支持属性和代理重加密的区块链数据共享方案

doi:10.19665/j.issn1001-2400.2022.01.001

摘要/Abstract

摘要：

医疗数据的高价值和敏感性导致电子医疗数据共享面临访问控制、数据安全、有效监管、隐私泄露等问题,而传统的属性加密可以解决数据共享过程中一对多的访问控制问题,但仍存在效率低下、访问策略失效、泄露敏感信息等挑战。针对以上问题,首先提出了一种隐藏访问策略的属性加密与代理重加密相结合的方案,在防止访问策略泄露隐私的同时,实现了数据的高效动态共享;其次,针对集中式单点故障问题,数据共享过程中缺少监管、区块链存储负载过重的问题,将方案与区块链、智能合约和星际文件系统融合,实现了原始数据密文链下分布式存储与关键信息密文链上共享的低开销模式,建立了支持灵活数据监管,适用于去中心化的医疗数据共享场景的架构;最后,对所提方案进行了安全性证明和存储与计算成本、智能合约开销等性能分析。结果表明,该方案满足选择明文攻击下的安全性并能抵抗合谋攻击。在共享过程中增加了隐私保护和有效监督等功能的同时,效率优于现有的数据共享方案。

关键词: 区块链, 属性加密, 代理重加密, 智能合约, 数据共享

Abstract:

The high value and sensitivity of medical data lead to the problems of access control,data security,effective supervision and privacy leakage in electronic medical data sharing.The traditional attribute-based encryption can solve one-to-many access control problems during data sharing,but there are still challenges that need to be solved,such as low efficiency,the invalidation of access policy once it changes slightly,and the leakage of sensitive information from the access policy.To solve the above problems,first,a scheme using the attribute-based encryption with the hidden access policy and proxy re-encryption is proposed,which can prevent privacy from being disclosed by the access policy,but also realizes more efficient and dynamic data sharing.Second,as for the issues of the centralized single point of failure,the lack of supervision in the process of data sharing,and the heavy storage load of blockchain,the scheme is integrated with the blockchain,smart contract and InterPlanetary FileSystem,and it can implement the low-overhead mode of the distributed storage of original data ciphertext off the chain and the sharing of the key information ciphertext on the chain.Then an architecture that supports flexible data supervision is established,which is suitable for decentralized medical data sharing scenarios.Finally,for the proposed scheme,the security proof and performance analysis including storage,computing and smart contract costs are conducted.The results show that the scheme can resist selective plaintext attack and collusion attack.In addition,privacy protection and effective supervision are added in the data sharing process,and at the same time,the efficiency of the proposed scheme is better than that of the existing data sharing schemes.

Key words: blockchain, attribute-based encryption, proxy re-encryption, smart contract, data sharing

中图分类号:

TP309

李雪莲,张夏川,高军涛,向登梅. 支持属性和代理重加密的区块链数据共享方案[J]. 西安电子科技大学学报, 2022, 49(1): 1-16.

LI Xuelian,ZHANG Xiachuan,GAO Juntao,XIANG Dengmei. Blockchain data sharing scheme supporting attribute and proxy re-encryption[J]. Journal of Xidian University, 2022, 49(1): 1-16.

图/表 9

图1

图2

表1

表2

存储成本比较"

参数	文献[25]中方案	文献[26]中方案	文中方案
公开参数长度	(\|U\|+3)\|G\|+\|G_T\|	(4+\|U\|)\|G\|+1\|G_T\|	10\|G\|+1\|G_T\|
解密密钥长度	(2k+2)\|G\|	(k+4)\|G⁴\|	(5k+2)\|G\|
重密文长度	(2s+2)\|G\|+\|G_T\|	5\|G⁴\|+1\| $G T 4$ \|	4\|G\|+1\|G_T\|
双线性群的阶	素数阶	合数阶	素数阶

表2

图3

图4

图5

表3

图6

参考文献 27

[1]	BUTPHENG C, YEH K H, XIONG H. Security and Privacy in Iot-Cloud-Based E-Health Systems-A Comprehensive Review[J]. Symmetry, 2020, 12(7):1191. doi: 10.3390/sym12071191
[2]	HATHALIYA J J, TANWAR S. An Exhaustive Survey on Security and Privacy Issues in Healthcare 4.0[J]. Computer Communications, 2020, 153:311-335. doi: 10.1016/j.comcom.2020.02.018
[3]	XU Y, DING L, CUI J, et al. PP-CSA:A Privacy-Preserving Cloud Storage Auditing Scheme for Data Sharing[J]. IEEE Systems Journal, 2021, 15(3):3730-3739. doi: 10.1109/JSYST.2020.3018692
[4]	WANG S L, LIANG K T, LIU J K, et al. Attribute-Based Data Sharing Scheme Revisited in Cloud Computing[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(8):1661-1673. doi: 10.1109/TIFS.2016.2549004
[5]	ZHANG L Y, YE Y D, MU Y. Multi-Authority Access Control with Anonymous Authentication for Personal Health Record[J]. IEEE Internet of Things Journal, 2020, 8(1):156-167. doi: 10.1109/JIOT.2020.3000775
[6]	SHAHID F, ASHRAF H, GHANI A, et al. PSDS-Proficient Security over Distributed Storage:A Method for Data Transmission in Cloud[J]. IEEE Access, 2020, 8:118285-118298. doi: 10.1109/ACCESS.2020.3004433
[7]	ZICHICHI M, FERRETTI S, D'ANGELO G. A Distributed Ledger Based Infrastructure for Smart Transportation System and Social Good[C]// 2020 IEEE 17th Annual Consumer Communications & Networking Conference.Piscataway:IEEE, 2020:1-6.
[8]	于金霞, 何旭, 闫玺玺. 机构可验证的密文策略属性基加密方案[J]. 西安电子科技大学学报, 2019, 46(4):49-57.
	YU Jinxia, HE Xu, YAN Xixi. Ciphertext-Policy Attribute-Based Encryption Scheme with Verifiability on Authority[J]. Journal of Xidian University, 2019, 46(4):49-57.
[9]	GUO H, MEAMARI E, SHEN CC. Multi-Authority Attribute-Based Access Control with Smart Contract[C]// Proceedings of the 2019 International Conference on Blockchain Technology. New York: ACM, 2019:6-11.
[10]	ZUO Y T, KANG ZZ, XU J, et al. BCAS:A Blockchain-Based Ciphertext-Policy Attribute-Based Encryption Scheme for Cloud Data Security Sharing[J]. International Journal of Distributed Sensor Networks, 2021, 17(3):1-16.
[11]	WANG H, SONG Y J. Secure Cloud-Based Ehr System Using Attribute-Based Cryptosystem and Blockchain[J]. Journal of Medical Systems, 2018, 42(8):152-164. doi: 10.1007/s10916-018-0994-6
[12]	WANG S P, ZHANG Y L, ZHANG Y L. A Blockchain-Based Framework for Data Sharing with Fine-Grained Access Control in Decentralized Storage Systems[J]. IEEE Access, 2018, 6:38437-38450. doi: 10.1109/ACCESS.2018.2851611
[13]	XIA Q I, SIFAH E B, ASAMOAH K O, et al. Medshare:Trust-Less Medical Data Sharing Among Cloud Service Providers Via Blockchain[J]. IEEE Access, 2017, 5:14757-14767. doi: 10.1109/ACCESS.2017.2730843
[14]	杨颜博, 张嘉伟, 马建峰. 一种使用区块链保护车联网数据隐私的方法[J]. 西安电子科技大学学报, 2021, 48(3):21-30.
	YANG Yanbo, ZHANG Jiawei, MA Jianfeng. Method for Using The Blockchain to Protect Data Privacy of Iov[J]. Journal of Xidian University, 2021, 48(3):21-30.
[15]	李莉, 曾庆贤, 文义红, 等. 基于区块链与代理重加密的数据共享方案[J]. 信息网络安全, 2020(8):16-24.
	LI Li, ZENG Qingxian, WEN Yihong, et al. Data Sharing Scheme Based on the Blockchain and the Proxy Re-Encryption[J]. Netinfo Security, 2020, 20(8):16-24.
[16]	翟社平, 汪一景, 陈思吉. 区块链技术在电子病历共享的应用研究[J]. 西安电子科技大学学报, 2020, 47(5):103-112.
	ZHAI Sheping, WANG Yijing, CHEN Siji. Research on the Application of Blockchain Technology in the Sharing of Electronic Medical Records[J]. Journal of Xidian University, 2020, 47(5):103-112.
[17]	POURNAGHI S M, BAYAT M, FARJAMIY. Medsba:A Novel and Secure Scheme to Share Medical Data Based on Blockchain Technology and Attribute-Based Encryption[J]. Journal of Ambient Intelligence and Humanized Computing, 2020, 11(11):4613-4641. doi: 10.1007/s12652-020-01710-y
[18]	SHAMSHAD S, MAHMOOD K, KUMARI S, et al. A Secure Blockchain-Based E-Health Records Storage and Sharing Scheme[J]. Journal of Information Security and Applications, 2020, 55:102590. doi: 10.1016/j.jisa.2020.102590
[19]	ZHANG L Y, HU G C, Mu Yi, et al. Hidden Ciphertext Policy Attribute-Based Encryption with Fast Decryption for Personal Health Record System[J]. IEEE Access, 2019, 7:33202-33213. doi: 10.1109/ACCESS.2019.2902040
[20]	YING Z B, SI Y P, MA J F, et al. FHPT:Fine-Grained EHR Sharing in E-Healthcare Cloud with Hidden Policy and Traceability[C]// GLOBECOM 2020-2020 IEEE Global Communications Conference.Piscataway:IEEE, 2020:1-6.
[21]	HU G, ZHANG L Y, MU Y, et al. An Expressive “Test-Decrypt-Verify” Attribute-Based Encryption Scheme with Hidden Policy for Smart Medical Cloud[J]. IEEE Systems Journal, 2021, 15(1):365-376. doi: 10.1109/JSYST.2020.2996216
[22]	CUI H, DENG R H, WU G W, et al. An Efficient and Expressive Ciphertext-Policy Attribute-Based Encryption Scheme with Partially Hidden Access Structures[C]// International Conference on Provable Security.Berlin:Springer, 2016:19-38.
[23]	闫玺玺, 刘媛, 李子臣, 等. 策略半隐藏且支持更新的多机构属性加密方案[J]. 西安电子科技大学学报, 2018, 45(2):122-128.
	YAN Xixi, LIU Yuan, LI Zichen, et al. Multi-Authority Attribute-Based Encryption Scheme with Policy Semi-Hidden and Dynamic Updating[J]. Journal of Xidian University, 2018, 45(2):122-128.
[24]	HONG H, SUN Z. Towards Secure Data Sharing in Cloud Computing Using Attribute Based Proxy Re-Encryption with Keyword Search[C]// IEEE International Conference on Cloud Computing & Big Data Analysis.Piscataway:IEEE, 2017:218-223.
[25]	张小红, 孙岚岚. 属性代理重加密的区块链密文云存储共享研究[J]. 系统仿真学报, 2020, 32(6):1009-1020.
	ZHANG Xiaohong, SUN Lanlan. Attribute Proxy Re-Encryption for Ciphertext Storage Sharing Scheme on Blockchain[J]. Journal of System Simulation, 2020, 32(6):1009-1020.
[26]	MAO X, LI X, WU X, et al. Anonymous Attribute-Based Conditional Proxy Re-Encryption[C]// International Conference on Network and System Security.Berlin:Springer, 2018:95-110.
[27]	DENG H, QIN Z, WU Q, et al. Flexible Attribute-Based Proxy Re-Encryption for Efficient Data Sharing[J]. Information Sciences, 2020, 511:94-113. doi: 10.1016/j.ins.2019.09.052

方案	素数阶	大规模属性集	区块链	隐藏访问策略	代理重加密	多用户	智能合约	可监督
文献[22]	√	√	×	√	×	√	×	×
文献[26]	×	×	×	√	√	√	×	×
文献[27]	√	√	×	×	√	√	×	×
文献[16]	√	×	单链	×	√	×	√	×
文献[25]	√	×	单链	×	√	√	√	×
文献[17]	√	×	双链	×	×	√	√	×
文中方案	√	√	双链	√	√	√	√	√

文中方案智能合约	具体编程设置合约部分	开销/gas
解密密钥生成合约	设置密钥	105 426
	获取密钥	30 940
代理合约	生成重密钥	24 920
	进行重加密	27 836
监督日志合约	上传监督日志	28 866