面向便携式诊所的安全数据共享方案
作者:
作者单位:

作者简介:

通讯作者:

刘波,Kyle.liu@nudt.edu.cn

中图分类号:

TP311

基金项目:

国家自然科学基金(62072466)


A Secure Data Sharing Solution for Portable Health Clinic System
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    随着物联网(Internet of Things,IoT)、云计算等技术的飞速发展,便携式诊所(Portable Health Clinic,PHC)得以实现,并广泛应用于远程医疗.我国依托5G通信的大幅优势,积极推进智慧医疗的建设,搭建了多功能、高质量的远程医疗信息服务平台.以PHC为代表的远程医疗得以实现,离不开远程数据共享系统的技术支撑.目前IoT和云服务器(Cloud Server, CS)相结合(通常称为云边协同)的远程数据共享系统以其灵活性、高效性广受关注,然而其隐私和安全问题却鲜有研究.考虑到医疗数据的敏感性,本文致力于研究PHC数据共享系统的安全隐私问题,实现了PHC系统中物联网感知数据的安全上传、个性密文的归一化、云服务器上动态多用户的细粒度访问控制、高效的解密操作,并给出了形式化的安全性证明.在具体创新上,第一,本文分别对经典的代理重加密和属性基加密算法进行改进,提出了IPRE-TO-FAME组合加密机制,以保障云边协同的PHC系统数据共享的安全性.第二,为了应对物联网终端数量众多、分散性强带来的密钥更新难题,本文借鉴代理重加密(Proxy Re-encryption,PRE)的思想,实现了基于单方变换的密钥更新,即无需变换IoT终端密钥条件下的密钥更新.同时,本文应用场景中重加密方可视为完全可信,而常规PRE机制重加密方通常为不可信的第三方服务器,为此,本文改进了经典PRE算法,提出了一种高效的IPRE(Improved PRE)算法,以适应本文提出的场景;第三,改进经典的FAME(Fast Attribute-based Message Encryption)机制,实现了动态多用户的细粒度访问控制,便于用户可以随时随地使用便携式智能设备访问数据.安全性证明、理论分析和实验结果证明,本文提出的方案具有较好的安全性和较强的实用性,是一类解决PHC安全数据共享问题的有效方案.

    Abstract:

    With the rapid development of Internet of things (IoT), cloud computing et al., portable health clinic (PHC) has been realized and widely used in telemedicine. For the significant advantages of 5G communication, China has actively promoted the construction of intelligent medicine and built a multi-functional telemedicine information service platform. The realization of telemedicine is inseparable from the support of the remote data sharing system. At present, the PHC data sharing system uses the network architecture combining the IoT and cloud computing. However, its privacy and security issues are rarely studied. This paper keeps an eye on security and privacy when sharing data in the PHC system. We realize the secure upload of IoT data, normalization of personalized ciphertext, dynamic multi-user fine-grained access control, efficient decryption operations, and formal security verification. This paper first improves the classical proxy re-encryption and attribute-based encryption algorithms. It proposes an IPRE-TO-FAME combined encryption mechanism suitable for the network architecture with IoT and cloud computing. Addressing the challenge of key updates caused by many distributed IoT terminals, this paper uses the idea of proxy re-encryption (PRE) for reference to realize the key update based on the unilateral transformation without changing the IoT’s key. At the same time, as the setting in this paper is different from the conventional algorithm PRE, the re-encryption entity can be regarded as fully trusted. This paper improves the conventional algorithm PRE and implement an efficient IPRE (improved PRE) algorithm. Thirdly, the classic FAME (fast attribute-based message encryption) mechanism is improved to realize dynamic multi-user fine-grained access control. It is convenient for users to use portable intelligent devices to access data anytime and anywhere. Security proof, theoretical analysis, and experimental results show that the scheme proposed in this paper is secure and practical. It is an effective solution to the problem of PHC secure data sharing.

    参考文献
    相似文献
    引证文献
引用本文

朱雪岭,侯慧莹,付绍静,赵运磊,刘波.面向便携式诊所的安全数据共享方案.软件学报,,():0

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2021-08-27
  • 最后修改日期:2021-12-13
  • 录用日期:
  • 在线发布日期: 2022-03-24
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号