White-box Traceable CP-ABE Scheme in Smart Healthcare Environment

doi:10.19678/j.issn.1000-3428.0065713

Abstract

Abstract: Smart healthcare services usually store patient health information on Cloud Server Provider(CSP), which increases the risk of privacy information being leaked while providing convenience to patients.Access policies in existing Ciphertext-Policy Attribute-Based Encryption(CP-ABE) schemes are generally in plaintext form, which can not prevent sensitive information leakage and decryption key traceability.To solve these problems, a white-box traceable CP-ABE scheme is proposed.The patient's attributes are divided into attribute and attribute value by hiding part of the access policy, and the access policy associated with the ciphertext contains only the attribute name when encrypted;the patient's sensitive information is protected using the hidden attribute value.The leaf node value of the binary tree is bound to user identity information so that the user information of a leaked key can be traced in the event of information leakage;this is useful for achieving fast and accurate traceability.The access of the malicious user who leaked the key is revoked by direct revocation, and the ciphertext associated with the user revocation list needs to be updated once during the revocation process, which improves computational efficiency.In the decryption stage, the computational overhead of end users is effectively reduced through the partial outsourcing of the data.Based on the q-parallel Bilinear Diffie-Hellman Exponent(BDHE) hypothesis, we demonstrate the Indistinguishability under Chosen Plaintext Attacks(IND-CPA) of the scheme in the standard model.The experimental results of the performance analysis show that the computational overhead of the scheme is 23.2% and 10.6% smaller than that of the most efficient comparison scheme in the encryption and decryption stages, respectively;only one exponential operation is associated with the user, and the computational overhead is 49.5% smaller than that of the most efficient comparison scheme in the key generation stage.

Key words: smart healthcare, Attribute-Based Encryption(ABE), hidden strategy, direct revocation, white-box traceability

摘要： 智慧医疗服务通常将患者健康信息存储于云服务商，在给患者就医提供便利的同时带来了隐私信息泄露的风险。现有密文策略属性基加密（CP-ABE）方案中的访问策略普遍采用明文形式，无法避免敏感信息泄露和实现解密密钥追溯。为解决上述问题，提出一种白盒可追溯的CP-ABE方案。通过隐藏部分访问策略将患者的属性分为属性名和属性值，在加密时与密文相关的访问策略仅包含属性名，利用隐藏属性值实现对患者敏感信息的保护。将二叉树的叶节点值与用户身份信息绑定，一旦发生信息泄露事件便可追溯泄露密钥的用户信息，实现快速精确的可追溯性。采用直接撤销的方式撤销泄露密钥的恶意用户，且撤销过程中仅需更新一次与用户撤销列表相关联的密文，提高了计算效率。在解密阶段，通过部分数据外包有效减少终端用户的计算开销。基于q-parallel BDHE假设证明了该方案在标准模型中选择明文攻击下的密文不可区分性，并通过性能分析实验结果表明，相比于同阶段运算效率最高的对比方案，该方案在加密和解密阶段的计算开销减少了23.2%和10.6%，且在密钥生成阶段仅有1个指数运算与用户属性相关，计算开销减少了49.5%。

关键词: 智慧医疗, 属性基加密, 隐藏策略, 直接撤销, 白盒可追溯性

CLC Number:

TP309

FANG Zixuan, CAO Suzhen, YAN Junjian, LU Yanfei, HE Qizhi, WANG Caifen. White-box Traceable CP-ABE Scheme in Smart Healthcare Environment[J]. Computer Engineering, 2023, 49(3): 142-150.

方子旋, 曹素珍, 闫俊鉴, 卢彦霏, 何启芝, 王彩芬. 智慧医疗环境下白盒可追溯的CP-ABE方案[J]. 计算机工程, 2023, 49(3): 142-150.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0065713

http://www.ecice06.com/EN/Y2023/V49/I3/142

Figures/Tables 9

References

[1] KOOHANG A, SARGENT C S, NORD J H, et al.Internet of Things(IoT):from awareness to continued use[J].International Journal of Information Management, 2022, 62:102442.
[2] CAI L, SHARMA P, GHOSH U, et al.Editorial special section on security, privacy, and trust analysis and service management for intelligent Internet of Things healthcare[J].IEEE Transactions on Industrial Informatics, 2022, 18(7):4785-4787.
[3] CAO L, ZHAN C J.Exploration of new community fitness mode using intelligent life technology and AIoT[J].International Journal of Grid and Utility Computing, 2022, 13(1):57-65.
[4] SINGH A, CHATTERJEE K.Securing smart healthcare system with edge computing[J].Computers & Security, 2021, 108:102353.
[5] GUPTA L, SALMAN T, GHUBAISH A, et al.Cybersecurity of multi-cloud healthcare systems:a hierarchical deep learning approach[J].Applied Soft Computing, 2022, 118:108439.
[6] SIVAN R, ZUKARNAIN Z A.Security and privacy in cloud-based e-health system[J].Symmetry, 2021, 13(5):742.
[7] LIU C, LI K, LI K, et al.A new service mechanism for profit optimizations of a cloud provider and its users[J].IEEE Transactions on Cloud Computing, 2021, 9(1):14-26.
[8] LI J, MENG Y, MA L, et al.A federated learning based privacy-preserving smart healthcare system[J].IEEE Transactions on Industrial Informatics, 2022, 18(3):2021-2031.
[9] FANG L, YIN C, ZHU J, et al.Privacy protection for medical data sharing in smart healthcare[J].ACM Transactions on Multimedia Computing, Communications, and Applications, 2020, 16(3):1-18.
[10] BAO Y, QIU W, CHENG X.Secure and lightweight fine-grained searchable data sharing for IoT-oriented and cloud-assisted smart healthcare system[J].IEEE Internet of Things Journal, 2022, 9(4):2513-2526.
[11] BETHENCOURT J, SAHAI A, WATERS B.Ciphertext-policy attribute-based encryption[C]//Proceedings of IEEE Symposium on Security and Privacy.Washington D.C., USA:IEEE Press, 2007:321-334.
[12] 王静宇, 周雪娟.一种支持属性撤销的密文策略属性基加密方案[J].计算机工程, 2021, 47(7):95-100. WANG J Y, ZHOU X J.An attribute-based encryption scheme for ciphertext policy that supports attribute revocation[J].Computer Engineering, 2021, 47(7):95-100.(in Chinese)
[13] ZHANG Z T, ZENG P, PAN B F, et al.Large-universe attribute-based encryption with public traceability for cloud storage[J].IEEE Internet of Things Journal, 2020, 7(10):10314-10323.
[14] HE Y, WANG H Y, LI Y, et al.An efficient ciphertext-policy attribute-based encryption scheme supporting collaborative decryption with blockchain[J].IEEE Internet of Things Journal, 2022, 9(4):2722-2733.
[15] QIAN H L, LI J G, ZHANG Y C.Privacy-preserving decentralized ciphertext-policy attribute-based encryption with fully hidden access structure[M].Berlin, Germany:Springer, 2013.
[16] LIU L X, LAI J Z, DENG R H, et al.Ciphertext-policy attribute-based encryption with partially hidden access structure and its application to privacy-preserving electronic medical record system in cloud environment[J].Security and Communication Networks, 2016, 9(18):4897-4913.
[17] ZHANG Y H, ZHENG D, DENG R H.Security and privacy in smart health:efficient policy-hiding attribute-based access control[J].IEEE Internet of Things Journal, 2018, 5(3):2130-2145.
[18] ARKIN G, HELIL N.Ciphertext-policy attribute based encryption with selectively-hidden access policy[J].Computing and Informatics, 2021, 40(5):1136-1159.
[19] LIU Z, CAO Z F, WONG D S.White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures[J].IEEE Transactions on Information Forensics and Security, 2013, 8(1):76-88.
[20] LIU Z, WONG D S.Practical attribute-based encryption:traitor tracing, revocation and large universe[J].The Computer Journal, 2016, 59(7):983-1004.
[21] LIU Z H, DUAN S H, ZHOU P L, et al.Traceable-then-revocable ciphertext-policy attribute-based encryption scheme[J].Future Generation Computer Systems, 2019, 93:903-913.
[22] XIANG G L, LI B L, FU X N, et al.An attribute revocable CP-ABE scheme[C]//Proceedings of the 7th International Conference on Advanced Cloud and Big Data.Washington D.C., USA:IEEE Press, 2019:198-203.
[23] BOUCHAALA M, GHAZEL C, SAIDANE L A.TRAK-CPABE:a novel traceable, revocable and accountable ciphertext-policy attribute-based encryption scheme in cloud computing[J].Journal of Information Security and Applications, 2021, 61:102914.
[24] LIU S H, YU J G, HU C Q, et al.Traceable multiauthority attribute-based encryption with outsourced decryption and hidden policy for CIoT[EB/OL].[2022-08-11].https://www.xueshufan.com/publication/3153267097.
[25] LI J G, ZHANG Y C, NING J T, et al.Attribute based encryption with privacy protection and accountability for CloudIoT[J].IEEE Transactions on Cloud Computing, 2022, 10(2):762-773.
[26] GUO R, YANG G, SHI H X, et al.O3-R-CP-ABE:an efficient and revocable attribute-based encryption scheme in the cloud-assisted IoMT system[J].IEEE Internet of Things Journal, 2021, 8(11):8949-8963.

Please choose a citation manager

Content to export