Research On Data Security And Privacy Protection In Mobile Health Environment

Mobile health provides medical services and data exchange for users by using mobile communication technologies such as PDA,smart phones and satellite communication.The data,which is collected,processed and transmitted in mobile health,is related to users' physiological characteristics,environmental location and other privacy information.Because of the openness of mobile health network,the dynamic of network topology and the limitation of intelligent terminal resources,the mobile health network is vulnerable to a variety of security threats and privacy attacks.Therefore,on the basis of enjoying mobile health services,an issue that how to establish effective security mechanisms to protect data security and user privacy needs to be tackled urgently.Firstly,authentication is the primary security mechanism for all mobile medical systems to use normally.However,the existing authentication schemes have some shortcomings in privacy protection and large cost.Secondly,access control ensures that only authorized users can access the corresponding data resources.However,the current access control schemes based on traditional public key cryptography have some problems,such as public key certificate management and key escrow,which are poor efficiency.Finally,for outsourced medical data in the cloud,it is necessary to ensure that the data stored in the cloud is not maliciously tampered with,but the current data integrity verification scheme has the risk of data leakage,and the cost is high.Therefore,combined with traditional data security and privacy protection technology,the research of this dissertation is around the three issues of authentication,access control and data integrity verification in mobile health environment,and proposes three security mechanisms to protect data security and user privacy.The main research contents and achievements are as follows:(1)In view of privacy protection defects of secure authentication scheme and resource limitation of PDA in mobile health WBANs,an authentication scheme CMBAAS with user anonymity based on chaotic maps was presented.CMBAAS scheme adopts two-factor authentication technology based on smart card,and combines chaotic cryptography to realize mutual authentication.It provides user anonymity to protect user privacy,and can resist replay attack,perfect forward attack,and privileged insider attack and so on.In addition,there is no need to establish public key cryptosystem before authentication.In the process of authentication,the semi-group characteristic of Chebyshev polynomials is utilized to avoid expensive cryptographic operations and save the cost of authentication.Security attribute analysis,formal security proof and BAN logic verification show that CMBAAS scheme achieves the predetermined security goals.The AVISPA simulation results and performance analysis show that,compared with the existing schemes,CMBAAS scheme has the least computation cost on the basis of meeting the security requirements.(2)Aiming at the limitation of PDA resources in mobile health monitoring network,an efficient access control scheme EACS-CLSC based on certificateless signcryption was proposed.EACS-CLSC scheme uses certificateless public key cryptosystem to solve the problem of public key certificate management and key escrow.The signcryption mechanism completes two functions of signature and encryption at the same time,reduces the cryptographic computation and communication cost,and plays the role of privacy protection.The EACS-CLSC scheme does not use bilinear pairings to improve the computation efficiency,and provides user revocation function to enhance the system security.Formal security proves that EACS-CLSC scheme satisfies the confidentiality of IND-CLSC-CCA2 game and the unforgeability of EUF-CLSC-CMA game.The simulation results and performance analysis show that,compared with the similar schemes,EACS-CLSC scheme requires the least energy consumption,which makes up for the limitation of PDA resources.(3)In view of the existence problem of privacy protection and resource limitation of PDA in public auditing in mobile health cloud storage WBANs,a certificateless public auditing scheme CL-PASPP supporting privacy protection was presented.CL-PASPP scheme is based on certificateless public key cryptosystem,which solves the problems of public key certificate management and key escrow.The user entrusts TPA,a third-party auditor,to verify the remote integrity of cloud storage data,thus saving the user's storage cost,computation cost and communication cost.In the process of challenge and response,it ensures that malicious cloud servers cannot forge auditing evidence to deceive TPA to pass the verification and prevents curious TPA from recovering original data from auditing evidence,and strengthen privacy protection.Security analysis shows that CL-PASPP scheme meets the requirements of public verifiability,privacy protection and unforgeability,and achieves the predetermined security requirements.The simulation results and performance analysis show that,compared with the similar schemes,CL-PASPP scheme provides privacy protection,and resource-constrained PDA requires least overhead and has better efficiency.