Enhanced secure medical data sharing with traceable and direct revocation

doi:10.19682/j.cnki.1005-8885.2023.2007

中国邮电高校学报(英文) ›› 2023, Vol. 30 ›› Issue (1): 66-79.doi: 10.19682/j.cnki.1005-8885.2023.2007

Enhanced secure medical data sharing with traceable and direct revocation

Peng Weiping, Cui Shuang, Song Cheng, Han Ning

School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo 454003, China

收稿日期:2021-06-28 修回日期:2022-03-20 接受日期:2023-02-13 出版日期:2023-02-28 发布日期:2023-02-28
通讯作者: Peng Weiping, E-mail: pwp9999@hpu.edu.cn E-mail:pwp9999@hpu.edu.cn
基金资助:
This work was supported by the National Key Research and Development Program of China (2018YFC0604502) and the Funding Project for the Young Backbone Teachers of Higher Education Institutions in Henan Province (2019GGJS061).

Enhanced secure medical data sharing with traceable and direct revocation

Peng Weiping, Cui Shuang, Song Cheng, Han Ning

School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo 454003, China

Received:2021-06-28 Revised:2022-03-20 Accepted:2023-02-13 Online:2023-02-28 Published:2023-02-28
Contact: Peng Weiping, E-mail: pwp9999@hpu.edu.cn E-mail:pwp9999@hpu.edu.cn
Supported by:
This work was supported by the National Key Research and Development Program of China (2018YFC0604502) and the Funding Project for the Young Backbone Teachers of Higher Education Institutions in Henan Province (2019GGJS061).

摘要/Abstract

摘要： Sharing of the electronic medical records among different hospitals raises serious concern of the leakage of individual privacy for the adoption of the semi trustworthiness of the medical cloud platform. The tracking and revocation of malicious users have become urgent problems. To solve these problems, this paper proposed a traceable and directly revocable medical data sharing scheme. In the scheme, a unique identity parameter (ID), which was generated and embedded in the private key generation phase by the medical service provider (MSP), is used to identify legal authorized user and trace malicious user. Only when attributes satisfy the access policy and user's ID is not in the revocation list can the user calculate the decryption key. Malicious user can be tracked and directly revoked by using the revocation list. Under the assumption of decision bilinear Diffie-Hellman (DBDH), this paper has proved that the scheme is able to achieve security against chosen-plaintext attack (CPA). The performance analysis demonstrates that the sizes of the public key and private key are shorter, and the time overhead is less than other schemes in the public-private key generation, data encryption and data decryption stages.

关键词: medical data sharing, electronic medical records, tracking and revocation, privacy protection

Abstract: Sharing of the electronic medical records among different hospitals raises serious concern of the leakage of individual privacy for the adoption of the semi trustworthiness of the medical cloud platform. The tracking and revocation of malicious users have become urgent problems. To solve these problems, this paper proposed a traceable and directly revocable medical data sharing scheme. In the scheme, a unique identity parameter (ID), which was generated and embedded in the private key generation phase by the medical service provider (MSP), is used to identify legal authorized user and trace malicious user. Only when attributes satisfy the access policy and user's ID is not in the revocation list can the user calculate the decryption key. Malicious user can be tracked and directly revoked by using the revocation list. Under the assumption of decision bilinear Diffie-Hellman (DBDH), this paper has proved that the scheme is able to achieve security against chosen-plaintext attack (CPA). The performance analysis demonstrates that the sizes of the public key and private key are shorter, and the time overhead is less than other schemes in the public-private key generation, data encryption and data decryption stages.

Key words: medical data sharing, electronic medical records, tracking and revocation, privacy protection

中图分类号:

TP309

Peng Weiping, Cui Shuang, Song Cheng, Han Ning. Enhanced secure medical data sharing with traceable and direct revocation[J]. The Journal of China Universities of Posts and Telecommunications, 2023, 30(1): 66-79.

参考文献

References
[1] BERNAERDT J, MOERENHOUT T, DEVISCH I. Vulnerable patients' attitudes towards sharing medical data and granular control in patient portal systems: An interview study. Journal of Evaluation in Clinical Practice, 2021, 27(2): 429 -437.
[2] COOK-DEEGAN R, MAJUMDER M A, MCGUIRE A L. Introduction: Sharing data in a medical information commons. Journal of Law Medicine and Ethics, 2019, 47(1): 7 -11.
[3] COLE C L, SENGUPTA S, ROSSETTI S, et al. Ten principles for data sharing and commercialization. Journal of the American Medical Informatics Association, 2021, 28(3): 646 -649.
[4] MARWAN M, KARTIT A, OUAHMANE H. A framework to secure medical image storage in cloud computing environment. Journal of Electronic Commerce in Organizations, 2018, 16(1): 1 -16.
[5] CHEN M, QIAN Y F, CHEN J, et al. Privacy protection and intrusion avoidance for cloudlet-based medical data sharing. IEEE Transactions on Cloud Computing, 2020, 8(4): 1274 -1283.
[6] WANG Y T, CHEN K F, CHEN J H. Attribute-based traitor tracing. Journal of Information Science and Engineering, 2011, 27(1): 181 -195.
[7] NING J T, DONG X L, CAO Z F, et al. White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Transactions on Information Forensics and Security, 2015, 10(6): 1274 -1288.
[8] CUI H, DENG R H, LI Y J. Attribute-based cloud storage with secure provenance over encrypted data. Future Generation Computer Systems, 2018, 79(Part 2): 461 -472.
[9] YAN X X, YUAN X H, ZHANG Q C, et al. Traceable and weighted attribute-based encryption scheme in the cloud environment. IEEE Access, 2020, 8: 38285 -38295.
[10] WANG H, SONG Y J. Secure cloud-based EHR system using attribute-based cryptosystem and blockchain. Journal of Medical Systems, 2018, 42(8): Article 152.
[11] FAN K, WANG S Y, REN Y H, et al. MedBlock: Efficient and secure medical data sharing via blockchain. Journal of Medical Systems, 2018, 42(8): Article 136.

[12] ZHANG A Q, LIN X D. Towards secure and privacy-preserving data sharing in e-health systems via consortium blockchain. Journal of Medical Systems, 2018, 42(8): Article 140.
[13] PIRRETTI M, TRAYNOR P, MCDANIEL P, et al. Secure attribute-based systems. Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS'06), 2006, Oct 30 - Nov 3, Alexandria, VA, USA. New York, NY, USA: ACM, 2006: 99 -112.
[14] OSTROVSKY R, SAHAI A, WATERS B. Attribute-based encryption with non-monotonic access structures. Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS'06), 2007, Oct 31 - Nov 2, Alexandria, VA, USA. New York, NY, USA: ACM, 2007: 195 -203.
[15] NARUSE T, MOHRI M, SHIRAISHI Y. Attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating. Park J J, Stojmenovic I, Choi M, et al ( eds ). Future Information Technology: FutureTech 2013. LNEE 276. Berlin, Germany: Springer, 2014: 119 -125.
[16] XIA Z H, ZHANG L G, LIU D D. Attribute-based access control scheme with efficient revocation in cloud computing. China Communications, 2016, 13(7): 92 -99.
[17] LI J G, SHI Y R, ZHANG Y C. Searchable ciphertext-policy attribute-based encryption with revocation in cloud storage. International Journal of Communication Systems, 2017, 30(1): 2942. 1 -2942. 13.
[18] YAN X X, MENG H. Ciphertext policy attribute-based encryption scheme supporting direct revocation. Journal on Communications, 2016, 37(5): 44 -50 (in Chinese).
[19] BAI C C, ZHANG Y H, MA H, et al. Expressive ciphertext-policy attribute-based encryption with direct user revocation. International Journal of Embedded Systems, 2017, 9(6): 495 -504.
[20] ZHANG W, WU Y, XIONG H, et al. Accountable attribute-based encryption with public auditing and user revocation in the personal health record system. KSII Transactions on Internet and Information Systems, 2021, 15(1): 302 -322.
[21] MA H, ZHANG R, YANG G M, et al. Efficient fine-grained data sharing mechanism for electronic medical record systems with mobile devices. IEEE Transactions on Dependable and Secure Computing, 2020, 17(5): 1026 -1038.
[22] OGUNDOYIN S O, KAMIL I A. PAASH: A privacy-preserving authentication and fine-grained access control of outsourced data
for secure smart health in smart cities. Journal of Parallel and Distributed Computing, 2021, 155: 101 -119.

Enhanced secure medical data sharing with traceable and direct revocation

Enhanced secure medical data sharing with traceable and direct revocation

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	孟慧任利娜赵宗渠. Identity-based proxy re-encryption scheme from RLWE assumption with ciphertext evolution[J]. 中国邮电高校学报(英文版), 2023, 30(5): 51-60.
[2]	Han Yushan, Che Bichen, Liu Jiali, Dou Zhao, Di Junyu. Nearly universal and efficient quantum secure multi-party computation protocol[J]. 中国邮电高校学报(英文版), 2022, 29(4): 51-68.
[3]	Han Gang, Xing Qixuan, Zhang Yinghui. Fine-grained cooperative access control scheme with hidden policies[J]. 中国邮电高校学报(英文版), 2021, 28(6): 13-25.
[4]	Tao Yunting, Kong Fanyu, Yu Jia. EPMDA: an efficient privacy-preserving multi-dimensional data aggregation scheme for edge computing-based IoT system [J]. 中国邮电高校学报(英文版), 2021, 28(6): 26-35.
[5]	Xu Yan, Li Zheng, Ding Long, Xu Rui. Cross-domain data cloud storage auditing scheme based on certificateless cryptography [J]. 中国邮电高校学报(英文版), 2021, 28(6): 36-47.
[6]	赵国生张婧婷王健. Research on location privacy protection method of sensor-cloud base station [J]. 中国邮电高校学报(英文版), 2021, 28(1): 64-77.
[7]	赵宗渠马少提王永军汤永利叶青. Two-factor ( biometric and password) authentication key exchange on lattice based on key consensus [J]. 中国邮电高校学报(英文版), 2020, 27(6): 42-53.
[8]	林杰刘川意方滨兴. VMScan: an out-of-VM malware scanner [J]. 中国邮电高校学报(英文版), 2020, 27(4): 59-68.
[9]	Tang Yongli, Wang Mingming, Ye Qing, Qin Panke, Zhao Zongqu. Lattice-based hierarchical identity-based broadcast encryption scheme in the standard model[J]. 中国邮电高校学报(英文版), 2019, 26(4): 70-79.
[10]	Cai Xiumei, Liu Chao, Huang Xianying, Liu Xiaoyang, Cao Qiong, Yang Hongyu. Dynamic model of computer viruses under the effect of removable media and external computers[J]. 中国邮电高校学报(英文版), 2018, 25(4): 86-93.
[11]	Min Xiangshen, Fan Jiulun, Zhang Xuefeng, Ren Fang. Color image encryption scheme based on chaotic systems[J]. 中国邮电高校学报(英文版), 2018, 25(2): 39-48.
[12]	Ding Haiyang, Li Zichen, Bi Wei. (k, n) halftone visual cryptography based on Shamir‘s secret sharing[J]. 中国邮电高校学报(英文版), 2018, 25(2): 60-76.
[13]	Chen Shangdi, Wen Jiejing. New key pre-distribution scheme using symplectic geometry over finite fields for wireless sensor networks[J]. 中国邮电高校学报(英文版), 2017, 24(5): 16-22.
[14]	谢佳胡予濮高军涛高雯李雪莲. Attribute-based signatures on lattices[J]. 中国邮电高校学报(英文版), 2016, 23(4): 83-90.
[15]	冯超辛阳. Fast key generation for Gentry-style homomorphic encryption[J]. Acta Metallurgica Sinica(English letters), 2014, 21(6): 37-44.