Electronic medical records (EMR) facilitate the sharing of medical data, but existing sharing schemes suffer fromprivacy leakage and inefficiency. This article proposes a lightweight, searchable, and controllable EMR ...Electronic medical records (EMR) facilitate the sharing of medical data, but existing sharing schemes suffer fromprivacy leakage and inefficiency. This article proposes a lightweight, searchable, and controllable EMR sharingscheme, which employs a large attribute domain and a linear secret sharing structure (LSSS), the computationaloverhead of encryption and decryption reaches a lightweight constant level, and supports keyword search andpolicy hiding, which improves the high efficiency of medical data sharing. The dynamic accumulator technologyis utilized to enable data owners to flexibly authorize or revoke the access rights of data visitors to the datato achieve controllability of the data. Meanwhile, the data is re-encrypted by Intel Software Guard Extensions(SGX) technology to realize resistance to offline dictionary guessing attacks. In addition, blockchain technology isutilized to achieve credible accountability for abnormal behaviors in the sharing process. The experiments reflectthe obvious advantages of the scheme in terms of encryption and decryption computation overhead and storageoverhead, and theoretically prove the security and controllability in the sharing process, providing a feasible solutionfor the safe and efficient sharing of EMR.展开更多
Traditional Internet protocol networks cannot provide the service of selecting a secure path to transmit various types of data with specific security constraints.First,to solve the“secure path transmission”problem,t...Traditional Internet protocol networks cannot provide the service of selecting a secure path to transmit various types of data with specific security constraints.First,to solve the“secure path transmission”problem,this paper first proposes a search-transmit model for secure network path transmission,i.e.,to find a multi-attribute optimized path that meets the specific security requirements in the search phase,and then transmit the packets along the optimized path in the transmission phase.Second,we propose a solution to the search-transmit model.The idea of the solution is to use the particle swarm optimization algorithm to search for a secure path that meets the multi-attribute requirements and then set the source route on the router to control the packet transmission.Finally,a prototype system based on network function virtualization is developed to evaluate the feasibility and performance of the proposed solution.Experimental results show that the proposed solution outperforms existing algorithms in terms of performance.展开更多
Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It i...Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It is a perfect combination of attribute-based encryption(ABE)and public key encryption with keyword search(PEKS).Nevertheless,most of the existing ABEKS schemes have limited search capabilities and only support single or simple conjunctive keyword search.Due to the weak search capability and inaccurate search results,it is difficult to apply these schemes to practical applications.In this paper,an effi-cient expressive ABEKS(EABEKS)scheme supporting unbounded keyword uni-verse over prime-order groups is designed,which supplies the expressive keyword search function supporting the logical connectives of“AND”and“OR”.The proposed scheme not only leads to low computation and communica-tion costs,but also supports unbounded keyword universe.In the standard model,the scheme is proven to be secure under the chosen keyword attack and the cho-sen plaintext attack.The comparison analysis and experimental results show that it has better performance than the existing EABEKS schemes in the storage,com-putation and communication costs.展开更多
基金the Natural Science Foundation of Hebei Province under Grant Number F2021201052.
文摘Electronic medical records (EMR) facilitate the sharing of medical data, but existing sharing schemes suffer fromprivacy leakage and inefficiency. This article proposes a lightweight, searchable, and controllable EMR sharingscheme, which employs a large attribute domain and a linear secret sharing structure (LSSS), the computationaloverhead of encryption and decryption reaches a lightweight constant level, and supports keyword search andpolicy hiding, which improves the high efficiency of medical data sharing. The dynamic accumulator technologyis utilized to enable data owners to flexibly authorize or revoke the access rights of data visitors to the datato achieve controllability of the data. Meanwhile, the data is re-encrypted by Intel Software Guard Extensions(SGX) technology to realize resistance to offline dictionary guessing attacks. In addition, blockchain technology isutilized to achieve credible accountability for abnormal behaviors in the sharing process. The experiments reflectthe obvious advantages of the scheme in terms of encryption and decryption computation overhead and storageoverhead, and theoretically prove the security and controllability in the sharing process, providing a feasible solutionfor the safe and efficient sharing of EMR.
基金supported by the National Natural Science Foundation of China(No.61772271).
文摘Traditional Internet protocol networks cannot provide the service of selecting a secure path to transmit various types of data with specific security constraints.First,to solve the“secure path transmission”problem,this paper first proposes a search-transmit model for secure network path transmission,i.e.,to find a multi-attribute optimized path that meets the specific security requirements in the search phase,and then transmit the packets along the optimized path in the transmission phase.Second,we propose a solution to the search-transmit model.The idea of the solution is to use the particle swarm optimization algorithm to search for a secure path that meets the multi-attribute requirements and then set the source route on the router to control the packet transmission.Finally,a prototype system based on network function virtualization is developed to evaluate the feasibility and performance of the proposed solution.Experimental results show that the proposed solution outperforms existing algorithms in terms of performance.
基金supported in part by the National Natural Science Foundation of China under Grant No.61772009the Natural Science Foundation of Jiangsu Province under Grant No.BK20181304.
文摘Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It is a perfect combination of attribute-based encryption(ABE)and public key encryption with keyword search(PEKS).Nevertheless,most of the existing ABEKS schemes have limited search capabilities and only support single or simple conjunctive keyword search.Due to the weak search capability and inaccurate search results,it is difficult to apply these schemes to practical applications.In this paper,an effi-cient expressive ABEKS(EABEKS)scheme supporting unbounded keyword uni-verse over prime-order groups is designed,which supplies the expressive keyword search function supporting the logical connectives of“AND”and“OR”.The proposed scheme not only leads to low computation and communica-tion costs,but also supports unbounded keyword universe.In the standard model,the scheme is proven to be secure under the chosen keyword attack and the cho-sen plaintext attack.The comparison analysis and experimental results show that it has better performance than the existing EABEKS schemes in the storage,com-putation and communication costs.
