Study On Proxy Re-Encryption And Its Application In Telemedicine

The emergence of Wireless Body Area Network(WBAN)has greatly promoted the development of telemedicine,allowing users to enjoy real-time medical services without leaving their homes.Limited by insufficient storage space and low computing capacity in traditional wireless body area network,a cloud-assisted wireless body area network architecture has been proposed.The cloud-assisted wireless body area network furthers the development of the telemedicine,providing larger health data storage space and more powerful computing capabilities for telemedicine.Under a cloud-assisted wireless body area network architecture,users need to upload health data to a cloud server,so that medical staff can download it and analyze the users' health status.Sharing of health data between users and medical staff provides better and safer care of users.However,the sharing of health data introduces new privacy and security issues.Health data usually contains users' sensitive information,and only authorized medical staff can obtain it.However,due to the open network environment and the semi-trusted cloud service providers in the cloud-assisted wireless body area network,there is a risk of health data leakage during the sharing process,which may expose users' privacy.What's more,it is necessary to adopt the efficient methods to manage the large amount of health data.Otherwise,it may not only cause the data confusion,but may even delay the user's medical treatment time.Therefore,it is necessary to seek a secure and efficient protocol in the process of sharing health data.This thesis proposes a new certificateless proxy re-encryption scheme without pairing,and based on the proxy re-encryption,the thesis designs an efficient and secure health data sharing protocol.The main contributions are as follows:Firstly,this thesis takes the telemedicine as the background and analyzes the traditional wireless body area network architecture and its shortcomings in telemedicine.Additionally,the cloud-assisted wireless body area network is introduced,and the thesis analyzes the features and existing security problems of this architecture in the telemedicine data sharing.At the same time,the thesis analyzes the current states on WBAN security and summarizes the advantages and disadvantages of existing schemes,focusing on the proxy re-encryption cryptosystem.Secondly,at present,majority of studies on proxy re-encryption focus on traditional public-key proxy re-encryption and identity-based proxy re-encryption schemes.In addition,certificateless proxy re-encryption schemes are few and they mainly rely on time-consuming bilinear pairing operations.In this thesis,a new certificateless re-encryption scheme without pairing is proposed based on the certificateless encryption scheme.The proposed scheme is provable secure against adaptive chosen ciphertext attacks in the random oracle model.At the same time,this thesis compares the proposed certificateless proxy re-encryption scheme with other schemes in terms of computational overhead and communication overhead.The theoretical analysis result demonstrates that the proposed scheme has a better performance.Lastly,based on the proposed certificateless proxy re-encryption scheme,this thesis designs a secure data sharing protocol for health data in the cloud-assisted wireless body area network architecture.This protocol does not directly apply the proxy re-encryption system to the huge medical data,but uses a fast symmetric cryptosystem to encrypt the data.Proxy re-encryption only acts on the shorter-length symmetric key.Therefore,the protocol has higher efficiency.In order to ensure the authenticity of the participants' identities in the communication process,the proposed protocol uses the credential and digital signature to authenticate the participants' identities.Additionally,the symmetric key used for health data encryption can update automatically,that is,no additional updated algorithm is required for the key,eliminating the need for key distribution overhead.Meanwhile,the protocol also has the ability to revoke access rights,and the user only need to update the identity credential while requiring cloud service provider to update the corresponding identity list and storage list.Finally,this thesis simulates the protocol and the results show that the protocol has a better performance.