Research On The Security Sharing Technology Of Electronic Medical Data Based On Blockchain

Electronic medical data is a record of patients’ physiological/psychological conditions or daily health monitoring data,which plays an important role in disease treatment and pathology research;as private data,how to achieve its secure sharing has become a hot topic of research.At present,medical data is mainly stored in the form of centralized storage in the servers of medical institutions through public or private clouds.Under this mainstream approach,medical data sharing system may lead to a single point of failure in case of attack,and patients are unable to control their personal medical data,not to mention the secure sharing of dispersed medical data.Therefore,this thesis presents an in-depth study of electronic medical data security sharing technology based on existing problems,and proposes a medical data security sharing model based on the Ethereum platform and an attribute-based access control mechanism with traceable keys and hidden policies.The main contents of this thesis are as follows.（1）The research background and significance of blockchain-based secure sharing technology for electronic medical data are introduced,the current status of domestic and international research on technologies such as attribute-based access control and medical data sharing in the cloud domain and blockchain domain are analyzed,and the relevant fundamental theories such as blockchain technology,EIGamal algorithm,bilinear mapping,decisional q-BDHE assumption,security model,access structure,linear secret sharing technology,and attribute Bloom filter that need to be used in the scheme are outlined.（2）To address the problems of existing medical data sharing systems that are prone to single point of failure,patients without data control and poor data interoperability,a medical data secure sharing model based on the Ethereum platform is proposed.It aims to use the discrete logarithmic intractability of the EIGamal algorithm combined with the Ethereum platform to achieve a patient-centered medical data security sharing model,realize the identity verification of both communication parties by designing the authentication factor,and design the control module and smart contract to collaborate to realize the access control of data users.The proposed sharing model contains perfect risk prevention measures,and the five major security performance comparisons and performance analysis are conducted with related mainstream solutions.（3）To improve the above sharing model for the problem of possible system overload,we propose to design a key-traceable policy-hidden attribute-based access control mechanism in the process of data users acquiring patient metadata from the blockchain to further achieve fine-grained secure access to data and key leakage tracing.By partitioning the attribute name index and attribute values in the access policy,the attribute values that are easy to leak user information are hidden into the attribute Bloom filter by linear secret sharing technique to achieve partial hiding of the access policy;and to prevent legitimate users from leaking the key for malicious users,it is proposed to embed the user identity parameters into the key to achieve key traceability.And the decryption test algorithm is designed to reduce the computational cost before the decryption stage.Finally,we analyze the security of this scheme in terms of access policy security,key leakage tracing,resistance to collusion attacks and security proof,and compare the performance with related schemes.The innovative points of this thesis include:（1）A medical data secure sharing model based on the Ethereum platform is proposed.The model utilizes the discrete logarithmic intractability of the EIGamal algorithm combined with the Ethereum platform to achieve a patient-centered medical data security sharing model,realizes the authentication of both communication parties through the clever design of authentication factors,and designs control modules and smart contracts to collaboratively realize the access control of data users.In terms of security performance,compared with other existing mainstream solutions,this model can simultaneously meet the five major security features of confidentiality,integrity,authentication,non-repudiation and access control,and has a perfect risk prevention design,and in terms of computational cost,this model has lower computational overhead.（2）Based on the above proposed shared model,a key-traceable policy-hidden attribute-based access control scheme is proposed to further enhance the fine-grained security access to data.Such a scheme has the following three main advantages:（i）the construction of attribute-based encryption based on prime order groups for initial filtering of target users,and only data users who satisfy the access policy can proceed to the subsequent verification process of the shared model to solve the problem of its possible overload.（ii）By partitioning the attribute name index and attribute value,the attribute name index and access matrix are kept in plaintext form,and the specific attribute value is hidden in the attribute Bloom filter by linear secret sharing technique,and the decryption test algorithm is designed to reduce the computational overhead before the decryption stage,so as to achieve partial hiding of the access policy and avoid user information leakage.（iii）Embedding the identity parameters into the key,and realizing the tracking system for legitimate users who leak the key to malicious users due to interest drive through key integrity verification and tracking of identity parameters.In terms of security performance,this scheme achieves access policy security,key leakage tracing,resistance to collusion attacks,and security proof based on q-DBHE assumptions,and verifies the feasibility of this scheme by testing the access policy hiding and recovery time,and has lower computational overhead and more flexible policy design compared with other similar schemes.