远程医疗信息系统中的三因素匿名认证协议

doi:10.3778/j.issn.1002-8331.2201-0238

摘要/Abstract

摘要： 远程医疗信息系统为特定的患者提供无缝的医疗信息转移和及时共享，用户认证协议是保障远程医疗信息系统中安全与隐私的重要技术。对Dharminder等基于RSA的授权访问医疗保健服务的认证方案进行了安全性分析，指出该方案无法抵抗密钥泄露伪装攻击、拒绝服务攻击，无法提供前向安全性。对Dharminder等方案进行了改进，提出了一种基于椭圆曲线密码体制的三因素匿名身份认证协议。所提出协议保留了Dharminder等方案的大致流程，将RSA方法替换为椭圆曲线算法和对称加解密算法，并修改了Dharminder等方案认证过程最后步骤的错误。对新提出的协议，利用BAN（Burrows-Abadi-Needham）逻辑进行了形式化安全分析，并使用AVISPA（automated validation of Internet security-sensitive protocols and applications）实现了形式化安全验证。结果表明，提出的协议能够抵抗各种恶意攻击。此外，利用MIRACL（multiprecision integer and rational arithmetic C/C++ library）大数运算函数库进行了性能分析，新协议相比于最近的其他方案具备性能优势。

关键词: 远程医疗信息系统, 身份认证, 安全性, 攻击, 椭圆曲线

Abstract: Telecare medicine information system provides seamless medical information transfer and timely sharing for specific patients, and user authentication protocol is one of important technologies to ensure security and privacy in telecare medicine information system. This paper analyzes the security of Dharminder’s RSA-based authentication schemes for authorized access to healthcare services, and points out that the scheme cannot resist key compromise impersonation attack, denial of service attack, and cannot provide forward security. To this end, this paper improves the scheme of Dharminder et al., and proposes a three-factor anonymous authentication protocol based on elliptic curve cryptography. The proposed protocol retains the general flow of Dharminder et al., replaces the RSA method with elliptic curve algorithm and symmetric encryption/decryption algorithm, and corrects the errors in the last step of the authentication process of Dharminder et al. A formal security analysis is performed for the proposed protocol using BAN（Burrows-Abadi-Needham） logic, and a formal security verification is implemented using AVISPA（automated validation of Internet security-sensitive protocols and applications）. The results show that the proposed protocol can resist various malicious attacks. Besides, performance analysis using MIRACL（multiprecision integer and rational arithmetic C/C++library） shows that the new protocol has performance advantages over other recent schemes.

Key words: telecare medicine information system, authentication, security, attack, elliptic curve

李懿, 田玉玲. 远程医疗信息系统中的三因素匿名认证协议[J]. 计算机工程与应用, 2023, 59(10): 280-287.

LI Yi, TIAN Yuling. Three-Factor Anonymous Authentication Protocol in Telecare Medicine Information System[J]. Computer Engineering and Applications, 2023, 59(10): 280-287.

参考文献

[1] AHMADZADEH，SAFIYYEH，MASDARI.A survey and taxonomy of the authentication schemes in telecare medicine information systems[J].Journal of Network and Computer Applications，2017，87（11）：1-19.
[2] ALHEJAZI M M，AL-DAHASI E M，SAQIB N A.A new remote user authentication scheme for e-health-care applications using steganography[C]//2019 2nd International Conference on Computer Applications & Information Security，Riyadh，May 1-3，2019.Piscataway：IEEE，2019：1-10.
[3] SAMMOUD A，CHALOUF M A，HAMDI O，et al.A secure three-factor authentication and biometrics-based key agreement scheme for TMIS with user anonymity[C]//2020 International Wireless Communications and Mobile Computing Conference，Limassol，Jun 15-19，2020.Piscataway：IEEE，2020：1916-1921.
[4] ZHANG Z Z，QI Q Q.An efficient RFID authentication protocol to enhance patient medication safety using elliptic curve cryptography[J].Journal of Medical Systems，2014，38（5）：1-7.
[5] ZHAO Z G.A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem[J].Journal of Medical Systems，2014，38（5）：46.
[6] FARASH M S，NAWAZ O，MAHMOOD K，et al.A provably secure RFID authentication protocol based on elliptic curve for healthcare environments[J].Journal of Medical Systems，2016，40（7）：165.
[7] GIRI D，MAITRA T，AMIN R，et al.An efficient and robust RSA-based remote user authentication for telecare medical information systems[J].Journal of Medical Systems，2015，39（1）：145.
[8] AMIN R，BISWAS G P.An improved RSA based user authentication and session key agreement protocol usable in TMIS[J].Journal of Medical Systems，2015，39（8）：79.
[9] ARSHAD H，RASOOLZADEGAN A.Design of a secure authentication and key agreement scheme preserving user privacy usable in telecare medicine information systems[J].Journal of Medical Systems，2016，40（11）：237.
[10] OSTAD-SHARIF A，ABBASINEZHAD-MOOD D，NIKOOGHADAM M.A robust and efficient ECC-based mutual authentication and session key generation scheme for healthcare applications[J].Journal of Medical Systems，2019，43（1）：10.
[11] ZHANG L，ZHANG Y，TANG S，et al.Privacy protection for e-health systems by means of dynamic authentication and three-factor key agreement[J].IEEE Transactions on Industrial Electronics，2018，65（3）：2795-2805.
[12] HSU C L，LE T V，HSIEH M C，et al.Three-factor UCSSO scheme with fast authentication and privacy protection for telecare medicine information systems[J].IEEE Access，2020，8：196553-196566.
[13] RADHAKRISHNAN N，KARUPPIAH M.An efficient and secure remote user mutual authentication scheme using smart cards for telecare medical information systems[J].Informatics in Medicine Unlocked，2019，16（3）：1-13.
[14] DHARMINDER D，MISHRA D，LI X.Construction of RSA-based authentication scheme in authorized access to healthcare services[J].Journal of Medical Systems，2020，44（1）：6.
[15] DHARMINDER D，KUMAR U，GUPTA P.A construction of aconformal Chebyshev chaotic map based authentication protocol for healthcare telemedicine services[J].Complex and Intelligent Systems，2021，7：2531-2542.
[16] DHARMINDER D，KUNDU N，MISHRA D.Construction of a chaotic map-based authentication protocol for TMIS[J].Journal of Medical Systems，2021，45（8）：77.
[17] MISHRA D，DAS A K，MUKHOPADHYAY S.A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards[J].Expert Systems with Applications，2014，41（18）：8129-8143.
[18] JIN A T B，LING D N C，GOH A.Biohashing：two factor authentication featuring fingerprint data and tokenised random number[J].Pattern Recognition，2004，37（11）：2245-2255.
[19] SHAMSHAD S，AYUB M F，MAHMOOD K，et al.An enhanced scheme for mutual authentication for healthcare services[J].Digital Communications and Networks，2022，8（2）：150-161.
[20] ARMANDO A，BASIN D，BOICHUT Y，et al.The AVISPA tool for the automated validation of Internet security protocols and applications[C]//International Conference on Computer Aided Verification，Edinburgh，Jul 6-10，2005.Berlin，Heidelberg：Springer，2005：281-285.
[21] OSTAD-SHARIF A，ARSHAD H，NIKOOGHADAM M，et al.Three party secure data transmission in IoT networks through design of a lightweight authenticated key agreement scheme[J].Future Generation Computer Systems，2019，100：882-892.
[22] SRINIVAS J，DAS A K，WAZID M，et al.Anonymous lightweight chaotic map-based authenticated key agreement protocol for industrial Internet of things[J].IEEE Transactions on Dependable and Secure Computing，2018，17（6）：1133-1146.