Research On Medical Data Security Access And Sharing Mechanism In Cloud Storage

With the rapid development of cloud computing,cloud storage owing the characters of efficiency and flexibility is widely used in the field of medical data sharing.Medical data contains sensitive personal information.Therefore,its security and privacy preservation issues are critical.And encryption technology is widely used in cloud storage for the medical data security access and sharing mechanism.In the medical cloud storage system,only the authorized users can access and share the corresponding medical data.Due to the large amount of users and different access requirements of different users,the fine-grained control access to users is required.In addition,cloud server is semi-trusted,which increases the risk of data leakage in ciphertext conversion.In order to ensure that users can efficiently obtain professional medical data from massive information,it is necessary to design a secure and efficient medical data access control and sharing scheme in the medical cloud storage system.Based on multi-authority attribute based encryption(MA-ABE)and proxy re-encryption(PRE),this thesis proposes a multi-authority attribute based proxy re-encryption scheme,named NE-MA-CP-ABPRE.According to NE-MA-CP-ABPRE,a healthcare data security access control and sharing scheme in the medical cloud storage system is designed.The main work is as follows:Firstly,this thesis analyzes the current research status of medical data security access and sharing mechanism in cloud storage.By summarizing the characteristics of the existing schemes,this thesis finds that most of the existing attribute based encryption schemes are characterized by single authority.To maintain all of the attributes in the system,the single authority has large amount of computation.And once the single authority is compromised,the system will not work.In order to solve this problem,a NE-MA-CP-ABPRE scheme based on MA-ABE and PRE technology is designed.Combining the symmetric encryption algorithm and the attribute based encryption algorithm,the final ciphertext is generated,which guarantees the efficiency and security of data sharing.Meanwhile,the proposed scheme utilizes the online/offline mechanism and the decryption outsourcing technology to reduce the amount of online computing implemented by users.And using PRE technology allows the cloud server to undertake ciphertext conversion among users,which greatly reduces the users' computing overhead.Secondly,this thesis gives the formal definition,security model and performance analysis of NE-MA-CP-ABPRE.To prevent collusion attack,it enables different users to hold different attribute private keys by embedding a unique identifier in the user's attribute.According to the security analysis under the static security model,NE-MA-CP-ABPRE is proved to satisfy the confidentiality of the data.Then,this thesis analyzes the performance of the scheme in computational overhead and storage overhead.The results show the scheme achieves finer-grained access control and has higher efficiency than several existing schemes.Finally,based on the NE-MA-CP-ABPRE,a cloud-based medical data security access and sharing scheme(CBMDSAS)is designed.It supports large universe and attribute revocation,and can preserve the privacy of users in the medical cloud storage system.In this scheme,the cloud server is responsible for managing the attribute key,and uses the attribute key to complete the pre-decryption of the ciphertext,which can reduce the computational overhead of users.And this thesis proves the correctness and security of CBMDSAS.Moreover,compared with the existing schemes in features and efficiency,CBMDSAS is more comprehensive and efficient.