前瞻性雲端安全動態防護、應用、與風險評估---子計畫二：高效率安全可靠雲端資料完整性檢測與授權使用---以醫療資料為例

Abstract

雲端運算是目前最熱門的研究課題之一，透過集中式資料中心與無所不在的高 速網路，我們可以隨時隨地取用資料與計算資源。然而，不管是公開雲還是私有雲 都有軟硬體資源共享所衍生的安全問題，例如，存在雲端的資料是否安全無疑，是 否會被刪除、修改、盜用，是否可以安全且方便地分享給他人或授權給他人使用，

是否因使得攻擊者更容易發動攻擊等。因此如何保障雲端計算的安全是當前雲端計 算運用的重要研究課題。

我們過去在雲端運算的研究已有許多成果，在本計劃中我們選定醫療資料作為 雲端資料安全探討的範例，醫療資料具有大量、增加型變動（incremental update)、

共同使用、公共利益、合理使用、授權使用、使用者隱私等安全問題，非常適合作 為雲端運算安全的探討標的。醫療資料的包含個人基本資料、就醫記錄、醫嘱事項、

用藥記錄、檢驗報告等，其中檢驗結果可能包含大量影像資料檔；醫生在記錄病歷 時多使用簡單的文字檔，這些資料一旦寫入，再變動的機會不大，病歷檔案的醫囑 事項與醫師註記多是一條一條依時間順序加上去，同時這些醫療資料可以以結構方 式來儲存。為了節省醫療成本，避免各醫院做類似的醫療行為，例如生理檢驗、電 腦斷層掃描等，醫療資料需要在不同的醫生間流傳，但是醫生並不應該取得所有的 資料，必須在合法授權與適當性上來運用可以使用的資料。醫療資料還可應用在遠 距照護及生活支援等應用上。

本計劃將針對醫療資料的高效率、高可靠及支持多樣功能的安全儲存、資料完 整性的檢測、資料授權使用、資料隱私性等問題研究，希望能夠提出完整的解決方 法，並作出雛形系統。我們主要是使用密碼的方法來解決，因為密碼一直是解決資 料安全的主要手段之一，我們將找出醫療資料的特殊特性，然後設計相關的架構及 方法。

Cloud computing is one of the most researched topics in these two years. By establishment of data center and ubiquitous networks, we can access data and computing resources anywhere at any time. However, due to sharing of data and resources, it entails challenging security problems. For example, how to make sure that the stored data are kept intact and not peered, how to share data with others in a controlled way, how to cope with the attacks started from the data and computing center, etc. It is very important to propose satisfactory solutions for these security and privacy problems before users can handle their valuable data into public/private clouds.

We have done research on cloud security problems and obtained fruitful results recently. In this project we shall study the security issues about cloud medical records. The medical records have the properties of large amount, increment update, shared use, public interest, proper use, authorized use and privacy. The medical records is composed of basic information of a patient, care records, doctor instructions, medicine records, inspection records, inspection records, etc. The inspection records may consist of large images. When a doctor writes medical records into a patient’s care records, he usually adds on instructions and comments. These instructions and comments are seldom changed later in the future. In order to reduce to medical cost, a patient’s record is circulated among doctors in different clinics and hospitals. However, the access to a patient’s medical records should be agreed by the patient. A doctor should not be able to see the whole records of a patient. He is allowed to see what are authorized and needed. The medical records can be used for remote medical care and living applications.

In this project we shall study and propose satisfactory solutions for the security and privacy issues of medical records. We shall implement a prototype to test efficiency and feasibility of our solutions. Our main techniques are from the field of cryptography. Cryptography has been an effective tool for protecting data that are handled in public, for example in public clouds or over Internets. We shall find out special features of the medical records and design suitable cryptographic schemes and protocols.