基于PBAC模型和IBE的医疗数据访问控制方案

张怡婷; 傅煜川; 杨明; 罗军舟

doi:10.11959/j.issn.1000-436x.2015329

您当前的位置：

首页 >

文章列表页 >

基于PBAC模型和IBE的医疗数据访问控制方案

数据安全 | 更新时间：2024-06-05

- 基于PBAC模型和IBE的医疗数据访问控制方案
- Access control scheme for medical data based on PBAC and IBE
- 通信学报 2015年36卷第12期页码：200-211
- 作者机构：
  
  1. 东南大学计算机科学与工程学院，江苏南京 210096
  2. 南京邮电大学计算机学院，江苏南京 210023
- 作者简介：
  
  [ "张怡婷（1978-），女，安徽合肥人，东南大学博士生，南京邮电大学讲师，主要研究方向为网络安全及应用。" ]
  [ "傅煜川（1987-），男，江苏南京人，东南大学硕士生，主要研究方向为网络安全。" ]
  [ "杨明（1979-），男，江苏常州人，博士，东南大学副教授，主要研究方向为网络安全。" ]
  [ "罗军舟（1960-），男，浙江宁波人，博士，东南大学教授、博士生导师，主要研究方向为下一代网络体系结构、网络安全、云计算、无线局域网。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61272054);国家自然科学基金资助项目(61320106007);国家科技支撑计划课题基金资助项目(2010BAI88B03)
- DOI：10.11959/j.issn.1000-436x.2015329
  中图分类号： TP309
- 网络出版日期：2015-12，
  
  纸质出版日期：2015-12-25
- 稿件说明：
移动端阅览
张怡婷, 傅煜川, 杨明, 等. 基于PBAC模型和IBE的医疗数据访问控制方案[J]. 通信学报, 2015,36(12):200-211.

Yi-ting ZHANG, Yu-chuan FU, Ming YANG, et al. Access control scheme for medical data based on PBAC and IBE[J]. Journal on communications, 2015, 36(12): 200-211.
张怡婷, 傅煜川, 杨明, 等. 基于PBAC模型和IBE的医疗数据访问控制方案[J]. 通信学报, 2015,36(12):200-211. DOI： 10.11959/j.issn.1000-436x.2015329.

Yi-ting ZHANG, Yu-chuan FU, Ming YANG, et al. Access control scheme for medical data based on PBAC and IBE[J]. Journal on communications, 2015, 36(12): 200-211. DOI： 10.11959/j.issn.1000-436x.2015329.

摘要

医疗卫生领域形成的医疗大数据中包含了大量的个人隐私信息，面临着外部攻击和内部泄密的潜在安全隐患。传统的访问控制模型没有考虑用户访问目的在侧重数据隐私的访问控制中的重要作用，现有的对称、非对称加密技术又都存在密钥管理、证书管理复杂的问题。针对这些问题，提出了综合应用PBAC模型和IBE加密技术的访问控制方案，支持针对医疗数据密文的灵活访问控制。通过加入条件目的概念对PBAC模型进行扩展，实现了对目的树的全覆盖；以病患 ID、条件访问位和预期目的作为 IBE 身份公钥进行病患数据加密，只有通过认证并且访问目的符合预期的用户才能获得相应的私钥和加密数据，从而实现对病患信息的访问。实验结果证明，该方案达到了细粒度访问控制和隐私保护的目的，并具有较好的性能。

Abstract

Due to the large amount of personal privacy information contained

the medical big data formed in the health care industry was faced with potential threats of both external attacks and internal data leakages.However

traditional access control technology didn’t take into account the important role of user access purpose in the access control schemes that emphasized data privacy

and existing symmetric and asymmetric encryption technologies both face problems such as the complexity of key and certificate management.To address these problems

a novel access control scheme based on PBAC model and IBE encryption technology was proposed

which could provide flexible access control of encrypted medical data.By introducing the concept of conditioned purpose

the PBAC model was extended to achieve full coverage of purpose trees.Furthermore

the scheme used patient ID

conditioned bit and intended purpose as the IBE public key

with which patients’ data were encrypted.Only users who pass the authentication and whose access purposes conform to the intended purposes can obtain the corresponding private keys and the encrypted data

thereby achieving access to patients’ information.Experimental results prove that the scheme can achieve the goals of fine-grained access control and privacy protection with high performance.

关键词

Keywords

references

孟小峰 , 慈祥．大数据管理:概念、技术与挑战［J］．计算机研究与发展 , 2013 , 50 ( 1 ): 146 - 169 .

MENG X F , CI X ． Big data management:concepts,techniques and challenges ［J］． Journal of Compute Research and Development , 2013 , 50 ( 1 ): 146 - 169 .

冯登国 , 张敏 , 李昊 . 大数据安全与隐私保护 [J ] . 计算机学报 , 2014 , 37 ( 1 ): 246 - 258 .

FENG D G , ZHANG M , LI H . Big data security and privacy protection [J ] . Chinese Journal of Computers , 2014 , 37 ( 1 ): 246 - 258 .

SHAMIR A . Identity-based cryptosystems and signature schemes [A ] . Proc of CYPTO'84 [C ] . Springer Berlin Heidelberg , 1985 . 47 - 53 .

BONEH D , FRANKLIN M . Identity based encryption from the Weil pairing [A ] . Proc of CRYPTO'01 [C ] . Springer Berlin Heidelberg , 2001 . 213 - 229 .

COCKS C . An identity based encryption scheme based on quadratic residues [A ] . Proc of Cryptography and Coding [C ] . Springer Berlin Heidelberg , 2001 . 360 - 363 .

SAKAI R , KASAHARA M . ID based cryptosystems with pairing on elliptic curve [J ] . 2003 ， 03 / 54

CANETTI R , HALEVI S , KATZ J . A forward-secure public-key encryption scheme [A ] . Proc of EUROCRYPT'03 [C ] . Springer Berlin Heidelberg , 2003 . 255 - 271 .

CANETTI R , HALEVI S , KATZ J . Chosen-ciphertext security from identity-based encryption [A ] . Proc of Cryptoloty-EUROCRYPT'04 [C ] . Springer Berlin Heidelberg , 2004 . 207 - 222 .

BONEH D , BOYEN X . Efficient selective-ID secure identity-based encryption without random Oracle [A ] . Proc of CryptolotyEUROCRYPT'04 [C ] . Springer Berlin Heidelberg , 2004 . 223 - 238 .

BONEH D , BOYEN X . Efficient selective identity-based encryption without random oracles [J ] . Journal of Cryptology , 2011 , 24 ( 4 ): 659 - 693 .

BONEH D , BOYEN X . Secure identity based encryption without random oracles [A ] . Proc of Cryptology-Crypto'04 [C ] . Springer Berlin Heidelberg , 2004 . 443 - 359 .

WATERS B . Efficient identity-based encryption without random Oracles [A ] . Proc of Cryptology-EUROCRYPT'05 [C ] . Springer Berlin Heidelberg , 2005 . 114 - 127 .

GENTRY C . Practical identity-based encryption without random oracles [A ] . Proc of Cryptology- EUROCRYPT'06 [C ] . Springer Berlin Heidelberg , 2006 . 445 - 464 .

WATERS B . Dual system encryption:realizing fully secure IBE and HIBE under simple assumptions [A ] . Proc of Cryptology-CRYPTO'09 [C ] . Springer Berlin Heidelberg , 2009 . 619 - 636 .

GENTRY C , SILVERBERG A . Hierarchical ID-based cryptography [A ] . Proc of Cryptology—ASIACRYPT'02 [C ] . Springer Berlin Heidelberg , 2002 . 548 - 566 .

LEWKO A , WATERS B . New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts [M ] . Theory of Cryptography . Springer Berlin Heidelberg , 2010 .

CHEN J , WEE H . Fully,(almost) tightly secure IBE and dual system groups [A ] . Proc of Cryptology–CRYPTO 2013 [C ] . Springer Berlin Heidelberg , 2013 . 435 - 460 .

CHOW S S M , DODIS Y , ROUSELAKIS Y , et al . Practical leakage-resilient identity-based encryption from simple assumptions [A ] . Proc of the 17th ACM Conference on Computer and Communications Security,CCS’10 [C ] . Chicago,Illinois,USA , 2010 . 152 - 161 .

YUEN T H , CHOW S S M , ZHANG Y , et al . Identity-based encryption resilient to continual auxiliary leakage [A ] . Proc of Cryptology–EUROCRYPT 2012 [C ] . Springer Berlin Heidelberg , 2012 . 117 - 134 .

SAHAI A , WATERS B . Fuzzy identity-based encryption [A ] . Proc of Cryptology–EUROCRYPT'05 [C ] . Springer Berlin Heidelberg , 2005 . 457 - 473 .

BOLDYREVA A , GOYAL V , KUMAR V . Identity-based encryption with efficient revocation [A ] . Proc of the 15th ACM Conference on Computer and Communications Security [C ] . 2008 . 417 - 426 .

SEO J H , EMURA K . Revocable identity-based encryption revisited:security model and construction [A ] . Proc of Public-Key Cryptography– PKC 2013 [C ] . Springer Berlin Heidelberg , 2013 . 216 - 234 .

LI J , LI J , CHEN X , et al . Identity-based encryption with outsourced revocation in cloud computing [J ] . IEEE Transactions on Computers , 2015 , 64 ( 2 ): 425 - 437 .

ABDALLA M , BIRKETT J , CATALANO D , et al . Wildcarded identity-based encryption [J ] . Journal of Cryptology , 2011 , 24 ( 1 ): 42 - 82 .

BEATO F , MEUL S , PRENEEL B . Practical identity-based private sharing for online social networks [J ] . Computer Communications , 2015 , http://dx.doi.org/10.1016/j.comcom.2015.07.009 http://dx.doi.org/10.1016/j.comcom.2015.07.009 .

WU X , XU L , ZHANG X . POSTER:a certificateless proxy re-encryption scheme for cloud-based data sharing [A ] . Proc of the 18th ACM Conference on Computer and Communications Security,CCS'11 [C ] . 2011 . 869 - 872 .

BYUN J W , BERTINO E , LI N . Purpose based access control of complex data for privacy protection [A ] . Proc of the 10th ACM Symposium on Access Control Models and Technologies [C ] . ACM , 2005 . 102 - 110 .

BYUN J W , LI N . Purpose based access control for privacy protection in relational database systems [J ] . The VLDB Journal , 2008 , 17 ( 4 ): 603 - 619 .

YANG N , BARRINGER H , ZHANG N . A purpose-based access control model [A ] . Proc of the 3rd International Symposium on Information Assurance and Security (IAS) [C ] . IEEE , 2007 . 143 - 148 .

KABIR M E , WANG H . Conditional purpose based access control model for privacy protection [A ] . Proc.of the 20th Australasian Conference on Australasian Database [C ] . Australian Computer Society,Inc , 2009 . 135 - 142 .

WANG Y , ZHOU Z , LI J . A purpose-involved role-based access control model [A ] . Foundations of Intelligent Systems [C ] . Springer Berlin Heidelberg , 2014 . 1119 - 1131 .

COLOMBO P , FERRARI E . Enforcement of purpose based access control within relational database management systems [J ] . IEEE Transactions on Knowledge and Data Engineering , 2014 , 26 ( 11 ): 2703 - 2716 .

SUN L , WANG H . A purpose-based access control in native XML databases [J ] . Concurrency and Computation:Practice and Experience , 2012 , 24 ( 10 ): 1154 - 1166 .

JAFARI M,SAFAVI-NAINI R , FONG P W L , et al . A framework for expressing and enforcing purpose-based privacy policies [J ] . ACM Transactions on Information and System Security , 2014 , 17 ( 1 ): 3 .

渠世艳 . 基于目的管理的医疗信息系统访问控制模型研究 [D ] . 上海:上海交通大学 , 2009 .

QU S Y . Research of Purpose-Based Access Control Model for Hospital Information System [D ] . Shanghai:Shanghai Jiaotong University , 2009 .

KABIR M E , WANG H , BERTINO E . A role-involved purpose-based access control model [J ] . Information Systems Frontiers , 2012 , 14 ( 3 ): 809 - 82 .

浏览量

679

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于密码学的云数据确定性删除研究进展

一个具有最小泄漏的可公开验证M+1电子拍卖

基于可信度的细粒度RBAC访问控制模型框架

可公开验证的短密钥公钥加密方案

基于身份的泛在通信隐私保护方案