可验证秘密共享
计算机科学
云计算
访问控制
加密
架空(工程)
计算机安全
基于属性的加密
公钥密码术
集合(抽象数据类型)
程序设计语言
操作系统
作者
Jun Zhao,Kai Zhang,Junqing Gong,Haifeng Qian
标识
DOI:10.1109/tifs.2024.3350925
摘要
Electronic healthcare (E-health) cloud system enables electronic health records (EHRs) sharing and improves efficiency of diagnosis and treatment. In order to address EHRs confidentiality and authorized user access control in E-health cloud, attribute-based proxy re-encryption (ABPRE) has been widely employed which provides dynamic fine-grained access control over encrypted EHRs. Unfortunately, existing ABPRE schemes still have the following defects: 1) the capacity of attribute-universe is defined at setup; 2) verifiable mechanism for re-encryption reveals EHRs about patients; 3) traditional access policy reveals sensitive information pertaining to patients. This paper focuses on these issues and presents large-universe, verifiable and privacy-preserving dynamic fine-grained access control scheme for E-health cloud. More details, we solve limitation of attribute-universe to large-universe, which means that attributes aren’t required to be enumerated at setup. Considering disclosure of underlying EHRs in verifiable mechanism, scheme introduces non-interactive zero-knowledge proof as verifiable mechanism that supports public validation and doesn’t leak EHRs of patients. Furthermore, partially hidden policy is employed to protect privacy of patients in policy, which divides attribute into attribute name and attribute value, displaying attribute name and hiding attribute value. Finally, experimental evaluation is given that demonstrates the more comprehensive functionality of our scheme without sacrificing significant computational overhead.
科研通智能强力驱动
Strongly Powered by AbleSci AI