SECP-AKE：用于智能医疗保健系统的安全高效的基于无证书密码的身份验证密钥交换协议

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture Pub Date : 2025-06-17 DOI:10.1016/j.sysarc.2025.103485

Zhiqiang Zhao , Xuexian Hu , Yining Liu , Jianghong Wei , Yuanjun Xia , Yangfan Liang

{"title":"SECP-AKE：用于智能医疗保健系统的安全高效的基于无证书密码的身份验证密钥交换协议","authors":"Zhiqiang Zhao , Xuexian Hu , Yining Liu , Jianghong Wei , Yuanjun Xia , Yangfan Liang","doi":"10.1016/j.sysarc.2025.103485","DOIUrl":null,"url":null,"abstract":"<div><div>Due to the importance and sensitivity of medical data, the security protection and privacy preservation of the Healthcare Internet of Things (IoT) are current research hotspots. However, existing research schemes still suffer from incomplete security properties, imperfect authentication mechanisms, and inadequate privacy preservation. Therefore, this paper presents SECP-AKE, a secure and efficient certificateless-password-based authenticated key exchange protocol for IoT-based smart healthcare, which enables batch authentication, resists physical attacks, and provides strong anonymity. Specifically, using certificateless cryptography, the SECP-AKE protocol enables batch authentication of authorized users and devices while also resolving the key escrow problem. In particular, the SECP-AKE protocol incorporates Physical Unclonable Functions (PUFs) to resist physical attacks, thus enhancing device security and ensuring reliable medical service delivery. Additionally, the design of a pseudonym update mechanism can achieve user unlinkability, thereby providing enhanced privacy preservation. The results from both formal verification using SVO logic and informal security analyses demonstrate that the SECP-AKE protocol is secure and offers more comprehensive security properties. Meanwhile, the use of a well-known automated security verification tool Scyther further evaluates the protocol’s security reliability. Ultimately, comparative experiments on communication overhead and computational overhead demonstrate that the SECP-AKE protocol is efficient and feasible compared to state-of-the-art existing works.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"167 ","pages":"Article 103485"},"PeriodicalIF":4.1000,"publicationDate":"2025-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"SECP-AKE: Secure and efficient certificateless-password-based authenticated key exchange protocol for smart healthcare systems\",\"authors\":\"Zhiqiang Zhao , Xuexian Hu , Yining Liu , Jianghong Wei , Yuanjun Xia , Yangfan Liang\",\"doi\":\"10.1016/j.sysarc.2025.103485\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Due to the importance and sensitivity of medical data, the security protection and privacy preservation of the Healthcare Internet of Things (IoT) are current research hotspots. However, existing research schemes still suffer from incomplete security properties, imperfect authentication mechanisms, and inadequate privacy preservation. Therefore, this paper presents SECP-AKE, a secure and efficient certificateless-password-based authenticated key exchange protocol for IoT-based smart healthcare, which enables batch authentication, resists physical attacks, and provides strong anonymity. Specifically, using certificateless cryptography, the SECP-AKE protocol enables batch authentication of authorized users and devices while also resolving the key escrow problem. In particular, the SECP-AKE protocol incorporates Physical Unclonable Functions (PUFs) to resist physical attacks, thus enhancing device security and ensuring reliable medical service delivery. Additionally, the design of a pseudonym update mechanism can achieve user unlinkability, thereby providing enhanced privacy preservation. The results from both formal verification using SVO logic and informal security analyses demonstrate that the SECP-AKE protocol is secure and offers more comprehensive security properties. Meanwhile, the use of a well-known automated security verification tool Scyther further evaluates the protocol’s security reliability. Ultimately, comparative experiments on communication overhead and computational overhead demonstrate that the SECP-AKE protocol is efficient and feasible compared to state-of-the-art existing works.</div></div>\",\"PeriodicalId\":50027,\"journal\":{\"name\":\"Journal of Systems Architecture\",\"volume\":\"167 \",\"pages\":\"Article 103485\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2025-06-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Systems Architecture\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1383762125001572\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762125001572","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

由于医疗数据的重要性和敏感性，医疗物联网（IoT）的安全保护和隐私保护是当前的研究热点。然而，现有的研究方案还存在安全性不完善、认证机制不完善、隐私保护不足等问题。为此，本文提出了一种安全高效的基于物联网智能医疗的无证书密码认证密钥交换协议SECP-AKE，该协议支持批量认证、抗物理攻击、强匿名性。具体来说，使用无证书加密技术，SECP-AKE协议可以对授权用户和设备进行批量认证，同时也解决了密钥托管问题。特别是，SECP-AKE协议通过puf （Physical unclable Functions）功能抵御物理攻击，增强了设备的安全性，保证了医疗服务的可靠提供。此外，假名更新机制的设计可以实现用户不可链接性，从而增强隐私保护。使用SVO逻辑的正式验证和非正式安全性分析的结果表明，SECP-AKE协议是安全的，并提供了更全面的安全特性。同时，使用知名的自动化安全验证工具Scyther进一步评估协议的安全可靠性。最后，通过通信开销和计算开销的对比实验，证明了SECP-AKE协议与现有协议相比是高效可行的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SECP-AKE: Secure and efficient certificateless-password-based authenticated key exchange protocol for smart healthcare systems

Due to the importance and sensitivity of medical data, the security protection and privacy preservation of the Healthcare Internet of Things (IoT) are current research hotspots. However, existing research schemes still suffer from incomplete security properties, imperfect authentication mechanisms, and inadequate privacy preservation. Therefore, this paper presents SECP-AKE, a secure and efficient certificateless-password-based authenticated key exchange protocol for IoT-based smart healthcare, which enables batch authentication, resists physical attacks, and provides strong anonymity. Specifically, using certificateless cryptography, the SECP-AKE protocol enables batch authentication of authorized users and devices while also resolving the key escrow problem. In particular, the SECP-AKE protocol incorporates Physical Unclonable Functions (PUFs) to resist physical attacks, thus enhancing device security and ensuring reliable medical service delivery. Additionally, the design of a pseudonym update mechanism can achieve user unlinkability, thereby providing enhanced privacy preservation. The results from both formal verification using SVO logic and informal security analyses demonstrate that the SECP-AKE protocol is secure and offers more comprehensive security properties. Meanwhile, the use of a well-known automated security verification tool Scyther further evaluates the protocol’s security reliability. Ultimately, comparative experiments on communication overhead and computational overhead demonstrate that the SECP-AKE protocol is efficient and feasible compared to state-of-the-art existing works.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Systems Architecture 工程技术-计算机：硬件

CiteScore

8.70

自引率

15.60%

发文量

226

审稿时长

46 days

期刊介绍： The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.