A2SHE: An anonymous authentication scheme for health emergencies in public venues

IF 8.1 1区计算机科学 0 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information Sciences Pub Date : 2025-02-07 DOI:10.1016/j.ins.2025.121944

Xiaohan Yue , Peng Yang , Haoran Si , Haibo Yang , Fucai Zhou , Qiang Wang , Zhuo Yang , Shi Bai , Yuan He

{"title":"A2SHE: An anonymous authentication scheme for health emergencies in public venues","authors":"Xiaohan Yue , Peng Yang , Haoran Si , Haibo Yang , Fucai Zhou , Qiang Wang , Zhuo Yang , Shi Bai , Yuan He","doi":"10.1016/j.ins.2025.121944","DOIUrl":null,"url":null,"abstract":"<div><div>With the outbreak of health emergencies such as COVID-19 and monkeypox, individuals are required to present their pandemic prevention and control (PPC) credentials when accessing public venues, which raises significant privacy concerns that the data from individuals embedded in the PPC credentials may be leaked maliciously. While previous studies have proposed privacy-preserving solutions, they come with their own set of challenges. Specifically, none can simultaneously meet the requirements of non-transferability for the information in authentication and privacy protection for personal identities. Moreover, the existing membership management mechanisms adopted by revocable solutions entail additional computational costs for both users and verifiers. Therefore, this paper presents an anonymous authentication scheme for health emergencies in public venues (A<sup>2</sup>SHE, for short) to overcome these challenges. A<sup>2</sup>SHE offers a novel membership management mechanism that supports revocability for invalid users and traceability for patients while considering the trade-off between privacy and performance. A<sup>2</sup>SHE also introduces a biometric-based key derivation algorithm to prevent the transferability of authentication information. Furthermore, based on the framework of A<sup>2</sup>SHE and considering the security and privacy requirements for health emergencies in public venues, a concrete construction of A<sup>2</sup>SHE is presented. The feasibility of the proposed scheme is demonstrated through both of the security and performance analysis. The results show that A<sup>2</sup>SHE achieves an optimal balance between security and performance that differs from previous schemes, presenting a novel practical approach for access control in public venues.</div></div>","PeriodicalId":51063,"journal":{"name":"Information Sciences","volume":"703 ","pages":"Article 121944"},"PeriodicalIF":8.1000,"publicationDate":"2025-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Sciences","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0020025525000763","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"0","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

With the outbreak of health emergencies such as COVID-19 and monkeypox, individuals are required to present their pandemic prevention and control (PPC) credentials when accessing public venues, which raises significant privacy concerns that the data from individuals embedded in the PPC credentials may be leaked maliciously. While previous studies have proposed privacy-preserving solutions, they come with their own set of challenges. Specifically, none can simultaneously meet the requirements of non-transferability for the information in authentication and privacy protection for personal identities. Moreover, the existing membership management mechanisms adopted by revocable solutions entail additional computational costs for both users and verifiers. Therefore, this paper presents an anonymous authentication scheme for health emergencies in public venues (A²SHE, for short) to overcome these challenges. A²SHE offers a novel membership management mechanism that supports revocability for invalid users and traceability for patients while considering the trade-off between privacy and performance. A²SHE also introduces a biometric-based key derivation algorithm to prevent the transferability of authentication information. Furthermore, based on the framework of A²SHE and considering the security and privacy requirements for health emergencies in public venues, a concrete construction of A²SHE is presented. The feasibility of the proposed scheme is demonstrated through both of the security and performance analysis. The results show that A²SHE achieves an optimal balance between security and performance that differs from previous schemes, presenting a novel practical approach for access control in public venues.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Sciences 工程技术-计算机：信息系统

CiteScore

14.00

自引率

17.30%

发文量

1322

审稿时长

10.4 months

期刊介绍： Informatics and Computer Science Intelligent Systems Applications is an esteemed international journal that focuses on publishing original and creative research findings in the field of information sciences. We also feature a limited number of timely tutorial and surveying contributions. Our journal aims to cater to a diverse audience, including researchers, developers, managers, strategic planners, graduate students, and anyone interested in staying up-to-date with cutting-edge research in information science, knowledge engineering, and intelligent systems. While readers are expected to share a common interest in information science, they come from varying backgrounds such as engineering, mathematics, statistics, physics, computer science, cell biology, molecular biology, management science, cognitive science, neurobiology, behavioral sciences, and biochemistry.