计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (8): 359-364.doi: 10.11896/jsjkx.220700151

• 信息安全 • 上一篇    下一篇

面向医疗物联网的匿名认证协议

刘英军1, 罗洋2, 杨钰均2, 刘媛妮3   

  1. 1 工业和信息化部产业发展促进中心 北京 100846
    2 重庆邮电大学计算机科学与技术学院 重庆 400065
    3 重庆邮电大学网络空间安全与信息法学院 重庆 400065
  • 收稿日期:2022-07-15 修回日期:2023-06-12 出版日期:2023-08-15 发布日期:2023-08-02
  • 通讯作者: 杨钰均(s200231254@stu.cqupt.edu.cn)
  • 作者简介:(liuyingjun@idpc.org.cn )
  • 基金资助:
    重庆市自然科学基金面上项目(cstc2020jcyj-msxmX1021);重庆市教委科学技术研究项目(KJZD-K20200602);网络与交换技术国家重点实验室(北京邮电大学)开放课题资助项目(SKLNST-2021-1-18);重庆市自然科学基金(cstc2020jcyj-msxmX0343)

Anonymous Authentication Protocol for Medical Internet of Things

LIU Yingjun1, LUO Yang2, YANG Yujun2, LIU Yuanni3   

  1. 1 Industry Development and Promotion Center,Beijing 100846,China
    2 School of Computer Science and Technology,Chongqing University of Posts and Telecommunications,Chongqing 400065,China
    3 School of Cyber Security and Information Law,Chongqing University of Posts and Telecommunications,Chongqing 400065,China
  • Received:2022-07-15 Revised:2023-06-12 Online:2023-08-15 Published:2023-08-02
  • About author:LIU Yingjun,born in 1974,master,se-nior engineer.His main reaserch in-terests include cybersecurity data go-vernance and new generation information technology,digital transformation and high quality development of small and medium enterprises,and industrialization of manufacturing innovation achievements.
    YANG Yujun,born in 1998,postgra-duate.Her main research interests include authentication and key agreement protocol and communication security.
  • Supported by:
    General Program of Natural Science Foundation of Chongqing(cstc2020jcyj-msxmX1021),Science and Technology Research Program of Chongqing Municipal Education Commission(KJZD-K20200602),Open Foundation of State key Laboratory of Networking and Switching Technology(Beijing University of Posts and Telecommunications)(SKLNST-2021-1-18) and Natural Science Foundation of Chongqing,China(cstc2020jcyj-msxmX0343).

PDF (PC)

755

摘要: 随着物联网技术的不断成熟,其开始被频繁地应用于各行各业以提高人们的工作效率和生活水平。物联网在医疗领域的广泛应用,不仅能方便患者获取医疗服务,同时也能让医生更及时、准确地获取患者的身体状况,从而制定更高效的治疗方案。然而,人们在享受医疗物联网便利的同时,如何保证患者的通信安全和个人隐私也是不容忽视的问题。为了实现用户安全访问网络,提出了一个基于同态加密的高效匿名认证与密钥交换协议,医疗设备与远程医疗服务器之间只需要一个低熵的口令就可以实现相互认证,从而协商出一个高熵的会话密钥。在标准模型下证明了方案的安全性,仿真实验结果表明该方案比现有的同类方案具有更高的效率。

关键词: 密码认证, 医疗物联网, 标准模型, 匿名认证

Abstract: As IoT technology continues to mature,it has been frequently used in various industries to improve people's work efficiency and living standards.The widespread application of IoT in the medical field facilitates patients' access to medical services while also allowing doctors to obtain more timely and accurate information about the patient's physical condition,so that they can develop more efficient treatment plans.However,while people are enjoying the convenience of medical IoT,how to ensure the communication security and personal privacy of patients are issues that cannot be ignored.In order to realize users' secure access to the network,this paper proposes an efficient anonymous authentication and key exchange protocol based on homomorphic encryption.Medical devices and telemedicine servers only need a low-entropy password for mutual authentication,thus negotiating a high-entropy session key.In this paper,the security of the scheme is proved under the standard model,and the simulation experimental results show that the scheme is more efficient than existing similar schemes.

Key words: Cryptography authentication, Medical Internet of things, Standard model, Anonymous authentication

中图分类号: 

  • TP309.2
[1]HAASE B,LABRIQUE B.AuCPace:Efficient verifier-basedPAKE protocol tailored for the IIoT[J].IACR Transactions on Cryptographic Hardware and Embedded Systems,2019(2):1-48.
[2]BELLOVIN S M,MERRITT M.Encrypted key exchange:password-based protocols secure against dictionary attacks[C]//Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.Oakland,CA,USA,1992:72-84.
[3]LI X,NIU J,KHAN M K,et al.An enhanced smart card based remote user password authentication scheme[J].Journal of Network and Computer Applications,2013,36(5):1365-1371.
[4]KUMARI S,KHAN M K,LI X,et al.Design of a user anonymous password authentication scheme without smart card[J].International Journal of Communication Systems,2016,29(3):441-458.
[5]SHEN J,FENG M,LIU D,et al.Enhanced Remote Password-Authenticated Key Agreement Based on Smart Card Supporting Password Changing[C]//International Conference on Information Security Practice and Experience.Cham:Springer,2017:454-467.
[6]SHU J,XU C X.Efficient Password-Based Authenticated KeyExchange Protocol under Standard Model[J].Journal of Electronics & Information Technology,2009,31(11):2716-2719.
[7]JIANG Q,MA J,LI G,et al.Improvement of robust smart-card-based password authentication scheme[J].International Journal of Communication Systems,2015,28(2):383-393.
[8]JIANG Q,MA J,TIAN Y.Cryptanalysis of smart-card-basedpassword authenticated key agreement protocol for session initia-tion protocol of Zhang et al[J].International Journal of Communication Systems,2015,28(7):1340-1351.
[9]WEI F,VIJAYAKUMAR P,SHEN J,et al.A provably secure password-based anonymous authentication scheme for wireless body area networks[J].Computers & Electrical Engineering,2018,65:322-331.
[10]WANG C,XU G,LI W.A secure and anonymous two-factor authentication protocol in multiserver environment[J].Security and CommunicationNetworks,2018,2018:1-15.
[11]BANERJEE S,ODELU V,DAS A K,et al.A provably secure and lightweight anonymous user authenticated session key exchange scheme for Internet of Things deployment[J].IEEE Internet of Things Journal,2019,6(5):8739-8752.
[12]VIET D Q,YAMAMURA A,TANAKA H.Anonymous password-based authenticated key exchange[C]//International Conference on Cryptology in India.Berlin:Springer,2005:244-257.
[13]YANG J,ZHANG Z.A new anonymous password-based au-thenticated key exchange protocol[C]//International Confe-rence on Cryptology in India.Berlin:Springer,2008:200-212.
[14]LIU F F,LIU Y B.Lightweight smart phone security authentication protocol based on social network[J].Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition),2013,25(1):132-137.
[15]YANG Y,ZHOU J,WENG J,et al.A new approach for anonymous password authentication[C]//2009 Annual Computer Security Applications Conference.IEEE,2009:199-208.
[16]QIAN H,GONG J,ZHOU Y.Anonymous password-based key exchange with low resources consumption and better user-friendliness[J].Security and Communication Networks,2012,5(12):1379-1393.
[17]HU X,ZHANG J,ZHANG Z,et al.Anonymous password authenticated key exchange protocol in the standard model[J].Wireless Personal Communications,2017,96(1):1451-1474.
[18]JIANG Q,MA J,WEI F,et al.An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks[J].Journal of Network and Computer Applications,2016,76:37-48.
[19]ZHANG Y,XIANG Y,WU W,et al.A variant of password authenticated key exchange protocol[J].Future Generation Computer Systems,2018,78:699-711.
[20]CHEN Y,YUAN J,ZHANG Y.An improved password-authenticated key exchange protocol for VANET[J].Vehicular Communications,2021,27:100286.
[21]CHANG C C,LE H D.A provably secure,efficient,and flexible authentication scheme for ad hoc wireless sensor networks[J].IEEE Transactions on wireless communications,2015,15(1):357-366.
[22]HE J,YANG Z,ZHANG J,et al.On the security ofa provably secure,efficient,and flexible authentication scheme for ad hoc wireless sensor networks[J].International Journal of Distributed Sensor Networks,2018,14(1):1-11.
[23]JIANG Q,MA J,YANG C,et al.Efficient end-to-end authentication protocol forwearable health monitoring systems[J].Computers & Electrical Engineering,2017,63:182-195.
[24]ZHAO Z Q,GUO X J,YIN M H,et al.Research on authentication method of identity-based higncryption in IoT[J].Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition),2023,35(2):343-351.
[25]LIU C H,CHUNG Y F.Secure user authentication scheme for wireless healthcare sensor networks[J].Computers & Electrical Engineering,2017,59:250-261.
[26]LI C T,WU T Y,CHEN C L,et al.An efficient user authentication and user anonymity scheme with provably security for IoT-based medical care system[J].Sensors,2017,17(7):1482.
[27]BELLARE M,POINTCHEVAL D,ROGAWAY P.Authenticated key exchange secure against dictionary attacks[C]//International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer,2000:139-155.
[28]LI Z P,WANG D.Achieving one-round password-based authenticated key exchange over lattices[J].IEEE Transactions on Services Computing,2019,15(1):308-321.
[29]YU J X,LIAN H H,ZHAO Z Q,et al.Provably secure verifier-based password authenticated key exchange based on lattices[M]//Advances in Computers.Elsevier,2021:121-156.
[30]XIANG S B,XU B,CHEN K.A two-party password-authenti-cated key exchange protocol with verifier[J].Journal of Compu-ter and Communications,2021,9(4):102.
[31]SHIN S H,KOBARA K.Simple anonymous password-based authenticated key exchange(sapake),reconsidered[J].IEIC Transactions on Fundamentals of Electronics,Communications and Computer Sciences,2017,100(2):639-652.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发