Research On Secure Access And Privacypreserving Mechanism In Healthcare Cloud

In recent years,cloud is becoming an important platform for storing a large amount of data,which is cost-effective and easy to use by people around the world.With the continuous development of cloud computing,the construction of healthcare cloud system is becoming increasingly perfect.Healthcare cloud can not only improve the utilization of existing medical resources,but also bring convenience to users.But at the same time,the healthcare cloud system usually involves the personal privacy of users,such as physical conditions and medical records.In addition,when users log in the healthcare cloud system to access medical services,their personal information is exposed to the system.And it is still a challenge on how to protect the identity privacy of users while authenticating their identity.Therefore,it is necessary to take reasonable technologies and effective measures to reduce the security risks in healthcare cloud system.Attribute-Based Signature(ABS)can not only protect users’ confidentiality,but also divide users’ identity characteristics in a fine-grained way,which has attracted the attention of many scholars.In addition,ABS is very suitable for anonymous identity authentication and privacy access control,providing strong support for protecting users’ privacy.This thesis first proposes a lightweight multi-authority ABS scheme and designs an anonymous authentication protocol to protect privacy.The main contributions are as follows:Firstly,the existing multi-authority ABS schemes often have large computational cost in the signing and verification phases,which is not conducive to the access of healthcare cloud system by mobile devices with limited resources.To address this problem,a lightweight and privacy-preserving medical services access scheme,named LPP-MSA,is proposed.By using online/offline signing and server-aided verification mechanisms,the computational overhead of users is greatly reduced.In addition,LPP-MSA is proved to be unforgeable and anonymous under the random oracle model,and can resist collision attack.The comparisons with several related schemes show that LPP-MSA is more efficient in both the signing and verification phases.So,it can be well applied to scenarios where users access the healthcare services via energy-constrained mobile devices.Secondly,in view of typical application scenarios in the medical cloud system,this thesis describes the overall architecture of the cloud-based telemedicine information system,and illustrates the security challenges related to user identity authentication,access control and trust management.Besides,this thesis analyzes the main security threats that may be faced in the healthcare cloud system in detail,such as impersonation attack,modification,identity privacy disclosure,eavesdropping and interference,man-in-the-middle attack,replay attack,etc.,and further gives the corresponding security requirements of each threat.Finally,based on LPP-MSA,an anonymous authentication protocol with privacy protection is designed and applied to the telemedicine system in combination with the security threats faced by the healthcare cloud system and the security requirements of application scenarios.The protocol uses attribute set instead of authenticator’s identity,and medical service provider can provide medical service without knowing specific identity information of the authenticator,thus realizing anonymity.Meanwhile,this protocol can also resist replay attack,collusion attack and man-in-the-middle attack.In addition,this thesis analyzes the performance of the protocol in Linux system and compares it with several attribute-based authentication protocols.The results show that the proposed protocol not only satisfies many security features,but also has high computational efficiency.