使用可验证的外包解密和加密反向防火墙保护医疗数据共享

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-04-07 DOI:10.1016/j.jisa.2025.104050

Xin Liu , Hao Wang , Bo Zhang , Yongjun Zhang , Bin Zhang

{"title":"使用可验证的外包解密和加密反向防火墙保护医疗数据共享","authors":"Xin Liu , Hao Wang , Bo Zhang , Yongjun Zhang , Bin Zhang","doi":"10.1016/j.jisa.2025.104050","DOIUrl":null,"url":null,"abstract":"<div><div>In the current era of smart healthcare, patients’ electronic health records (EHR) are typically stored in the cloud. However, healthcare institutions require a patient-centric access control mechanism to securely share EHR and prevent information leaks. While attribute-based encryption (ABE) holds potential for EHR access control, it often faces risks such as single-point failures and lacks verifiability for outsourced decryption. Backdoor programs can also compromise system security, threatening patient privacy. To address these challenges, we extended Lewko et al.’s multi-authority ABE scheme to create an online/offline ciphertext policy attribute-based key encapsulation mechanism with verifiable outsourced decryption and cryptographic reverse firewalls (OO-CP-AB-KEM-OD-CRF). Building on this mechanism, we developed a multi-authority EHR access control system to prevent the exfiltration of sensitive information. Compared with similar schemes, the OO-CP-AB-KEM-OD-CRF scheme supports user authentication and verifiable outsourced decryption, providing resilience against insider threats. Both theoretical evaluation and empirical testing indicate that our scheme surpasses similar ones in functionality and security while maintaining comparable performance despite the additional security features.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104050"},"PeriodicalIF":3.8000,"publicationDate":"2025-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Secure medical data sharing with verifiable outsourced decryption and cryptographic reverse firewalls\",\"authors\":\"Xin Liu , Hao Wang , Bo Zhang , Yongjun Zhang , Bin Zhang\",\"doi\":\"10.1016/j.jisa.2025.104050\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>In the current era of smart healthcare, patients’ electronic health records (EHR) are typically stored in the cloud. However, healthcare institutions require a patient-centric access control mechanism to securely share EHR and prevent information leaks. While attribute-based encryption (ABE) holds potential for EHR access control, it often faces risks such as single-point failures and lacks verifiability for outsourced decryption. Backdoor programs can also compromise system security, threatening patient privacy. To address these challenges, we extended Lewko et al.’s multi-authority ABE scheme to create an online/offline ciphertext policy attribute-based key encapsulation mechanism with verifiable outsourced decryption and cryptographic reverse firewalls (OO-CP-AB-KEM-OD-CRF). Building on this mechanism, we developed a multi-authority EHR access control system to prevent the exfiltration of sensitive information. Compared with similar schemes, the OO-CP-AB-KEM-OD-CRF scheme supports user authentication and verifiable outsourced decryption, providing resilience against insider threats. Both theoretical evaluation and empirical testing indicate that our scheme surpasses similar ones in functionality and security while maintaining comparable performance despite the additional security features.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"90 \",\"pages\":\"Article 104050\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2025-04-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212625000870\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625000870","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

在当前的智能医疗时代，患者的电子健康记录（EHR）通常存储在云中。然而，医疗机构需要一种以患者为中心的访问控制机制，以安全地共享电子健康记录并防止信息泄露。虽然基于属性的加密（ABE）在电子病历访问控制方面具有潜力，但它往往面临单点故障等风险，并且缺乏外包解密的可验证性。后门程序也会破坏系统安全，威胁患者隐私。为了应对这些挑战，我们扩展了 Lewko 等人的多授权 ABE 方案，创建了一种基于密钥封装机制的在线/离线密文策略属性，该机制具有可验证的外包解密和加密反向防火墙（OO-CP-AB-KEM-OD-CRF）。在这一机制的基础上，我们开发了一个多授权电子病历访问控制系统，以防止敏感信息外泄。与类似方案相比，OO-CP-AB-KEM-OD-CRF 方案支持用户身份验证和可验证的外包解密，提供了抵御内部威胁的能力。理论评估和实证测试表明，我们的方案在功能和安全性上都超越了同类方案，尽管增加了安全功能，但仍能保持相当的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Secure medical data sharing with verifiable outsourced decryption and cryptographic reverse firewalls

In the current era of smart healthcare, patients’ electronic health records (EHR) are typically stored in the cloud. However, healthcare institutions require a patient-centric access control mechanism to securely share EHR and prevent information leaks. While attribute-based encryption (ABE) holds potential for EHR access control, it often faces risks such as single-point failures and lacks verifiability for outsourced decryption. Backdoor programs can also compromise system security, threatening patient privacy. To address these challenges, we extended Lewko et al.’s multi-authority ABE scheme to create an online/offline ciphertext policy attribute-based key encapsulation mechanism with verifiable outsourced decryption and cryptographic reverse firewalls (OO-CP-AB-KEM-OD-CRF). Building on this mechanism, we developed a multi-authority EHR access control system to prevent the exfiltration of sensitive information. Compared with similar schemes, the OO-CP-AB-KEM-OD-CRF scheme supports user authentication and verifiable outsourced decryption, providing resilience against insider threats. Both theoretical evaluation and empirical testing indicate that our scheme surpasses similar ones in functionality and security while maintaining comparable performance despite the additional security features.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.