一种基于PUF的远程医疗身份认证与密钥协商协议

信息安全研究 ›› 2025, Vol. 11 ›› Issue (7): 626-.

一种基于PUF的远程医疗身份认证与密钥协商协议

王雄1王文博1刘昂2许盛伟3王志强1张泽昊1

1(北京电子科技学院网络空间安全系北京100070)
2(北京电子科技学院网络信息化管理处北京100070)
3(北京电子科技学院信息安全研究所北京100070)

出版日期:2025-07-29 发布日期:2025-07-29
通讯作者: 王雄硕士，副教授.主要研究方向为密码协议、密码系统. bjwxong@163.com
作者简介:王雄硕士，副教授.主要研究方向为密码协议、密码系统. bjwxong@163.com 王文博硕士研究生.主要研究方向为远程医疗中的身份认证协议和漏洞挖掘. wang1799101314@163.com 刘昂博士，工程师.主要研究方向为网络安全、密码学、量子信息. Liuang0826@163.com 许盛伟博士，教授，博士生导师.主要研究方向为大数据安全、网络信任体系、密码应用. 18510529691@163.com 王志强博士，副教授.主要研究方向为网络空间安全和漏洞挖掘. wangzq@besti.edu.cn 张泽昊硕士研究生.主要研究方向为物联网安全、身份认证协议. 2685425775@qq.com

A PUFbased Identity Authentication and Key Negotiation Protocol for Telemedicine

Wang Xiong1, Wang Wenbo1, Liu Ang2, Xu Shengwei3, Wang Zhiqiang1, and Zhang Zehao1

1(Department of Cyberspace Security, Beijing Eletronic Science and Technology Institute, Beijing 100070)
2(Network and Information Management Division, Beijing Eletronic Science and Technology Institute, Beijing 100070)
3(Institute of Information Security, Beijing Eletronic Science and Technology Institute, Beijing 100070)

Online:2025-07-29 Published:2025-07-29

摘要/Abstract

摘要： 远程医疗以服务效率高和良好的就医体验得到快速发展，但医疗数据的安全传输问题是迫切需要解决的难点.虽然目前存在大量远程医疗环境中的身份认证与密钥协商协议，但一些协议存在安全隐患和低效率等.针对现有问题，提出了一种基于PUF的身份认证与密钥协商协议.该协议利用可信网关实现多对多的认证与密钥协商机制，利用PUF函数生成“设备指纹”标识其唯一性，利用ECC算法保证数据的机密性.在随机预言模型下证明了会话密钥的语义安全，ProVerif仿真工具验证了协议的机密性与认证性，非形式化分析证明了协议可以抵抗离线口令猜测、会话密钥泄露等常见的攻击.与相关协议在计算开销、存储开销、通信开销和安全性的对比结果表明，该协议具有一定的可行性和优势.

关键词: PUF, 身份认证, 密钥协商, ProVerif, 远程医疗

Abstract: Telemedicine is rapidly developing due to its high service efficiency and good medical experience, but the secure transmission of medical data is a critical challenge that needs urgent resolution. Although a large number of authentication and key negotiation protocols suitable for telemedicine environments exist, some of the protocols suffer from security risks and inefficiencies. To address the existing problems, we propose a PUFbased authentication and key negotiation protocol. The protocol employs a trusted gateway to implement a manytomany authentication and key negotiation mechanism, uses the PUF function to generate a “device fingerprint” for unique identification, and leverages the ECC algorithm to ensure the confidentiality of the data. The semantic security of the session key is proved under the random oracle model, the confidentiality and authenticity of the protocol are verified by the ProVerif simulation tool, and the nonformal analysis proves that the protocol is resistant to common attacks such as offline password guessing and session key compromise. Comparison results with related protocols in terms of computation overhead, storage overhead, communication overhead and security show that this protocol exhibits notable feasibility and advantages.

Key words: PUF, identity authentication, key agreement, ProVerif, telemedicine

中图分类号:

王雄, 王文博, 刘昂, 许盛伟, 王志强, 张泽昊, . 一种基于PUF的远程医疗身份认证与密钥协商协议[J]. 信息安全研究, 2025, 11(7): 626-.

参考文献

［1］Kashani M H, Madanipour M, Nikravan M, et al. A systematic review of IoT in healthcare: Applications, techniques, and trends［J］. Journal of Network and Computer Applications, 2021, 192: 103164［2］Shafique K, Khawaja B A, Sabir F, et al. Internet of things (IoT) for nextgeneration smart systems: A review of current challenges, future trends and prospects for emerging 5GIoT scenarios［J］. IEEE Access, 2020, 8: 2302223040［3］Giri D, Maitra T, Amin R, et al. An efficient and robust rsabased remote user authentication for telecare medical information systems［J］. Journal of Medical Systems, 2015, 39: 19［4］Merabet F, Cherif A, Belkadi M, et al. New efficient M2C and M2M mutual authentication protocols for IoTbased healthcare applications［J］. PeertoPeer Networking and Applications, 2020, 13(2): 439474［5］Yeh H L, Chen T H, Liu P C, et al. A secured authentication protocol for wireless sensor networks using elliptic curves cryptography［J］. Sensors, 2011, 11: 47674779［6］Amin R, Islam S K H, Biswas G P, et al. A robust and anonymous patient monitoring system using wireless medical sensor networks［J］. Future Generation Computer Systems, 2018, 80: 483495［7］Hahn C, Kwon H, Hur J. Trustworthy delegation toward securing mobile healthcare cyberphysical systems［J］. IEEE Internet of Things Journal, 2018, 6(4): 63016309［8］Li X, Peng J, Obaidat M S, et al. A secure threefactor user authentication protocol with forward secrecy for wireless medical sensor network systems［J］. IEEE Systems Journal, 2019, 14(1): 3950［9］Alladi T, Chamola V. HARCI: A twoway authentication protocol for three entity healthcare IoT networks［J］. IEEE Journal on Selected Areas in Communications, 2020, 39(2): 361369［10］Masud M, Gaba G S, Choudhary K, et al. Lightweight and anonymitypreserving user authentication scheme for IoTbased healthcare［J］. IEEE Internet of Things Journal, 2021, 9(4): 26492656［11］Kwon D K, Park Y H, Park Y H. Provably secure threefactorbased mutual authentication scheme with PUF for wireless medical sensor networks［J］. Sensors, 2021, 21(18): 6039［12］Lee T F, Lin K W, Hsieh Y P, et al. Lightweight cloud computingbased RFID authentication protocols using PUF for ehealthcare systems［J］. IEEE Sensors Journal, 2023, 23(6): 63386349［13］Wang D, Li W, Wang P. Measuring twofactor authentication schemes for realtime data access in industrial wireless sensor networks［J］. IEEE Trans on Industrial Informatics, 2018, 14(9): 40814092［14］Wang D, Wang P. Two birds with one stone: Twofactor authentication with security beyond conventional bound［J］. IEEE Trans on Dependable and Secure Computing, 2016, 15(4): 708722［15］Huang W. ECCbased threefactor authentication and key agreement scheme for wireless sensor networks［J］. Scientific Reports, 2024, 14(1): 1787［16］王振宇, 郭阳, 李少青, 等. 面向轻量级物联网设备的高效匿名身份认证协议设计［J］. 通信学报, 2022, 43(7): 4961［17］王菲菲. 物联网环境下的认证协议研究［D］. 北京: 北京邮电大学, 2020［18］Wang Yuanbing, Liu Wanrong, Li Bin. An improved authentication protocol for smart healthcare system using wireless medical sensor network［J］. IEEE Access, 2021, 9: 105101105117［19］Lee J Y, Oh J, Park Y. A secure and anonymous authentication protocol based on threefactor wireless medical sensor networks［J］. Electronics, 2023, 12(6): 13681395［20］Fariss M, El Gafif H, Toumanari A. A lightweight ECCbased threefactor mutual authentication and key agreement protocol for WSNs in IoT［J］. International Journal of Advanced Computer Science and Applications, 2022, 13(6): 491501［21］Sahoo S S, Mohanty S, Sahoo K S, et al. A three factor based authentication scheme of 5G wireless sensor networks for IoT system［J］. IEEE Internet of Things Journal, 2023, 10(17): 1508715099［22］刘忻. 基于无线传感器网络的身份认证协议的研究［D］. 兰州: 兰州大学, 2019［23］Yu S, Park Y. A robust authentication protocol for wireless medical sensor networks using blockchain and physically unclonable functions［J］. IEEE Internet of Things Journal, 2022, 9(20): 2021420228

[1]	刘笑颜, 倪亮, 谷兵珂, 张亚伟, 周恒昇, . 后量子匿名通信认证密钥协商协议[J]. 信息安全研究, 2025, 11(7): 661-.
[2]	曲爱妍, 符天枢, 张宏军, . 基于区块链的生物特征信息共享方案研究与实现[J]. 信息安全研究, 2025, 11(5): 402-.
[3]	王秀珍, 徐鹏, 陈美荣, 王丹琛, 徐扬, . 一种车联网V2V认证与密钥交换协议设计与验证[J]. 信息安全研究, 2025, 11(5): 465-.
[4]	李姝, 夏颖, 韦有涛, . 零信任安全技术在新型电力系统数字化转型中的应用思考[J]. 信息安全研究, 2024, 10(E2): 97-.
[5]	李铭堃, 马利民, 王佳慧, 张伟, . 基于区块链和PKI的身份认证技术研究[J]. 信息安全研究, 2024, 10(2): 148-.
[6]	兰丽, 李佳康, 白跳红, . 适用于铁路时间同步协议的双向身份认证方案[J]. 信息安全研究, 2024, 10(12): 1165-.
[7]	郑鉴学, 张道法, 徐松艳, 宋苏鸣, . 基于NTRU密钥协商协议设计[J]. 信息安全研究, 2024, 10(1): 12-.
[8]	祁志荣, 吕世民, 郑乾坤, . 基于国密算法的ModbusTCP协议安全防护与研究[J]. 信息安全研究, 2024, 10(1): 20-.
[9]	王慧文, 颜雪薇, 夏鲁宁, 王新华, . 面向车内异构网络的身份认证和密钥协商协议[J]. 信息安全研究, 2023, 9(E1): 25-.
[10]	严星宇, 赵川, 徐雁飞. 券商行业商用密码应用与实践[J]. 信息安全研究, 2023, 9(7): 707-.
[11]	王森, 许涛, 李金贵, . 基于属性加密的数据共享管理研究[J]. 信息安全研究, 2023, 9(11): 1061-.
[12]	王志强, 黄玉洁, 庞舒方, 欧海文, . 面向远程医疗信息系统的认证密钥交换协议[J]. 信息安全研究, 2023, 9(11): 1102-.
[13]	朱贤伟. 电力企业可信安全网络保障体系建设实践[J]. 信息安全研究, 2022, 8(E2): 19-.
[14]	蒋才平, 亢洋, 李景华, 郭小波, 田青. 网络身份认证中隐私计算技术应用初探[J]. 信息安全研究, 2022, 8(9): 863-.
[15]	吴国英, 杨林, 邱旭华. 可信身份认证平台的构建[J]. 信息安全研究, 2022, 8(9): 888-.