{"title":"基于区块链的可信外包和抗合谋撤销的基于属性的访问控制","authors":"Zhaoqian Zhang, Di Wu, Shang Gao","doi":"10.1002/cpe.70105","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>The maturity of cloud computing and the Internet of Things (IoT) has greatly facilitated the growth of the healthcare industry. Nowadays, Personal Health Records (PHRs) collected by the Internet of Medical Things (IoMT) are shared with healthcare institutions through the public cloud. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can protect PHRs' confidentiality while promoting sharing efficiency. However, current schemes suffer from high computation overhead and data leakage caused by privilege revocation. This paper proposes a CP-ABE scheme with credible outsourcing and collusion-resistant revocation based on blockchain for IoMT. Most encryption and decryption operations are outsourced to the cloud server, and the outsourced computation correctness is verified by the blockchain credibly. The user needs to perform only two exponential operations in encryption and one exponential operation in decryption. Furthermore, we no longer use the cloud server to update the ciphertext in privilege revocation to avoid data leakage. Meanwhile, we add a ciphertext private key <span></span><math>\n <semantics>\n <mrow>\n <mi>S</mi>\n <msub>\n <mrow>\n <mi>K</mi>\n </mrow>\n <mrow>\n <mi>c</mi>\n <mi>t</mi>\n </mrow>\n </msub>\n </mrow>\n <annotation>$$ S{K}_{ct} $$</annotation>\n </semantics></math> bound to the ciphertext to perform decryption together with the attribute private key. Only users whose attributes satisfy the policy can obtain <span></span><math>\n <semantics>\n <mrow>\n <mi>S</mi>\n <msub>\n <mrow>\n <mi>K</mi>\n </mrow>\n <mrow>\n <mi>c</mi>\n <mi>t</mi>\n </mrow>\n </msub>\n </mrow>\n <annotation>$$ S{K}_{ct} $$</annotation>\n </semantics></math>, and the smart contract credibly verifies this process. The revoked user cannot decrypt the ciphertext due to the lack of <span></span><math>\n <semantics>\n <mrow>\n <mi>S</mi>\n <msub>\n <mrow>\n <mi>K</mi>\n </mrow>\n <mrow>\n <mi>c</mi>\n <mi>t</mi>\n </mrow>\n </msub>\n </mrow>\n <annotation>$$ S{K}_{ct} $$</annotation>\n </semantics></math>. We performed a rigorous security analysis of our scheme, encompassing confidentiality, collusion resistance, revocability, and blockchain, which collectively validate the robustness and security of our approach. What is more, we benchmarked our scheme against state-of-the-art approaches in terms of storage, communication, and computation. The results demonstrate that our scheme maintains competitive performance across all metrics.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"37 12-14","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Attribute-Based Access Control With Credible Outsourcing and Collusion-Resistant Revocation Based on Blockchain for Iomt\",\"authors\":\"Zhaoqian Zhang, Di Wu, Shang Gao\",\"doi\":\"10.1002/cpe.70105\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>\\n \\n <p>The maturity of cloud computing and the Internet of Things (IoT) has greatly facilitated the growth of the healthcare industry. Nowadays, Personal Health Records (PHRs) collected by the Internet of Medical Things (IoMT) are shared with healthcare institutions through the public cloud. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can protect PHRs' confidentiality while promoting sharing efficiency. However, current schemes suffer from high computation overhead and data leakage caused by privilege revocation. This paper proposes a CP-ABE scheme with credible outsourcing and collusion-resistant revocation based on blockchain for IoMT. Most encryption and decryption operations are outsourced to the cloud server, and the outsourced computation correctness is verified by the blockchain credibly. The user needs to perform only two exponential operations in encryption and one exponential operation in decryption. Furthermore, we no longer use the cloud server to update the ciphertext in privilege revocation to avoid data leakage. Meanwhile, we add a ciphertext private key <span></span><math>\\n <semantics>\\n <mrow>\\n <mi>S</mi>\\n <msub>\\n <mrow>\\n <mi>K</mi>\\n </mrow>\\n <mrow>\\n <mi>c</mi>\\n <mi>t</mi>\\n </mrow>\\n </msub>\\n </mrow>\\n <annotation>$$ S{K}_{ct} $$</annotation>\\n </semantics></math> bound to the ciphertext to perform decryption together with the attribute private key. Only users whose attributes satisfy the policy can obtain <span></span><math>\\n <semantics>\\n <mrow>\\n <mi>S</mi>\\n <msub>\\n <mrow>\\n <mi>K</mi>\\n </mrow>\\n <mrow>\\n <mi>c</mi>\\n <mi>t</mi>\\n </mrow>\\n </msub>\\n </mrow>\\n <annotation>$$ S{K}_{ct} $$</annotation>\\n </semantics></math>, and the smart contract credibly verifies this process. The revoked user cannot decrypt the ciphertext due to the lack of <span></span><math>\\n <semantics>\\n <mrow>\\n <mi>S</mi>\\n <msub>\\n <mrow>\\n <mi>K</mi>\\n </mrow>\\n <mrow>\\n <mi>c</mi>\\n <mi>t</mi>\\n </mrow>\\n </msub>\\n </mrow>\\n <annotation>$$ S{K}_{ct} $$</annotation>\\n </semantics></math>. We performed a rigorous security analysis of our scheme, encompassing confidentiality, collusion resistance, revocability, and blockchain, which collectively validate the robustness and security of our approach. What is more, we benchmarked our scheme against state-of-the-art approaches in terms of storage, communication, and computation. The results demonstrate that our scheme maintains competitive performance across all metrics.</p>\\n </div>\",\"PeriodicalId\":55214,\"journal\":{\"name\":\"Concurrency and Computation-Practice & Experience\",\"volume\":\"37 12-14\",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2025-04-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Concurrency and Computation-Practice & Experience\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70105\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70105","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0
摘要
云计算和物联网(IoT)的成熟极大地促进了医疗保健行业的发展。如今,医疗物联网(IoMT)收集的个人健康记录(PHRs)通过公共云与医疗机构共享。密码策略属性加密(cipher - policy attribution - based Encryption, CP-ABE)在提高共享效率的同时保护了PHRs的机密性。但是,目前的方案存在计算开销大、特权撤销导致数据泄露等问题。提出了一种基于区块链的可信外包和抗合谋撤销的icp - abe方案。大部分加解密操作都外包给云服务器,外包计算的正确性由区块链可靠地验证。用户在加密时只需要执行两次指数运算,解密时只需要执行一次指数运算。此外,我们不再使用云服务器来更新特权撤销中的密文,以避免数据泄露。同时,我们将一个密文私钥S K c t $$ S{K}_{ct} $$与属性私钥绑定在密文上进行解密。只有属性满足策略的用户才能获得S K ct $$ S{K}_{ct} $$,智能合约可信地验证了这一过程。被撤销的用户无法解密密文,因为缺少S K c t $$ S{K}_{ct} $$。我们对我们的方案进行了严格的安全性分析,包括机密性、抗串通性、可撤销性和区块链,这些都验证了我们方法的鲁棒性和安全性。更重要的是,我们在存储、通信和计算方面对我们的方案进行了基准测试。结果表明,我们的方案在所有指标上都保持了竞争力。
Attribute-Based Access Control With Credible Outsourcing and Collusion-Resistant Revocation Based on Blockchain for Iomt
The maturity of cloud computing and the Internet of Things (IoT) has greatly facilitated the growth of the healthcare industry. Nowadays, Personal Health Records (PHRs) collected by the Internet of Medical Things (IoMT) are shared with healthcare institutions through the public cloud. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can protect PHRs' confidentiality while promoting sharing efficiency. However, current schemes suffer from high computation overhead and data leakage caused by privilege revocation. This paper proposes a CP-ABE scheme with credible outsourcing and collusion-resistant revocation based on blockchain for IoMT. Most encryption and decryption operations are outsourced to the cloud server, and the outsourced computation correctness is verified by the blockchain credibly. The user needs to perform only two exponential operations in encryption and one exponential operation in decryption. Furthermore, we no longer use the cloud server to update the ciphertext in privilege revocation to avoid data leakage. Meanwhile, we add a ciphertext private key bound to the ciphertext to perform decryption together with the attribute private key. Only users whose attributes satisfy the policy can obtain , and the smart contract credibly verifies this process. The revoked user cannot decrypt the ciphertext due to the lack of . We performed a rigorous security analysis of our scheme, encompassing confidentiality, collusion resistance, revocability, and blockchain, which collectively validate the robustness and security of our approach. What is more, we benchmarked our scheme against state-of-the-art approaches in terms of storage, communication, and computation. The results demonstrate that our scheme maintains competitive performance across all metrics.
期刊介绍:
Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of:
Parallel and distributed computing;
High-performance computing;
Computational and data science;
Artificial intelligence and machine learning;
Big data applications, algorithms, and systems;
Network science;
Ontologies and semantics;
Security and privacy;
Cloud/edge/fog computing;
Green computing; and
Quantum computing.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
