Fine-Grained Bilateral Access Control Scheme in Online Consultation Environment

doi:10.3778/j.issn.1002-8331.2106-0033

Abstract

Abstract: With the continuous development of online consultation technology, more and more patients choose to consult their conditions online. As patients usually consult their conditions twice or even several times online, this will not only lead to the leakage of medical record information, but also make the workload of medical staff increase dramatically. Therefore, it is necessary to encrypt the patient’s medical record information and improve the working efficiency of medical staff under this condition. At present, the existing ABE scheme can only protect their privacy information by selecting medical staff through the access control strategy developed by patients, and medical staff can only retrieve the information they need one by one from a large number of medical records, resulting in a sharp increase in their workload. To solve the above problems, a ciphertext policy attribute-based encryption scheme supporting fine-grained bilateral access control is proposed, and the data is stored by combining blockchain technology and IPFS storage technology. In this scheme, the patient’s medical record information is encrypted and uploaded to the IPFS system, and the unique hash index generated by the IPFS system is uploaded to the blockchain. Attribute-based encryption is used to protect user privacy and achieve fine-grained bilateral access control. The security analysis shows that the scheme is indistinguishable under the selective plaintext attack in the random oracle-machine model. Simulation results show that the proposed scheme improves the user’s computing efficiency compared with similar schemes.

Key words: attribute encryption, block chain, access control, interplanetary file system（IPFS）

摘要： 随着在线问诊技术不断发展，越来越多的患者选择在线咨询自己的病情，由于患者通常会二次甚至多次在线咨询病情，这不仅会导致病历信息发生泄漏，而且会使医护人员的工作量剧增。为此需要对病人的病历信息进行加密处理，并在此条件下提高医护人员的工作效率。目前已有的ABE方案只能通过患者制定访问控制策略对医护人员进行选择从而保护自己的隐私信息，而医护人员只能从大量的病历中逐一检索出自己需要的信息，导致其工作量剧增。针对以上问题提出了一种支持细粒度双边访问控制的密文策略属性基加密方案，并结合区块链技术与IPFS存储技术对数据进行存储。该方案对病人的病历信息进行加密后上传至IPFS系统中，并将由IPFS系统生成的唯一哈希索引上传至区块链中。利用属性基加密技术在保护用户隐私同时，实现细粒度的双边访问控制。安全性分析表明，该方案在随机谕言机模型下具有选择明文攻击下的不可区分性。仿真结果表明，与类似方案相比，所提方案提高了用户的计算效率。

关键词: 属性加密, 区块链, 访问控制, 星际文件系统（IPFS）

LI Yixin, ZHANG Yinghui, HU Lingyun, ZHENG Dong. Fine-Grained Bilateral Access Control Scheme in Online Consultation Environment[J]. Computer Engineering and Applications, 2022, 58(17): 139-147.

李艺昕, 张应辉, 胡凌云, 郑东. 在线问诊环境下细粒度双边访问控制方案[J]. 计算机工程与应用, 2022, 58(17): 139-147.

References

[1] 傅颖勋，罗圣美，舒继武.安全云存储系统与关键技术综述[J].计算机研究与发展，2013，50（1）：136-145.
FU Y X，LUO S M，SHU J W.Survey of secure cloud storage system and key technologies[J].Journal of Computer Research and Development，2013，50（1）：136-145.
[2] JUAN B.IPFS-content addressed，Versioned，P2P file system[J].arXiv：1407.3561，2014.
[3] PHAM，V D，TRAN C T，NGUYEN T，et al.B-Box-a decentralized storage system using IPFS，attributed-based encryption，and blockchain[C]//2020 RIVF International Conference on Computing and Communication Technologies，2020.
[4] PENG Y，ZHAO W，XIE F，et al.Secure cloud storage based on cryptographic techniques[J].The Journal of China Universities of Posts and Telecommunications，2012，19（2）：182-189.
[5] FENG D G，CHEN C.Research on attribute-based cryptography[J].Journal of Cryptologic Research，2014，1（1）：1-12.
[6] SAHAI A，WATERS B R.Fuzzy identity-based encryption[C]//Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques.Berlin，Heidelberg：Springer，2004.
[7] WATERS B.Ciphertext-policy attribute-based encryption：an expressive，efficient，and provably secure realization[C]//International Workshop on Public Key Cryptography.Berlin，Heidelberg：Springer，2008.
[8] GOYAL V，PANDEY O，SAHAI A，et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security，2006.
[9] CHEUNG L，NEWPORT C.Provably secure ciphertext policy ABE[C]//ACM Conference on Computer and Communications Security，2007：456-465.
[10] BHARTIVA A S，AGRAWAL L S，GAWANDE Y V，et al.Achieving sheltered，scalable and fine-grained data access control in cloud computing[J].World Research Jounal of Engineering and Technology，2012，1（1）：4-7.
[11] ATTRAPADUANG N，IMAI H.Dual-policy attribute based encryption[C]//International Conference on Applied Cryptography and Network Security.Berlin，Heidelberg：Springer，2009.
[12] ATTRAPADUANG N，YAMAD A S.Duality in ABE：converting attribute based encryption for dual predicate and dual policy via computational encodings[C]//Cryptographers’ Track at the RSA Conference，2015.
[13] ATENIESE G，FRANCATI D，NUEZ D，et al.Match me if you can：matchmaking encryption and its applications[C]//Annual International Cryptology Conference.Cham：Springer，2019.
[14] XU S，NING J，LI Y，et al.Match in my way：fine-grained bilateral access control for secure cloud-fog computing[J].IEEE Transactions on Dependable and Secure Computing，2022，19（2）：1064-1077.
[15] 苗田田，杨惠杰，沈剑.电子医疗环境中支持用户隐私保护的访问控制方案[J].网络空间安全，2019，10（10）：16-22.
MIAO T T，YANG H J，SHEN J.An access control scheme with user privacy protection in e-health environment[J].Information Security and Technology，2019，10（10）：16-22.
[16] 邵奇峰，金澈清，张召，等.区块链技术：架构及进展[J].计算机学报，2018，41（5）：969-988.
SHAO Q F，JIN C Q，ZHANG Z，et al.Blockchain：architecture and research progess[J].Chinese Journal of Computers，2018，41（5）：969-988.
[17] 蔡振华，林嘉韵，刘芳.区块链存储：技术与挑战[J].网络与信息安全学报，2020，6（5）：11-20.
CAI Z H，LIN J Y，LIU F.Blockchain stoage：technologies and challenges[J].Chinese Journal of Network and Information Security，2020，6（5）：11-20.
[18] 汪金苗，谢永恒，王国威，等.基于属性基加密的区块链隐私保护与访问控制方法[J].信息网络安全，2020，20（9）：47-51.
WANG J M，XIE Y H，WANG G W，et al.A method of privacy preserving and access control in blockchain based on attribute-based encryption[J].Netinfo Security，2020，20（9）：47-51.
[19] ZHENG Q，YI L，PING C，et al.An innovative IPFS-based storage model for blockchain[C]//2018 IEEE/WIC/ACM International Conference on Web Intelligence （WI），2018.
[20] XU Q，SONG Z，GOH R，et al.Building an ethereum and IPFS-based decentralized social network system[C]//2018 IEEE 24th International Conference on Parallel and Distributed Systems（ICPADS），2018.
[21] RAHULAMATHAVAN Y，PHAN R C W，RAJARAJAN M，et al.Privacy-preserving blockchain based IoT ecosystem using attribute-based encryption[C]//2017 IEEE International Conference on Advanced Networks and Telecommunications Systems （ANTS），2018.
[22] WANG S，ZHANG Y，ZHANG Y L.A Blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems[J].IEEE Access，2018，6：38437-38450.
[23] 梁艳丽，凌捷.基于区块链的云存储加密数据共享方案[J].计算机工程与应用，2020，56（17）：41-47.
LIANG Y L，LING J.Encrypted data sharing scheme in cloud storage based on blockchain[J].Computer Engineering and Applications，2020，56（17）：41-47.