CN107423637B - Integrity auditing method supporting traceability of electronic medical record data on cloud - Google Patents

Abstract

The invention provides an integrity auditing method supporting traceability of electronic medical record data on a cloud, which comprises the following steps: (1) generating a secret key; (2) generating a copy; (3) generating a label; (4) generating authorization; (5) generating a challenge; (6) generating evidence; (7) and (5) verifying the evidence. According to the scheme disclosed by the invention, a plurality of copy storage modes are adopted, so that privacy protection is provided for the electronic medical record data, and the durability and disaster resistance of the electronic medical record data are enhanced. Meanwhile, by designing a new data structure and a Dynamically Mapped Hash Table (DMHT), a data traceable function is provided for the system on the basis of effectively supporting data dynamics. In addition, under the condition of ensuring the system safety, the calculation and communication overhead in the integrity design process is reduced, and the efficiency of the method is effectively improved.

Description

Integrity auditing method supporting traceability of electronic medical record data on cloud

Technical Field

The invention mainly relates to the field of cloud storage and electronic medical treatment, in particular to an integrity auditing method supporting traceable electronic medical record data on a cloud.

Background

The Electronic Medical Record (Electronic Medical Record) records the disease condition change and diagnosis and treatment process of the patient completely and continuously. It can provide accurate and timely information for disease treatment and first aid, and also can provide important data for medical research. Compared with traditional performance-limited devices, the appearance of cloud storage well meets the requirements of increasingly expanding data volume, frequent data updating and data sharing of medical records. Therefore, the establishment of the electronic medical record on the cloud has important significance. When the patient uploads the data of the patient to the cloud, the doctor can better judge the illness state of the patient through the previous medical record, so that the patient can be helped to recover health more quickly. However, cloud storage fails to provide reliability protection for stored data, so patients worry about whether their data is stored correctly. In addition, electronic medical records contain many sensitive information, names, cell phone numbers, social security numbers, so patients need to be sure that data on the cloud is not revealed to unauthorized entities. Therefore, how to efficiently verify the integrity of the medical record data on the cloud is an urgent problem to be solved on the premise of protecting the data privacy.

Integrity auditing is considered to be an effective means for a user to verify the integrity of cloud storage data. Meanwhile, the introduction of public audit well lightens the calculation and storage burden of a user side. To better provide data privacy protection, multiple copy integrity audit techniques are proposed. The data before uploading is encrypted, so that the possibility of medical record data leakage is isolated. More importantly, as long as one data copy in the cloud is not damaged, the damaged data can be completely recovered, and therefore the usability and the durability of the data are improved. Therefore, it is necessary to provide a plurality of sets of the disclosed auditing method for the electronic medical records on the cloud.

In addition, in order to ensure the completeness and accuracy of the electronic medical record, the stored data needs to be updated continuously with time, so that the electronic medical record on the cloud needs to support dynamic data operation. In addition, in order for a physician to be able to track data by analyzing the patient's physical changes over a period of time in the past, a data traceability function must be provided. However, in the existing solutions, the data structures designed by them to support data dynamics have the problem of inefficiency, and none of them can provide the function of tracking data.

Disclosure of Invention

The invention aims to provide an integrity auditing method supporting traceability of electronic medical record data on a cloud.

The technical solution for realizing the invention is as follows: an integrity auditing method supporting traceability of electronic medical record data on a cloud comprises the following steps:

step 1, key generation: the data owner selects public parameters for the system to generate a public key and a private key;

step 2, copy generation: the data owner divides the original file F into blocks and connects the copy number i with the data block b_jEncrypting to generate m copies F_iThe data owner creates and initializes a dynamic mapping hash table DMHT and sends the DMHT to a cloud storage server CSS;

step 3, label generation: the data owner selects the Filename Filename and calculates the file identifier Fid for the file, for all file blocks b_ijCompute integrity verification tag sigma_ijAggregating the data block labels with the same position sequence number in all the copies to obtain an integrity label set phi, and { { F { (F) }_i}_1≤i≤mPhi, Fid is uploaded to a cloud storage server CSS;

and 4, authorization generation: the data owner inquires the identity AID for authorization of the third party auditor TPA, the third party auditor TPA returns the identity AID for authorization, and after the data owner receives the identity AID for authorization, the data owner calculates the authorization signature auth Sig_ssk(AUTH AID T), wherein AUTH is authorization information, and T is effective time of authorization; the data owner sends the authorization signature AUTH and the audit request to a third party auditor TPA together, and uploads { AUTH, T } to a cloud storage server CSS;

step 5, challenge generation: when a data owner needs to verify the integrity of cloud data, sending an audit request to a third party auditor TPA, then generating a challenge message chal by the third party auditor TPA, and sending the challenge message to a cloud storage server;

and 6, generating an evidence: after receiving the challenge message, the CSS generates a corresponding evidence P, and then returns the evidence to a third party auditor TPA;

and 7, verifying the evidence: and the third party auditor TPA verifies the integrity of the response message P after receiving the response message P and obtains a conclusion, and then returns an audit result to the data owner.

Compared with the prior art, the invention has the following remarkable advantages: 1) providing data privacy protection: the invention encrypts the data before uploading the data, thereby avoiding the content of the data file from being leaked to an unauthorized entity; 2) data dynamics are supported: the invention designs a new data structure to realize effective support to data dynamics. Allowing authorized users to access, modify, insert and delete data; 3) the realization of data traceability: the invention not only allows the user to access the data block with the latest version, but also allows the user to access all historical versions of a certain data block, namely, the change of the data block is tracked; 4) and (3) realizing authorization audit: the present invention eliminates malicious challenges from counterfeit TPA by adding an authorization process between the data owner and the TPA; 5) reducing computation and communication overhead: the invention simplifies the dynamic process of data, and stores the data structure at the TPA end, thus solving the problem of low efficiency in the background technology to a certain extent; 6) the safety of the invention is provable: any unauthorized entity cannot challenge the cloud storage server and a malicious cloud server cannot pass integrity verification by launching forgery, replacement, and replay attacks.

The present invention is described in further detail below with reference to the attached drawings.

Drawings

FIG. 1 is a system model for implementing an integrity auditing method supporting traceability of electronic medical record data on a cloud.

FIG. 2 is a basic flowchart of the integrity auditing method supporting traceability of electronic medical record data on a cloud according to the present invention.

Detailed Description

With reference to fig. 2, the integrity auditing method supporting traceability of electronic medical record data on the cloud includes the following steps:

step 1, key generation: the data owner selects public parameters for the system to generate a public key and a private key, and the method specifically comprises the following steps:

step 1-1, selecting multiplication circulation group G with orders q₁、G₂、G_TWherein q is a randomly selected large prime number; selecting bilinear mapping e: G₁×G₂→G_T(ii) a Selecting a one-way hash function H₁:{0,1}^*→G₁；

Step 1-2, the data owner generates a public key pk and a private key sk, and selects s random values { r }₁,r₂,…,r_s}。

Step 1-2-1 takes a secure signature algorithm Sig () and a corresponding pair of signature keys (spk, ssk);

step 1-2-2 random selection of secret value x ∈ Z_qCalculating y as g^xWherein G is G₂One generator of, Z_q＝{1,2,···,q-1}；

Step 1-2-3 of randomly selecting s random values r₁,r₂,…,r_s←Z_q；

The steps 1-2-4 output a public key pk ═ { g, y, spk } and a private key sk ═ { ssk, x }, and disclose the public key and keep the private key private.

Step 2, copy generation: the data owner divides the original file F into blocks and connects the copy number i with the data block b_jEncrypting to generate m copies F_iThe data owner creates and initializes the DMHT and sends the DMHT to the CSS, which specifically includes the following steps:

step 2-1, the data owner divides n blocks of the original file F to obtain F ═ b_j}_1≤j≤nDividing and dividing each block into s-zones to obtain b_j＝{b_j1,b_j2,···,b_jk,···,b_jsK is more than or equal to 1 and less than or equal to s;

step 2-2, the connected copy number i and the data block b are compared_jEncrypting to generate m copies F_i＝E_K(i||b_jk)＝{b_ijk}_{1≤i≤m,1≤j≤n,1≤k≤s}；

Step 2-3, creating a dynamic mapping hash table DMHT, wherein the table comprises four columns of SN, BN, OT and PR, and has n +1 rows in total, wherein SN represents a physical serial number of a data block in a file, BN represents a logic number of a storage position of the data block, OT represents creation or modification time of the data block, and PR represents a pointer pointing to the data block before being modified;

step 2-4, initializing the value, SN, in the DMHT of the dynamic mapping hash table_j＝BN_j＝{1,2,···,n}，OT_jFor the current time of the system, PR_jFor null, only one version is initially created on behalf of the data block, and the DMHT is sent to the third party auditor TPA.

Step 3, label generation: the data owner selects the Filename Filename and calculates the file label for the fileIdentify Fid for all file blocks b_ijCompute integrity verification tag sigma_ijAggregating the data block labels with the same position sequence number in all the copies to obtain an integrity label set phi, and { { F { (F) }_i}_1≤i≤mPhi and Fid are uploaded to a cloud storage server CSS, and the specific steps are as follows:

step 3-1, selecting Filename Filename ← Z by user_q；

Step 3-2, Filename, m, r₁,r₂,…,r_sConnecting to obtain an identifier:

Fid＝Filename||m||r₁||…||r_s；

step 3-3, calculating data block b_ijIntegrity verification tag of (1):

step 3-4, aggregating the data block labels with the uniform position serial numbers in all the copies, and expressing as

Get the set of all labels Φ ═ σ₁,σ₂,···,σ_j,···,σ_n}；

Step 3-5, will { { F_i}_1≤i≤mPhi, Fid is uploaded to CSS and the original data is deleted locally { { F { (F) }_i}_1≤i≤m,Φ}

And 4, authorization generation: the data owner inquires the identity AID for authorization of the third party auditor TPA, the third party auditor TPA returns the identity AID for authorization, and after the data owner receives the identity AID for authorization, the data owner calculates the authorization signature auth Sig_ssk(AUTH AID T), wherein AUTH is authorization information, and T is effective time of authorization; the data owner sends the authorization signature AUTH and the audit request to a third party auditor TPA together, and uploads { AUTH, T } to a cloud storage server CSS;

step 5, challenge generation: when a data owner needs to verify the integrity of cloud data, sending an audit request to a third party auditor TPA, then generating a challenge message chal by the third party auditor TPA, and sending the challenge message to a cloud storage server; the method comprises the following specific steps:

step 5-1, the third party auditor TPA selects two functions: pseudo-random permutation function pi_key(·):key×{0,1}^*→{0,1}^*Pseudo random function

And selects the corresponding two keys: k is a radical of₁The key being a function pi, k₂Is a function of

The secret key of (a);

step 5-2, third party auditor TPA use k₁And k is₂Generating a set Q { (j, v)_j) Therein is here

Where j is the position index, v_jIs a random value, c is the number of data blocks requiring challenge;

step 5-3, the third party auditor TPA generates a random challenge message

And sent to the cloud storage server CSS, where,

the AID is encrypted by using a public key PK of a CSS on behalf of a third party auditor TPA.

And 6, generating an evidence: after receiving the challenge message, the CSS generates a corresponding evidence P, and then returns the evidence to a third party auditor TPA, and the method specifically comprises the following steps:

step 6-1, after the cloud storage server CSS receives the challenge message chal, using the signature public key spk to verify whether auth is valid, if yes, executing the following steps, otherwise, rejecting the audit request:

step 6-2, the cloud storage serverCSS generated data evidence u ═ { u ═ u }_ik}_{1≤i≤m,1≤k≤s}And label evidence

Wherein

And 6-3, returning the verification evidence P to the third party auditor TPA.

And 7, verifying the evidence: the third party auditor TPA receives the response message P, verifies the integrity of the response message P and obtains a conclusion, and returns an audit result to the data owner, and the method specifically comprises the following steps:

after the third party auditor TPA receives the evidence P from the cloud storage server CSS { σ, u }, the third party auditor TPA runs to check the validity of the evidence by checking whether the following equation holds:

if the equation is established, the third party auditor TPA sends a message "1" to the data owner to prove that the cloud storage server CSS indeed correctly stores m copies of each copy, otherwise, sends a message "0" to the data owner to represent that the cloud storage server CSS does not correctly store m copies.

The invention designs a new two-dimensional data structure called as a Dynamic Mapping Hash Table (DMHT), wherein the table simultaneously comprises two structural parts of a table and a linked list, the table records the latest versions of all data blocks according to the index sequence of the data blocks, and the linked list organizes all historical versions of the data blocks before the current data block according to the time sequence.

As shown in fig. 1, the system model of the method includes four types of entities: data owner, authorized user, and third party auditor TPA. First, a data owner encrypts a data file and then uploads the file to a cloud storage server. An authorized user can obtain the encryption key from the data owner to obtain the data plaintext. At the same time, the third party auditor TPA obtains authorization information from the data owner. After outsourcing the data, the third party auditor TPA generates a random challenge, which is then sent to the cloud storage server CSS. After receiving the challenge message, the cloud storage server CSS first extracts the authorization information from the challenge and then verifies its validity. And if the verification is passed, the CSS generates corresponding evidence and returns the evidence to the TPA of the third party. Otherwise, the cloud storage server CSS ignores the challenge. After receiving the evidence, the TPA of the third party auditor verifies the validity of the evidence. If the verification is passed, the third party auditor TPA returns a message of "1" to the data owner, otherwise, returns a message of "0".

Therefore, the integrity auditing method supporting the traceability of the electronic medical record data on the cloud, disclosed by the invention, not only provides privacy protection for the electronic medical record data, but also enhances the durability and disaster resistance of the data. Meanwhile, a new data structure is designed, and a data traceable function is provided for the system on the basis of effectively supporting data dynamics. In addition, in the auditing process, the calculation and communication expenses are reduced, and the efficiency of the method is effectively improved.

Claims (7)

1. The integrity auditing method supporting traceability of electronic medical record data on the cloud is characterized by comprising the following steps of:

step 1, key generation: the data owner selects public parameters for the system to generate a public key and a private key;

step 2, copy generation: the data owner divides the original file F into blocks and connects the copy number i with the data block b_jEncrypting to generate m copies F_iThe data owner creates and initializes the DMHT and sends the DMHT to the CSS, which specifically includes the following steps:

step 2-1, the data owner divides n blocks of the original file F to obtain F ═ b_j}_1≤j≤nAnd dividing each block into s regions to obtain b_j＝{b_j1,b_j2,…,b_jk,…,b_jsK is more than or equal to 1 and less than or equal to s;

step 2-2, pairThe concatenated copy number is encrypted with the data block to generate m microreplicated F_i＝E_K(i||b_jk)＝{b_ijk}_{1≤i≤m,1≤j≤n,1≤k≤s}；

Step 2-3, creating a dynamic mapping hash table DMHT, wherein the table comprises four columns of SN, BN, OT and PR, and has n +1 rows in total, wherein SN represents a physical serial number of a data block in a file, BN represents a logic number of a storage position of the data block, OT represents creation or modification time of the data block, and PR represents a pointer pointing to the data block before being modified;

step 2-4, initializing the value, SN, in the DMHT of the dynamic mapping hash table_j＝BN_j＝{1,2,…,n}，OT_jFor the current time of the system, PR_jFor null, only one version is initially created on behalf of the data block, and the DMHT is sent to a third-party auditor TPA;

step 3, label generation: the data owner selects the Filename Filename and calculates the file identifier Fid for the file, for all file blocks b_ijCompute integrity verification tag sigma_ijAggregating the data block labels with the same position sequence number in all the copies to obtain an integrity label set phi, and { { F { (F) }_i}_1≤i≤mPhi, Fid is uploaded to a cloud storage server CSS;

and 4, authorization generation: the data owner inquires the identity AID for authorization of the third party auditor TPA, the third party auditor TPA returns the identity AID for authorization, and after the data owner receives the identity AID for authorization, the data owner calculates the authorization signature auth Sig_ssk(AUTH AID T), wherein AUTH is authorization information, and T is effective time of authorization; the data owner sends the authorization signature AUTH and the audit request to a third party auditor TPA together, and uploads { AUTH, T } to a cloud storage server CSS;

step 5, challenge generation: when a data owner needs to verify the integrity of cloud data, sending an audit request to a third party auditor TPA, then generating a challenge message chal by the third party auditor TPA, and sending the challenge message to a cloud storage server;

and 6, generating an evidence: after receiving the challenge message, the CSS generates a corresponding evidence P, and then returns the evidence to a third party auditor TPA;

and 7, verifying the evidence: and the third party auditor TPA verifies the integrity of the response message P after receiving the response message P and obtains a conclusion, and then returns an audit result to the data owner.

2. The integrity auditing method supporting traceability of electronic medical record data on the cloud as claimed in claim 1, wherein in step 1 the data owner selects public parameters for the system to generate public and private keys, specifically comprising the steps of:

step 1-1, selecting multiplication circulation group G with orders q₁、G₂、G_TWherein q is a randomly selected large prime number; selecting bilinear mapping e: G₁×G₂→G_T(ii) a Selecting a one-way hash function H₁:{0,1}^*→G₁；

Step 1-2, the data owner generates a public key pk and a private key sk, and selects s random values { r }₁,r₂,…,r_s}。

3. The integrity auditing method supporting traceability of electronic medical record data on the cloud as claimed in claim 1, characterized in that in step 1-2, the data owner generates a public key pk and a private key sk, and selects s random values { r }₁,r₂,…,r_sThe method specifically comprises the following steps:

step 1-2-1 takes a secure signature algorithm Sig () and a corresponding pair of signature keys (spk, ssk);

step 1-2-2 random selection of secret value x ∈ Z_qCalculating y as g^xWherein G is G₂One generator of, Z_q＝{1,2,…,q-1}；

Step 1-2-3 of randomly selecting s random values r₁,r₂,…,r_s←Z_q；

The steps 1-2-4 output a public key pk ═ { g, y, spk } and a private key sk ═ { ssk, x }, and disclose the public key and keep the private key private.

4. The integrity auditing method supporting traceability of electronic medical record data on the cloud according to claim 1, where the specific steps of label generation in step 3 are:

step 3-1, selecting Filename Filename ← Z by user_q；

Step 3-2, Filename, m, r₁,r₂,…,r_sConnecting to obtain an identifier:

Fid＝Filename||m||r₁||…||r_s；

step 3-3, calculating data block b_ijIntegrity verification tag of (1):

step 3-4, aggregating the data block labels with the uniform position serial numbers in all the copies, and expressing as

Get the set of all labels Φ ═ σ₁,σ₂,…,σ_j,…,σ_n}；

Step 3-5, identifying the generated copy, the generated label set and the file { { F_i}_1≤i≤mPhi, Fid are uploaded to CSS together, and the original data is deleted locally { { F_i}_1≤i≤m,Φ}。

5. The integrity auditing method supporting traceability of electronic medical record data on the cloud according to claim 1, where the specific step of challenge generation in step 5 is:

step 5-1, the third party auditor TPA selects two functions: pseudo-random permutation function pi_key(·):key×{0,1}^*→{0,1}^*Pseudo random function

And selects the corresponding twoAnd (3) secret key: k is a radical of₁The key being a function pi, k₂Is a function of

The secret key of (a);

step 5-2, third party auditor TPA use k₁And k is₂Generating a set Q { (j, v)_j) Therein is here

Where j is the position index, v_jIs a random value, c is the number of data blocks requiring challenge;

step 5-3, the third party auditor TPA generates a random challenge message

And sent to the cloud storage server CSS, where,

the AID is encrypted by using a public key PK of a CSS on behalf of a third party auditor TPA.

6. The integrity auditing method supporting traceability of electronic medical record data on the cloud according to claim 1, where the specific step of evidence generation in step 6 is:

step 6-1, after the cloud storage server CSS receives the challenge message chal, using the signature public key spk to verify whether auth is valid, if yes, executing the following steps, otherwise, rejecting the audit request:

step 6-2, the cloud storage server CSS generates data evidence u ═ u { u ═_ik}_{1≤i≤m,1≤k≤s}And label evidence

Wherein

And 6-3, returning the verification evidence P to the third party auditor TPA.

7. The integrity auditing method supporting traceability of electronic medical record data on the cloud according to claim 1, where the specific step of verifying the evidence in step 7 is:

after the third party auditor TPA receives the evidence P from the cloud storage server CSS { σ, u }, the third party auditor TPA runs to check the validity of the evidence by checking whether the following equation holds:

if the equation is established, the third party auditor TPA sends a message "1" to the data owner to prove that the cloud storage server CSS indeed correctly stores m copies of each copy, otherwise, sends a message "0" to the data owner to represent that the cloud storage server CSS does not correctly store m copies.

Images