【摘要】：報告顯示,我國逐漸進入人口老齡化社會,并且由于醫(yī)療資源緊張的緣故,使得整個國家呈現(xiàn)出看病難的現(xiàn)象。因此,關(guān)注中老年人的身體健康狀況并利用網(wǎng)絡(luò)資源緩解醫(yī)療資源的緊張現(xiàn)象,具有重要的現(xiàn)實意義。無線體域網(wǎng)是將功能傳感器布置在身體上并實時持續(xù)地收集生理數(shù)據(jù)。而將無線體域網(wǎng)用于遠程醫(yī)療,不僅可以讓病患可以在家接受專業(yè)的監(jiān)護,還可以讓出部分醫(yī)療資源,從而緩解看病難的狀況。在基于無線體域網(wǎng)的移動醫(yī)療監(jiān)護網(wǎng)絡(luò)中,病患傳輸?shù)臄?shù)據(jù)中包含著病患的敏感隱私,如病種,病的程度等。由于無線網(wǎng)絡(luò)的開放性,網(wǎng)絡(luò)中存在的主動與被動攻擊者,會對病患的隱私安全造成威脅。因此,移動醫(yī)療監(jiān)護網(wǎng)絡(luò)中的認證機制,與其功能、性能同等重要。病患通過無線網(wǎng)絡(luò)接入醫(yī)療服務(wù),醫(yī)療服務(wù)提供方需要對病患的身份進行認證,現(xiàn)在隨著網(wǎng)絡(luò)監(jiān)管力度的增大,對注冊身份的核實也越來越嚴。同樣地,這也會伴隨著個人隱私信息泄露的風險。另外,在醫(yī)療服務(wù)中,只需要對生理數(shù)據(jù)進行分析進而可以給出診療意見,無需身份信息。因此,在移動醫(yī)療監(jiān)護網(wǎng)絡(luò)的認證機制中,有著身份認證與身份信息隱匿的安全需求。本文圍繞移動醫(yī)療監(jiān)護網(wǎng)絡(luò)中保護隱私的認證協(xié)議進行研究,主要的工作體現(xiàn)在以下兩個方面:(1)對移動醫(yī)療監(jiān)護網(wǎng)絡(luò)身份認證過程中病患的身份隱匿性進行研究,分析總結(jié)現(xiàn)有的匿名方法,得出基于假名池的和基于驗證表的匿名認證協(xié)議中病患手持移動設(shè)備處和醫(yī)療服務(wù)器端的存儲代價與假名池的長度和系統(tǒng)中用戶數(shù)量成正比,存儲代價較高。另外,假名池的定期更新需要額外的維護代價,驗證表中信息的不及時更新,會使得系統(tǒng)的風險系數(shù)增高。因此,為了降低病患手持移動設(shè)備處和醫(yī)療服務(wù)器端的存儲代價,針對移動醫(yī)療監(jiān)護網(wǎng)絡(luò)的特點,在醫(yī)療服務(wù)器網(wǎng)關(guān)處布置一個只能執(zhí)行固化程序的安全中間件,只負責將來自病患的簽名消息轉(zhuǎn)換為自己的簽名消息,從而使得遠程醫(yī)療服務(wù)器端接收到的簽名消息都由安全中間件簽名。結(jié)合代理重簽名技術(shù),提出一個基于安全中間件的匿名認證協(xié)議。病患端和醫(yī)療服務(wù)器端由于不需要存儲額外的密鑰信息,從而在較大程度上降低存儲代價。經(jīng)過安全性分析,證明所提協(xié)議不僅可以滿足基本的安全需求,還可以抵抗各種網(wǎng)絡(luò)攻擊。通過性能評估,證實所提協(xié)議不僅提高了系統(tǒng)的安全性,存儲代價和計算代價較低,較適用于移動醫(yī)療監(jiān)護網(wǎng)絡(luò)。(2)對移動醫(yī)療監(jiān)護網(wǎng)絡(luò)中保護隱私的認證協(xié)議的用戶密鑰可撤銷性進行研究,發(fā)現(xiàn)現(xiàn)有的密鑰可撤銷研究工作中用戶的密鑰存儲量過大,并由于增加用戶撤銷功能而使得認證效率較大程度地降低。本文分析總結(jié)現(xiàn)有的密鑰管理方法,結(jié)合無證書公鑰密碼學與輕量級的帶密鑰哈希鏈技術(shù),提出一個無配對的可撤銷無證書公鑰加密方案。將用戶密鑰分為獨立的兩部分:與身份有關(guān)的密鑰和與時間有關(guān)的密鑰。用戶只有擁有完整的兩部分密鑰才能完成認證。用戶被撤銷時,只更新未撤銷用戶的時間密鑰。通過在隨機預言模型下,證明我們的方案在適應性選擇消息攻擊下是密文不可區(qū)分的。基于該方案,結(jié)合移動醫(yī)療監(jiān)護系統(tǒng)模型,提出一個用戶可撤銷的保護隱私的認證協(xié)議。經(jīng)過安全性分析,證明所提協(xié)議不僅能滿足基本的安全需求,也能夠抵抗各種網(wǎng)絡(luò)攻擊。由于我們的協(xié)議是無配對的,通過性能評估,證實所提協(xié)議在安全和效率上達到了較好的折中性。
[Abstract]:The report shows that China has gradually entered the aging society of the population, and because of the shortage of medical resources, it has made the whole country difficult to see the disease. Therefore, it is of great practical significance to pay attention to the physical health of the middle-aged and the elderly and to use the network resources to alleviate the tension of medical resources. The sensor is arranged on the body and collects physical data in real time. The use of wireless body domain network in telemedicine can not only allow patients to receive professional care at home, but also give out part of the medical resources to alleviate the difficult condition of seeing the disease. Data transmitted by patients in mobile medical monitoring network based on wireless body domain network It contains the sensitive privacy of the patient, such as the disease and the degree of the disease. Because of the openness of the wireless network, the presence of active and passive attackers in the network threatens the privacy and security of the patient. Therefore, the authentication mechanism in the mobile medical monitoring network is equally important to its function and nature. The provider of medical services needs to authenticate the identity of the patient. With the increase of network supervision, the verification of the registered identity is becoming more and more strict. Similarly, this will also accompany the risk of disclosure of personal privacy information. In addition, in medical services, it is necessary to analyze the physiological data and give the advice of diagnosis and treatment, no need. Identity information. Therefore, in the authentication mechanism of mobile medical monitoring network, there is a security requirement of identity authentication and identity information concealment. This paper studies the authentication protocol of privacy protection in mobile medical monitoring network. The main work is embodied in the following two aspects: (1) disease in the process of identity authentication in mobile medical monitoring network The identity concealment is studied, and the existing anonymous methods are analyzed and summarized. The storage costs of the patient's handheld mobile devices and the medical server end are proportional to the length of the pseudonym pool and the number of users in the system, and the storage cost is higher. In order to reduce the storage cost of the patient's handheld mobile device and the medical server side, a cure can only be performed at the medical service gateway in order to reduce the storage cost of the patient's handheld mobile device and the medical server side. All middleware is responsible for the conversion of signature messages from patients to their own signature messages in the future, so that the signature messages received by the telemedicine server end are signed by the security middleware. An anonymous authentication protocol based on the security middleware is proposed. Through security analysis, it is proved that the proposed protocol can not only meet the basic security requirements, but also resist various network attacks. Through performance evaluation, it is proved that the proposed protocol not only improves the security of the system, the storage cost and the computational cost are lower, and is more applicable. In mobile medical monitoring network (2) research on user key revocation of authentication protocol for privacy protection in mobile medical monitoring network. It is found that the user's key storage capacity is too large in the existing key revocable research work, and the efficiency of authentication is greatly reduced due to the increase of user revocation function. The existing key management method, combining the certificate public key cryptology and the lightweight key hash chain technology, presents an unpaired certificate free public key encryption scheme. The user key is divided into two independent parts: identity related key and time related key. Only the user has a complete two part key. When the user is revoked, only the time key of the unrevoked user is updated. Through the random prophecy model, it is proved that our scheme is ciphertext undistinguishable under the adaptive choice message attack. Based on this scheme, a user revocable authentication protocol for privacy protection is proposed in combination with the mobile medical monitoring system model. Security analysis shows that the proposed protocol can not only meet the basic security requirements, but also resist various network attacks. Because our protocol is unmatched, the performance evaluation proves that the proposed protocol has achieved good neutrality in security and efficiency.
【學位授予單位】：安徽大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP309

【參考文獻】

相關(guān)期刊論文 前2條

1 劉毅;宋余慶;;無線體域網(wǎng)技術(shù)研究[J];小型微型計算機系統(tǒng);2013年08期

2 洪璇;陳克非;萬中美;;簡單的通用可組合代理重簽名方案[J];軟件學報;2010年08期

，

本文編號：2165964