ABSTRACT

The rapid development of information technology promotes the development and application of Telecare Information System (TMIS). However, TMIS also has security problems such as information leakage, false authentication, and key loss. In order to solve the safety problems of TMIS, this paper combines Physical Unclonable Function (PUF) and Elliptic Curve Cryptography (ECC) technology to propose an access control and authentication scheme suitable for TMIS. The proposed scheme uses PUF and compact PUF identity authentication models to implement secure mutual authentication between tag and server. The key information in the scheme is generated by PUF, which not only reduces the cost of algorithm design but also avoids the risk of information leakage and key loss. In addition, this article uses ECC technology to encrypt the PUF response information and random numbers, which can ensure that this data information will not be leaked to the attacker. Then through the ProVerif verification tool and security attribute analysis, it is proved that the scheme is safe in the face of major attacks. The comparative analysis results show that the proposed scheme has higher security and is more suitable for TMIS.

摘要

信息技术的飞速发展促进了远程护理信息系统（TMIS）的开发和应用。但是，TMIS也存在信息泄露、虚假认证、密钥丢失等安全问题。为了解决TMIS的安全问题，本文结合物理不可克隆函数（PUF）和椭圆曲线密码（ECC）技术，提出了一种适用于TMIS的访问控制和认证方案。所提出的方案使用PUF和紧凑PUF身份认证模型来实现标签和服务器之间的安全相互认证。方案中的关键信息由PUF生成，既降低了算法设计成本，又避免了信息泄露和密钥丢失的风险。此外，本文使用ECC技术对PUF响应信息和随机数进行加密，可以保证这些数据信息不会泄露给攻击者。然后通过ProVerif验证工具和安全属性分析，证明该方案在面对重大攻击时是安全的。对比分析结果表明，该方案具有更高的安全性，更适合于TMIS。