標題: 在雲端加密資料庫中電子病歷資料之安全存取控制-使用屬性授權加密機制
Secure Access Control for Cloud Electronic Medical Record using Attribute-Based Encryption
作者: 林浚騰
Lin, Chun-Teng
曾文貴
Tzeng, Wen-Guey
資訊科學與工程研究所
關鍵字: 電子化病歷;加密資料庫;屬性授權加密法;Electronic Medical Record;Encrypted Database;Attribute-Based Encryption
公開日期: 2015
摘要: 在臺灣全民健保已經行之有年,至今累積了大量的醫療紀錄與病歷資料,使得Electronic Medical Record(EMR)走上檯面。儘管EMR的出現降低了管理成本以及減少錯誤率,但是這些EMR都是由各自的醫療機構所保存管理,病人的病歷資訊因此四散各地而缺乏完整性,因此如何整合、管理EMR使得病人可以獲得更好的醫療服務是一個重要的議題。隨著雲端科技的興起,將醫療資料統一儲存到雲端系統,不僅可以降低管理成本,也可以達到便於交流的目標。但將EMR上傳到雲端儲存系統,我們必須考慮到如何保障EMR的隱私性以及如何整控EMR的存取控制。 針對上述的議題,我們提出了一個醫療資料庫系統的架構,以MIT CSAIL團隊開發的CryptDB[1]。為基礎,CryptDB的洋蔥式加密法不僅保障了EMR的隱私性還支援一般資料庫的操作,例如新增、查詢、排序、比對等功能,讓EMR在使用上更加方便;而利用Yang et al.[13]所提出的MA-ABE來作為存取控制機制,讓病人能夠彈性地管理他的EMR,使得授權的使用者可以取用EMR而非授權的使用者便無法取用,達成在雲端儲存服務上,對EMR安全的存取控制與共享的目標。最後,我們實作了這個系統來證明我們的架構是可行的。
In Taiwan, the government has carried out National Health Insurance for many years. Therefore, lots of medical records are generated, so now it is the Electronic Medical Record (EMR) time. EMR not only keeps the cost down but also reduces the error rate. Although EMR solves many questions, there is still a question that the hospitals keep the part of the same patient’s EMR by themselves. It makes the patient’s EMR incomplete. As a result, how to integrate the EMR has been an important issue. According to the development of cloud technology, it’s a good way to store EMR in the cloud storage so that it can bring the managing cost down and it is convenient to share EMR. Before uploading the EMR, we have to consider two questions that how to protect the privacy of EMR and how to keep the access control of EMR. In our research, we design a new medical database system SDEMR based on the technology of CryptDB and MA-ABE. CryptDB is an open source database system developed by MIT CSAIL team. It takes the onion encryption to protect the privacy of EMR and it still supports the MySQL queries. In order to keep the access control , we take the Yang et al. .Under the access control mechanism, the unauthorized user cannot access the EMR. Finally, we implement the our system to prove the system is workable.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT070156076
http://hdl.handle.net/11536/127537
顯示於類別:畢業論文