臺灣博碩士論文加值系統

隨著雲端的快速發展，紙本的病歷已經逐漸數位化並儲存在雲端系統上。電子健康紀錄相較於紙本更容易搜集病人完整的訊息，也讓醫療名詞統一，避免醫療錯誤。目前的電子健康紀錄系統會加密病人的病歷來保護其機密性與完整性，避免遭受惡意攻擊導致資料被竊取或竄改。但是現有的系統中，病人僅能將就診醫院的病歷授權給醫生讀取，不能線上授權跨院的病歷給醫生，造成重覆的醫療檢查。在這篇論文中，我們提出了基於屬性加密演算法的身分認證、授權與存取控制機制 (我們稱為 A4) 來保護在網路上傳送的和儲存在雲端上的病歷資料。A4用代理屬性加密的演算法來保護病人在雲端上的電子健康紀錄。A4包含了七個階段: 初始、註冊、預約、讀取I、讀取II、會診和診斷階段。這七個階段滿足在看診時會遇到的情境。A4允許醫生透過網路取得跨院的病歷，減少醫療重覆檢測的資源浪費。此外，也能夠讓不同的醫生共享病人的電子健康紀錄進行會診。另外，我們用BAN邏輯方法來證明我們提出的A4是可以滿足BAN的安全需求，像彼此認證、訊息的立即性。我們也說明A4是可以抵擋常見的網路攻擊像重送攻擊、中間人攻擊、監聽攻擊和分散式阻斷服務攻擊。

As the rapid development of cloud computing technologies, health records are stored in a cloud system for information sharing and ease access. The electronic health record system running on a cloud needs to preserve the confidentiality and integrity of the health records. Nevertheless, in the current design, a patient can only share his/her health records with a doctor in a single hospital. Therefore, the doctor who needs to refer to the patient's health records in other hospitals may fail to access the records crossing hospitals, and similar examinations need to be reconducted. In this thesis, we propose an Auth, Auz and Access control scheme using Attribute-based encryption (called A4) to secure the confidentiality of the electronic health records transmitted over the Internet. A4 leverages ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) algorithm to encrypt and decrypt the health records stored in the cloud. A4 is composed of seven phases including "Init", "Reg", "Appoint", "EHRReqI", "EHRReqII", "Condult" and "Diagnosis" phases. The seven phases is to fulfill the health record requests in different scenarios. A4 allows a doctor to access the medical data crossing the hospitals when the doctor has to refer to a patient's health records in a different hospital for better diagnosis. $A^4$ also provides the functionality that allows a doctor to consult with other doctors specializing in different ontologies. By using BAN logic, we demonstrate the $A^4$ is secure enough to fulfill the fundamental security requirements, such as parties authentication and message freshness, etc. We also prove that $A_4$ can resist common attacks, including Replay Attack, Man-in-the-middle Attack, Eavesdropping Attack and DDOS Attack.

Chapter 1 Introduction 1
1.1 Motivation 2
1.2 Contribution 2
1.3 Synopsis 3
Chapter 2 Background 4
2.1 Electronic health record 4
2.2 Attribute-based encryption algorithm 5
2.3 Encrypted keyword search algorithm 8
Chapter 3 Related work 10
3.1 Benaloh’s scheme 10
3.1.1 Health record structure 10
3.1.2 Encryption scheme 11
3.1.3 Public key PCE 11
3.1.4 Symmetric key PCE 12
iii
3.2 Narayan’s scheme 12
3.2.1 Health record structure 13
3.2.2 Encryption scheme 13
3.3 Summary 14
Chapter 4 Proposed Scheme 15
4.1 Health Record Structure 15
4.2 EHR Functionalities 16
4.3 Patient Privacy Protection 18
4.4 Security Scheme 19
4.5 Scenario 35
4.5.1 General Diagnosis 37
4.5.2 Crossing Hospital 37
4.5.3 Consultation 37
Chapter 5 Security Proof 39
5.1 BAN logic 39
5.1.1 BAN constructs 39
5.1.2 Basic rules 40
5.1.3 Extended rules 41
5.2 Phase analysis 42
5.2.1 ”Init” phase 42
5.2.2 ”Reg” phase 44
5.2.3 ”Appoint” phase 46
5.2.4 ”EHRReqII” phase 50
5.2.5 ”Consult” phase 53
Chapter 6 Security 58
iv
6.1 Replay Attack 58
6.2 Man-in-the-Middle Attack 60
6.3 Eavesdropping Attack 61
6.4 DDOS Attack 62
Chapter 7 Comparison 63
7.1 Overview 63
7.2 Characteristics 64
7.3 Computed cost 67
7.4 Storage cost 69
7.5 Communication cost 70
Chapter 8 Conclusion 72
References 73

[1] E. H. Josh Benaloh, Melissa Chase and K. Lauter, ”Patient controlled encryption: Ensuring privacy of electronic medical records,” 2009.
[2] M. G. Shivaramakrishnan Narayan and R. Safavi-Naini, ”Privacy preserving ehr system
using attribute-based infrastructure,” 2010.
[3] A. Sahai and B. Waters, ”Fuzzy identity-based encryption,” ACM, 2005.
[4] A. S. Vipul Goyal, Omkant Pandey and B. Waters, ”Attribute-based encryption for finegrained access control of encrypted data,” ACM, 2006.
[5] A. S. John Bethencourt and B. Waters, ”Ciphertext-policy attribute-based encryption,”
2007.
[6] Z. L. Juanjuan Li and L. Zu, ”Chosen-ciphertext secure multi-use unidirectional attributebased proxy re-encryption,” IEEE, 2014.
[7] C. G. Liming Fang, Willy Susilo and J. Wang, ”A secure channel free public key encryption with keyword search scheme without random oracle,” springer, 2009.
[8] G. D. C. Dan Boneh, Rafail Ostrovsky and G. Persiano, ”Public key encryption with keyword search,” 2004.
[9] C. Gentry and A. Silverberg, ”Hierarchical id-based cryptography,” in Advances in cryptology—ASIACRYPT 2002. Springer, 2002, pp. 548–566.
73
[10] M. Burrows, M. Abadi, and R. M. Needham, ”A logic of authentication,” in Proceedings
of the Royal Society of London A: Mathematical, Physical and Engineering Sciences, vol.
426, no. 1871. The Royal Society, 1989, pp. 233–271.