摘要
远程医疗信息系统中,身份认证是确保患者和医疗服务器之间安全通信的有效机制。对Sutrala等基于口令的适用于远程医疗信息系统的用户匿名认证协议进行了安全性分析,指出其协议不能抵抗离线口令猜测攻击、中间人攻击,不具备前向安全性。基于扩展混沌映射提出了一个新的三因素匿名用户身份认证协议,新协议克服了Sutrala等协议的安全漏洞。利用BAN(Burrows-Abadi-Needham)逻辑对提出方案进行了形式化证明。此外,安全分析表明,新的协议能够抵御各种恶意攻击,适用于远程医疗环境。
Mutual authentication is one of the most efficient mechanisms to guarantee secure communication between the patient and the medical server in telecare medicine information system(TMIS). We remark that Sutrala et al’s scheme cannot resist offline password guessing attacks and man-in-the-middle attack and preserve forward secrecy. To overcome these limitations, we present a three factor user authentication protocol using extended chaotic maps for TMIS. Further, the proposed protocol is validated using BAN(BurrowsAbadi-Needham) logic. In addition, security analysis of our proposed protocol is to demonstrate its resilience against the well-known malicious attacks. Thus, it is more applicable to telecare medicine environments.
作者
屈娟
李艳平
QU Juan;LI Yanping(School of Mathematics and Statistics,Chongqing Three Gorges University,Chongqing 404100,China;College of Mathematics and Information Science,Shaanxi Normal University,Xi'an 710119,Shaanxi,China)
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2020年第2期117-125,共9页
Journal of Wuhan University:Natural Science Edition
基金
国家自然科学基金(61802243)
陕西省重点研发计划(2019GY-013)
中央高校基本科研业务费专项资金(GK201803005)。
关键词
远程医疗信息系统
认证
智能卡
BAN逻辑
telecare medicine information system
authentication
smart card
BAN(Burrows-Abadi-Needham)logic
