面向云的个人健康档案动态访问权限管理研究

项目名称： 面向云的个人健康档案动态访问权限管理研究

项目编号： No.61502248

项目类型： 青年科学基金项目

立项/批准年度： 2016

项目学科： 自动化技术、计算机技术

项目作者： 李琦

作者单位： 南京邮电大学

项目金额： 22万元

中文摘要： 针对云环境下个人健康档案（PHR）共享动态性强、海量用户与PHR并存以及PHR所有权与管理权分离等特点，围绕面向云的PHR动态访问权限管理问题，结合基于属性的加密等密码学手段，重点研究云环境下PHR访问权限动态授予与更新和恶意用户追踪与撤销的关键技术与方法。首先，研究可扩展的细粒度访问权限授予方案的形式化模型、安全模型以及设计方法，在动态场景下确保PHR拥有者可自定义与更新访问策略以及应急授权；其次，基于群组密钥管理模式和即时属性撤销技术，研究用户访问权限动态更新技术，实现PHR的前向/后向安全性与更新效率的平衡；最后，系统研究多授权机构并存场景下高效的恶意用户追踪方法与可外包的用户撤销方法，以实现在海量用户中准确高效追踪恶意用户并及时撤销其全部访问权限。本项目的研究成果将为构建云环境下PHR动态安全共享与隐私保护机制，促进PHR的安全有效利用提供重要的理论基础与技术支持。

中文关键词： 密文访问控制；隐私保护；基于属性的加密；个人健康档案；云计算

英文摘要： Aiming at the features of high dynamic Personal Health Record (PHR) exchange, the large scale of user universe and vast PHR data, and the separation of PHR ownership and management, the project emphasis is on the key technologies and approaches of dynamically granting, updating the access privilege and tracing or revoking of the malicious users under cloud environment. The project revolves PHR dynamic access right management problem through attribute-based encryption algorithms etc. Firstly, we study the formal definition, the security model and the design method of the scalable fine-grained access privilege grant scheme, which enables the PHR owner to define and update the access policy and grant the emergency access permission in dynamic environments. Secondly, we study dynamically update of user’s access right to balance the PHR’s forward and backward security and updating overhead, which based on the group key management model and the real-time attribute revocation technology. Lastly, we systematically study the efficient method of tracing the malicious users and the outsourced user revocation approach, so as to trace the malicious user accurately and efficiently among large number of users and revoke the whole access privileges immediately. Research of project would provide important theoretical basis and technical support to establish the dynamic secure PHR exchange and privacy preserving system in the cloud and advance PHR utilization safely and effectively.

英文关键词： Ciphertext access control;Privacy preservation;Attribute-based encryption;Personal health record;Cloud computing