改进的三因素相互认证与密钥协商方案

Improved three-factor authenticated key agreement scheme

暴露在不安全公共网络中的医疗记录容易遭受到安全威胁和攻击,为了保护远程医疗信息系统中敏感的医疗数据,迫切需要一种安全高效的相互认证与密钥协商方案。针对Zhang等人的方案进行分析,发现此方案容易遭受内部特权攻击。为了修复上述安全漏洞,采用增强存储在智能卡中相关参数的安全性,以及使用混沌映射计算迪菲—赫尔曼问题等方式,提出了一种改进的三因素相互认证与密钥协商方案。所提方案在实现公共信道上敏感医疗数据保护的同时,提供了远程医疗诊断过程中的隐私保护特性。安全性分析表明,所提方案不仅能够抵抗各类安全攻击,而且比已有的相关方案效率更高。

The medical records that are exposed to unsecured public networks are more vulnerable to various types of security threats and attacks. Therefore, it urgently needs a secure and efficient authenticated key agreement scheme to protect the sen- sitive medical data in the telecare medicine information system. This paper showed that Zhang et al. ＇ s scheme suffered from privileged-insider attacks. To overcome the security drawback above, this paper proposed an improved three-factor authentica- ted key agreement scheme by enhancing security of the correlation parameters stored in the smart cards and using chaotic map computational Diffie-Hellman problem. The proposed scheme realized the protection of medical data transmitted in the open channel and provided privacy protection during the remote diagnosing process. Security analysis demonstrates that new scheme not only can withstand various attacks but also achieves better performance compared with other related schemes.