7.1 結論
本篇論文主要的研究是提出了一個 PHR 系統的框架,在此框架下,我們建構一個 以病人為中心的 PHR 系統,病人藉由雲端儲存系統管理與分享其資料,而我們亦利用 屬性加密機制-DABE,達到對 PHR 安全的存取控制,保障資料的隱密性、防止被授權 者之間的同謀攻擊,讓病人能無後顧之憂地分享他的 PHR,並且讓病人對資料達到細粒 度存取控制,也就是讓病人能夠有彈性的根據其需求制訂存取規則以應付不同層級被授 權者存取要求。同時我們的系統也是具可拓展性的,允許其他使用者動態加入我們的系 統,成為新的授權中心,授權私密金鑰並加密 PHR。最後我們實作出一套 PHR 系統,
提供使用者便利的操作介面對其 PHR 進行管理,展示我們所提出的架構是可行的。
7.2 未來展望
本系統雖然支援使用者定義任意 Boolean formula 的存取規則,但是我們所使用的 加密機制尚無法支援使用者撤銷(revoke)其金鑰之授權,換言之,假使想要撤銷對於某 一被授權者之金鑰授權,目前只能重新產生使用者的公開金鑰與私密金鑰來達成此目的,
因此,未來我們可以針對撤銷授權這一部分再做改進,使整個 PHR 系統更趨於完善。
48
參考文獻
[1] Adi Shamir. "Identity-based cryptosystems and signature schemes." Advances in cryptology. Springer Berlin Heidelberg, 1985.
[2] Amit Sahai and Brent Waters. "Fuzzy identity-based encryption." Advances in Cryptology–EUROCRYPT 2005. Springer Berlin Heidelberg, 2005. 457-473.
[3] Goyal, Vipul, Omkant Pandey, Amit Sahai and Brent Waters. "Attribute-based
encryption for fine-grained access control of encrypted data." Proceedings of the 13th ACM conference on Computer and communications security. ACM, 2006.
[4] John Bethencourt, Amit Sahai, and Brent Waters. "Ciphertext-policy attribute-based encryption." Security and Privacy, 2007. SP'07. IEEE Symposium on. IEEE, 2007.
[5] Melissa Chase. "Multi-authority attribute based encryption." Theory of Cryptography.
Springer Berlin Heidelberg, 2007. 515-534.
[6] Melissa Chase and Sherman SM Chow. "Improving privacy and security in multi-authority attribute-based encryption." Proceedings of the 16th ACM conference on Computer and communications security. ACM, 2009.
[7] Allison Lewko and Brent Waters. "Decentralizing attribute-based encryption." Advances in Cryptology–EUROCRYPT 2011. Springer Berlin Heidelberg, 2011. 568-588.
[8] Ming Li, Shucheng Yu, Yao Zheng, Kui Ren, Wenjing Lou. "Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption."
(2013): 1-1.
[9] Jie Huang, Mohamed Sharaf, and Chin-Tser Huang. "A Hierarchical Framework for Secure and Scalable EHR Sharing and Access Control in Multi-cloud." Parallel Processing Workshops (ICPPW), 2012 41st International Conference on. IEEE, 2012.
49
[10] Patil, Pooja K., and P. M. Pawar. "PHR Model using Cloud Computing and Attribute based Encryption." International Journal of Computer Applications 65.18 (2013).
[11] Suhair Alshehri, Stanislaw P. Radziszowski, and Rajendra K. Raj. "Secure Access for Healthcare Data in the Cloud Using Ciphertext-Policy Attribute-Based Encryption." Data Engineering Workshops (ICDEW), 2012 IEEE 28th International Conference on. IEEE, 2012.
[12] Changji Wang, Xuan Liu, and Wentao Li. "Implementing a Personal Health Record Cloud Platform Using Ciphertext-Policy Attribute-Based Encryption." Intelligent Networking and Collaborative Systems (INCoS), 2012 4th International Conference on. IEEE, 2012.
[13] Mrinmoy Barua, Xiaohui Liang, Rongxing Lu and Xuemin Shen. "Peace: An efficient and secure patient-centric access control scheme for ehealth care system." Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on. IEEE, 2011.
[14] Shivaramakrishnan Narayan, Martin Gagné, and Reihaneh Safavi-Naini. "Privacy preserving EHR system using attribute-based infrastructure." Proceedings of the 2010 ACM workshop on Cloud computing security workshop. ACM, 2010.
[15] Luan Ibraimi, Muhammad Asim, and Milan Petkovic. "Secure management of personal health records by applying attribute-based encryption." Wearable Micro and Nano
Technologies for Personalized Health (pHealth), 2009 6th International Workshop on. IEEE, 2009.
[16] Wei-Bin Lee and Chien-Ding Lee. "A cryptographic key management solution for HIPAA privacy/security regulations." Information Technology in Biomedicine, IEEE Transactions on 12.1 (2008): 34-41.
[17] Thomas Hupperich, Hans Löhr, Ahmad-Reza Sadeghi and Marcel Winandy. "Flexible patient-controlled security for electronic health records." Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium. ACM, 2012.
50
[18] Peter Szolovits, Jon Doyle, William J. Long, Isaac Kohane, and Stephen G. Pauker.
Guardian angel: patient-centered health information systems. Massachusetts Institute of Technology, Laboratory for Computer Science, 1994.
[19] Kenneth D Mandl, William W Simons, William CR Crawford1, and Jonathan M Abbett.
"Indivo: a personally controlled health record for health information exchange and communication." BMC medical informatics and decision making 7.1 (2007): 25.
[20] Google Inc. Google health. https://www.google.com/health/, 2009
[21] Microsoft. Microsoft healthvault. http://www.healthvalut.com/personal/websites-overview.html, 2009
[22] JPBC 函式庫 http://gas.dia.unisa.it/projects/jpbc/index.html
[23] Amos Beimel. Secure schemes for secret sharing and key distribution. Diss. PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996.