基于雾计算的智能医疗三方认证与密钥协商协议  被引量：9

作　　者：王菲菲 汪定 WANG Fei-Fei;WANG Ding(School of Cyber Security and Information Law,Chongqing University of Posts and Telecommunications,Chongqing 400065,China;College of Cyber Science,Nankai University,Tianjin 300350,China;Tianjin Key Laboratory of Network and Data Security Technology(Nankai University),Tianjin 300350,China)

机构地区：[1]重庆邮电大学网络空间安全与信息法学院,重庆400065 [2]南开大学网络空间安全学院,天津300350 [3]天津市网络与数据安全技术重点实验室(南开大学),天津300350

出　　处：《软件学报》2023年第7期3272-3291,共20页Journal of Software

基　　金：国家自然科学基金(62172240);南开大学百名青年学科带头人计划(9920200010)。

摘　　要：在智能医疗中,将云计算技术与物联网技术结合,可有效解决大规模医疗数据的实时访问问题.然而,数据上传到远程云服务器,将带来额外的通信开销与传输时延.借助雾计算技术,以终端设备作为雾节点,辅助云服务器在本地完成数据存储与访问,能够实现数据访问的低延迟与高移动性.如何保障基于雾计算的智能医疗环境的安全性成为近期研究热点.面向基于雾计算的智能医疗场景,设计认证协议的挑战在于:一方面,医疗数据是高度敏感的隐私数据,与病人身体健康密切相关,若用户身份泄漏或者数据遭到非法篡改将导致严重后果;另一方面,用户设备和雾节点往往资源受限,认证协议在保护用户隐私的同时,需要实现用户、雾节点、云服务器之间的三方数据安全传输.对智能医疗领域两个具有代表性的认证方案进行安全分析,指出Hajian等人的协议无法抵抗验证表丢失攻击、拒绝服务攻击、仿冒攻击、设备捕获攻击、会话密钥泄漏攻击;指出Wu等人的协议无法抵抗离线口令猜测攻击、仿冒攻击.提出一个基于雾计算的智能医疗三方认证与密钥协商协议,采用随机预言机模型下安全归约、BAN逻辑证明和启发式分析,证明所提方案能实现双向认证与会话密钥协商,并且对已知攻击是安全的;与同类方案的性能对比分析表明,所提方案显著提高了安全性,并具有较高的效率.In smart healthcare,cloud computing and the Internet of Things are combined to solve the problem of real-time access to large-scale data.However,the data is uploaded to a remote cloud.It increases additional communication cost and transmission delay.Fog computing has been introduced into smart healthcare to solve this problem.The fog servers assist the cloud server to complete data storage and access locally.It contributes to low latency and high mobility.Since the medical data is highly sensitive,how to design a fog computing-based smart healthcare authentication protocol has become a research hotspot.If the data is tampered illegally,the consequences will be catastrophic.Hence,the authentication protocol should be secure against various attacks and realize the secure data transmission among users,fog nodes,and cloud servers.This study analyzes two schemes for smart healthcare,and points out that Hajian et al.’s scheme cannot resist stolen verifier attack,denial of service attacks,impersonation attacks,node capture attack,and session key disclosure attacks;Wu et al.’s scheme cannot resist offline password guessing attacks and impersonation attacks.Furthermore,a fog computing-based three-party authentication and key agreement protocol are proposed for smart healthcare.The security is proved by using the random oracle model,the BAN logic,and heuristic analysis.As result,it is secure against known attacks.The performance comparison with related schemes shows that the proposed scheme is more suitable for fog computing-based smart healthcare.

关 键 词：认证协议 智能医疗 雾计算 密钥协商 物联网 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]