个人健康记录云管理系统中支持用户撤销的细粒度访问控制

随着云计算的发展，越来越多的用户在使用个人健康记录(PHR)云管理系统，由于PHR包含了患者的隐私信息，因此一般在将PHR上传到云平台之前会先对其进行加密。基于比较的加密(CBE)在基于属性的访问策略中实现了时间比较，然而CBE加密时间与访问策略中的属性数目线性增长，从而导致其开销过大；同时，方案难以实时撤销用户的访问权限。该文提出支持用户撤销的细粒度访问控制(FGUR)方案，通过将属性层次引入到CBE中，同时结合广播密文策略的基于属性加密(BCP-ABE)，高效地实现PHR云管理系统中的细粒度访问控制及用户实时撤销。实验结果表明，与CBE相比，FGUR方案在加密开销和动态访问权限方面具有更好的性能。

Fine-grained Access Control with User Revocation in Cloud-based Personal Health Record System

With the development of cloud computing, more and more users employ cloud-based Personal Health Record (PHR) systems. The PHR is correlated with patient privacy, thus existing research suggests to encrypt PHRs before outsourcing. Comparison-Based Encryption (CBE) realizes time comparison in attribute-based access policy, however, the time for encryption is linearly with the number of attributes in the access policy. Therefore, the cost of the scheme is extensive; besides, the scheme is difficult to revoke the user's access privileges in real time. To realize efficiently a fine-grained access control and user revocation for PHRs in clouds, a Fine-Grained access control with User Revocation (FGUR) scheme is proposed by incorporating Broadcast Ciphertext-Policy Attribute-Based Encryption (BCP-ABE) and an attribute hierarchy into CBE. The experiment results show that the FGUR scheme has better performance in terms of the encryption cost and dynamic access privilege, compared with CBE.