| According to reports,it is widely accepted that China has already come into the aging society.The entire country is in accordance with the phenomenon of getting difficulty of medical service due to the shortage of medical resources.Therefore,it bears great significance to focus on the health of middle-aged and elderly people,and use network technologies to ease the phenomenon of unreasonable medical resources allocation.In wireless body area network(WBAN for short),functional sensors are put on or in the body gather physiological data continuously in real time.Combining WBAN with telemedicine,it not only can make the patient receive professional care at home,but can also ease the shortage of medical resources.In mobile medical monitoring network which is based on WBAN,the transmitted data contains the patient's sensitive privacy,such as the types of illness or the levels of illness,etc.Because of the openness of wireless channel,the patients' privacy would be threatened by the active and passive attacks.Therefore,authentication in m-health monitoring network is equally important,compared with its functions and performance.When the patient accesses medical severs via a wireless network,server providers need to authenticate the requesting patient's identity.With the network supervision being strengthened,the work of verifying the registered identity becomes ever stricter.At the same time,it also goes with the risk of revealing personal privacy information.Furthermore,the medical server provider only needs physical data but the patient's identity for diagnosis.So,there are two security requirements for authentication and anonymity for the authentication mechanisms in m-health monitoring network.In this article,the privacy preserving authentication mechanisms are discussed,and the work mainly reflects in two aspects as follows.(1)To further research the privacy of the patient's identity,current authentication mechanisms for m-health monitoring network are investigated.Existing identity hiding methods based on pseudonym pool need to store a pseudonym pool at each client,so the storage space linearly increases with the length of the pseudonym pool.And maintaining the pseudonym pool also needs the additional costs.Furthermore,existing identity hiding methods based on verification table need to store a verification table at the remote medical server,similarly,so the storage space linearly increases with the number of the users.And verification table may cause the risk of asynchronous information.For these shortcomings above,a secure hardware which only executes the curing programs is placed at the server gateway.It is in charge of the secure hardware to transform the signed information from the patients into a new signature signed by itself.Therefore,all signatures received by the remote medical server are signed by the security hardware.Obviously,the patient and the medical server do not have to store the additional keys,and thus the storage cost for both the patient and the remote medical server can be reduced to a constant.By introducing proxy re-signature,an anonymous authentication protocol based on a security middleware is proposed.Through theoretical proofs,the proposed scheme cannot only satisfy the basic security requirements,but also resist all kinds of network attacks.Furthermore,the performance evaluation shows that the proposed scheme can strengthen the security of the system and needs lower the storage cost and the computation cost.So the proposed protocol has a better practical applicability for m-health monitoring network.(2)To research the revocation of the users' private keys,authentication mechanisms for m-health monitoring network are further investigated.Currently,the user's key storage cost is very high in the existing key revocation,and the authentication efficiency is lower owing to the extensive use of pairing operations.After analyzing and discussing these existing key management methods,a revocable certificateless public encryption scheme without pairing combining is proposed,by using the technique of hash chain with key.In the scheme,the user's private key is generated by both the third party and the user,so it addresses the issue of key escrow.Furthermore,the key generated by the third party is spilt into two independent parts,the identity key and the time key.Only in the case of owning the whole keys,can the users be authenticated successfully.When a user is revoked,the third party only needs to update the unrevoked users' time keys.Under the random oracle model,the IND-CCA proofs of the proposed scheme are presented.Then a revocable anonymous authentication protocol based on this scheme is designed for m-health monitoring network.Through theoretical proofs,the proposed protocol cannot only satisfy the basic security requirements,but also defense several network attacks.Because of no pairing,so the performance evaluation shows the protocol can make a better balance between security,efficiency and practicality for m-health monitoring network. |
PDF Full Text Request