{"title":"一种新的可证明安全的基于ecc的远程医疗信息系统认证与密钥管理协议","authors":"H. Amintoosi, Mahdi Nikooghadam","doi":"10.1109/ICCKE48569.2019.8965036","DOIUrl":null,"url":null,"abstract":"Telecare medical information systems are becoming more and more popular due to the provision of delivering health services, including remote access to health profiles for doctors, staff, and patients. Since these systems are installed entirely on the Internet, they are faced with different security and privacy threats. So, a significant challenge is the establishment of a secure key agreement and authentication procedure between the medical servers and patients. Recently, an ECC-based authentication and key agreement scheme for telecare medical systems in the smart city has been proposed by Khatoon et.al. In this paper, at first, we descriptively analyze Khatoon et al.’s protocol and demonstrate that it is vulnerable against known-session-specific temporary information attacks and cannot satisfy perfect forward secrecy. Next, we propose a provably secure and efficient authentication and key agreement protocol using Elliptic Curve Cryptography (ECC). We informally analyze the security of the proposed protocol, and prove that it can satisfy perfect forward secrecy and resist known attacks such as user/server impersonation attack. We also simulate and formally analyze the security of the protocol using the Scyther tool. The results show its robustness against different types of attacks.","PeriodicalId":6685,"journal":{"name":"2019 9th International Conference on Computer and Knowledge Engineering (ICCKE)","volume":"5 1","pages":"85-90"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A Novel Provably-Secure ECC-based Authentication and Key Management Protocol for Telecare Medical Information Systems\",\"authors\":\"H. Amintoosi, Mahdi Nikooghadam\",\"doi\":\"10.1109/ICCKE48569.2019.8965036\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Telecare medical information systems are becoming more and more popular due to the provision of delivering health services, including remote access to health profiles for doctors, staff, and patients. Since these systems are installed entirely on the Internet, they are faced with different security and privacy threats. So, a significant challenge is the establishment of a secure key agreement and authentication procedure between the medical servers and patients. Recently, an ECC-based authentication and key agreement scheme for telecare medical systems in the smart city has been proposed by Khatoon et.al. In this paper, at first, we descriptively analyze Khatoon et al.’s protocol and demonstrate that it is vulnerable against known-session-specific temporary information attacks and cannot satisfy perfect forward secrecy. Next, we propose a provably secure and efficient authentication and key agreement protocol using Elliptic Curve Cryptography (ECC). We informally analyze the security of the proposed protocol, and prove that it can satisfy perfect forward secrecy and resist known attacks such as user/server impersonation attack. We also simulate and formally analyze the security of the protocol using the Scyther tool. The results show its robustness against different types of attacks.\",\"PeriodicalId\":6685,\"journal\":{\"name\":\"2019 9th International Conference on Computer and Knowledge Engineering (ICCKE)\",\"volume\":\"5 1\",\"pages\":\"85-90\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 9th International Conference on Computer and Knowledge Engineering (ICCKE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCKE48569.2019.8965036\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 9th International Conference on Computer and Knowledge Engineering (ICCKE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCKE48569.2019.8965036","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Novel Provably-Secure ECC-based Authentication and Key Management Protocol for Telecare Medical Information Systems
Telecare medical information systems are becoming more and more popular due to the provision of delivering health services, including remote access to health profiles for doctors, staff, and patients. Since these systems are installed entirely on the Internet, they are faced with different security and privacy threats. So, a significant challenge is the establishment of a secure key agreement and authentication procedure between the medical servers and patients. Recently, an ECC-based authentication and key agreement scheme for telecare medical systems in the smart city has been proposed by Khatoon et.al. In this paper, at first, we descriptively analyze Khatoon et al.’s protocol and demonstrate that it is vulnerable against known-session-specific temporary information attacks and cannot satisfy perfect forward secrecy. Next, we propose a provably secure and efficient authentication and key agreement protocol using Elliptic Curve Cryptography (ECC). We informally analyze the security of the proposed protocol, and prove that it can satisfy perfect forward secrecy and resist known attacks such as user/server impersonation attack. We also simulate and formally analyze the security of the protocol using the Scyther tool. The results show its robustness against different types of attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
