簡易檢索 / 詳目顯示
| 研究生: |
賴廷恩 Lai, Ting-En |
|---|---|
| 論文名稱: |
應用區塊鏈技術強化醫療資料授權分享的安全性與可溯源性 Leveraging Blockchain Technology to Enhance the Security and Traceability of Medical Data Sharing |
| 指導教授: |
陳恭
Kung Chen 廖峻鋒 Chun-Feng Liao |
| 口試委員: |
潘美連
Pan, Mei-Lien |
| 學位類別: |
碩士
Master |
| 系所名稱: |
商學院 - 資訊管理學系 Department of Management Information System |
| 論文出版年: | 2024 |
| 畢業學年度: | 112 |
| 語文別: | 中文 |
| 論文頁數: | 56 |
| 中文關鍵詞: | 區塊鏈技術 、智能合約 、資料授權 、隱私保護 、以太坊 、資料共享 |
| 外文關鍵詞: | Blockchain technology, smart contracts, data authorization, privacy protection, Ethereum, data sharing |
| 相關次數: | 點閱:37 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
在當代醫療領域,人工智慧於影像分析的應用推動了醫療影像資料共享平台的發展。這些平台整合多機構醫療影像資料,確保僅授權使用者讀寫敏感資訊。然而,傳統中心化資料庫存儲授權資料面臨資料竊取、篡改及單點故障風險,挑戰隱私保護與授權透明度。如果授權資料保存不當或是授權過程出現錯誤,將可能導致未經授權者存取敏感資料,進而引發嚴重的隱私洩露和法律糾紛,同時削弱公眾對資料共享平台的信任,影響平台的長期運作和發展。
本研究開發出一套基於以太坊區塊鏈技術的授權驗證系統,該系統通過RESTfulAPI 與醫療平台進行整合,並搭配rabbitMQ等分散式系統處理大量整合資料。應用區塊鏈的去中心化和不可篡改性質,本系統能夠安全地將授權資料儲存在智能合約中,並透過智能合約自動化方法審核存取權限,將驗證和資料存取機制過程封裝在智能合約中,大幅降低了資料洩漏的風險,並保障了授權驗證的準確性。本系統還應用Vault-BX 技術,實現對私鑰調用權和管理權的分離,使智能合約上資料的讀寫過程更加嚴謹。本研究通過所述方法和系統架構,提升了資料共享的可追蹤性和安全性,進一步促進了這些平台的順利運作,從而構建了一個良好的資料共享生態系。
In modern healthcare, AI-driven image analysis has fostered the development of medical image data sharing platforms that integrate data from multiple sources. These platforms ensure only authorized users can access sensitive information, but traditional centralized databases pose risks like data theft and tampering, potentially leading to privacy breaches and undermining public trust.
ThisstudyintroducesanauthorizationverificationsystembasedonEthereum blockchain technology, interfacing with medical platforms through RESTful API and managing data with systems like RabbitMQ. The blockchain’s decentralized nature ensures secure storage of authorization data in smart contracts, significantly reducing data breach risks. The use of VaultBX technology enhances private key management, ensuring robust data handling. This system enhances data security and traceability, thereby facilitating the smooth operation of platforms and fostering a robust data sharing ecosystem.
1緒論 1
2文獻回顧及技術背景 5
2.1技術背景 5
2.1.1區塊鏈 5
2.1.2批次處理RabbitMQ 9
2.1.3 vault-BX 11
2.2相關研究 14
2.2.1陽明交大資料授權系統架構 14
2.2.2區塊鏈強化授權資料安全相關研究 16
2.2.3智能合約授權自動化處理相關研究 17
2.2.4授權資料細粒度研究相關研究 17
3系統設計 18
3.1名詞定義 18
3.1.1資料授權平台定義的名詞 18
3.1.2本系統定義的名詞 19
3.2系統設計 19
3.2.1整合現有架構概念 19
3.2.2系統擴充的資料批次處理 21
3.2.3智能合約與私鑰管理設計 21
3.3系統架構 22
3.3.1 TrustChain區塊鏈架構 22
3.3.2系統架構圖 23
3.3.3授權資料統一格式 26
3.4系統主流程 27
3.4.1 TPDSPs整合與資料上鏈流程 27
3.4.2 TPDSPs整合後驗證RP授權流程 29
4系統實作與展示 31
4.1 TPDSPs於TrustChain註冊及登入 31
4.2 TPDSPs於TrustChain使用資料上鏈功能 33
4.2.1 TPDSPs資料傳遞至TrustChainServer及前處理流程 33
4.2.2 TPDSPs資料上鏈流程 39
4.3 TPDSPs於TrustChain使用RP身分驗證功能 45
4.4系統評估與限制 49
4.4.1性能與可擴展性評估 50
4.4.2安全性評估 50
4.4.3去中心化程度的評估 50
4.4.4系統局限性 50
5結論與未來展望 51
5.1研究目的實現情況 51
5.1.1去中心化的資料管理 51
5.1.2有效追蹤資料授權紀錄權限和歷史 51
5.1.3資料授權條件的保存持久性和恢復能力 51
5.1.4易於整合現行醫療共享平台 52
5.2研究限制 52
5.2.1系統依賴單一中央伺服器 52
5.2.2 Vault-BXserver效能瓶頸問題 53
5.2.3系統防禦措施不足 53
5.2.4資料上鏈的效能瓶頸問題 53
5.3未來展望 54
References 55
BSOS Vault. (2023). Tech partner: BSOS. https://www.hashicorp.com/partners/tech/bsos. (Accessed: 2024-07-26)
Hardhat. (2024). Hardhat documentation. Retrieved from https://hardhat.org/docs/(Accessed: date-of-access)
HashiCorp Vault. (2023). Vault by hashicorp. Official Website. Retrieved from https://www.vaultproject.io
HSM. (2024). Security details- hsm integration- vault enterprise. Retrieved from https://developer.hashicorp.com/vault/docs/enterprise/hsm/securitytrieved from HashiCorp Developer)
Ismailova, R. (2024). Security aspects of decentralized systems in data management. Advanced Security Protocols Journal, 5(2), 202–218.
Laturkar, K. (2024). The impact of decentralization in blockchain on data management across industries. Journal of Blockchain Research, 7(1), 45–59.
Maharjan, R., Chy, M. S. H., Arju, M. A., & Cerny, T. (2023). Benchmarking message queues. Telecom, 4(2), 298-312. Retrieved from https://www.mdpi.com/2673-4001/4/2/18 doi: 10.3390/telecom4020018
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Retrieved from https://bitcoin.org/bitcoin.pdf (Accessed: date-of-access)
OpenZeppelin. (2024). Documentation. Retrieved from https://docs.openzeppelin.com/contracts/5.x/extending-contracts (Accessed: date-of-access)
Praveen, G., Singh, P. K., & Ranjan, P. (2024). Enhancing record management security through blockchain and ipfs. International Journal of Blockchain Innovations, 2(3), 112–130.
RabbitMQ. (2024). Rabbitmq tutorial- work queues with javascript. Retrieved from https://www.rabbitmq.com/tutorials/tutorial-two-javascript (Accessed: date-of-access)
Vitalik. (2014). Ethereum white paper: A next generation smart contract & decentralized application platform. Retrieved from https://ethereum.org/en/whitepaper/(Accessed: date-of-access)
Wang, C., Wu,W.,Chen,F., Shu, H.,&Zhang, J. (2024). Ablockchain-based trustworthy access control scheme for medical data sharing. Journal of Information Technology in Healthcare, 2. Retrieved from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/2024/5559522 (See abstract and introduction for foundational concepts and framework) doi: 10.1049/ietis.5559522
Zaabar, B., et al. (2021). Healthblock: A secure blockchain-based healthcare data management system. Computer Networks, 200, 108500. Retrieved from https://www.sciencedirect.com/science/article/abs/pii/S1389128621004382 (See abstract for initial discussion on the system’s design and security enhancements) doi:10.1016/j.comnet.2021.108500
Zhao, X., & Su, Q. (2019). Revocable attribute-base scheme with enhanced security and privacy for healthcare data sharing. In Ieee 14th international symposium on parallel architectures, algorithms and programming (paap). Beijing, China: IEEE. (This work highlights the use of blockchain for fine-grained access control in healthcare data sharing, focusing on the enhancement of security and privacy.)
doi: 10.1109/PAAP60200.2023.10391571
中華民國憲法法庭. (2022). 111 年憲判第 13 號解釋. Retrieved from https://cons.judicial.gov.tw/docdata.aspx?fid=38&id=309956 (取自中華民國憲法法庭)
全文公開日期 2029/07/28