The LNM Institute of Information Technology, Jaipur, India.
J Med Syst. 2020 Mar 30;44(5):97. doi: 10.1007/s10916-020-01564-z.
The smart health medical system is expected to enhance the quality of health care services significantly. These system keeps patients related record and provides the services over the insecure public channel which may cause data security and privacy concerns in a smart health system. On the other hand, ciphertext attribute-based encryption(CP-ABE) provides possible encrypted data security. There are some security flaws in CP-ABE, where the existing access policies are in the cleartext form for accessing encrypted sensitive data. On the other hand, it supports the small attribute universe, which restricts the practical deployments of CP-ABE. Moreover, outsider adversary observed the communication, which also creates a serious threat to CP-ABE model. To overcome security and privacy risk, efficient access control have been designed and devolved for medical services. Although we also demonstrate the security analysis of Zhang et al.'s scheme, which is vulnerable to inefficient security proof and man in the middle attack. In the proposed scheme, we proposed an efficient and security preserve scheme to overcome the weaknesses of Zhang's et al.'s system. The protocol satisfies the attribute values of the medical user with hidden access policies. It has been proved under the standard model, which ensure the security of the protocol. Moreover, performance analysis comparison shows that the proposed scheme is more efficient than the existing one.
智能健康医疗系统有望显著提高医疗服务质量。这些系统保存患者相关记录,并通过不安全的公共渠道提供服务,这可能会在智能健康系统中引发数据安全和隐私问题。另一方面,密文属性基加密 (CP-ABE) 提供了可能的加密数据安全性。CP-ABE 存在一些安全缺陷,其中现有的访问策略以明文形式存在,用于访问加密的敏感数据。另一方面,它支持小属性宇宙,这限制了 CP-ABE 的实际部署。此外,外部攻击者观察到了通信,这也对 CP-ABE 模型构成了严重威胁。为了克服安全和隐私风险,已经为医疗服务设计和部署了高效的访问控制。尽管我们还展示了对 Zhang 等人方案的安全性分析,但该方案容易受到低效安全性证明和中间人攻击的影响。在提出的方案中,我们提出了一种高效且安全的方案来克服 Zhang 等人系统的弱点。该协议满足具有隐藏访问策略的医疗用户的属性值。它在标准模型下得到了证明,确保了协议的安全性。此外,性能分析比较表明,所提出的方案比现有方案更有效。