Shi Yang, Fan Hongfei, Xiong Guoyue
School of Software Engineering, Tongji University, Shanghai, China.
School of Economics and Management, Tongji University, Shanghai, China.
Technol Health Care. 2015;23 Suppl 1:S139-45. doi: 10.3233/thc-150946.
With the rapid development of cloud computing techniques, it is attractive for personal health record (PHR) service providers to deploy their PHR applications and store the personal health data in the cloud. However, there could be a serious privacy leakage if the cloud-based system is intruded by attackers, which makes it necessary for the PHR service provider to encrypt all patients' health data on cloud servers.
Existing techniques are insufficiently secure under circumstances where advanced threats are considered, or being inefficient when many recipients are involved. Therefore, the objectives of our solution are (1) providing a secure implementation of re-encryption in white-box attack contexts and (2) assuring the efficiency of the implementation even in multi-recipient cases.
We designed the multi-recipient re-encryption functionality by randomness-reusing and protecting the implementation by obfuscation.
The proposed solution is secure even in white-box attack contexts. Furthermore, a comparison with other related work shows that the computational cost of the proposed solution is lower.
The proposed technique can serve as a building block for supporting secure, efficient and privacy-preserving personal health record service systems.
随着云计算技术的快速发展,个人健康记录(PHR)服务提供商将其PHR应用程序部署在云端并存储个人健康数据很有吸引力。然而,如果基于云的系统遭到攻击者入侵,可能会导致严重的隐私泄露,这使得PHR服务提供商有必要在云服务器上对所有患者的健康数据进行加密。
现有技术在考虑高级威胁的情况下安全性不足,或者在涉及多个接收方时效率低下。因此,我们解决方案的目标是:(1)在白盒攻击环境中提供安全的重新加密实现;(2)即使在多接收方情况下也确保实现的效率。
我们通过随机数重用设计了多接收方重新加密功能,并通过混淆来保护实现。
所提出的解决方案即使在白盒攻击环境中也是安全的。此外,与其他相关工作的比较表明,所提出解决方案的计算成本更低。
所提出的技术可以作为支持安全、高效和保护隐私的个人健康记录服务系统的一个构建模块。
