標題: 使用亂碼電路設計布林運算於安全電子醫療資料庫
Secure Boolean Computation for Electronic Medical Record using Garbled Circuits
作者: 黃世名
Huang, Shih-Ming
Tzeng, Wen-Guey
關鍵字: 電子化病歷;加密資料庫;屬性授權加密法;完整性檢測;安全兩方計算;Electronic Medical Record;Encrypted database;Secure two-party computation;Garbled Circuits
公開日期: 2015
摘要: 醫療資料電子化行之有年。在現今的社會中,人們對於醫療資源的需求不再侷限於單一區域;如何整合、管理並且適當地利用區域之間的醫療資料,使病患可以獲得最恰當的醫療服務是一個重要的議題。隨著雲端科技的成熟,將醫療資料集中於雲端儲存裝置統一管理,不僅節省管理的成本,也可以便利區域間對於醫療資料的交流與分享。但是,醫療資料含有病患的個人資料、生理資訊及病歷資訊等,需要極度重視其私密性,因此位於雲端的資料庫必頇加密以保障資料的安全性,除了病患本身能夠觀看病歷,也要讓合理身分的醫師能夠觀看病歷;為了滿足醫療資料庫的需求,雲端服務系統也必頇提供常見的資料庫操作。除此之外,為了維護醫療服務的品質,使用者需要特別注意醫療資料的正確性;在使用資料之前,應該確認雲端服務系統提供廠商有正確儲存、回傳無誤的資料。 針對上述議題,我們提出一個安全的電子醫療資料庫-SDEMR(Secure Distributed Electronic Medical Record) ,以MIT-CSAIL團隊開發的元件CryptDB[1][2][3]為基礎,採用洋蔥加密法確保雲端儲存醫療資料的私密性,同時支援常見資料庫的操作,如:新增、刪除、修改、查詢等,為了兼顧實用性和安全性,我們做了下列三項擴充: 1)新增安全的布林運算功能,採用Yao's garbled circuit[4]的觀念,讓布林運算可以外包給後端資料庫運算,而不洩漏明文資訊;2)提供了資料完整性檢測的機制,將PDP[5](Provable Data Possession)完整性檢測系統修改、融入我們的系統,此機制可檢測儲存在雲端的醫療資料是否正確無誤,為醫師看診時所參考的醫療資料,多做一層把關;3)利用MA-ABE[6] (Multi-Authority Attribute-Based Encryption)來作為存取控制機制,讓病人能夠彈性地管理其EMR,使得授權的使用者可以取用EMR而非授權的使用者便無法取用,達成在雲端儲存服務上,對EMR安全的存取控制與共享的目標。 ii 最後,我們實作了這個系統來證明我們的架構是可行的。另外,為了可以讓使用者更直覺地操作本系統,我們參照高使用度使用者介面[7]的設計原則、方法,設計網頁使用者介面取代指令命令模式,降低使用者操作的門檻。我們也參照行政院衛生福利部推動的電子病歷管理系統中的單張基本表單[8],建立表單、生成醫療資料,用以模擬我們建置的系統功能。
Electronic medical record has been used for many years. The need for medical resource is not restricted to local area. Not only how integrating, managing and making good use of data at different area but also the medical service for patients are important issues. Along with cloud computing is maturing, EMRs can be stored in cloud; by doing so, it would cut down on managing cost and exchange EMRs with others more convenient; however, we should pay attention to its privacy, because that EMR including with patient's basic, biometric and medical information. As a result, we have to encrypt EMR before storing it in cloud, and make encrypted EMR accessible not only to patient but doctor with appropriate identity. To satisfy the requirement of medical database, we have to support regular functionalities, which are common in cloud services, and leak nothing to cloud service provider while executing command and returning results. Besides that, for quality of medical service, users especially need to care about correctness of EMR; verifying that cloud service stores and provides data without any mistake before using EMR. Focusing on challenges above, we propose a secure electronic medical record database, called SDEMR(Secure Distributed Electronic Medical Record), based on CryptDB [1][2][3], developed by MIT CSAIL team. CryptDB ensures data's confidentiality and supports doing operations on ciphertext in database via onion encryption. For both usability and security, we add the following three functions: 1)secure boolean computation: utilizing the concept of Yao's garbled circuit[4], allowing user to outsource computation to database without revealing plaintext information. 2)integrity check mechanism: Embedding PDP[5] into our system, verifying whether data stored in cloud is correct or not and ensuring that EMR is not modified by attackers. 3)access control mechanism: making use of MA-ABE[6], iv letting users manage their EMR elastically and make unauthorized users impossible to access EMR. Therefore, it's achievable for EMR to be securely controlled and shared with other people in cloud. In the end, we prove our architecture is practicable by implementation. Also, for manipulating our system straightforwardly, we design user interface by referencing the principle of high usability of a user interface[7]. We also make a mini medical database to simulate our system. We followed the suggested standards from the EMRs Standard Management System of the Ministry of Health and Welfare of Executive Yuan[8] to build the records, tables etc.
Appears in Collections:Thesis