{"title":"Multiple time servers timed-release encryption based on Shamir secret sharing for EHR cloud system","authors":"Ke Yuan, Ziwei Cheng, Keyan Chen, Bozhen Wang, Junyang Sun, Sufang Zhou, Chunfu Jia","doi":"10.1186/s13677-024-00676-y","DOIUrl":null,"url":null,"abstract":"Electronic health record (EHR) cloud system, as a primary tool driving the informatization of medical data, have positively impacted both doctors and patients by providing accurate and complete patient information. However, ensuring the security of EHR cloud system remains a critical issue. Some patients require regular remote medical services, and controlling access to medical data involving patient privacy during specific times is essential. Timed-release encryption (TRE) technology enables the sender to preset a future time T at which the data can be decrypted and accessed. It is a cryptographic primitive with time-dependent properties. Currently, mainstream TRE schemes are based on non-interactive single time server methods. However, if the single time server is attacked or corrupted, it is easy to directly threaten the security applications of TRE. Although some research schemes “distribute” the single time server into multiple ones, they still cannot resist the single point of failure problem. To address this issue, we propose a multiple time servers TRE scheme based on Shamir secret sharing and another variant derived from it. In our proposed schemes, the data receiver does not need to interact with the time servers; instead, they only need to obtain the time trapdoors that exceed or equal the preset threshold value for decryption, which ensures the identity privacy of the data sender and tolerates partial downtime or other failures of some time servers, significantly improving TRE reliability. Security analysis indicates that our proposed schemes demonstrate data confidentiality, verifiability, anti-advance decryption, and robust decryption with multiple time trapdoors, making them more practical. Efficiency analysis indicates that although our schemes have slightly higher computational costs than most efficient existing TRE schemes, such differences are insignificant from a practical application perspective.","PeriodicalId":501257,"journal":{"name":"Journal of Cloud Computing","volume":"58 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cloud Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1186/s13677-024-00676-y","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Electronic health record (EHR) cloud system, as a primary tool driving the informatization of medical data, have positively impacted both doctors and patients by providing accurate and complete patient information. However, ensuring the security of EHR cloud system remains a critical issue. Some patients require regular remote medical services, and controlling access to medical data involving patient privacy during specific times is essential. Timed-release encryption (TRE) technology enables the sender to preset a future time T at which the data can be decrypted and accessed. It is a cryptographic primitive with time-dependent properties. Currently, mainstream TRE schemes are based on non-interactive single time server methods. However, if the single time server is attacked or corrupted, it is easy to directly threaten the security applications of TRE. Although some research schemes “distribute” the single time server into multiple ones, they still cannot resist the single point of failure problem. To address this issue, we propose a multiple time servers TRE scheme based on Shamir secret sharing and another variant derived from it. In our proposed schemes, the data receiver does not need to interact with the time servers; instead, they only need to obtain the time trapdoors that exceed or equal the preset threshold value for decryption, which ensures the identity privacy of the data sender and tolerates partial downtime or other failures of some time servers, significantly improving TRE reliability. Security analysis indicates that our proposed schemes demonstrate data confidentiality, verifiability, anti-advance decryption, and robust decryption with multiple time trapdoors, making them more practical. Efficiency analysis indicates that although our schemes have slightly higher computational costs than most efficient existing TRE schemes, such differences are insignificant from a practical application perspective.
电子病历(EHR)云系统作为推动医疗数据信息化的主要工具,通过提供准确、完整的患者信息,对医生和患者都产生了积极影响。然而,确保电子病历云系统的安全性仍然是一个关键问题。有些患者需要定期接受远程医疗服务,因此必须控制在特定时间内对涉及患者隐私的医疗数据的访问。定时释放加密(TRE)技术使发送方能够预设一个未来时间 T,在该时间 T 上可以解密和访问数据。它是一种加密原语,具有随时间变化的特性。目前,主流的 TRE 方案都基于非交互式单一时间服务器方法。然而,如果单一时间服务器受到攻击或损坏,很容易直接威胁到 TRE 的安全应用。虽然一些研究方案将单个时间服务器 "分布 "到多个时间服务器中,但仍无法抵御单点故障问题。针对这一问题,我们提出了一种基于 Shamir 秘密共享的多时间服务器 TRE 方案,以及由其衍生出的另一种变体。在我们提出的方案中,数据接收方不需要与时间服务器交互,而只需要获取超过或等于预设阈值的时间陷阱门进行解密,这样既保证了数据发送方的身份隐私,又能容忍部分时间服务器的部分宕机或其他故障,大大提高了 TRE 的可靠性。安全性分析表明,我们提出的方案具有数据保密性、可验证性、防提前解密性和使用多个时间陷阱门的稳健解密性,因此更加实用。效率分析表明,虽然我们的方案的计算成本略高于现有的大多数高效 TRE 方案,但从实际应用的角度来看,这种差异并不明显。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
