| 支持条件身份匿名的云存储医疗数据轻量级完整性验证方案 |
| |
| 引用本文: | 张晓均,王鑫,廖文才,赵芥,付兴兵.支持条件身份匿名的云存储医疗数据轻量级完整性验证方案[J].电子与信息学报,2022,44(12):4348-4356. |
| |
| 作者姓名: | 张晓均 王鑫 廖文才 赵芥 付兴兵 |
| |
| 作者单位: | 1.西南石油大学计算机科学学院网络空间安全研究中心 成都 6105002.宜宾学院理学部 宜宾 6440003.杭州电子科技大学网络空间安全学院 杭州 310018 |
| |
| 基金项目: | 国家自然科学基金(61902327),中国博士后科学基金(2020M681316),浙江省自然科学基金(LY19F020045),成都市科技局项目(2021-YF05-00965-SN),西南石油大学研究生教研教改项目(JY20ZD06) |
| |
| 摘 要: | 医疗云存储服务是云计算技术的一个重要应用,同时外包医疗数据的完整性和用户的身份隐私保护已变得越来越重要。该文提出适用于无线医疗传感器网络的支持条件身份匿名的外包云存储医疗数据轻量级完整性验证方案。方案结合同态哈希函数设计了聚合签名,通过第三方审计者(TPA)对外包云存储医疗数据进行完整性验证,在TPA端存放审计辅助信息,利用同态哈希函数的同态性质将TPA端的计算优化为常量运算,大大降低了第三方审计者的计算开销,同时支持TPA对多个数据文件执行批量验证,其验证开销几乎是恒定的,与医疗数据文件的数量无关。方案有效防止了第三方审计者通过求解线性方程恢复原始医疗数据,并且设计了条件身份匿名算法,密钥生成中心(PKG)根据用户唯一标识的身份信息为用户生成匿名身份及对应的签名私钥。即使攻击者截获到用户传输的医疗数据,也无法获知拥有此数据的真实身份,有效避免了对公钥证书的复杂管理,同时使得密钥生成中心可以有效追踪医疗信息系统中具有恶意行为的用户。安全性分析与性能评估结果表明该方案能够安全高效地部署在云辅助无线医疗传感器网络。
|
| 关 键 词: | 无线医疗传感器网络 云存储 聚合签名 完整性验证 条件身份匿名 |
| 收稿时间: | 2021-09-13 |
Lightweight Integrity Verification Scheme for Outsourced Medical Data in Cloud Storage Supporting Conditional Identity Anonymity |
| |
| ZHANG Xiaojun,WANG Xin,LIAO Wencai,ZHAO Jie,FU Xingbing.Lightweight Integrity Verification Scheme for Outsourced Medical Data in Cloud Storage Supporting Conditional Identity Anonymity[J].Journal of Electronics & Information Technology,2022,44(12):4348-4356. |
| |
| Authors: | ZHANG Xiaojun WANG Xin LIAO Wencai ZHAO Jie FU Xingbing |
| |
| Affiliation: | 1.School of Computer Science, Research Center for Cyber Security, Southwest Petroleum University, Chengdu 610500, China2.Faculty of Science, Yibin University, Yibin 644000, China3.School of Cyberspace, Hangzhou Dianzi University, Hangzhou 310018, China |
| |
| Abstract: | Medical cloud storage service is one of the most significant applications in cloud computing. Simultaneously, the integrity of outsourced medical data and users’ identity privacy-preservation have been more and more important. To this end, an outsourced cloud storage medical data lightweight integrity verification scheme is proposed for wireless medical sensor networks, supporting conditional identity anonymity. The scheme combines the homomorphic hash function to design an aggregated signature to enable a Third Party Auditor (TPA) to check the integrity of outsourced medical data effectively. The scheme stores auditing auxiliary information on TPA side and uses the homomorphic property of the homomorphic hash function to optimize the calculations on TPA side to a constant, which reduces greatly the computational costs of TPA. The scheme enables TPA to perform batch verification on multiple data files, and the verification costs are nearly constant, independent of the number of data files. In addition, this scheme prevents effectively TPA from recovering the original medical data by solving the linear equations, and a conditional identity anonymous algorithm is designed, thus the Private Key Generator (PKG) could generate the anonymous identity of a user and corresponding singing key. Even if the attacker intercepts the medical data transmitted by the user, it can not know the real identity of the data. In addition, the complex certificates management is efficiently avoided, and PKG could also trace and revoke the real identities of misbehaved users efficiently. The security analysis and performance evaluation demonstrate that this scheme could be securely and efficiently deployed in wireless medical sensor networks. |
| |
| Keywords: | |
|
| 点击此处可从《电子与信息学报》浏览原始摘要信息 |
|
点击此处可从《电子与信息学报》下载全文 |
|
