计算机工程与应用 ›› 2023, Vol. 59 ›› Issue (10): 280-287.DOI: 10.3778/j.issn.1002-8331.2201-0238

• 网络、通信与安全 • 上一篇    下一篇

远程医疗信息系统中的三因素匿名认证协议

李懿,田玉玲   

  1. 太原理工大学 信息与计算机学院,山西 晋中 030600
  • 出版日期:2023-05-15 发布日期:2023-05-15

Three-Factor Anonymous Authentication Protocol in Telecare Medicine Information System

LI Yi, TIAN Yuling   

  1. College of Information and Computer, Taiyuan University of Technology, Jinzhong, Shanxi 030600, China
  • Online:2023-05-15 Published:2023-05-15

摘要: 远程医疗信息系统为特定的患者提供无缝的医疗信息转移和及时共享,用户认证协议是保障远程医疗信息系统中安全与隐私的重要技术。对Dharminder等基于RSA的授权访问医疗保健服务的认证方案进行了安全性分析,指出该方案无法抵抗密钥泄露伪装攻击、拒绝服务攻击,无法提供前向安全性。对Dharminder等方案进行了改进,提出了一种基于椭圆曲线密码体制的三因素匿名身份认证协议。所提出协议保留了Dharminder等方案的大致流程,将RSA方法替换为椭圆曲线算法和对称加解密算法,并修改了Dharminder等方案认证过程最后步骤的错误。对新提出的协议,利用BAN(Burrows-Abadi-Needham)逻辑进行了形式化安全分析,并使用AVISPA(automated validation of Internet security-sensitive protocols and applications)实现了形式化安全验证。结果表明,提出的协议能够抵抗各种恶意攻击。此外,利用MIRACL(multiprecision integer and rational arithmetic C/C++ library)大数运算函数库进行了性能分析,新协议相比于最近的其他方案具备性能优势。

关键词: 远程医疗信息系统, 身份认证, 安全性, 攻击, 椭圆曲线

Abstract: Telecare medicine information system provides seamless medical information transfer and timely sharing for specific patients, and user authentication protocol is one of important technologies to ensure security and privacy in telecare medicine information system. This paper analyzes the security of Dharminder’s RSA-based authentication schemes for authorized access to healthcare services, and points out that the scheme cannot resist key compromise impersonation attack, denial of service attack, and cannot provide forward security. To this end, this paper improves the scheme of Dharminder et al., and proposes a three-factor anonymous authentication protocol based on elliptic curve cryptography. The proposed protocol retains the general flow of Dharminder et al., replaces the RSA method with elliptic curve algorithm and symmetric encryption/decryption algorithm, and corrects the errors in the last step of the authentication process of Dharminder et al. A formal security analysis is performed for the proposed protocol using BAN(Burrows-Abadi-Needham) logic, and a formal security verification is implemented using AVISPA(automated validation of Internet security-sensitive protocols and applications). The results show that the proposed protocol can resist various malicious attacks. Besides, performance analysis using MIRACL(multiprecision integer and rational arithmetic C/C++library) shows that the new protocol has performance advantages over other recent schemes.

Key words: telecare medicine information system, authentication, security, attack, elliptic curve