摘要
随着老龄化社会的到来,基于无线体域网的移动医疗系统得到越来越多的关注。由于当前网络环境复杂且移动医疗系统防御脆弱,用户的医疗数据和身份信息很容易泄露。提出了一个基于无证书密码技术的数据安全传输协议,能够实现移动医疗系统中数据的完整性和机密性以及用户身份隐私等安全目标。该方案在医疗用户和医疗服务提供者两端保持记录表,记录用户和医疗服务提供者之间的对称密钥及用户的匿名身份,并在每次通信结束后更新记录表,实现了通信双方的相互认证以及前向安全和后向安全。此外,采用对称加密和数字签名等密码技术实现数据的安全性。性能分析表明所提出的数据安全传输协议计算开销小,简单高效。
With the arrival of aging society,mobile-health systems based on wireless body area network are gaining more and more attentions.However,the network environment is complex and mobile-health systems are vulnerable to attack,thus users'medical data and identity information is vulnerable to leak.In this paper,we propose a secure data transmission protocol based on certificateless cryptographic scheme to ensure the security of the system.It can achieve security objectives such as data integrity,data confidentiality and identity privacy preservation.Specifically,record tables are kept both in the clients and medical service providers to store the symmetric keys and the anonymous identities between.The table is refreshed at the end of each communication such that it can achieve mutual authentication,forward security and backward security.Additionally,symmetric encryption and digital signature are adopted to achieve data security.Performance analysis demonstrates that the scheme is simple and efficient with less computational overhead.
作者
黄兴
张爱清
叶新荣
谢小娟
HUANG Xing;ZHANG Aiqing;YE Xinrong;XIE Xiaojuan(Anhui Normal University,College of Physics and Electronic Information,Wuhu 241000,China)
出处
《无线电通信技术》
2018年第3期282-287,共6页
Radio Communications Technology
基金
国家自然科学基金项目(61601005)
安徽省自然科学基金项目(1608085QF138)
安徽省高校优秀青年人才计划支持重点项目(gxyq ZD2016027)
安徽师范大学博士科研启动基金项目(2014bsqdjj38)
关键词
移动医疗
隐私保护
无证书密码体制
传输协议
mobile-health
privacy preservation
certificateless public key scheme
transmission protocol
