CN111162894B - Statistical analysis method for outsourcing cloud storage medical data aggregation with privacy protection - Google Patents

Statistical analysis method for outsourcing cloud storage medical data aggregation with privacy protection Download PDF

Info

Publication number
CN111162894B
CN111162894B CN201911420366.3A CN201911420366A CN111162894B CN 111162894 B CN111162894 B CN 111162894B CN 201911420366 A CN201911420366 A CN 201911420366A CN 111162894 B CN111162894 B CN 111162894B
Authority
CN
China
Prior art keywords
medical data
data
ciphertext
cloud server
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911420366.3A
Other languages
Chinese (zh)
Other versions
CN111162894A (en
Inventor
张晓均
张经伟
李岚茜
周子玉
郑爽
黄超
赵芥
杨文井
刘婉怡
黄琴
郝云溥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southwest Petroleum University
Original Assignee
Southwest Petroleum University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southwest Petroleum University filed Critical Southwest Petroleum University
Priority to CN201911420366.3A priority Critical patent/CN111162894B/en
Publication of CN111162894A publication Critical patent/CN111162894A/en
Application granted granted Critical
Publication of CN111162894B publication Critical patent/CN111162894B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H50/00ICT specially adapted for medical diagnosis, medical simulation or medical data mining; ICT specially adapted for detecting, monitoring or modelling epidemics or pandemics
    • G16H50/70ICT specially adapted for medical diagnosis, medical simulation or medical data mining; ICT specially adapted for detecting, monitoring or modelling epidemics or pandemics for mining of medical data, e.g. analysing previous cases of other patients
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Medical Informatics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Public Health (AREA)
  • Evolutionary Computation (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Evolutionary Biology (AREA)
  • Biomedical Technology (AREA)
  • Databases & Information Systems (AREA)
  • Artificial Intelligence (AREA)
  • Pathology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Epidemiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Primary Health Care (AREA)
  • Medical Treatment And Welfare Office Work (AREA)
  • Measuring And Recording Apparatus For Diagnosis (AREA)

Abstract

The invention discloses a statistical analysis method for outsourcing cloud storage medical data aggregation with privacy protection, which is used for carrying out homomorphic aggregation operation on outsourcing encrypted medical data to a remote cloud server while effectively ensuring confidentiality and privacy of user sensitive data, so that a medical data analysis center can effectively verify the integrity and correctness of cloud server outsourcing homomorphic encrypted data aggregation. And the medical data analysis center can obtain statistical analysis results such as variance, mean value and the like of the original medical data of all corresponding users only by two times of decryption calculation, so that the calculation cost of the medical data analysis center is greatly reduced.

Description

Statistical analysis method for outsourcing cloud storage medical data aggregation with privacy protection
Technical Field
The invention relates to the field of medical big data analysis and information security guarantee, in particular to a statistical analysis method for outsourcing cloud storage medical data aggregation with privacy protection.
Background
Development and change of emerging information communication technologies and information perception modes such as mobile internet, internet of things, cloud computing and robots profoundly change the traditional medical and health service mode. In the process, medical data is gradually released, intelligent medical treatment and accurate medical treatment brought by big data are started to cover more directions, and the method plays more important roles in the aspects of comparative effect research of clinical operation, clinical decision support systems, medical data transparency, remote patient monitoring, advanced analysis of patient files and the like. Meanwhile, with the application and development of emerging technologies such as regional medical treatment, mobile medical treatment and conversion medical treatment, the clinical detection data in electronic medical records, electronic health files, conversion genes and intensive care units, and even the data such as personal health state records sensed by wearable sensors are all increased explosively. Cloud storage and cloud computing technologies in a manner that alleviates the storage pressure of a sudden increase in medical data by virtue of their ease of access and lower cost. While cloud storage has these advantages, it also poses a new security threat to outsourced medical data for patients.
Meanwhile, the pressure of the big data is converted into the data advantage by carrying out big data analysis on the medical data, so that billions of accumulated medical data become standard medical decision bases which can be called at any time when a doctor diagnoses, and the method becomes an effective way for improving diagnosis and treatment efficiency, reducing avoidable personal errors and relieving the problem of uneven distribution of medical resources. However, most of the data of the health care data is usually in a ciphertext mode due to the sensitivity of the health care data. When ciphertext data is analyzed, the ciphertext data needs to be decrypted first and then analyzed due to the unavailability of the ciphertext, and in the case of larger data, it is impractical to sequentially decrypt the ciphertext data. How to analyze data in the case of ciphertext is a problem to be solved.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a statistical analysis method for outsourcing cloud storage medical data aggregation with privacy protection, which effectively ensures the confidentiality and privacy of user sensitive data and simultaneously sends outsourcing encrypted medical data to a remote cloud server to perform homomorphic aggregation operation on the outsourcing encrypted medical data, so that a medical data analysis center can effectively verify the integrity and the correctness of the cloud server outsourcing homomorphic encrypted data aggregation, and can analyze the variance and the mean of the sensitive medical data by only two times of decryption, thereby greatly reducing the calculation overhead.
The purpose of the invention is realized by the following technical scheme:
the statistical analysis method for the outsourcing cloud storage medical data aggregation with privacy protection comprises the following steps:
s1: initializing a system:
the trusted center TA sets password security parameters related in the method, including bilinear pairings, elliptic curves and generating elements defined on the elliptic curves; meanwhile, the trusted center TA distributes a public key and a private key for the medical data analysis center, generates a public and private key pair for signing the medical data ciphertext for each medical user, and distributes the private key for signing the medical data ciphertext to the corresponding user through a secure channel;
s2: medical data encryption and signature uploading:
designing a homomorphic encryption algorithm, so that a user can encrypt sensitive medical data by using a public key of a medical data analysis center to generate a ciphertext; meanwhile, a homomorphic linear aggregation signature algorithm based on an elliptic curve is designed, and a corresponding digital signature is generated for the ciphertext of each sensitive medical data; finally, outsourcing and storing the sensitive medical data ciphertext and the digital signature of each user in a remote cloud server;
s3: homomorphic aggregation of encrypted medical data:
in the data aggregation stage, when a medical data analysis center needs to analyze a certain type of sensitive medical data, the medical data analysis center generates a random sequence which is used as challenge information and sent to a cloud server, and then the cloud server aggregates signature data of the type of sensitive medical data by combining the challenge information to obtain a single signature aggregation value; meanwhile, the cloud server multiplies each ciphertext data by using the addition homomorphism and multiplication homomorphism characteristics of the encryption system to obtain a ciphertext aggregate value, and multiplies each ciphertext by a result obtained by executing bilinear pairing operation once per se to obtain another ciphertext aggregate value; finally, the cloud server sends the signature aggregation value and the ciphertext aggregation value to a medical data analysis center;
s4: verification and homomorphic aggregated data decryption:
the signature verification algorithm based on the elliptic curve has the characteristic of batch verification, and the medical data analysis center can verify the integrity of data only through three times of bilinear pairing operation; then, decrypting the aggregated data to obtain the cumulative sum of all the medical data and the original square sum;
s5: medical statistical analysis:
the medical data analysis center obtains the variance and the mean value of the sensitive medical data through statistical analysis, so that the health condition of the user is analyzed.
In step S1, the specific initialization steps are as follows:
s101: trusted center TA sets bilinear pairings mapping e Ga×Ga→GbWherein G isaIs a cyclic group of n factorial method, G is GaA generator of (1), GbIs a bilinear pairwise mapped image set; selecting large prime p with equal length1And p2Satisfy n ═ p1p2(ii) a Get GaP of (a)1Generator of order subgroup
Figure GDA0002661085980000021
TA public key pk ═ (n, G)a,GbE, g, x), the private key sk is set to p over the secure channel1Sending the data to a medical data analysis center;
s102: is defined in a finite field FPThe elliptic curve E above, where p is a large prime number, and another bilinear pairwise mapping is set based on the elliptic curve:
Figure GDA0002661085980000022
G1×G1→G2where V is an elliptic curve-based q-order addition cycle group G1A generator of (2);
the number of users with certain type of medical data uploaded to the cloud server is set as N, and for the ith user, the trusted center generates a private key z for the ith useri∈ZqAnd calculates the public key Ui=ziV, setting two anti-collision hash functions H1:{0,1}*→G1,H2:
Figure GDA0002661085980000031
Trusted center TA disclosure { V, UiAnd pass the private key z through a secure channeliAnd sending the data to the corresponding user.
In step S2, when the ith user wants to upload medical data to the cloud server, first, the public key of the medical data analysis center is used to encrypt the medical data by using a homomorphic encryption algorithm to generate a ciphertext; secondly, performing digital signature on the ciphertext data by using a private key of a user according to the type of the medical data; finally, the ciphertext and the corresponding signature data are uploaded to a cloud server; the specific encryption and signature steps include:
s201: for message m needing encryptioniRequires miThe maximum value T taken is less than p2Selecting a random number si∈ZnThen calculates the ciphertext
Figure GDA0002661085980000032
Wherein Enc is an improved BGN homomorphic encryption algorithm;
s202: calculating the digital signature sigma of the ciphertexti=(zi+H2(ci))H1(type), wherein type is a type of medical data;
s203: combining signature data and ciphertext data [ sigma ]i,ciSend them together to the cloud server.
In step S3, when a medical data analysis center needs to analyze a certain type of sensitive medical data, a random sequence { t ] containing l pseudo random numbers is generated by a pseudo random number generator1,t2,…,tl-2Alpha, beta, sending the medical data type and the random sequence as challenge information to the cloud server; then the cloud server carries out aggregation respectively according to the ciphertext data of the N users on the type medical data, the signatures corresponding to the data and the public keys of the users; the specific polymerization process comprises the following steps:
s301: the cloud server uses the homomorphism addition property of the improved BGN homomorphic encryption algorithm to aggregate the ciphertext data of the N users:
Figure GDA0002661085980000033
s302: applying homomorphic multiplication property of improved BGN homomorphic encryption algorithm and operation property of bilinear pairs to each ciphertext Enc (m)i,si) Performing bilinear pairing operation and then aggregating:
Figure GDA0002661085980000034
Figure GDA0002661085980000041
s303: based on the aggregated value and the challenge information, the cloud server calculates a new random number tl-1=H2(SC + alpha) and tl=H2(QSC + β), further based on a random sequence { t }1,t2,…,tl-2,tl-1,tlAggregating N signature data
Figure GDA0002661085980000042
Where j ═ i-1) mod +1, and calculating
Figure GDA0002661085980000043
And will { σ12…σNCorresponding public key (U)1,U2…UNConducting polymerization
Figure GDA0002661085980000044
And finally, sending the { sigma, c, U, N, SC, QSC } to a medical data analysis center.
In step S4, after the medical data analysis center receives the aggregated data sent by the cloud server, the medical data analysis center performs data integrity verification and decrypts the ciphertext aggregated value SC and QSC, which specifically includes the following steps:
s401: calculating tl-1=H2(SC + alpha) and tl=H2(QSC + beta), and then aggregating the random numbers
Figure GDA0002661085980000045
Where j ═ i-1) mod +1, it is verified whether the following equation holds:
Figure GDA0002661085980000046
s402: once the validation equation is established, the medical data analysis center employs an improved Pollard decryption method, i.e., limiting the plaintext m to T, using the private key sk p1Performing conditional exhaustive brute force cracking with a time complexity of
Figure GDA0002661085980000047
Can effectively solve discrete logarithm
Figure GDA0002661085980000048
And then the sum of the sensitive medical data can be recovered
Figure GDA0002661085980000049
Also in time complexity
Figure GDA00026610859800000410
Can effectively solve discrete logarithm
Figure GDA00026610859800000411
The sum of squares of the sensitive medical data can be recovered
Figure GDA00026610859800000412
In step S5, the medical data analysis center performs analysis of variance on the medical data according to the statistical analysis method for the medical data:
Figure GDA00026610859800000413
and (3) mean value analysis:
Figure GDA00026610859800000414
the statistical analysis of outsourcing cloud storage medical data aggregation with privacy protection is achieved.
The invention has the beneficial effects that:
the invention provides a statistical analysis method for the aggregation of outsourcing cloud storage medical data with privacy protection. Meanwhile, a ciphertext aggregation method is constructed according to the addition homomorphism property and the multiplication homomorphism property of the improved BGN homomorphic encryption algorithm, so that the medical data analysis center can perform variance analysis and mean analysis on data only by decrypting twice. And most of calculation can be finished at the cloud end, so that the calculation pressure of the medical data analysis center is greatly reduced, and the calculation efficiency is improved. On the other hand, in order to realize verifiable functions, the method designs a signature verification method based on elliptic curves to ensure the integrity of medical data of the user. When the user uploads the ciphertext medical data to the cloud, the user needs to sign the ciphertext data and then upload the ciphertext data. When the medical data analysis center needs to verify the integrity of the medical data, the medical data analysis center executes a verification equation according to the signature value and the ciphertext aggregated by the cloud and the user public key, and whether the data is tampered, replaced and destroyed in the processing and transmission process can be judged only by three times of bilinear pairing operation. The method has good application prospect in the field of medical big data analysis and information security fusion.
The method can effectively ensure confidentiality and privacy of the user sensitive data, and simultaneously outsource encrypted medical data to the remote cloud server for homomorphic aggregation operation. Therefore, the medical data analysis center can effectively verify the integrity and the correctness of the cloud server outsourced homomorphic encrypted data aggregation, and the medical data analysis center can obtain statistical analysis results such as the variance and the mean of the original medical data of all corresponding users only by carrying out decryption calculation twice, so that the calculation overhead of the medical data analysis center is greatly reduced.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
The invention provides a technical scheme that: a statistical analysis method for outsourcing cloud storage medical data aggregation with privacy protection specifically comprises the following five steps: the method comprises the steps of system initialization, medical data encryption and signature uploading, homomorphic aggregation of encrypted medical data, verification and homomorphic aggregation data decryption, and medical statistical analysis.
A system initialization stage: the trust center TA sets the cryptographic security parameters involved in the inventive method, including bilinear pairings, elliptic curves, and generator elements defined on the elliptic curves. Meanwhile, the trusted center TA distributes a public key and a private key to the medical data analysis center, generates a public-private key pair for signing the medical data ciphertext for each medical user, and distributes the private key for signing the medical data ciphertext to the corresponding user through a secure channel.
Medical data encryption and signature uploading: the homomorphic encryption algorithm is designed in the method, so that a user can encrypt sensitive medical data by using a public key of a medical data analysis center to generate a ciphertext; meanwhile, the homomorphic linear aggregation signature algorithm based on the elliptic curve is designed in the method, and a corresponding digital signature is generated for the ciphertext of each sensitive medical data. And finally, outsourcing and storing the sensitive medical data ciphertext and the digital signature of each user in a remote cloud server.
Homomorphic aggregation of encrypted medical data: in the data aggregation stage, when the medical data analysis center needs to analyze a certain type of sensitive medical data, the medical data analysis center generates a random sequence which is used as challenge information and sent to the cloud server, and then the cloud server combines the challenge information to aggregate signature data of the type of sensitive medical data to obtain a single signature aggregation value. Meanwhile, the cloud server multiplies each ciphertext data by using the addition homomorphism and multiplication homomorphism characteristics of the encryption system to obtain a ciphertext aggregate value, and multiplies each ciphertext by a result obtained by executing bilinear pairing operation once per se to obtain another ciphertext aggregate value. And finally, the cloud server sends the signature aggregation value and the ciphertext aggregation value to the medical data analysis center together.
In the verification and data aggregation decryption stages, the elliptic curve-based signature verification algorithm designed by the invention has the characteristic of batch verification, and the medical data analysis center can verify the integrity of data only through three bilinear pairwise operations. And then decrypting the aggregated data to obtain the cumulative value and the original sum of squares of all the medical data, and further obtaining the variance and the mean of the sensitive medical data through statistical analysis by a medical data analysis center, thereby analyzing the health condition of the user.
Specifically, the steps of the invention are divided into five parts:
initializing a system: the trust center TA generates system public parameters for encryption and signature verification. Some of the secret parameters are then sent to the medical data analysis center, and the corresponding user. The specific initialization steps are as follows:
(1) trusted center TA sets bilinear pairings mapping e Ga×Ga→GbWherein G isaIs a cyclic group of n factorial method, G is GaA generator of (1), GbIs a bilinear pair mapped image set. Selecting large prime p with equal length1And p2Satisfy n ═ p1p2. Get GaP of (a)1Generator of order subgroup
Figure GDA0002661085980000061
TA public key pk ═ (n, G)a,GbE, g, x), the private key sk is set to p over the secure channel1And sending the data to a medical data analysis center.
(2) Is defined in a finite field FP(p is a large prime number) and sets another bilinear pairwise mapping based on the elliptic curve E:
Figure GDA0002661085980000062
G1×G1→G2where V is an elliptic curve-based q-order addition cycle group G1The generator of (1). The number of users with certain type of medical data uploaded to the cloud server is set as N, and for the ith user, the trusted center generates a private key z for the ith useri∈ZqAnd calculates the public key Ui=ziAnd V. Setting two collision-resistant hash functions H1:{0,1}*→G1,H2:
Figure GDA0002661085980000063
Trusted center (TA) publishes { V, UiAnd pass the private key z through a secure channeliSent to the corresponding user handAnd (c) removing the residue.
Medical data encryption and signature uploading: when the ith user uploads medical data to the cloud server, the medical data is encrypted by using a homomorphic encryption algorithm by using a public key of the medical data analysis center to generate a ciphertext. And secondly, digitally signing the ciphertext data by using a private key of the user according to the category of the medical data. And finally, uploading the ciphertext and the corresponding signature data to a cloud server. The specific encryption and signature steps are as follows:
1. for message m needing encryptioniRequires miThe maximum value T taken is less than p2Selecting a random number si∈ZnThen calculates the ciphertext
Figure GDA0002661085980000064
Wherein Enc is a modified BGN homomorphic encryption algorithm.
2. Then, the digital signature sigma of the ciphertext is calculatedi=(zi+H2(ci))H1(type), wherein type is the type of medical data.
3. Finally, signature data and ciphertext data { sigmai,ciSend them together to the cloud server.
Homomorphic aggregation of encrypted medical data: when a medical data analysis center needs to analyze sensitive medical data of a certain type, a random sequence t containing l pseudo-random numbers is generated by a pseudo-random number generator1,t2,…,tl-2And alpha and beta, and sending the medical data type and the random sequence to the cloud server as challenge information. And then the cloud server carries out aggregation respectively according to the ciphertext data of the N users on the type medical data, the signatures corresponding to the data and the public keys of the users. The specific polymerization process is as follows:
(1) firstly, the cloud server uses the homomorphism addition property of the improved BGN homomorphic encryption algorithm to aggregate ciphertext data of N users:
Figure GDA0002661085980000071
(2) and applying homomorphic multiplication property of the improved BGN homomorphic encryption algorithm and operation property of bilinear pairs to each ciphertext Enc (m)i,si) Performing bilinear pairing operation and then aggregating:
Figure GDA0002661085980000072
(3) based on the aggregated value and the challenge information, the cloud server calculates a new random number tl-1=H2(SC + alpha) and tl=H2(QSC + β), further based on a random sequence { t }1,t2,…,tl-2,tl-1,tlAggregating N signature data
Figure GDA0002661085980000073
Where j ═ i-1) mod +1, and calculating
Figure GDA0002661085980000074
And will { σ12…σNCorresponding public key (U)1,U2…UNConducting polymerization
Figure GDA0002661085980000075
And finally, sending the { sigma, c, U, N, SC, QSC } to a medical data analysis center.
Authentication and aggregated data decryption: after the medical data analysis center receives the aggregated data sent by the cloud server, the medical data analysis center performs data integrity verification and decrypts the ciphertext aggregated value SC and the QSC.
(1) First calculate tl-1=H2(SC + alpha) and tl=H2(QSC + beta), and then aggregating the random numbers
Figure GDA0002661085980000081
Where j ═ i-1) mod +1, it was verified whether the following equation holds
Figure GDA0002661085980000082
(2) Once the validation equation is established, the medical data analysis center employs an improved Pollard decryption method, i.e., limiting the plaintext m to T, using the private key sk p1Performing conditional exhaustive brute force cracking with a time complexity of
Figure GDA0002661085980000083
Can effectively solve discrete logarithm
Figure GDA0002661085980000084
And then the sum of the sensitive medical data can be recovered
Figure GDA0002661085980000085
Also in time complexity
Figure GDA0002661085980000086
Can effectively solve discrete logarithm
Figure GDA0002661085980000087
The sum of squares of the sensitive medical data can be recovered
Figure GDA0002661085980000088
The code of the improved lambda decryption method of Pollard is as follows:
Figure GDA0002661085980000089
Figure GDA0002661085980000091
medical statistical analysis: finally, the medical data analysis center carries out statistical analysis on the medical data according to the medical data statistical analysis method
Analysis of variance:
Figure GDA0002661085980000092
and (3) mean value analysis:
Figure GDA0002661085980000093
therefore, the method provided by the invention realizes the statistical analysis of outsourcing cloud storage medical data aggregation with privacy protection.
And (3) correctness proof:
Figure GDA0002661085980000094
the invention provides a statistical analysis method for the aggregation of outsourcing cloud storage medical data with privacy protection. Meanwhile, a ciphertext aggregation method is constructed according to the addition homomorphism property and the multiplication homomorphism property of the improved BGN homomorphic encryption algorithm, so that the medical data analysis center can perform variance analysis and mean analysis on data only by decrypting twice. And most of calculation can be finished at the cloud end, so that the calculation pressure of the medical data analysis center is greatly reduced, and the calculation efficiency is improved. On the other hand, in order to realize verifiable functions, the method designs a signature verification method based on elliptic curves to ensure the integrity of medical data of the user. When the user uploads the ciphertext medical data to the cloud, the user needs to sign the ciphertext data and then upload the ciphertext data. When the medical data analysis center needs to verify the integrity of the medical data, the medical data analysis center executes a verification equation according to the signature value and the ciphertext aggregated by the cloud and the user public key, and whether the data is tampered, replaced and destroyed in the processing and transmission process can be judged only by three times of bilinear pairing operation. The method has good application prospect in the field of medical big data analysis and information security fusion.
The foregoing is illustrative of the preferred embodiments of this invention, and it is to be understood that the invention is not limited to the precise form disclosed herein and that various other combinations, modifications, and environments may be resorted to, falling within the scope of the concept as disclosed herein, either as described above or as apparent to those skilled in the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (1)

1. The statistical analysis method for the outsourcing cloud storage medical data aggregation with privacy protection is characterized by comprising the following steps:
s1: initializing a system:
the trusted center TA sets password security parameters related in the method, including bilinear pairings, elliptic curves and generating elements defined on the elliptic curves; meanwhile, the trusted center TA distributes a public key and a private key for the medical data analysis center, generates a public and private key pair for signing the medical data ciphertext for each medical user, and distributes the private key for signing the medical data ciphertext to the corresponding user through a secure channel;
in step S1, the specific initialization steps are as follows:
s101: trusted center TA sets bilinear pairings mapping e Ga×Ga→GbWherein G isaIs a cyclic group of n factorial method, G is GaA generator of (1), GbIs a bilinear pairwise mapped image set; selecting large prime p with equal length1And p2Satisfy n ═ p1p2(ii) a Get GaP of (a)1Generator of order subgroup
Figure FDA0002661085970000013
TA public key pk ═ (n, G)a,GbE, g, x), the private key sk is set to p over the secure channel1Sending the data to a medical data analysis center;
s102: is defined in a finite field FPThe elliptic curve E above, where p is a large prime number, is based onAnother bilinear pair mapping is set:
Figure FDA0002661085970000011
where V is an elliptic curve-based q-order addition cycle group G1A generator of (2);
the number of users with certain type of medical data uploaded to the cloud server is set as N, and for the ith user, the trusted center generates a private key z for the ith useri∈ZqAnd calculates the public key Ui=ziV, setting two anti-collision hash functions H1:{0,1}*→G1
Figure FDA0002661085970000012
Trusted center TA disclosure { V, UiAnd pass the private key z through a secure channeliSending the data to a corresponding user;
s2: medical data encryption and signature uploading:
designing a homomorphic encryption algorithm, so that a user can encrypt sensitive medical data by using a public key of a medical data analysis center to generate a ciphertext; meanwhile, a homomorphic linear aggregation signature algorithm based on an elliptic curve is designed, and a corresponding digital signature is generated for the ciphertext of each sensitive medical data; finally, outsourcing and storing the sensitive medical data ciphertext and the digital signature of each user in a remote cloud server;
in step S2, when the ith user wants to upload medical data to the cloud server, first, the public key of the medical data analysis center is used to encrypt the medical data by using a homomorphic encryption algorithm to generate a ciphertext; secondly, performing digital signature on the ciphertext data by using a private key of a user according to the type of the medical data; finally, the ciphertext and the corresponding signature data are uploaded to a cloud server; the specific encryption and signature steps include:
s201: for message m needing encryptioniRequires miThe maximum value T taken is less than p2Selecting a random number si∈ZnThen calculates the ciphertext
Figure FDA0002661085970000023
Wherein Enc is an improved BGN homomorphic encryption algorithm;
s202: calculating the digital signature sigma of the ciphertexti=(zi+H2(ci))H1(type), wherein type is a type of medical data;
s203: combining signature data and ciphertext data [ sigma ]i,ciSending the data to the cloud server together;
s3: homomorphic aggregation of encrypted medical data:
in the data aggregation stage, when a medical data analysis center needs to analyze a certain type of sensitive medical data, the medical data analysis center generates a random sequence which is used as challenge information and sent to a cloud server, and then the cloud server aggregates signature data of the type of sensitive medical data by combining the challenge information to obtain a single signature aggregation value; meanwhile, the cloud server multiplies each ciphertext data by using the addition homomorphism and multiplication homomorphism characteristics of the encryption system to obtain a ciphertext aggregate value, and multiplies each ciphertext by a result obtained by executing bilinear pairing operation once per se to obtain another ciphertext aggregate value; finally, the cloud server sends the signature aggregation value and the ciphertext aggregation value to a medical data analysis center;
in step S3, when a medical data analysis center needs to analyze a certain type of sensitive medical data, a random sequence { t ] containing l pseudo random numbers is generated by a pseudo random number generator1,t2,…,tl-2Alpha, beta, sending the medical data type and the random sequence as challenge information to the cloud server; then the cloud server carries out aggregation respectively according to the ciphertext data of the N users on the type medical data, the signatures corresponding to the data and the public keys of the users; the specific polymerization process comprises the following steps:
s301: the cloud server uses the homomorphism addition property of the improved BGN homomorphic encryption algorithm to aggregate the ciphertext data of the N users:
Figure FDA0002661085970000021
s302: applying homomorphic multiplication property of improved BGN homomorphic encryption algorithm and operation property of bilinear pairs to each ciphertext Enc (m)i,si) Performing bilinear pairing operation and then aggregating:
Figure FDA0002661085970000022
Figure FDA0002661085970000031
s303: based on the aggregated value and the challenge information, the cloud server calculates a new random number tl-1=H2(SC + alpha) and tl=H2(QSC + β), further based on a random sequence { t }1,t2,…,tl-2,tl-1,tlAggregating N signature data
Figure FDA0002661085970000032
Where j ═ i-1) mod l +1, and calculating
Figure FDA0002661085970000033
And will { σ12…σNCorresponding public key (U)1,U2…UNConducting polymerization
Figure FDA0002661085970000034
Finally, the { sigma, c, U, N, SC, QSC } is sent to a medical data analysis center;
s4: verification and homomorphic aggregated data decryption:
the signature verification algorithm based on the elliptic curve has the characteristic of batch verification, and the medical data analysis center can verify the integrity of data only through three times of bilinear pairing operation; then, decrypting the aggregated data to obtain the cumulative sum of all the medical data and the original square sum;
in step S4, after the medical data analysis center receives the aggregated data sent by the cloud server, the medical data analysis center performs data integrity verification and decrypts the ciphertext aggregated value SC and QSC, which specifically includes the following steps:
s401: calculating tl-1=H2(SC + alpha) and tl=H2(QSC + beta), and then aggregating the random numbers
Figure FDA0002661085970000035
Where j ═ i-1) mod l +1, it is verified whether the following equation holds:
Figure FDA0002661085970000036
s402: once the validation equation is established, the medical data analysis center employs an improved Pollard decryption method, i.e., limiting the plaintext m to T, using the private key sk p1Performing conditional exhaustive brute force cracking with a time complexity of
Figure FDA0002661085970000037
Can effectively solve discrete logarithm
Figure FDA0002661085970000038
And then the sum of the sensitive medical data can be recovered
Figure FDA0002661085970000039
Also in time complexity
Figure FDA00026610859700000310
Can effectively solve discrete logarithm
Figure FDA00026610859700000311
The sum of squares of the sensitive medical data can be recovered
Figure FDA00026610859700000312
S5: medical statistical analysis:
the medical data analysis center obtains the variance and the mean value of the sensitive medical data through statistical analysis, so that the health condition of the user is analyzed;
in step S5, the medical data analysis center performs analysis of variance on the medical data according to the statistical analysis method for the medical data:
Figure FDA00026610859700000313
and (3) mean value analysis:
Figure FDA0002661085970000041
CN201911420366.3A 2019-12-31 2019-12-31 Statistical analysis method for outsourcing cloud storage medical data aggregation with privacy protection Active CN111162894B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911420366.3A CN111162894B (en) 2019-12-31 2019-12-31 Statistical analysis method for outsourcing cloud storage medical data aggregation with privacy protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911420366.3A CN111162894B (en) 2019-12-31 2019-12-31 Statistical analysis method for outsourcing cloud storage medical data aggregation with privacy protection

Publications (2)

Publication Number Publication Date
CN111162894A CN111162894A (en) 2020-05-15
CN111162894B true CN111162894B (en) 2020-11-10

Family

ID=70560391

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911420366.3A Active CN111162894B (en) 2019-12-31 2019-12-31 Statistical analysis method for outsourcing cloud storage medical data aggregation with privacy protection

Country Status (1)

Country Link
CN (1) CN111162894B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111931249B (en) * 2020-09-22 2021-01-08 西南石油大学 Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism
CN111930688B (en) * 2020-09-23 2021-01-08 西南石油大学 Method and device for searching secret data of multi-keyword query in cloud server
CN112491529B (en) * 2020-11-12 2022-03-29 安徽工业大学 Data file encryption and integrity verification method and system used in untrusted server environment
CN113114451B (en) * 2021-03-04 2023-04-07 西安交通大学 Data statistical analysis method and system for enterprise cloud ERP system based on homomorphic encryption
CN114417419B (en) * 2022-01-24 2024-05-31 哈尔滨工业大学(深圳) Method for aggregating medical data stored in outsourced cloud with security authorization and privacy protection
CN115225357B (en) * 2022-07-12 2023-09-01 浙江工商大学 Verifiable privacy protection multi-subset data aggregation method
CN115473699B (en) * 2022-08-22 2024-04-30 湖北工业大学 Distributed privacy protection pairing T-test method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103023637A (en) * 2012-12-25 2013-04-03 电子科技大学 Encryption and search method for revocable keyword search public keys in cloud storage
CN104601586A (en) * 2015-01-29 2015-05-06 西安电子科技大学 Publicly verifiable outsourcing statistical method
CN104967517A (en) * 2015-07-24 2015-10-07 电子科技大学 Network data aggregation method for wireless sensor
CN107592311A (en) * 2017-09-18 2018-01-16 西南石油大学 Towards the cloud storage medical treatment big data lightweight batch auditing method of wireless body area network
CN109474610A (en) * 2018-12-07 2019-03-15 西南石油大学 The identifiable key exchange method of anonymity based on smart grid
CN109584978A (en) * 2018-10-26 2019-04-05 西安邮电大学 Based on signature Polymeric medical health monitoring network model information processing method and system
CN109714153A (en) * 2019-02-01 2019-05-03 铜陵学院 A kind of efficient aggregate signature method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103023637A (en) * 2012-12-25 2013-04-03 电子科技大学 Encryption and search method for revocable keyword search public keys in cloud storage
CN104601586A (en) * 2015-01-29 2015-05-06 西安电子科技大学 Publicly verifiable outsourcing statistical method
CN104967517A (en) * 2015-07-24 2015-10-07 电子科技大学 Network data aggregation method for wireless sensor
CN107592311A (en) * 2017-09-18 2018-01-16 西南石油大学 Towards the cloud storage medical treatment big data lightweight batch auditing method of wireless body area network
CN109584978A (en) * 2018-10-26 2019-04-05 西安邮电大学 Based on signature Polymeric medical health monitoring network model information processing method and system
CN109474610A (en) * 2018-12-07 2019-03-15 西南石油大学 The identifiable key exchange method of anonymity based on smart grid
CN109714153A (en) * 2019-02-01 2019-05-03 铜陵学院 A kind of efficient aggregate signature method

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
A Secure Privacy-Preserving Data Aggregation Scheme Based on Bilinear ElGamal Cryptosystem for Remote Health Monitoring Systems;ANEES ARA等;《IEEE》;20170724;全文 *
CIPPPA: Conditional Identity Privacy-Preserving Public Auditing for Cloud-Based WBANs against Malicious Auditors;Xiaojun Zhang等;《IEEE》;20190930 *
DOPIV: Post-quantum Secure Identity-based Data Outsourcing with Public Integrity Verification in Cloud Storage;Xiaojun Zhang等;《IEEE》;20190919;全文 *
私有信息检索中若干关键技术的研究;李文娟;《中国优秀硕士学位论文全文数据库 信息科技辑》;20121015;第一至六章 *

Also Published As

Publication number Publication date
CN111162894A (en) 2020-05-15

Similar Documents

Publication Publication Date Title
CN111162894B (en) Statistical analysis method for outsourcing cloud storage medical data aggregation with privacy protection
Wang et al. An efficient and privacy-preserving outsourced support vector machine training for internet of medical things
CN108737115B (en) Private attribute set intersection solving method with privacy protection
Nagarajan et al. Secure data transmission in internet of medical things using RES-256 algorithm
CN111931249B (en) Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism
JP3794457B2 (en) Data encryption / decryption method
CN115987592A (en) Block chain-based mobile medical internet of things fine-grained access control method and system
Hahn et al. Trustworthy delegation toward securing mobile healthcare cyber-physical systems
CN111865555B (en) Homomorphic encryption method based on k-Lin hypothesis
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
CN111079178B (en) Method for desensitizing and backtracking trusted electronic medical record
CN110198216B (en) Incremental truth value discovery method and device for protecting privacy, computer equipment and storage medium
Aswathy et al. A design of lightweight ECC based cryptographic algorithm coupled with linear congruential method for resource constraint area in IoT
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
CN109743706B (en) Data aggregation method with validity verification function in Internet of things environment
JP5633563B2 (en) Cryptography with parameterization on elliptic curves
CN116488806A (en) Key encapsulation method, device, equipment and storage medium
CN114157474B (en) Online health information acquisition method with anonymity and untraceability
CN112906020B (en) Grid-based distributed re-linearization public key generation method
CN111797907B (en) Safe and efficient SVM privacy protection training and classification method for medical Internet of things
CN115085899A (en) Multi-disease privacy protection medical pre-diagnosis method and system based on partial homomorphic encryption
Purnamasari et al. Secure data sharing scheme using identity-based encryption for e-health record
Tiwari et al. Physiological value based privacy preservation of patient’s data using elliptic curve cryptography
CN111431711B (en) Lightweight CPABE method for fixing key length
JP7272439B2 (en) CRYPTOGRAPHIC SYSTEM, FUNCTION VALUE CALCULATION METHOD AND PROGRAM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant