当前位置:
X-MOL 学术
›
IEEE Trans. Inform. Forensics Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Cross-Domain Inner-Product Access Control Encryption for Secure EMR Flow in Cloud Edge
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 2024-10-17 , DOI: 10.1109/tifs.2024.3482724 Caiqun Shi, Qinlong Huang, Rui Jian, Genghui Chi
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 2024-10-17 , DOI: 10.1109/tifs.2024.3482724 Caiqun Shi, Qinlong Huang, Rui Jian, Genghui Chi
The quality of medical services is improved by sharing electronic medical records (EMRs) across multiple medical institutions via cloud edge. However, EMRs contain private information about patients, and cloud servers are untrustworthy, thus they cannot be shared arbitrarily among senders and receivers. Access control encryption (ACE) is a preferred technique that produces encrypted EMRs and then restricts the capabilities of both senders and receivers to enforce the EMR flow via sanitizers. However, existing cross-domain ACE schemes employ a single sender authority to issue encryption keys for senders, which suffers from single point of failure and encryption key escrow that the sender authority can public EMRs arbitrarily. Moreover, they only support coarse-grained access structures such as AND gates, which is not suitable for flexible EMR sharing among medical institutions. To this end, we propose a cross-domain inner-product ACE (CD-IPACE) scheme that features decentralized encryption key generation and fine-grained access structures. Specifically, we construct CD-IPACE from inner-product encryption, threshold structure-preserving signature instantiated with a distributed key generation protocol, and non-interactive zero-knowledge proof, which prevents individual sender authorities from sending ciphertexts, and also protects both data and receiver privacy. Then, we design a secure EMR flow system in cloud edge named ESFlow based on CD-IPACE, which employs edge nodes as sanitizers to check encrypted EMRs and discard illegal ones. Finally, we demonstrate the security and practicality of ESFlow via formal security analysis and extensive experiments.
中文翻译:
跨域内部产品访问控制加密,用于云边缘中的安全 EMR 流
通过云边缘在多个医疗机构之间共享电子病历 (EMR),可以提高医疗服务质量。但是,EMR 包含患者的私人信息,云服务器不可信,因此不能在发送者和接收者之间随意共享。访问控制加密 (ACE) 是一种首选技术,它生成加密的 EMR,然后限制发送方和接收方通过排错程序强制执行 EMR 流的能力。但是,现有的跨域 ACE 方案使用单个发件人颁发机构为发件人颁发加密密钥,该方案存在单点故障和加密密钥托管问题,发件人机构可以任意公开 EMR。而且,它们只支持 AND 门等粗粒度访问结构,不适合医疗机构之间灵活的 EMR 共享。为此,我们提出了一种跨域内部产品 ACE (CD-IPACE) 方案,该方案具有去中心化加密密钥生成和细粒度访问结构的特点。具体来说,我们从内积加密、使用分布式密钥生成协议实例化的阈值结构保留签名和非交互式零知识证明中构建了 CD-IPACE,这可以防止单个发送者权威发送密文,同时也保护了数据和接收者的隐私。然后,我们基于 CD-IPACE 在云边缘设计了一个名为 ESFlow 的安全 EMR 流系统,该系统使用边缘节点作为清理器来检查加密的 EMR 并丢弃非法的 EMR。最后,我们通过正式的安全分析和广泛的实验证明了 ESFlow 的安全性和实用性。
更新日期:2024-10-17
中文翻译:
跨域内部产品访问控制加密,用于云边缘中的安全 EMR 流
通过云边缘在多个医疗机构之间共享电子病历 (EMR),可以提高医疗服务质量。但是,EMR 包含患者的私人信息,云服务器不可信,因此不能在发送者和接收者之间随意共享。访问控制加密 (ACE) 是一种首选技术,它生成加密的 EMR,然后限制发送方和接收方通过排错程序强制执行 EMR 流的能力。但是,现有的跨域 ACE 方案使用单个发件人颁发机构为发件人颁发加密密钥,该方案存在单点故障和加密密钥托管问题,发件人机构可以任意公开 EMR。而且,它们只支持 AND 门等粗粒度访问结构,不适合医疗机构之间灵活的 EMR 共享。为此,我们提出了一种跨域内部产品 ACE (CD-IPACE) 方案,该方案具有去中心化加密密钥生成和细粒度访问结构的特点。具体来说,我们从内积加密、使用分布式密钥生成协议实例化的阈值结构保留签名和非交互式零知识证明中构建了 CD-IPACE,这可以防止单个发送者权威发送密文,同时也保护了数据和接收者的隐私。然后,我们基于 CD-IPACE 在云边缘设计了一个名为 ESFlow 的安全 EMR 流系统,该系统使用边缘节点作为清理器来检查加密的 EMR 并丢弃非法的 EMR。最后,我们通过正式的安全分析和广泛的实验证明了 ESFlow 的安全性和实用性。
京公网安备 11010802027423号