摘要
远程医疗信息系统(telecare medical information systems, TMIS)极大程度地改善了患者的就医体验,已成为解决多样化医疗服务需求的可行方案.然而,当患者的隐私信息通过TMIS在公共网络上进行传输时容易遭受安全攻击.为保护患者的隐私,研究人员针对TMIS设计了大量的认证密钥交换协议,但已有协议大多存在无法抵抗离线字典攻击、用户冒充攻击、智能卡丢失攻击等安全隐患.针对上述问题,设计了一个基于椭圆曲线的认证密钥交换协议(TMIS-AKE),利用身份加密和随机化传输消息的方法实现用户的匿名性和不可追踪性.最后,通过安全性证明及性能分析,验证了TMIS-AKE协议在安全性和效率方面的优越性.
Telecare Medical Information Systems(TMIS)has greatly improved the patients’experience and has become a viable solution to meet the needs of diverse medical services.However,when patients’private information is transmitted over the public networks through TMIS,it is vulnerable to security attacks.To protect patients’privacy,a large number of authentication key exchange protocols have been designed for TMIS,but most of them are not resistant to offline dictionary attacks,user impersonation attacks and smart card loss attacks.In this paper,an elliptic curvebased authentication key exchange protocol is designed to achieve anonymity and untraceability of users by using identity encryption and randomized message transmission.Finally,the security proof and performance analysis demonstrate the superiority of TMISAKE protocol in terms of security and efficiency,and its ease of deployment in TMIS.
作者
王志强
黄玉洁
庞舒方
欧海文
Wang Zhiqiang;Huang Yujie;Pang Shufang;Ou Haiwen(Department of Cyberspace Security,Beijing Electronic Science&Technology Institute,Beijing 102627;State Information Center Postdoctoral Research Station,Beijing 100045)
出处
《信息安全研究》
CSCD
2023年第11期1102-1110,共9页
Journal of Information Security Research
基金
国家重点研发计划项目(2018YFB0803401)
中国博士后科研基金项目(2019M650606)
北京电子科技学院一级学科建设项目(3201012)。
关键词
智能卡
认证密钥交换协议
可证明安全
医疗信息安全
远程医疗信息系统
smart card
authenticated key exchange protocol
provable security
medical information security
Telecare Medical Information Systems
