远程医疗环境下面向多服务器的轻量级多因子身份认证协议研究

doi:10.3969/j.issn.1671-1122.2019.10.006

信息网络安全 ›› 2019, Vol. 19 ›› Issue (10): 42-49.doi: 10.3969/j.issn.1671-1122.2019.10.006

远程医疗环境下面向多服务器的轻量级多因子身份认证协议研究

张敏^1,², 许春香¹, 黄闽英³()

1.电子科技大学网络空间安全学院,四川成都 611731
2.西南民族大学语言中心,四川成都 610041
3.西南民族大学计算机科学与技术学院,四川成都 610041

收稿日期:2019-07-04 出版日期:2019-10-10 发布日期:2020-05-11
通讯作者: 黄闽英 E-mail:hmy101@swun.edu.com
作者简介:
作者简介：张敏（1983—）,男,四川,实验师,博士,主要研究方向为信息安全与网络安全、身份认证协议;许春香（1965—）,女,湖南,教授,博士,主要研究方向为信息安全、密码学;黄闽英（1975—）,女,江西,副教授,硕士,主要研究方向为信息管理。
基金资助:
国家自然科学基金[61370203];国家重点研发计划[2017YFB0802000];中央高校基本科研业务费专项基金[2018NQN60]

Research on Multi-server Lightweight Multi-factor Authentication Protocol in Telemedicine Environment

Min ZHANG^1,², Chunxiang XU¹, Minying HUANG³()

1. School of Cyberspace Security, University of Electronic Science and Technology of China, Chengdu Sichuan 611731, China
2. Language Center, Southwest Minzu University, Chengdu Sichuan 610041, China
3. School of Computer Science and Technology, Southwest Minzu University, Chengdu Sichuan 610041, China

Received:2019-07-04 Online:2019-10-10 Published:2020-05-11
Contact: Minying HUANG E-mail:hmy101@swun.edu.com

摘要/Abstract

摘要：

现有的远程医疗环境身份认证都是针对单服务器环境的,随着远程医疗体系的发展,用户需要访问多个医院服务器查询病情,也需要访问医保网站查询报销情况或访问其他第三方服务器。因此,对远程医疗环境下多服务器身份认证方案的研究具有积极意义。2019年,BARMAN等人提出了远程医疗环境下多服务器身份认证方案,但该方案存在可扩展性差、易遭受特权攻击、不能实现访问控制等安全问题。为了解决这些问题,文章提出了基于Fuzzy Commitment和HMAC算法的多因子身份认证方案,通过安全性分析、证明及仿真实验可知,文中方案具有较高的安全性,虽然计算量和通信开销略有增长,但能较好地解决BARMAN等人方案面临的安全威胁。

关键词: 多因子身份认证, 散列消息身份验证码, 多服务器, 轻量级, 模糊承诺

Abstract:

The existing telemedicine environment identity authentication is aimed at a single server environment. With the development of telemedicine systems, users have access to multiple hospital servers to query for medical conditions, as well as hospital server and commercial insurance or other third-party servers. Therefore, the research on multi-server identity authentication scheme in telemedicine environment has positive significance. In 2019, BARMAN et al. proposed a multi-server identity authentication scheme for telemedicine environment, but there are still many security problems in this scheme, such as poor scalability, vulnerable to privileged attacks, and inability to implement access control. In order to solve the above problems, this paper proposes a multi-factor identity authentication scheme based on Fuzzy Commitment and HMAC algorithm. Through analysis, it can be seen that the proposed scheme can solve the security threats of BARMAN’s scheme though the computation and communication increased slightly.

Key words: multi-factor authentication, HMAC, multi-server, light weight, fuzzy commitment

中图分类号:

TP309

张敏, 许春香, 黄闽英. 远程医疗环境下面向多服务器的轻量级多因子身份认证协议研究[J]. 信息网络安全, 2019, 19(10): 42-49.

Min ZHANG, Chunxiang XU, Minying HUANG. Research on Multi-server Lightweight Multi-factor Authentication Protocol in Telemedicine Environment[J]. Netinfo Security, 2019, 19(10): 42-49.

图/表 11

图1

图2

图3

表1

图4

图5

表2

表3

图6

表4

表5

参考文献 19

[1]	WU Zhenyu, LEE Y C, LAI Feipei, et al.A Secure Authentication Scheme for Telecare Medicine Information Systems[J]. Journal of Medical Systems, 2012, 36(3): 1529-1535.
[2]	HE Debiao, CHEN Jianhua, ZHANG Rui.A More Secure Authentication Scheme for Telecare Medicine Information Systems[J]. Journal of Medical Systems, 2012, 36(3): 1989-1995.
[3]	ZHU Zhian.An Efficient Authentication Scheme for Telecare Medicine Information Systems[J]. Journal of Medical Systems, 2012, 36(6): 3833-3838.
[4]	GUO Dianli, WEN Qiaoyan, LI Wenmin, et al.An Improved Biometrics-based Authentication Scheme for Telecare Medical Information Systems[J]. Journal of Medical Systems, 2015, 39(3): 20-35.
[5]	AWASTHI A K, SRIVASTAVA K.A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce[J]. Journal of Medical Systems, 2013, 37(5): 9964-9983.
[6]	ARSHAD H, NIKOOGHADAM M.Three-factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems[J]. Journal of Medical Systems, 2014, 38(12): 136-148.
[7]	CHUANG M C, CHEN Mengchang.An Anonymous Multi-server Authenticated Key Agreement Scheme Based on Trust Computing Using Smart Cards and Biometrics[J]. Expert Systems with Applications, 2014, 41(4): 1411-1418.
[8]	MISHRA D, DAS A K, MUKHOPADHYAY S.A Secure User Anonymity-preserving Biometric-based Multi-server Authenticated Key Agreement Scheme Using Smart Cards[J]. Expert Systems with Applications, 2014, 41(18): 8129-8143.
[9]	LU Yanrong, LI Lixiang, YANG Xing, et al.Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-server Environments Using Smart Cards[J]. PLoS One, 2015, 10(5): 126-136.
[10]	WANG Chengqi, ZHANG Xiao, ZHENG Zhimin.Cryptanalysis and Improvement of a Biometric-based Multi-server Authentication and Key Agreement Scheme[J]. PLoS One, 2016, 11(2): 149-173.
[11]	REDDY A G, DAS A K, ODELU V, et al.An Enhanced Biometric Based Authentication with Key-agreement Protocol for Multi-server Architecture Based on Elliptic Curve Cryptography[J]. PloS One, 2016, 11(5): 154-168.
[12]	IRSHAD A, CHAUDHRY S A, KUMARI S, et al.An Improved Lightweight Multiserver Authentication Scheme[J]. International Journal of Communication Systems, 2017, 30(17): 33-51.
[13]	REDDY A G, YOON E J, DAS A K, et al.Design of Mutually Authenticated Key Agreement Protocol Resistant to Impersonation Attacks for Multi-server Environment[J]. IEEE Access, 2017, 18(5): 3622-3639.
[14]	BARMAN S, DAS A K, SAMANTA D, et al.Provably Secure Multi-server Authentication Protocol Using Fuzzy Commitment[J]. IEEE Access, 2018, 25(6): 8578-8594.
[15]	BARMAN S, SHUM H P H, CHATTOPADHYAY S, et al. A Secure Authentication Protocol for Multi-server-based e-Healthcare Using a Fuzzy Commitment Scheme[J]. IEEE Access, 2019, 26(7): 12557-12574.
[16]	ZHANG Min, HE Yuande, ZHANG Yang.Authentication Scheme for Multi-server Enviroment Based on Chebyshev Chaotic Map with Access Control[J]. Computer Engineering and Applications, 2017, 53(17): 123-129.
	张敏,何远德,张阳.多服务器环境下可实现访问控制的身份认证方案[J].计算机工程与应用,2017,53(17):123-129.
[17]	JUELS A, WATTENBERG M. A Fuzzy Commitment Scheme[EB/OL]. , 2019-2-11.
[18]	BELLARE M, CANETTI R, KRAWCZYK H.Message Authentication Using Hash Functions: The HMAC Construction[J]. RSA Laboratories’ CryptoBytes, 1996, 2(1): 12-15.
[19]	ZHANG Min.Research and Design of Remote Identity Authentication Schemes Based on Three-factor in Multi-environments[J]. Chengdu: Southwest Jiaotong University, 2017.
	张敏. 多环境下基于三因素的远程身份认证协议研究与设计[D].成都:西南交通大学,2017.

符号	描述
RC, K_RC	注册中心标识、注册中心密钥
	用户身份标识、用户口令、用户生物特征、转换参数、可撤除生物模板、转换函数
	应用服务器身份标识、应用服务器密钥
	纠错码技术的编码和解码算法
	用户选择的密钥K、将K通过纠错码编码后生成K_CW,
	异或运算、连接符、哈希运算
	判断是否相等

符号	描述
	P相信X
	P收到X
	P曾经说过X
	P对X有仲裁权
	X是新鲜的,意味X是新生成的随机数
	K是P和Q之间共享的密钥
	X被密钥K加密
U/AS	U表示用户,AS表示服务器

方案	登录阶段	认证阶段	总开销	所需时间/ms
BARMAN^[15]等人方案	T_fcs?3T_h	11T_h	T_fcs?14T_h	2.2582
本文方案	T_fcs?5T_h	9T_h?T_H	T_fcs?14T_h?T_H	2.2605

方案	用户传输数据	RC传输数据	应用服务器传输数据	总开销	数据长度/bit
BARMAN^[15]等人方案	5L_h?2L_t	0	2L_h?L_t	7L_h?3L_t	1216
本文方案	8L_h?L_t	4L_h	2L_h	14L_h?L_t	2272

远程医疗环境下面向多服务器的轻量级多因子身份认证协议研究

Research on Multi-server Lightweight Multi-factor Authentication Protocol in Telemedicine Environment

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 19

相关文章 7

编辑推荐

Metrics

本文评价

	BARMAN^[15]等人方案	本文方案
扩展性良好	否	是
应用服务器密钥安全	否	是
抵御特权攻击	否	是
实现访问控制	否	是
实现用户匿名	是	是
实现相互认证	是	是
抵御中间人攻击	是	是
协商会话密钥	是	是

[1]	张玉磊, 刘祥震, 郎晓丽, 王彩芬. 云环境下基于无证书的多服务器可搜索加密方案[J]. 信息网络安全, 2019, 19(3): 72-80.
[2]	彭岩, 廖珊, 赵宝康. 一种面向软件定义卫星网络的轻量级快速安全认证策略[J]. 信息网络安全, 2017, 17(8): 53-59.
[3]	杨玉龙, 彭长根, 郑少波, 朱义杰. 基于移动智能终端的超轻量级移动RFID安全认证协议[J]. 信息网络安全, 2017, 17(5): 22-27.
[4]	马庆, 郭亚军, 曾庆江, 徐铎. 一种新的超轻量级RFID双向认证协议[J]. 信息网络安全, 2016, 16(5): 44-50.
[5]	侯玉灵, 卞阳东, 胡广跃, 王潮. 星际骨干网的轻量级密码体制研究[J]. 信息网络安全, 2015, 15(2): 33-39.
[6]	夏戈明;史立哲;周文;沈恒丰. 轻量级RFID双向通信认证协议优化方案[J]. , 2014, 14(2): 0-0.
[7]	. 轻量级RFID双向通信认证协议优化方案[J]. , 2014, 14(2): 58-.