A2SHE：公共场所突发卫生事件匿名认证方案

IF 6.8 1区计算机科学 0 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information Sciences Pub Date : 2025-02-07 DOI:10.1016/j.ins.2025.121944

Xiaohan Yue , Peng Yang , Haoran Si , Haibo Yang , Fucai Zhou , Qiang Wang , Zhuo Yang , Shi Bai , Yuan He

{"title":"A2SHE：公共场所突发卫生事件匿名认证方案","authors":"Xiaohan Yue , Peng Yang , Haoran Si , Haibo Yang , Fucai Zhou , Qiang Wang , Zhuo Yang , Shi Bai , Yuan He","doi":"10.1016/j.ins.2025.121944","DOIUrl":null,"url":null,"abstract":"<div><div>With the outbreak of health emergencies such as COVID-19 and monkeypox, individuals are required to present their pandemic prevention and control (PPC) credentials when accessing public venues, which raises significant privacy concerns that the data from individuals embedded in the PPC credentials may be leaked maliciously. While previous studies have proposed privacy-preserving solutions, they come with their own set of challenges. Specifically, none can simultaneously meet the requirements of non-transferability for the information in authentication and privacy protection for personal identities. Moreover, the existing membership management mechanisms adopted by revocable solutions entail additional computational costs for both users and verifiers. Therefore, this paper presents an anonymous authentication scheme for health emergencies in public venues (A<sup>2</sup>SHE, for short) to overcome these challenges. A<sup>2</sup>SHE offers a novel membership management mechanism that supports revocability for invalid users and traceability for patients while considering the trade-off between privacy and performance. A<sup>2</sup>SHE also introduces a biometric-based key derivation algorithm to prevent the transferability of authentication information. Furthermore, based on the framework of A<sup>2</sup>SHE and considering the security and privacy requirements for health emergencies in public venues, a concrete construction of A<sup>2</sup>SHE is presented. The feasibility of the proposed scheme is demonstrated through both of the security and performance analysis. The results show that A<sup>2</sup>SHE achieves an optimal balance between security and performance that differs from previous schemes, presenting a novel practical approach for access control in public venues.</div></div>","PeriodicalId":51063,"journal":{"name":"Information Sciences","volume":"703 ","pages":"Article 121944"},"PeriodicalIF":6.8000,"publicationDate":"2025-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A2SHE: An anonymous authentication scheme for health emergencies in public venues\",\"authors\":\"Xiaohan Yue , Peng Yang , Haoran Si , Haibo Yang , Fucai Zhou , Qiang Wang , Zhuo Yang , Shi Bai , Yuan He\",\"doi\":\"10.1016/j.ins.2025.121944\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>With the outbreak of health emergencies such as COVID-19 and monkeypox, individuals are required to present their pandemic prevention and control (PPC) credentials when accessing public venues, which raises significant privacy concerns that the data from individuals embedded in the PPC credentials may be leaked maliciously. While previous studies have proposed privacy-preserving solutions, they come with their own set of challenges. Specifically, none can simultaneously meet the requirements of non-transferability for the information in authentication and privacy protection for personal identities. Moreover, the existing membership management mechanisms adopted by revocable solutions entail additional computational costs for both users and verifiers. Therefore, this paper presents an anonymous authentication scheme for health emergencies in public venues (A<sup>2</sup>SHE, for short) to overcome these challenges. A<sup>2</sup>SHE offers a novel membership management mechanism that supports revocability for invalid users and traceability for patients while considering the trade-off between privacy and performance. A<sup>2</sup>SHE also introduces a biometric-based key derivation algorithm to prevent the transferability of authentication information. Furthermore, based on the framework of A<sup>2</sup>SHE and considering the security and privacy requirements for health emergencies in public venues, a concrete construction of A<sup>2</sup>SHE is presented. The feasibility of the proposed scheme is demonstrated through both of the security and performance analysis. The results show that A<sup>2</sup>SHE achieves an optimal balance between security and performance that differs from previous schemes, presenting a novel practical approach for access control in public venues.</div></div>\",\"PeriodicalId\":51063,\"journal\":{\"name\":\"Information Sciences\",\"volume\":\"703 \",\"pages\":\"Article 121944\"},\"PeriodicalIF\":6.8000,\"publicationDate\":\"2025-02-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Sciences\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0020025525000763\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"0\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Sciences","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0020025525000763","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"0","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

随着COVID-19和猴痘等突发卫生事件的爆发，个人在进入公共场所时需要出示大流行预防和控制（PPC）凭证，这引发了严重的隐私问题，即嵌入PPC凭证的个人数据可能被恶意泄露。虽然之前的研究提出了保护隐私的解决方案，但它们也面临着一系列挑战。具体来说，没有一种能够同时满足认证信息的不可转移性和个人身份隐私保护的要求。此外，可撤销解决方案采用的现有成员管理机制为用户和验证者带来了额外的计算成本。为此，本文提出了公共场所突发卫生事件匿名认证方案（简称A2SHE）来克服这些挑战。A2SHE提供了一种新颖的会员管理机制，支持无效用户的可撤销性和患者的可追溯性，同时考虑到隐私和性能之间的权衡。A2SHE还引入了一种基于生物特征的密钥派生算法，以防止认证信息的可转移性。在此基础上，结合公共场所突发卫生事件的安全和隐私要求，提出了A2SHE的具体构建方案。通过安全性和性能分析，验证了该方案的可行性。结果表明，A2SHE实现了与以往方案不同的安全性和性能的最佳平衡，为公共场所的访问控制提供了一种新颖的实用方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A2SHE: An anonymous authentication scheme for health emergencies in public venues

With the outbreak of health emergencies such as COVID-19 and monkeypox, individuals are required to present their pandemic prevention and control (PPC) credentials when accessing public venues, which raises significant privacy concerns that the data from individuals embedded in the PPC credentials may be leaked maliciously. While previous studies have proposed privacy-preserving solutions, they come with their own set of challenges. Specifically, none can simultaneously meet the requirements of non-transferability for the information in authentication and privacy protection for personal identities. Moreover, the existing membership management mechanisms adopted by revocable solutions entail additional computational costs for both users and verifiers. Therefore, this paper presents an anonymous authentication scheme for health emergencies in public venues (A²SHE, for short) to overcome these challenges. A²SHE offers a novel membership management mechanism that supports revocability for invalid users and traceability for patients while considering the trade-off between privacy and performance. A²SHE also introduces a biometric-based key derivation algorithm to prevent the transferability of authentication information. Furthermore, based on the framework of A²SHE and considering the security and privacy requirements for health emergencies in public venues, a concrete construction of A²SHE is presented. The feasibility of the proposed scheme is demonstrated through both of the security and performance analysis. The results show that A²SHE achieves an optimal balance between security and performance that differs from previous schemes, presenting a novel practical approach for access control in public venues.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Information Sciences 工程技术-计算机：信息系统

CiteScore

14.00

自引率

17.30%

发文量

1322

审稿时长

10.4 months

期刊介绍： Informatics and Computer Science Intelligent Systems Applications is an esteemed international journal that focuses on publishing original and creative research findings in the field of information sciences. We also feature a limited number of timely tutorial and surveying contributions. Our journal aims to cater to a diverse audience, including researchers, developers, managers, strategic planners, graduate students, and anyone interested in staying up-to-date with cutting-edge research in information science, knowledge engineering, and intelligent systems. While readers are expected to share a common interest in information science, they come from varying backgrounds such as engineering, mathematics, statistics, physics, computer science, cell biology, molecular biology, management science, cognitive science, neurobiology, behavioral sciences, and biochemistry.