无线体域网中基于聚合签名的匿名认证研究

发布时间：2018-08-23 20:07

【摘要】：无线体域网(Wireless Body Area Networks,简称WBAN)是一种小型的以人体为中心的无线网络,由一套可穿戴的生物传感器和一个身体主站(或称移动终端,如手机、PDA等)组成。WBAN中的可穿戴传感器收集人体生理信息,通过移动终端将生理信息传输到远程服务器,远程服务器分析处理生理信息,并为WBAN用户提供相关的服务。无线体域网在医疗监护领域有着非常广阔的应用前景,植入或穿戴在人体的医疗传感器,通过采集与人体健康相关的生理信息如血压、血糖、心率等,可以长期监测人体健康状况,同时也为医生诊断提供准确及时的数据,让人们足不出户就能享受准确方便的医疗服务。无线体域网中传输的是与人体健康相关的生理数据,这些数据是非常重要和隐私的。然而,由于无线体域网使用无线通信技术传输数据,而无线通信环境的开放性很容易受到恶意攻击者的攻击,这样不仅会侵犯用户的隐私,更有可能对用户的生命健康安全造成危害。保证网络信息安全是无线体域网应用的基础和前提,而保护用户隐私是无线体域网隐私保护研究的基础问题,因此,为了大规模发展和推广应用无线体域网,必须设计安全有效的隐私保护机制保护网络信息安全和用户隐私。一个性能优良的匿名认证方案能够在保护用户隐私的同时,有效的抵御恶意攻击者的各种攻击。在匿名认证方案中,用户向服务方请求认证的时候要保证自己的身份信息不泄露,同时又要确保消息的机密性、完整性、时效性和不可否认性等要求,这是当前无线体域网研究领域的难点和热点。本文在介绍无线体域网的特点和安全需求的前提下,针对无线体域网中的身份隐私保护问题展开研究和讨论,主要工作如下:(1)提出了一个无线体域网中面向多用户的匿名聚合认证方案。针对无线体域网在敬老院中的应用,设计了一种新的WBAN系统模型,能够同时对多个无线体域网用户进行认证。该方案不仅实现了远程服务器与用户之间的身份认证,同时还保护了用户的身份隐私,实现匿名性,并且在通信双方建立会话密钥。利用聚合签名技术,有效的降低了远程服务器的认证开销,在通信方面大大降低了通信代价。方案不使用双线性映射,无配对操作,通过安全性分析和复杂性对比,表明本方案不仅安全可靠而且具有较低的计算和通信开销。(2)提出了一个安全的无线体域网匿名认证方案。在典型无线体域网医疗应用模型的基础上引入一个完全可信安全硬件,安全硬件部署在远程服务器的网关处,只执行预先加载的程序,任何人无法对其进行修改。引入聚合签名技术,安全硬件将用户签名与其他虚拟用户的有效签名相聚合,使得远程服务器只能验证聚合后的签名,实现用户匿名性。利用聚合签名技术实现匿名性,用户不用维护假名池,从而有效的降低了用户的存储代价和计算开销,进而提高了认证效率。用户利用自身的私钥和远程服务器的公钥对请求消息进行签名,使得远程服务器在验证签名的有效性时必须使用相对应的私钥,也即只有指定的远程服务器能够验证签名,加强了系统的安全性。
[Abstract]:Wireless Body Area Networks (WBAN) is a small human-centered wireless network composed of a set of wearable biosensors and a body master station (or mobile terminals, such as mobile phones, PDA, etc.). The wearable sensors in WBAN collect physiological information of human body and transmit physiological information through mobile terminals. Wireless body area network (WAN) has a very broad application prospect in the field of medical monitoring. Medical sensors implanted or worn in the human body can be long by collecting physiological information related to human health, such as blood pressure, blood sugar, heart rate, etc. It is important and private to monitor human health and provide accurate and timely data for doctors'diagnosis so that people can enjoy accurate and convenient medical services without leaving home. The openness of wireless communication environment is vulnerable to attack by malicious attackers, which will not only infringe on the privacy of users, but also endanger the health and safety of users. Therefore, in order to develop and popularize wireless body area networks on a large scale, it is necessary to design a secure and effective privacy protection mechanism to protect network information security and user privacy. In authentication schemes, users should ensure that their identity information is not leaked when they request authentication from the server. At the same time, they should also ensure the confidentiality, integrity, timeliness and non-repudiation of the message. This is a difficult and hot topic in the field of wireless body area network research. This paper introduces the characteristics and security requirements of wireless body area network before The main work is as follows: (1) An anonymous aggregation authentication scheme for multi-user in wireless body area networks is proposed. A new WBAN system model is designed for the application of wireless body area networks in homes for the aged, which can simultaneously protect multiple wireless body area networks. The scheme not only realizes the authentication between the remote server and the user, but also protects the user's identity privacy, achieves anonymity, and establishes session keys between the two sides of the communication. By using the aggregate signature technology, the authentication overhead of the remote server is effectively reduced and the communication generation is greatly reduced. Price. The scheme does not use bilinear mapping and no pairing operation. The security analysis and complexity comparison show that the scheme is not only secure and reliable, but also has low computational and communication overhead. (2) A secure anonymous authentication scheme for wireless body area network is proposed. All-trusted security hardware is deployed at the gateway of the remote server, only the pre-loaded program is executed, and no one can modify it. By introducing the aggregation signature technology, the security hardware aggregates the user signature with the valid signatures of other virtual users, so that the remote server can only verify the aggregated signature and realize the user. Anonymity. Using aggregate signature technology to achieve anonymity, users do not need to maintain the pseudonym pool, thus effectively reducing the user's storage costs and computational overhead, thus improving the authentication efficiency. Users use their own private key and the remote server's public key to sign the request message, making the remote server verify the validity of the signature. It is necessary to use the corresponding private key, that is, only the designated remote server can verify the signature, which enhances the security of the system.
【学位授予单位】：安徽大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TN92

【相似文献】