23]方案	文献[24]方案	文献[25]方案	本文方案
密钥大小	(2+2S_U)\|G\|+ 2S_U\|Z_p\|	(3+S_U)\|G\|+ (2+S_U)\|Z_p\|	2((2+2S_U)\|G\|+ (2+2S_U)\|Z_p\|)	(2+S_U)\|G\|+ S_U\|Z_p\|
密文大小	(1+3C)\|G\|+ 2C\|Z_p\|	n(\|A\|+2C\|G\|)	2((2+3C)\|G\|+ 2C\|Z_p\|)	2\|G\|+2\|G_T\|+ 2C\|Z_p\|