CN113114689A - Authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment - Google Patents
Authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment Download PDFInfo
- Publication number
- CN113114689A CN113114689A CN202110407156.1A CN202110407156A CN113114689A CN 113114689 A CN113114689 A CN 113114689A CN 202110407156 A CN202110407156 A CN 202110407156A CN 113114689 A CN113114689 A CN 113114689A
- Authority
- CN
- China
- Prior art keywords
- user
- authentication
- fog node
- identity
- fog
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Algebra (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to an authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment, which comprises the following steps of 1, initializing a system; step 2, registering equipment; step 3, identity authentication and step 4 attribute authentication. The authentication scheme of the invention designs an authentication model with two stages aiming at privacy protection of users in a fog computing environment, wherein the identity authentication of the first stage utilizes an elliptic curve and a bilinear pairing technology to help the users to effectively identify credible fog nodes in the environment, and meanwhile, attacks of external camouflage nodes can be intercepted to reduce the risk of leakage of privacy data of the users; the attribute authentication of the second stage can enable a user to quickly find the fog node host meeting the functional requirements of the user under the condition that the user terminal and the fog node host do not expose the functional attributes mutually, and meanwhile, the calculation overhead of the terminal equipment in the authentication process is reduced by simplifying the functional attribute vector.
Description
Technical Field
The invention belongs to the cross technical field of edge calculation, privacy security, identity authentication and the like, and particularly relates to a two-stage authentication method based on a bilinear mapping and dot product protocol, in particular to a two-stage authentication method based on the bilinear mapping and dot product protocol in intelligent medical treatment.
Background
With the architecture of mist computing proposed for the first time in abrik in 2011, users gradually migrate data from a traditional cloud computing data center to mist node equipment with a closer deployment distance, so that data analysis and processing efficiency is improved, and network transmission pressure is reduced. Fog computing, as a novel computing paradigm, can provide more efficient, high-quality medical services to patients by deploying intelligent medical care security systems. Smart medicine requires the storage and sharing of patient physiological data in the fog node for online diagnosis.
ZL 2013104960890 discloses a WPKI and timestamp based mobile terminal identity authentication method and system, which employs SSL communication protocol based on ECC algorithm to secure the whole link, but uses a third party timestamp server interface to take the glasses user's data, but the timestamp server only functions to check for time difference and prevent duplicate submissions.
ZL200710303753X discloses an identity authentication system and method based on secret key and time stamp, current time information is added in authentication information of a terminal generation authentication server, identity authentication information of each time is different, a user secret key is stored in a mobile IC, and great potential safety hazards exist in secret key storage.
ZL 2017111328117 discloses an anonymous authentication method and system based on identity, the method only realizes authentication of a server to a user, a secure channel between the server and the user can be established after authentication, but the user cannot authenticate the server, and location privacy is easy to leak.
Therefore, if the intelligent medical fog node lacks an effective security mechanism, the privacy data of the user can be stolen by a malicious user. In addition, fog computing also faces new challenges, such as computing and storage resource limitations of mobile terminals in the internet of things and internal attacks by adversaries.
Disclosure of Invention
The invention provides a two-stage authentication scheme based on bilinear mapping and dot product protocols, which aims to solve the privacy protection problem of a patient user in intelligent medical treatment and help the user to obtain safe and reliable fog computing service.
In order to achieve the purpose, the invention is realized by the following technical scheme:
the invention relates to an authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment, which comprises the following steps:
step 1: initializing a system: managing and guiding the operation of the whole system by a third-party trusted center TC, firstly selecting three multiplication circulation groups G with the order q1,G2And GTThe method is used for constructing bilinear pairs, simultaneously introducing a JPBC function library, calling a Gen function to generate system parameters sp, and then sending the system parameters to all registered user intelligent terminals and the fog node equipment.
Step 2: equipment registration: user UiID to set itselfiAnd password PWiSending the data to a trusted center TC, and adding a user U in a user information table after the data is received by the TCiAnd calculates its encrypted private key KsAnd the private key KsAnd system parameters are returned to the user Ui. Fog node FiSID unique identity of oneselfi(such as physical MAC address) is sent to a trusted center TC, and the TC adds a fog node F in a fog node information table after receiving the fog node FiAnd calculates its access control key AKi;
And step 3: identity authentication: user UiUsing a private key KsThe bilinear mapping result e in the system parameters is encrypted, and the identity authentication voucher Auth of the user is calculated at the same timeiThen user UiWill AuthiSending to the fog node F waiting for authenticationi。FiUsing a control key AK upon receipt of a messageiThe mapping result is restored and encrypted by combining the current time stamp TS, and then the encrypted result and the time stamp TS are returned to the user Ui. User UiAfter receiving the message with the timestamp of TS ', calculating the difference value between TS and TS', rejecting the authentication message if the difference value is not within the expected transmission delay range, otherwise, comparing the received result with the mapping result e stored locally. If two are providedEqual node FiThe authentication is considered to pass, otherwise the authentication fails.
And 4, step 4: and (3) attribute authentication: user UiAnd fog node FiIs represented in the form of a binary vector. User UiA threshold value theta is defined to indicate that the functional attributes of both are expected to be the same amount, and then for the user UiAnd fog node FiIs calculated by a dot product protocol. If the return value of the dot product operation is larger than or equal to theta, the fog node FiIt is considered to be authenticated by the functional attribute and can receive the private data transmitted by the user.
Wherein: the step 1 of system initialization specifically comprises the following steps:
step 1-1: the trust center TC selects a security parameter C and generates bilinear parameters (q, G, G) by operating the generator Gen (C)TE) wherein G and GTAll are cyclic groups, q is the order of the cyclic group G, G is the generator of the cyclic group G, e shows a mapping relation G1×G2→GT;
Step 1-2: selecting a secure cryptographic hash functionIn addition, two random numbers are selectedAs a master key, and a random element G in the group GrAnd calculating X ═ gi,e(gg)jWherein element X is an authentication parameter of a registered user, e (gg)jThe generator G in the group G is in the group GTThe TC then issues the system parameter system parameters (q, G)T,e,Hash,gr,X,e(g,g)j)。
Wherein: step 2, the equipment registration specifically comprises the following steps:
step 2-1: user UiSetting own unique identity IDiAnd password PWiSimultaneously generating a random number r _ a and calculating a cipher text HPWi=h(PWi| r _ a), and then register the information { ID |)i,HPWiSending it to the trusted center TC, which will check the ID first after receiving the registration requestiIf the user U exists in the user information table, if the user U does not exist in the user information table, calculating the user UiEncrypted private key K ofs=h(IDiI) and initialize user UiIs then KsAnd system parameters are returned to the user UiIf ID isiIf the request exists, the trusted center rejects the registration request;
step 2-2: fog node FiSID unique identity of oneselfiIf the physical MAC address is sent to the trust center TC, the trust center TC will check the SID first after receiving the registration requestiWhether existing in the node information table, if not, recording the equipment information in the table and initializing the node FiWhile selecting random numbersCalculate fog node FiEncrypted private key K off=h(SIDi| a), access control key AK ═ AK (AK)1,ak2,ak3) WhereinThen returning the access control key AK to the fog node FiIf SIDiIf so, the trusted center will deny the registration request.
Wherein: the identity authentication specifically comprises the following steps:
step 3-1: user UiFirst of all, using a locally stored encryption private key KsSeparately calculating mapping resultsAnd identity voucher Authi=(auth1,auth2),Then useHousehold U0Auth identity certificateiSending to the fog node F waiting for authenticationiAfter receiving the identity certificate AuthiPost-fog node Fi uses its access control key AKi=(ak1,ak2,ak3) Calculating
Step 3-2: fog node FiObtaining a result after the calculation is finishedAnd returns the current time stamp TS to the user U in the form of Token | | TS0Suppose user UiReceived at time stamp TS', user U to avoid retry attacksiThe time difference between these two timestamps will be checked if TS' -TS ≦ Δ t, which represents the expected effective transmission time interval, user UiIt will receive, otherwise reject, and once successfully received, user UiIdentity SID using fog nodes to be authenticated0ComputingThen, whether E is equal to E 'is compared, and if the E is equal to E', the fog node passes identity authentication and is considered to be a trusted node.
Wherein: the step 4 of attribute authentication specifically comprises the following steps:
step 4-1: user UiIs abstracted intoFog node F to be authenticatediIs abstracted into Wherein element 0 represents that the function is not available and element 1 represents that the function is available;
step 4-2: first user UiSelecting twoLarge prime numbers alpha and beta, and initializing a parameter P which is 0; b is 0; i is 1; j equals 1, if the large prime number α, β satisfies that the length of α equals 2n+2Bit, β being greater than (n + 1). alpha2Then a random length of not more than 2 is generatedn+1Array of bits Z, attribute vector to user at the same timeGo through the traversal if the element x in the vectoriEqual to 1, a length of 2 is randomly selectednRandom number of bits riAnd calculate Ai=α+zi+riBeta, otherwise calculate Ai=α+zi+riβ, p needs to be calculated for each traversali=ri·β-zi,P=P+pi. Finally, the user sends the message (alpha beta, P, A)1,A2,…,An) Sending the P and the beta to a POX controller, storing the P and the beta locally and (alpha, A) after the P and the beta are received by the POX controller1,A2,…,An) Forward to the fog node Fi. Fog node FiReceived pair attribute vectorGo through the traversal if the element y in the vectoriEqual to 1, calculate Bj=α·AjOtherwise, calculate Bj=AjAfter traversal is completed, the fog node FiAll B arejThe sum B is returned to POX, POX uses the received B and local P, beta to calculate K ═ B + P mod beta, and finallyThe result sigma is the same attribute number of the user and the fog node, and then the user UiComparing the dot product result sigma with a threshold theta, and if sigma is smaller than theta, determining that the fog node cannot meet the functional requirements of the user, and failing to authenticate; otherwise, the authentication is successful.
The code for this step is as follows:
according to the invention, the privacy and the safety of the user are considered, and the user can authenticate the required fog nodes according to the self function requirement, so that the user can change the authentication result by dynamically adjusting the threshold value theta. For example, when the number of successful authentication fog nodes of the user is larger under a certain threshold θ, the size of the current threshold θ may be appropriately increased to reduce the number of successful authentication fog nodes, so as to achieve the purpose of reducing the risk of privacy data disclosure. When the number of the mist nodes which are successfully authenticated by the user is small and cannot meet the current calculation requirement, the current threshold value theta can be reduced to ensure the reliability of the mist calculation. In addition, the safety of the message in the transmission process is ensured by technical means such as hash encryption, time stamping and the like.
Compared with the prior art, the invention has the following beneficial effects:
(1) the invention designs an identity authentication scheme by utilizing an elliptic curve and a bilinear mapping technology, so that a user U can be ensured0After the authentication, the node F0And then, authentication is required to be continuously initiated to other fog nodes, the tuple P does not need to be repeatedly calculated, the authentication can be carried out only by regenerating the timestamp, and the calculation cost in the authentication is reduced.
(2) According to the invention, each authentication message is encrypted through the time stamp TS and the hash function, so that retry attacks can be effectively blocked.
(3) The invention abstracts the functional attributes of the user and the fog nodes into a binary vector form, simplifies fussy modular exponentiation operation compared with the traditional dot product protocol, and reduces the resource consumption of the user intelligent terminal.
(4) The invention allows the user to change the size of the threshold theta according to the actual requirement, and improves the flexibility of authentication.
The invention solves the problem of trusted computing among different functional entities in the intelligent medical environment, so as to ensure that a patient user obtains safe and effective fog computing service when an emergency occurs.
Drawings
Fig. 1 is a flow chart of the inventive authentication method.
Fig. 2 is a practical scenario for the authentication scheme according to the embodiment of the present invention.
Fig. 3 is a flowchart of an authentication method based on elliptic curve and dot product protocol according to an embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation, numerous implementation details are set forth in order to provide a thorough understanding of the embodiments of the invention. It should be understood, however, that these implementation details are not to be interpreted as limiting the invention. That is, in some embodiments of the invention, such implementation details are not necessary.
The invention relates to a two-stage authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment, which comprises the following steps:
step 1: the trust center TC selects a security parameter C and generates bilinear parameters (q, G, G) by running the generator Gen (C)TE) wherein G and GTAll are cyclic groups, q is the order of the cyclic group G, G is the generator of the cyclic group G, e shows a mapping relation G1×G2→GT;
Step 2: selecting a secure cryptographic hash functionIn addition, two random numbers are selectedAs a master key, and a random element G in the group GrAnd calculating X ═ gi,e(g,g)jWhere element X is the authentication parameter of the registered user, e (g, g)jThe generator G in the group G is in the group GTThe TC then issues the system parameter system parameters (q, G)T,e,Hash,gr,X,e(g,g)j)。
And step 3: user UiSetting own unique identity IDiAnd password PWiAnd a random number ra is generated at the same time,computing cipher text HPWi=h(PWi| r _ a), and then register the information { ID |)i,HPiSending it to the trusted center TC, which will check the ID first after receiving the registration requestiIf the user U exists in the user information table, if the user U does not exist in the user information table, calculating the user UiEncrypted private key K ofs=h(IDiI) and initialize user UiIs then KsAnd system parameters are returned to the user UiIf ID isiIf the request exists, the trusted center rejects the registration request;
and 4, step 4: fog node FiSID unique identity of oneselfiIf the physical MAC address is sent to the trust center TC, the trust center TC will check the SID first after receiving the registration requestiWhether existing in the node information table, if not, recording the equipment information in the table and initializing the node FiWhile selecting random numbersCalculate fog node FiEncrypted private key K off=h(SIDi| a), access control key AK ═ AK (AK)1,ak2,ak3) WhereinThen returning the access control key AK to the fog node FiIf SIDiIf so, the trusted center will deny the registration request.
And 5: user UiFirst of all, using a locally stored encryption private key KsSeparately calculating mapping resultsAnd identity voucher Authi=(auth1,auth2),Then the user U0Auth identity certificateiSent to awaiting authenticationFog node FiAfter receiving the identity certificate AuthiRear fog node FiAccess control key AK using iti=(ak1,ak2,ak3) Calculating
Step 6: fog node FiObtaining a result after the calculation is finishedAnd returns the current time stamp TS to the user U in the form of Token | | TS0Assuming that user Ui receives at time stamp TS', to avoid retry attack, user UiThe time difference between these two timestamps will be checked if TS' -TS ≦ Δ t, which represents the expected effective transmission time interval, user UiIt will receive, otherwise reject, and once successfully received, user UiIdentity SID using fog nodes to be authenticated0ComputingThen, whether E is equal to E 'is compared, and if the E is equal to E', the fog node passes identity authentication and is considered to be a trusted node.
And 7: user UiIs abstracted intoFog node F to be authenticatediIs abstracted intoWherein element 0 represents that the function is not available and element 1 represents that the function is available;
and 8: first user UiSelecting two large prime numbers alpha and beta, and initializing a parameter P to be 0; b is 0; i is 1; j equals 1, if the large prime number α, β satisfies that the length of α equals 2n+2Bit, β being greater than (n + 1). alpha2Then a random length of not more than 2 is generatedn+1Array of bits Z, attribute vector to user at the same timeGo through the traversal if the element x in the vectoriEqual to 1, a length of 2 is randomly selectednRandom number of bits riAnd calculate Ai=α+zi+riBeta, otherwise calculate Ai=α+zi+riβ, p needs to be calculated for each traversali=ri·β-zi,P=P+pi. Finally, the user sends the message (alpha beta, P, A)1,A2,…,An) Sending the P and the beta to a POX controller, storing the P and the beta locally and (alpha, A) after the P and the beta are received by the POX controller1,A2,…,An) Forward to the fog node Fi. Fog node FiReceived pair attribute vectorGo through the traversal if the element y in the vectoriEqual to 1, calculate Bj=α·AjOtherwise, calculate Bj=AjAfter traversal is completed, the fog node FiAll B arejThe sum B is returned to POX, POX uses the received B and local P, beta to calculate K ═ B + P mod beta, and finallyThe result sigma is the same attribute number of the user and the fog node, and then the user UiComparing the dot product result sigma with a threshold theta, and if sigma is smaller than theta, determining that the fog node cannot meet the functional requirements of the user, and failing to authenticate; otherwise, the authentication is successful.
The code for this step is as follows:
in a specific implementation, fig. 2 is a practical scenario in which the present authentication scheme is applied.
In the intelligent medical field, the user collects medical data including blood pressure, heart rate, body temperature, metabolism and the like through various wearable devices, and then transmits the medical data to the intelligent terminal by using Bluetooth to calculate and analyze the health condition of the user. Once the computing resources of the user intelligent terminal are occupied in a large amount, the medical data cannot be computed in time, so that the user cannot send early warning information to a medical center when an emergency condition occurs. In this case, the user needs to send the private data of the user to the nearby fog node, balance the calculation load of the intelligent terminal by using edge calculation, and meanwhile, the user wants that the private data of the user can meet the corresponding functional requirements while not being leaked. Therefore, the user needs to obtain the secure and reliable fog computing service meeting the functional requirements through identity authentication and functional attribute authentication.
FIG. 3 is a flowchart of authentication in the present embodiment, assuming that the user U is a user0Firstly, an identity ID and a password PW of an intelligent terminal are set in the intelligent terminal for registration, and after a registration request is received by a trusted center TC, system parameters (q, G, G) are utilizedT,e,Hash,gr,X,e(gg)j) Calculating the corresponding encrypted private key KsH (ID | | i) and returns the private key and system parameters to the user. After the registration is completed, the user U0The mapping result in the system parameter is encrypted by using the private key of the user, and the calculation is carried outThen generating own identity certificate and calculating Auth0=(auth1,auth2),Then the user U0Auth identity certificate0Sending to the fog node F waiting for authentication0Mist node F0Using access control key AK after reception0Restore the mapping resultAnd use its own private key Kf=h(SID0| | a) encrypts the mapping result, and calculates an authentication token for identity authenticationReturned to the user, user U0After receiving the authentication token, firstly, the Hash function Hash in system parameters and the fog node F to be authenticated are passed0Identity SID of0Calculate h (SID)0) Then calculateTo restore the fog node F0And finally comparing whether the E is equal to the E' or not, and if so, authenticating the identity of the fog node.
User U after passing identity authentication0Initializing its own attribute vectorAnd setting an expected attribute similarity threshold theta, assuming a fog node F to be authenticated0Is an attribute vector of
User U0First of all, calculate
A1=α+z1+r1·β,A2=α+z2+r2·β,A3=z3+r3·β,A4=z4+r4·β,A5=α+z5+r5β. following fog node F0Computing
Then K + Pmod β can be calculated by the user:
So 3 α2+(z1+z2+z3+z5) (α -1) mod β may remove the modulo operation on β:
E=3α2+(z1+z2+z3+z5)(α-1)modβ=3α2+(z1+z2+z3+z5)(α-1)
and because (z)1+z2+z3+z5)(α-1)<α2Therefore, it is
Last user U0And comparing the threshold theta with the dot product result, if the threshold theta is less than or equal to the dot product result, the fog node passes the attribute authentication, and otherwise, the authentication fails.
The authentication scheme of the invention designs an authentication model with two stages aiming at privacy protection of users in a fog computing environment, wherein the identity authentication of the first stage utilizes an elliptic curve and a bilinear pairing technology to help the users to effectively identify credible fog nodes in the environment, and meanwhile, attacks of external camouflage nodes can be intercepted to reduce the risk of leakage of privacy data of the users; the attribute authentication of the second stage can enable a user to quickly find the fog node host meeting the functional requirements of the user under the condition that the user terminal and the fog node host do not expose the functional attributes mutually, and meanwhile, the calculation overhead of the terminal equipment in the authentication process is reduced by simplifying the functional attribute vector. The invention meets different functional requirements of the user through the two-stage authentication process on the premise of ensuring the privacy and the safety of the user.
The above description is only an embodiment of the present invention, and is not intended to limit the present invention. Various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.
Claims (5)
1. An authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment is characterized in that: the authentication method comprises the following steps:
step 1: initializing a system: the credible center selects safety parameters, generates bilinear parameters and then sends the bilinear parameters to all registered user intelligent terminals and the fog node equipment;
step 2: equipment registration: the method comprises the steps that a user sets a unique identity and a password and sends the unique identity and the password to a trusted center, the trusted center adds user identity information into a user information table after receiving the user identity information and encrypts a private key by a calculator, the encrypted private key and system parameters are returned to the user, the fog node sends the unique identity of the fog node to the trusted center, the trusted center adds fog node identity information into a fog node information table after receiving the fog node identity information and calculates a fog node encryption private key, and accesses a control secret key and returns the control secret key to the fog node;
and step 3: identity authentication: the user uses a private key to encrypt a bilinear mapping result in system parameters and calculates an identity authentication certificate of the user, the user sends the identity authentication certificate to a fog node waiting for authentication, the fog node restores a mapping structure by using a control secret key and returns the mapping structure to the user after being encrypted by combining a current timestamp, and a timestamp difference value when the current timestamp and the user receive information is calculated and compared with a locally stored mapping result for authentication.
And 4, step 4: and (3) attribute authentication: the functional attributes of the user and the fog node are expressed in a binary vector form, the user defines a threshold value to express that the functional attributes of the user and the fog node expect the same quantity, then each vector element of the user and the fog node is calculated through a dot product protocol, and the fog node passes through the toughness of the attributes and receives privacy data sent by the user.
2. The authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment as claimed in claim 1, wherein: the identity authentication of the step 3 specifically comprises the following steps:
step 3-1: user UiFirst of all, using a locally stored encryption private key KsSeparately calculating mapping resultsAnd identity voucher Authi=(auth1,auth2),Then the user U0Auth identity certificateiSending to the fog node F waiting for authenticationiAfter receiving the identity certificate AuthiRear fog node FiAccess control key AK using iti=(ak1,ak2,ak3) Calculating
Step 3-2: fog node FiObtaining a result after the calculation is finishedAnd combined with the currentThe time stamp TS is returned to the user U in the form of Token | | TS0Suppose user UiReceived at time stamp TS', user U to avoid retry attacksiThe time difference between these two timestamps will be checked and if TS' -TS ≦ Δ t, the user UiIt will receive, otherwise reject, and once successfully received, user UiIdentity SID using fog nodes to be authenticated0ComputingThen, whether E is equal to E 'is compared, and if the E is equal to E', the fog node passes identity authentication and is considered to be a trusted node.
3. The authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment as claimed in claim 1, wherein: the step 4 of attribute authentication specifically comprises the following steps:
step 4-1: user UiIs abstracted intoFog node F to be authenticatediIs abstracted intoWherein element 0 represents that the function is not available and element 1 represents that the function is available;
step 4-2: first user UiSelecting two large prime numbers alpha and beta, and initializing a parameter P to be 0; b is 0; i is 1; j equals 1, if the large prime number α, β satisfies that the length of α equals 2n+2Bit, β being greater than (n + 1). alpha2Then a random length of not more than 2 is generatedn+1Array of bits Z, attribute vector to user at the same timeGo through the traversal if the element x in the vectoriEqual to 1, a length of 2 is randomly selectednRandom number of bits riAnd calculate Ai=α+zi+riBeta, otherwise calculate Ai=α+zi+riβ, p needs to be calculated for each traversali=ri·β-zi,P=P+pi. Finally, the user sends the message (alpha, beta, P, A)1,A2,…,An) Sending the P and the beta to a POX controller, storing the P and the beta locally and (alpha, A) after the P and the beta are received by the POX controller1,A2,…,An) Forward to the fog node Fi. Fog node FiReceived pair attribute vectorGo through the traversal if the element y in the vectoriEqual to 1, calculate Bj=α·AjOtherwise, calculate Bj=AjAfter traversal is completed, the fog node FiAll B arejThe sum B is returned to POX, POX uses the received B and local P, beta to calculate K ═ B + P mod beta, and finallyThe result sigma is the same attribute number of the user and the fog node, and then the user UiComparing the dot product result sigma with a threshold theta, and if sigma is smaller than theta, determining that the fog node cannot meet the functional requirements of the user, and failing to authenticate; otherwise, the authentication is successful.
4. The authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment as claimed in claim 1, wherein: the step 1 of system initialization specifically comprises the following steps:
step 1-1: the trust center TC selects a security parameter C and generates bilinear parameters (q, G, G) by operating the generator Gen (C)TE) wherein G and GTAll are cyclic groups, q is the order of the cyclic group G, G is the generator of the cyclic group G, e shows a mapping relation G1xG2→GT;
Step 1-2: selecting a secure cryptographic hashFunction Hash:in addition, two random numbers are selectedAs a master key, and a random element G in the group GrAnd calculating X ═ gi,e(g,g)jWhere element X is the authentication parameter of the registered user, e (g, g)jThe generator G in the group G is in the group GTThe TC then issues the system parameter system parameters (q, G)T,e,Hash,gr,X,e(g,g)j)。
5. The authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment as claimed in claim 1, wherein: the step 2 of device registration specifically comprises the following steps:
step 2-1: user UiSetting own unique identity IDiAnd password PWiSimultaneously generating a random number r _ a and calculating a cipher text HPWi=h(PWi| r _ a), and then register the information { ID |)i,HPWiSending it to the trusted center TC, which will check the ID first after receiving the registration requestiIf the user U exists in the user information table, if the user U does not exist in the user information table, calculating the user UiEncrypted private key K ofs=h(IDiI) and initialize user UiIs then KsAnd system parameters are returned to the user UiIf ID isiIf the request exists, the trusted center rejects the registration request;
step 2-2: fog node FiSID unique identity of oneselfiSending the information to a trusted center TC, and after receiving the registration request, the trusted center TC firstly checks the SIDiWhether existing in the node information table, if not, recording the equipment information in the table and initializing the node FiWhile selecting random numbersCalculate fog node FiEncrypted private key K off=h(SIDi| a), access control key AK ═ AK (AK)1,ak2,ak3) WhereinThen returning the access control key AK to the fog node FiIf SIDiIf so, the trusted center will deny the registration request.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110407156.1A CN113114689B (en) | 2021-04-15 | 2021-04-15 | Authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110407156.1A CN113114689B (en) | 2021-04-15 | 2021-04-15 | Authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113114689A true CN113114689A (en) | 2021-07-13 |
CN113114689B CN113114689B (en) | 2022-10-18 |
Family
ID=76717425
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110407156.1A Active CN113114689B (en) | 2021-04-15 | 2021-04-15 | Authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113114689B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114143343A (en) * | 2021-11-25 | 2022-03-04 | 中南财经政法大学 | Remote access control system, control method, terminal and medium in fog computing environment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106411533A (en) * | 2016-11-10 | 2017-02-15 | 西安电子科技大学 | On-line fingerprint authentication system and method based on bidirectional privacy protection |
CN106657124A (en) * | 2017-01-03 | 2017-05-10 | 宜春学院 | Pseudonym-based anonymous authentication and key negotiation optimization method and optimized authentication analysis method for Internet of Things |
CN109327313A (en) * | 2018-11-07 | 2019-02-12 | 西安电子科技大学 | A kind of Bidirectional identity authentication method with secret protection characteristic, server |
-
2021
- 2021-04-15 CN CN202110407156.1A patent/CN113114689B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106411533A (en) * | 2016-11-10 | 2017-02-15 | 西安电子科技大学 | On-line fingerprint authentication system and method based on bidirectional privacy protection |
CN106657124A (en) * | 2017-01-03 | 2017-05-10 | 宜春学院 | Pseudonym-based anonymous authentication and key negotiation optimization method and optimized authentication analysis method for Internet of Things |
CN109327313A (en) * | 2018-11-07 | 2019-02-12 | 西安电子科技大学 | A kind of Bidirectional identity authentication method with secret protection characteristic, server |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114143343A (en) * | 2021-11-25 | 2022-03-04 | 中南财经政法大学 | Remote access control system, control method, terminal and medium in fog computing environment |
CN114143343B (en) * | 2021-11-25 | 2024-04-19 | 中南财经政法大学 | Remote access control system, control method, terminal and medium in fog computing environment |
Also Published As
Publication number | Publication date |
---|---|
CN113114689B (en) | 2022-10-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Omala et al. | Provably secure heterogeneous access control scheme for wireless body area network | |
CN107483212A (en) | A kind of method of both sides' cooperation generation digital signature | |
CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
Omala et al. | An efficient remote authentication scheme for wireless body area network | |
Zhang et al. | Efficient and privacy-preserving blockchain-based multifactor device authentication protocol for cross-domain IIoT | |
CN111682938A (en) | Three-party authenticatable key agreement method facing centralized mobile positioning system | |
Liu et al. | An efficient certificateless remote anonymous authentication scheme for wireless body area networks | |
Mwitende et al. | Authenticated key agreement for blockchain-based WBAN | |
CN113111379B (en) | Bidirectional anonymous authentication method supporting location privacy protection in intelligent medical treatment | |
Lei et al. | Privacy protection for telecare medicine information systems with multiple servers using a biometric-based authenticated key agreement scheme | |
Le et al. | A novel three-factor authentication protocol for multiple service providers in 6G-aided intelligent healthcare systems | |
Le et al. | An anonymous key distribution scheme for group healthcare services in 5G-enabled multi-server environments | |
Soleymani et al. | A privacy-preserving authentication scheme for real-time medical monitoring systems | |
CN110493272A (en) | Use the communication means and communication system of multiple key | |
Lu et al. | Providing impersonation resistance for biometric-based authentication scheme in mobile cloud computing service | |
Kasyoka et al. | Towards an efficient certificateless access control scheme for wireless body area networks | |
Iqbal et al. | A lightweight and secure attribute-based multi receiver generalized signcryption scheme for body sensor networks | |
Li et al. | An efficient and authenticated key establishment scheme based on fog computing for healthcare system | |
Wang et al. | Cloud‐assisted elliptic curve password authenticated key exchange protocol for wearable healthcare monitoring system | |
CN113114689B (en) | Authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment | |
Olakanmi et al. | Secure and privacy-preserving referral framework for e-health system | |
Bhatia et al. | Cryptanalysis and improvement of certificateless proxy signcryption scheme for e-prescription system in mobile cloud computing | |
Singh et al. | An efficient and secure CLAKA protocol for blockchain-aided wireless body area networks | |
Lin et al. | Chaotic maps-based privacy-preserved three-factor authentication scheme for telemedicine systems | |
Truong et al. | Improved Chebyshev Polynomials‐Based Authentication Scheme in Client‐Server Environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |