Research On Searchable Encryption Schemes Using CP-ABE In A Cloud Medical Environment

With the rapid development of cloud storage,more and more hospitals and research units have uploaded privacy data,such as electronic medical record EMR,to cloud storage.However,the problem of privacy protection with cloud storage is getting more and more.If the privacy data security problem cannot be effectively solved,it will have a great impact on its popularization and use.Ciphertext-Policy Attribute-based Encryption(CP-ABE)based on ciphertext strategy can fine-grained access control to private data stored in a cloud,but the mechanism lacks search function on ciphertext.At the same time,the CP-ABE search encryption scheme of single authority is not suitable for cloud medical system.If authorized agencies are attacked by attackers,users' privacy data can be exposed to the public.And in the privacy cloud medical environment,the attributes of data users are changeable.In view of the above problems,this paper mainly studies the multi-authority center searchable encryption scheme based on attribute encryption in cloud medical environment,which also supports attribute update.The main research results are as follows:(1)According to the characteristics of attribute-based encryption and access control,we extend the attribute-based encryption(CP-ABE)based on ciphertext strategy and introduce the searchable encryption scheme(SE).At the same time,in order to disperse the security risk of single authorized organization and reduce computation and storage costs,a multi authorized center CP-ABE searchable encryption scheme suitable for cloud computing is proposed.The security analysis and simulation experiments are carried out to reduce the encryption and decryption cost of data users on the basis of security.(2)Existing attribute revocation methods,which rely entirely on trusted authorization centers and are not suitable for medical cloud storage systems,a CP-ABE searchable encryption scheme supporting attribute revocation is proposed.The scheme transfers the part of the attribute revocation work to the server and does not need the data owner in real time online.Through security analysis,the scheme supports forward security and backward security.At the same time,some complex operations are transferred to the cloud server,which reduces the computing and storage costs of the system.The simulation experiment shows that the scheme reduces the time of the update of the ciphertext and the time of the key update in the update operation of the attribute.