Research on a Centralized Secure Data Storage Mechanism Encompassing Privacy and Data Liquidity

View Statistics Email Alert RSS Feed

Information

Details

Project title

Code/計畫編號

NSC97-2221-E019-014

Translated Name/計畫中文名

兼顧個人隱私權與資料流通性的集中式醫療資料儲存機制研究

Project Coordinator/計畫主持人

Pei-Yih Ting

Funding Organization/主管機關

National Science and Technology Council

Department/Unit

Department of Computer Science and Engineering

Website

https://www.grb.gov.tw/search/planDetail?id=1681295

Year

2008

Start date/計畫起

01-08-2008

Expected Completion/計畫迄

31-07-2009

Bugetid/研究經費

498千元

ResearchField/研究領域

資訊科學--軟體

本計畫希望以集中式醫療資料庫為主要研究對象，探討如何在不需信任資料庫主機的情況下，藉由特殊的可搜尋式密碼系統維護資料的私密性，並且提昇資料特徵的可共享性質。傳統上資料存放於遠端資料庫時都假設資料庫主機為可信賴的，亦即主機不會偷看、洩漏、篡改、或是隱藏資料內容，資料庫主機在使用者查詢資料時也不會擷取相關訊息；但是隨著越來越多的隱私資料因為主機的管理不當或駭客入侵而外洩，導致極大的損失，讓我們重新思考遠端資料儲存的安全性是否需要更加強健，當使用者透過網路存取遠端資料庫上存放的資料時，其他任何人儘管擁有主機的控管權限也無法竊取使用者的個人資料；此外還需要克服當資料以密文形式儲存時所失去的資料搜尋、統計的好處，如此除了促進醫療資源共用，還可以提供病人、醫生與衛生主管機關更有效率地應用所儲存的病歷資料。本研究希望實作基於確定式加密、機率式加密、以及密文可搜尋加密系統 (包括基於傳統加密系統以及基於雙線性配對橢圓曲線加密系統) 的病歷資料庫，為了方便日後查詢的有效性，也將設計要求使用者提出部份資料正確性的零知識證明，嘗試設計較合理有效的複合查詢，例如 AND, OR 或是多個查詢的一般邏輯組合，也將嘗試設計有時限的關鍵字查詢,另外我們也將嘗試設計加速密文比對的索引方法，考量實作面上如何配合智慧卡記錄病人以及醫生的私密查詢金鑰，並深入分析各種可能的方式所需要的資源與其效能。In this project, we take the centralized medical database as the target and design an encrypted data storage system such that, without the assumption of the trusted server, not only the privacy of the data can be suitably protected but the data can still be investigated under limited data-mining requirements. Traditionally, central data storage means that we implicitly assume that the server should not reveal, alter, or hide the contents of any stored user data or extract related information from user’s queries. More and more private data leakage incidents, which often led to great damages to a private sector like a person or a company, occurred because of reckless management of the server or the compromise by hackers. It is important to reconsider the enhancement of the security of the data storage system. When a user access the remote database through the network, other users, including the one with system administrative privileges, cannot lay their fingers over the data. In this proposal, we will investigate various mechanisms of data sharing, data storage, and data query without resorting to a trusted server. The implementations will be based on cryptographic techniques such as deterministic encryption, probabilistic encryption, and encryption schemes that support ciphertext keyword searching (including scheme based on traditional encryption system and schemes based on bilinear pairing elliptic curve encryption system). We will analyze the required resources, the computation time, and the performance of several implementation schemes.

Keyword(s)

醫療病歷資料庫
確定式加密系統
機率式加密系統
密文可搜尋加密系統
雙線性配對加密系統
shared medical database
deterministic encryption system
probabilisticencryption system
public encryption keyword search system
bilinear pairingelliptic curve encryption system

DSpace CRIS

Research on a Centralized Secure Data Storage Mechanism Encompassing Privacy and Data Liquidity

Details

Description