Fine-Grained Data Sharing Scheme Based on Revocable Proxy Re-encryption

doi:10.3778/j.issn.1673-9418.2408096

Abstract

Abstract: The Internet of medical things (IoMT) is the interconnection of medical sensors and networks on the basis of existing IoT architecture to accomplish the real-time collection and processing of patient's physical services. IoMT can not only significantly enhance the quality of healthcare services but also reduce the management costs of the medical industry. However, when patient medical data are outsourced and stored in the cloud, there are security threats such as patient privacy breaches and unauthorized malicious access to medical systems. To address these concerns, this paper proposes a revocable attribute-based proxy re-encryption scheme that supports policy hiding. Patients encrypt their medical data and upload them to the interplanetary file system, while hiding attribute values in access policies during attribute encryption, effectively preventing the leakage of sensitive patient information and enabling fine-grained secure sharing of medical data. Additionally, complex computation for verifiable outsourcing is achieved through proxy re-encryption technology. Furthermore, revocation of malicious users is accomplished by embedding a chameleon hash function into user private key generation and employing new random factors for key updates. Finally, under the standard model, it is proven that the scheme satisfies specific access structures and achieves indistinguishability under chosen plaintext attacks. Compared with current schemes, experimental simulations demonstrate that this scheme exhibits higher execution efficiency in the encryption/decryption phase, revocation phase, and file download phase.

Key words: proxy re-encryption, chameleon hash function, revocation, policy hiding, Internet of medical things

摘要： 医疗物联网（IoMT）是在现有的物联网架构基础上将医疗传感器与网络互联互通，完成对患者体征数据的实时收集与处理。IoMT不仅可以大幅度提升医疗服务的质量，而且还可以降低医疗产业的管理成本。然而，当患者医疗数据外包存储在云端时，存在患者隐私泄露、医疗系统未授权的恶意访问等安全威胁。针对上述问题，提出了一种支持策略隐藏的可撤销属性代理重加密方案。其中，患者对医疗数据加密后上传到星际文件系统，并对属性加密中访问策略的属性值进行隐藏，有效防止患者敏感信息的泄露，实现医疗数据细粒度的安全共享。同时，借助代理重加密技术完成对复杂计算的可验证外包处理。此外，将变色龙哈希函数嵌入用户私钥生成，采用新的随机因子实现密钥的更新，完成对恶意用户的撤销。在标准模型中证明了方案满足特定访问结构和选择明文攻击下的不可区分性。并通过实验仿真，与现有方案相比，该方案在加/解密阶段、撤销阶段以及文件下载阶段具有更高的执行效率。

关键词: 代理重加密, 变色龙哈希函数, 可撤销, 策略隐藏, 医疗物联网

YAN Yongbo, GUO Rui, ZHENG Dong, WANG Yuxin, MA Ruiyang, LIU Guangjun. Fine-Grained Data Sharing Scheme Based on Revocable Proxy Re-encryption[J]. Journal of Frontiers of Computer Science and Technology, 2025, 19(7): 1945-1957.

闫永勃, 郭瑞, 郑东, 王雨鑫, 马瑞阳, 刘光军. 基于可撤销代理重加密的细粒度数据共享方案[J]. 计算机科学与探索, 2025, 19(7): 1945-1957.

References

[1] 万振, 邱丹, 刘元喆, 等. 国内医疗物联网技术发展及应用现状[J]. 医疗卫生装备, 2020, 41(11): 82-86.
WAN Z, QIU D, LIU Y Z, et al. Development and application status of medical IoT technology in China[J]. Chinese Medical Equipment Journal, 2020, 41(11): 82-86.
[2] HIRECHE R, MANSOURI H, PATHAN A K. Security and privacy management in Internet of medical things (IoMT): a synthesis[J]. Journal of Cybersecurity and Privacy, 2022, 2(3): 640-661.
[3] 李雪莲, 张夏川, 高军涛, 等. 支持属性和代理重加密的区块链数据共享方案[J]. 西安电子科技大学学报, 2022, 49(1): 1-16.
LI X L, ZHANG X C, GAO J T, et al. Blockchain data sharing scheme supporting attribute and proxy re-encryption[J]. Journal of Xidian University, 2022, 49(1): 1-16.
[4] 周艺华, 扈新宇, 李美奇, 等. 云环境下基于属性策略隐藏的可搜索加密方案[J]. 网络与信息安全学报, 2022, 8(2): 112-121.
ZHOU Y H, HU X Y, LI M Q, et al. Searchable encryption scheme based on attribute policy hiding in a cloud environment[J]. Chinese Journal of Network and Information Security, 2022, 8(2): 112-121.
[5] CUI H, DENG R H, LAI J Z, et al. An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures, revisited[J]. Computer Networks, 2018, 133: 157-165.
[6] YING Z B, JIANG W J, LIU X M, et al. Reliable policy updating under efficient policy hidden fine-grained access control framework for cloud data sharing[J]. IEEE Transactions on Services Computing, 2022, 15(6): 3485-3498.
[7] NISHIDE T, YONEYAMA K, OHTA K. Attribute-based encryption with partially hidden encryptor-specified access structures[C]//Proceedings of the 6th International Conference on Applied Cryptography and Network Security. Berlin, Heidelberg: Springer, 2008: 111-129.
[8] WATERS B. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization[C]//Proceedings of the 2011 International Workshop on Public Key Cryptography. Berlin, Heidelberg: Springer, 2011: 53-70.
[9] 杨耿, 郭瑞, 庄朝源, 等. 云中可动态更新的属性基代理重加密方案[J]. 信息安全学报, 2022, 7(3): 43-55.
YANG G, GUO R, ZHUANG C Y, et al. Dynamically updatable attribute based proxy re-encryption scheme in cloud[J]. Journal of Cyber Security, 2022, 7(3): 43-55.
[10] ATENIESE G, FU K, GREEN M, et al. Improved proxy re-encryption schemes with applications to secure distributed storage[J]. ACM Transactions on Information and System Security, 2006, 9(1): 1-30.
[11] AZBEG K, OUCHETTO O, JAI ANDALOUSSI S. Access control and privacy-preserving blockchain-based system for diseases management[J]. IEEE Transactions on Computational Social Systems, 2023, 10(4): 1515-1527.
[12] 冯朝胜, 罗王平, 秦志光, 等. 支持多种特性的基于属性代理重加密方案[J]. 通信学报, 2019, 40(6): 177-189.
FENG C S, LUO W P, QIN Z G, et al. Attribute-based proxy re-encryption scheme with multiple features[J]. Journal on Communications, 2019, 40(6): 177-189.
[13] LIANG X H, CAO Z F, LIN H, et al. Attribute based proxy re-encryption with delegating capabilities[C]//Proceedings of the 4th International Symposium on Information, Computer, and Communications Security. New York: ACM, 2009: 276-286.
[14] ZHAO J, ZHANG K, GONG J Q, et al. Lavida: large-universe, verifiable, and dynamic fine-grained access control for E-health cloud[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 2732-2745.
[15] 翟社平, 童彤, 白喜芳. 基于区块链的属性代理重加密数据共享方案[J]. 计算机工程与应用, 2023, 59(8): 270-279.
ZHAI S P, TONG T, BAI X F. Blockchain-based attribute proxy re-encryption data sharing scheme[J]. Computer Engineering and Applications, 2023, 59(8): 270-279.
[16] 刘尚, 郭银章. 云计算多授权中心CP-ABE代理重加密方案[J]. 网络与信息安全学报, 2022, 8(3): 176-188.
LIU S, GUO Y Z. Multi-authority based CP-ABE proxy re-encryption scheme for cloud computing[J]. Chinese Journal of Network and Information Security, 2022, 8(3): 176-188.
[17] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Advances in Cryptology-EUROCRYPT 2005: Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Heidelberg: Springer, 2005: 457-473.
[18] GE C P, SUSILO W, BAEK J, et al. A verifiable and fair attribute-based proxy re-encryption scheme for data sharing in clouds[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(5): 2907-2919.
[19] GE C P, SUSILO W, LIU Z, et al. Attribute-based proxy re-encryption with direct revocation mechanism for data sharing in clouds[C]//Proceedings of the 2023 ACM Turing Award Celebration Conference - China 2023. New York: ACM, 2023: 164-165.
[20] ZHANG C, ZHAO M Y, LIANG J W, et al. NANO: cryptographic enforcement of readability and editability governance in blockchain databases[J]. IEEE Transactions on Dependable and Secure Computing, 2024, 21(4): 3439-3452.
[21] TIAN Y G, LI N, LI Y J, et al. Policy-based chameleon hash for blockchain rewriting with black-box accountability[C]//Proceedings of the 2020 Annual Computer Security Applications Conference. New York: ACM, 2020: 813-828.
[22] WANG L Y, DING W X, YAN Z, et al. EDDAC: an efficient and decentralized data access control scheme with attribute privacy preservation[J]. IEEE Internet of Things Journal, 2024, 11(8): 14579-14592.
[23] CHEN X F, ZHANG F G, SUSILO W, et al. Identity-based chameleon hashing and signatures without key exposure[J]. Information Sciences, 2014, 265: 198-210.
[24] YU G S, ZHA X, WANG X, et al. Enabling attribute revocation for fine-grained access control in blockchain-IoT systems[J]. IEEE Transactions on Engineering Management, 2020, 67(4): 1213-1230.
[25] GUO R, YANG G, SHI H X, et al. O3-R-CP-ABE: an efficient and revocable attribute-based encryption scheme in the cloud-assisted IoMT system[J]. IEEE Internet of Things Journal, 2021, 8(11): 8949-8963.
[26] GE C P, SUSILO W, LIU Z, et al. Secure keyword search and data sharing mechanism for cloud computing[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(6): 2787-2800.