云雾泄露抵抗的智慧医疗安全认证协议

doi:10.11896/jsjkx.250100087

计算机科学 ›› 2026, Vol. 53 ›› Issue (4): 454-468.doi: 10.11896/jsjkx.250100087

• 信息安全 • 上一篇

云雾泄露抵抗的智慧医疗安全认证协议

杨歆, 郭奕旻

中南财经政法大学信息工程学院武汉 430073

收稿日期:2025-01-14 修回日期:2025-03-11 出版日期:2026-04-15 发布日期:2026-04-08
通讯作者: 郭奕旻(yiminguo@zuel.edu.cn)
作者简介:(xinyang@stu.zuel.edu.cn)
基金资助:
国家自然科学基金(62102453);湖北省自然科学基金(2025AFC108);教育部人文社会科学研究项目(22YJCZH217);中南财经政法大学中央高校基本科研业务费专项资金(202451416)

Smart Medical Secure Authentication Protocol for Cloud and Fog Leakage Resistance

YANG Xin, GUO Yimin

School of Information Engineering, Zhongnan University of Economics and Law, Wuhan 430073, China

Received:2025-01-14 Revised:2025-03-11 Published:2026-04-15 Online:2026-04-08
About author:YANG Xin,born in 2001,postgraduate,is a student member of CCF(No.Z1262G).Her main research interests include identity authentication and key agreement.
GUO Yimin,born in 1992.Ph.D,asso-ciate professor,master’s supervisor,is a member of CCF(No.K7779S).Her main research interests include passwords,authentication protocol and modern cryptography.
Supported by:
National Natural Science Foundation of China(62102453),Hubei Provincial Natural Science Foundation(2025AFC108),Project of Humanities and Social Sciences Research Project of Chinese Ministry of Education(22YJCZH217) and Fundamental Research Funds for the Central Universities of Zhongnan University of Economics and Law(202451416).

摘要/Abstract

摘要： 智慧医疗在提升人们生活便捷性的同时,也带来了海量医疗数据在开放无线网络通信环境中的安全传输难题,这些数据在传输过程中易受多种内外部攻击的威胁。为确保医疗数据能够及时且有效地传输,云雾架构作为智慧医疗领域广泛采用的网络通信架构,通过雾计算对云计算的有效扩展,大幅缩短了云与终端设备之间的通信距离,有效缓解了因距离过大而产生的网络延迟与抖动问题。然而,现有基于云雾架构的通信方案大多采用单云-多雾-多设备集中式架构,这种设计易引发单点失效的风险。更严重的是,这些方案往往默认云是完全可信的,而现实中,云服务器同样面临内部攻击的风险,使得攻击者能在身份认证密钥协商阶段计算出会话钥,进而导致通信数据隐私泄露,严重影响通信安全。针对上述通信安全挑战,提出了一个抗云雾泄露攻击的智慧医疗安全认证密钥协商协议,利用区块链技术保障协议数据的安全性,在抵抗各种已知攻击的同时,还能够抵抗云雾泄露攻击。使用扩展的随机预言机模型(Random Oracle Model)证明了提出协议的语义安全性,使用启发式安全分析方法展示了所提协议实现了所有8个安全属性,同时,基于AVISPA安全分析工具验证了提出的协议是安全的。性能分析表明,相较于现有相关协议,提出的协议通信量较小,计算代价更小,能源消耗更低,且能抵抗更多的安全攻击。

关键词: 智慧医疗, 云雾泄露攻击, 雾计算, 认证, 区块链

Abstract: While smart healthcare enhances the convenience of people’s lives,it also poses significant challenges for the secure transmission of massive medical data in open wireless network communication environments.These data are susceptible to various internal and external attacks during transmission.To ensure timely and effective medical data transmission,the cloud-fog architecture,widely adopted in smart healthcare for network communication,significantly shortens the communication distance between the cloud and terminal devices through the effective extension of cloud computing by fog computing,thereby effectively mitigating network latency and jitter issues caused by excessive distance.However,most existing authentication and communication schemes based on the cloud-fog architecture adopt a centralized architecture of single-cloud,multiple-fogs and multiple-devices,which is prone to the risk of single-point failure.More seriously,these schemes often assume that the cloud is completely trustworthy,whereas in reality,cloud servers also face the risk of internal attacks,enabling attackers to compute session keys during the identity authentication and key agreement phase,leading to the leakage of communication data privacy and severely impacting communication security.In response to these communication security challenges,this paper proposes a secure authentication and key agreement protocol for smart healthcare that is resistant to cloud-fog compromise attacks.Leveraging blockchain technology to ensure the security of protocol data,this protocol can withstand various known attacks while also resisting cloud-fog leakage attacks.The semantic security of the proposed protocol is demonstrated using the extended Random Oracle Model.A heuristic security analysis method is employed to show that the proposed protocol satisfies all eight security properties.Additionally,the security of the proposed protocol is verified using the AVISPA security analysis tool.Performance analysis indicates that,compared with existing related protocols,the proposed protocol has lower communication overhead,lower computational cost,lower energy consumption,and stronger resistance to security attacks.

Key words: Smart healthcare, Cloud and fog compromise attack, Fog computing, Authentication, Blockchain

中图分类号:

TP393

杨歆, 郭奕旻. 云雾泄露抵抗的智慧医疗安全认证协议[J]. 计算机科学, 2026, 53(4): 454-468. https://doi.org/10.11896/jsjkx.250100087

YANG Xin, GUO Yimin. Smart Medical Secure Authentication Protocol for Cloud and Fog Leakage Resistance[J]. Computer Science, 2026, 53(4): 454-468. https://doi.org/10.11896/jsjkx.250100087

参考文献

[1]WANG W M,HUANG H P,XIAO F,et al.Computation-transferable Authenticated Key Agreement Protocol for Smart Healthcare[J].Journal of Systems Architecture,2021,118:102215.
[2]XU Z S,XU J B,LI D K.A Token-based Authentication and Key Agreement Protocol for Cloud Computing[C]//2021 IEEE 6th International Conference on Smart Cloud(SmartCloud).Piscataway,NJ:IEEE,2021:38-43.
[3]MOOKHERJI S,ODELU V,PRASATH R,et al.Fog-basedSingle Sign-on Authentication Protocol for Electronic Healthcare Applications[J].IEEE Internet of Things Journal,2023,10(12):10983-10996.
[4]HAYYOLALAM V,ALOQAILY M,ÖZKASAP Ö,et al.Edge-assisted Solutions for IoT-based Connected Healthcare Systems:A Literature Review[J].IEEE Internet of Things Journal,2021,9(12):9419-9443.
[5]KE C B,ZHU Z J,XIAO F,et al.SDN-based Privacy and Functional Authentication Scheme for Fog Nodes of Smart Healthcare[J].IEEE Internet of Things Journal,2022,9(18):17989-18001.
[6]GUO Y M,ZHANG Z F,GUO Y J.Secfhome:Secure Remote Authentication in Fog-enabled Smart Home Environment[J].Computer Networks,2022,207:108818.
[7]GUO Y M,GUO Y J.FogHA:An Efficient Handover Authenti-cation for Mobile Devices in Fog Computing[J].Computers & Security,2021,108:102358.
[8]BONOMI F,MILITO R,ZHU J,et al.Fog Computing and Its Role in the Internet of Things[C]//Proceedings of the First Edition of the MCC Workshop on Mobile Cloud Computing.New York:ACM,2012:13-16.
[9]SHI W S,CAO J,ZHANG Q,et al.Edge Computing:Vision and Challenges[J].IEEE Internet of Things Journal,2016,3(5):637-646.
[10]GUO Y M,ZHANG Z F,GUO Y J,et al.BSRA:Blockchain-based Secure Remote Authentication Scheme for the Fog-enabled Internet of Things[J].IEEE Internet of Things Journal,2024,11(2):3348-3361.
[11]GUO Y M,ZHANG Z F,GUO Y J.Fog-centric Authenticated Key Agreement Scheme without Trusted Parties[J].IEEE Systems Journal,2020,15(4):5057-5066.
[12]AMANLOU S,HASAN M K,BAKAR K A A.Lightweight and Secure Authentication Scheme for IoT Network Based on Publish-subscribe Fog Computing Model[J].Computer Networks,2021,199:108465.
[13]XU Z S,LIANG W,LI K,et al.A Blockchain-based Roadside Unit-assisted Authentication and Key Agreement Protocol for Internet of Vehicles[J].Journal of Parallel and Distributed Computing,2021,149:29-39.
[14]LI X C,YIN X C.Blockchain-based Group Key Agreement Protocol for Vehicular Ad Hoc Networks[J].Computer Communications,2022,183:107-120.
[15]CHATTARAJ D,BERA B,DAS A K,et al.Block-clap:Blockchain-assisted Certificateless Key Agreement Protocol for Internet of Vehicles in Smart Transportation[J].IEEE Transactions on Vehicular Technology,2021,70(8):8092-8107.
[16]LI J Y,QIAO Z Q,PENG J L.Asymmetric Group Key Agreement Protocol Based on Blockchain and Attribute for Industrial Internet of Things[J].IEEE Transactions on Industrial Informatics,2022,18(11):8326-8335.
[17]ARMANDO A,BASIN D,BOICHUT Y,et al.The AVISPATool for the Automated Validation of Internet Security Protocols and Applications[C]//Computer Aided Verification:17th International Conference.Berlin:Springer,2005:281-285.
[18]IBRAHIM M H.Octopus:An Edge-fog Mutual Authentication Scheme[J].International Journal of Network Security,2016,18(6):1089-1101.
[19]SRINIVAS J,DAS A K,KUMAR N,et al.Cloud Centric Authentication for Wearable Healthcare Monitoring System[J].IEEE Transactions on Dependable and Secure Computing,2018,17(5):942-956.
[20]WAZID M,DAS A K,KUMAR N,et al.Design of Secure Key Management and User Authentication Scheme for Fog Computing Services[J].Future Generation Computer Systems,2019,91:475-492.
[21]GUO Y M,ZHANG Z F,GUO Y J.Anonymous Authenticated Key Agreement and Group Proof Protocol for Wearable Computing[J].IEEE Transactions on Mobile Computing,2021,21(8):2718-2731.
[22]GUO Y M,GUO Y J.CS-LAKA:A Lightweight Authenticated Key Agreement Protocol with Critical Security Properties for IoT Environments[J].IEEE Transactions on Services Computing,2023,16(6):4102-4114.
[23]JIA X Y,HE D B,KUMAR N,et al.Authenticated Key Agreement Scheme for Fog-driven IoT Healthcare System[J].Wireless Networks,2019,25(8):4737-4750.
[24]MA M M,HE D B,WANG H Q,et al.An Efficient and Provably Secure Authenticated Key Agreement Protocol for Fog-based Vehicular Ad-hoc Networks[J].IEEE Internet of Things Journal,2019,6(5):8065-8075.
[25]LI X H,CHEN T,CHENG Q F,et al.An Efficient and Authenticated Key Establishment Scheme Based on Fog Computing for Healthcare System[J].Frontiers of Computer Science,2022,16:1-12.
[26]SHEN J,YANG H J,WANG A X,et al.Lightweight Authentication and Matrix-based Key Agreement Scheme for Healthcare in Fog Computing[J].Peer-to-Peer Networking and Applications,2019,12:924-933.
[27]KALARIA R,KAYES A S M,RAHAYU W,et al.A Secure Mutual Authentication Approach to Fog Computing Environment[J].Computers & Security,2021,111:102483.
[28]YAO H L,YAN Q.Cryptographic Analysis and Design ofAnonymous Authentication Protocol for Internet of Vehicles Va-lue added Service[J].Journal of Computer Research and Deve-lopment,2022,59(2):12.
[29]MA Y,SHI W,LI X,et al.Provable Secure Authentication Key Agreement for Wireless Body Area Networks[J].Frontiers of Computer Science,2024,18(5):185811.
[30]WANG Y,LIU Y.RC2PAS:Revocable Certificateless Condi-tional Privacy-preserving Authentication Scheme in WBANs[J].IEEE Systems Journal,2022,16(4):5675-5685.
[31]XIE X W,WU B,HOU B T.BEPHAP:A Blockchain-based Efficient Privacy-preserving Handover Authentication Protocol with Key Agreement for Internet of Vehicles[J].Journal of Systems Architecture,2023,138:102869.
[32]YU S,LEE J,SUTRALA A K,et al.LAKA-UAV:Lightweight Authentication and Key Agreement Scheme for Cloud-assisted Unmanned Aerial Vehicle Using Blockchain in Flying Ad-hoc Networks[J].Computer Networks,2023,224:109612.
[33]DONG J,XU G,MA C,et al.Blockchain-Based Certificate-Free Cross-Domain Authentication Mechanism for Industrial Internet[J].IEEE Internet of Things Journal,2024,11(2):3316-3330.
[34]WEI S J,LI S S,WANG J H.A Cross-domain Authentication Protocol by Identity-based Cryptography on Consortium Blockchain[J].Chinese Journal of Computers,2021,44(5):908-920.
[35]SHAO X W,GUO Y J.A Blockchain-based Authentication Protocol for Telemedicine[J].Journal of Cryptologic Researchs,2023,10(2):397-414.
[36]ZHENG Z B,XIE S A,DAI H N,et al.Blockchain Challenges and Opportunities:A Survey[J].International Journal of Web and Grid Services,2018,14(4):352-375.
[37]DOLEV D,YAO A.On the Security of Public Key Protocols[J].IEEE Transactions on Information Theory,1983,29(2):198-208.
[38]CANETTI R,KRAWCZYK H.Universally Composable No-tions of Key Exchange and Secure Channels[C]//Advances in Cryptology－EUROCRYPT 2002:International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer,2002:337-351.
[39]MESSERGES T S,DABBISH E A,SLOAN R H.Examining Smart-card Security Under the Threat of Power Analysis Attacks[J].IEEE Transactions on Computers,2002,51(5):541-552.
[40]WANG D,WANG P.Two Birds with One Stone:Two-factor Authentication with Security Beyond Conventional Bound[J].IEEE Transactions on Dependable and Secure Computing,2016,15(4):708-722.
[41]SHIHAB S,ALTAWY R.Lightweight Authentication Scheme for Healthcare with Robustness to Desynchronization Attacks[J].IEEE Internet of Things Journal,2023,10(20):18140-18153.
[42]WANG Q X,WANG D,CHENG C,et al.Quantum2FA:Efficient Quantum-resistant Two-factor Authentication Scheme for Mobile Devices[J].IEEE Transactions on Dependable and Secure Computing,2021,20(1):193-208.
[43]YANG H,GUO Y J,GUO Y M.Blockchain-based Cloud-fog Collaborative Smart Home Authentication Scheme[J].Compu-ter Networks,2024,242:110240.
[44]WANG D,HE D B,WANG P,et al.Anonymous Two-factorAuthentication in Distributed Systems:Certain Goals are Beyond Attainment[J].IEEE Transactions on Dependable and Secure Computing,2014,12(4):428-442.
[45]PARK K S,LEE J Y,DAS A K,et al.BPPS:Blockchain-enabled privacy-preserving scheme for demand-response management in smart grid environments[J].IEEE Transactions on Dependable and Secure Computing,2022,20(2):1719-1729.
[46]ZHANG S W,YAN Z W,LIANG W,et al.BAKA:Biometric authentication and key agreement scheme based on fuzzy extractor for wireless body area networks[J].IEEE Internet of Things Journal,2024,11(3):5118-5128.
[47]ARMANDO A,BASIN D,BOICHUT Y,et al.The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications[C]//Computer Aided Verification:17th International Conference.Berlin:Springer,2005:281-285.
[48]CHEVALIER Y,COMPAGNA L,CUELLAR J,et al.A High Level Protocol Specification Language for Industrial Security-sensitive Protocols[C]//Workshop on Specification and Automated Processing of Security Requirements(SAPS’2004).Austrian Computer Society,2004:13.
[49]FAN Q,CHEN J H,DEBORAH L J,et al.A Secure and Efficient Authentication and Data Sharing Scheme for Internet of Things Based on Blockchain[J].Journal of Systems Architecture,2021,117:102112.
[50]HEWA T,BRAEKEN A,LIYANAGE M,et al.Fog computing and blockchain-based security service architecture for 5G industrial IoT-enabled cloud manufacturing[J].IEEE Transactions on Industrial Informatics,2022,18(10):7174-7185.
[51]HUANG Y T,CHEN T S,WANG S D.Authenticated KeyAgreement Scheme for Fog Computing in A Health-care Environment[J].IEEE Access,2023,11:46871-46881.
[52]YADAV A K,MISRA M,PANDEY P K,et al.An EAP-based Mutual Authentication Protocol for WLAN-connected IoT Devices[J].IEEE Transactions on Industrial Informatics,2022,19(2):1343-1355.
[53]XU Z S,LI X,XU J B,et al.A Secure and Computationally Efficient Authentication and Key Agreement Scheme for Internet of Vehicles[J].Computers and Electrical Engineering,2021,95:107409.
[54]CAO J,MA M D,FU Y L,et al.CPPHA:Capability-based Privacy-protection Handover Authentication Mechanism for SDN-based 5G HetNets[J].IEEE Transactions on Dependable and Secure Computing,2019,18(3):1182-1195.
[55]MA R H,CAO J,FENG D G,et al.FTGPHA:Fixed-trajectory Group Pre-handover Authentication Mechanism for Mobile Relays in 5G High-speed Rail Networks[J].IEEE Transactions on Vehicular Technology,2019,69(2):2126-2140.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

云雾泄露抵抗的智慧医疗安全认证协议

Smart Medical Secure Authentication Protocol for Cloud and Fog Leakage Resistance

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

Metrics

本文评价

推荐阅读 0

[1]	潘彦炀, 杨槟豪, 纪庆革. 基于贝叶斯理论的PBFT共识算法 PBFT Consensus Algorithm Based on Bayesian Theory 计算机科学, 2026, 53(1): 331-340. https://doi.org/10.11896/jsjkx.241100053
[2]	司雪鸽, 贾洪勇, 李惟贤, 曾俊杰, 门蕊蕊. 基于可验证凭证的软件定义边界匿名身份认证方案 Software-defined Perimeter Anonymous Authentication Scheme Based on Verifiable Credentials 计算机科学, 2026, 53(1): 363-370. https://doi.org/10.11896/jsjkx.250100080
[3]	周涛, 杜永萍, 谢润锋, 韩红桂. 基于异构合约图多维度特征深度融合的漏洞检测方法 Vulnerability Detection Method Based on Deep Fusion of Multi-dimensional Features from Heterogeneous Contract Graphs 计算机科学, 2025, 52(9): 368-375. https://doi.org/10.11896/jsjkx.241000007
[4]	冯艺萌, 冯雁, 谢四江, 张青. 基于代理人的区块链双向混币协议 Proxy-based Bidirectional Coin Mixing Mechanism of Blockchain 计算机科学, 2025, 52(8): 385-392. https://doi.org/10.11896/jsjkx.240600079
[5]	李江旭, 陈泽茂, 张立强. 面向云辅助智能家居的轻量级认证和密钥协商协议 Lightweight Authentication and Key Agreement Protocol for Cloud-assisted Smart Home Communication 计算机科学, 2025, 52(7): 342-352. https://doi.org/10.11896/jsjkx.250100098
[6]	赵婵婵, 尉晓敏, 石宝, 吕飞, 刘利彬, 张子阳. 基于边缘计算的区块链网络节点信任评估方法 Edge Computing Based Approach for Node Trust Evaluation in Blockchain Networks 计算机科学, 2025, 52(6A): 240600153-8. https://doi.org/10.11896/jsjkx.240600153
[7]	汪秋丽, 任志宇, 吴翔宇, 管秋国, 王海超. 基于区块链的物联网可追踪匿名跨域认证方案 Blockchain-based Internet of Things Traceable and Anonymous Cross-domain AuthenticationScheme 计算机科学, 2025, 52(5): 337-344. https://doi.org/10.11896/jsjkx.240100190
[8]	王璞, 高湛云, 王振飞, 宋哲理. BDBFT:一种物联网场景下基于信誉预测模型的共识协议 BDBFT:A Consensus Protocol Based on Reputation Prediction Model for IoT Scenario 计算机科学, 2025, 52(5): 366-374. https://doi.org/10.11896/jsjkx.240300018
[9]	杨帆, 孙奕, 林玮, 高琦. 一种基于区块链的高可信流数据查询验证方案 Blockchain-based Highly Trusted Query Verification Scheme for Streaming Data 计算机科学, 2025, 52(4): 352-361. https://doi.org/10.11896/jsjkx.240100184
[10]	焦健, 陈瑞翔, 贺强, 渠开洋, 张子怡. 基于T5模型的智能合约漏洞修复研究 Study on Smart Contract Vulnerability Repair Based on T5 Model 计算机科学, 2025, 52(4): 362-368. https://doi.org/10.11896/jsjkx.240800039
[11]	杜立宽, 刘晨, 王俊陆, 宋宝燕. 自学习星型链空间自适应分配方法 Self-learning Star Chain Space Adaptive Allocation Method 计算机科学, 2025, 52(3): 359-365. https://doi.org/10.11896/jsjkx.240700140
[12]	苏新忠, 徐友云. 面向5G城市交通的轻量级安全认证和密钥更新方案 Lightweight Secure Authentication and Key Update Scheme for 5G Urban Transportation 计算机科学, 2025, 52(12): 331-338. https://doi.org/10.11896/jsjkx.241100093
[13]	陈洪苇, 岳猛. 轻量级航空宽带通信系统安全认证协议 Lightweight Aeronautical Broadband Communications System Security Authentication Protocol 计算机科学, 2025, 52(11A): 241200183-7. https://doi.org/10.11896/jsjkx.241200183
[14]	艾渊, 李家浩, 赵毅涛, 胡凯. 基于贪心策略的区块链动态分片与跨分片交易协议优化 Optimization of Blockchain Dynamic Sharding and Cross-shard Transaction Protocol Based on Greedy Strategy 计算机科学, 2025, 52(11A): 250100133-8. https://doi.org/10.11896/jsjkx.250100133
[15]	昌宁远, 黄挺, 张煌. 基于轻量级区块链的低压用户需求响应方案 Demand Response Scheme for Low Voltage Users Based on Light Weight Blockchains 计算机科学, 2025, 52(11A): 250200125-8. https://doi.org/10.11896/jsjkx.250200125