Research On Key Update And Identity Authentication For Internet Of Medical Things

Internet of Medical Things(IoMT)is an application of the Internet of Things(Io T)technology in the medical field.In the IoMT,access control stands out as a pivotal mechanism for ensuring system security and protecting patient privacy.To improve system resilience and data security,access control necessitates integration with key updating and identity authentication mechanisms.Given the escalating complexity and sophistication of IoMT devices,security requirements demand heightened stringency.Identity authentication is an effective means to achieve access control that can effectively prevent unauthorised access,mitigate potential device access threats,and ensure system security and stability.Simultaneously,key update becomes a crucial measure to achieve access control.Regular key update empower the system to confront emerging security threats,thereby ensuring robust system and user security.Therefore,access control approaches are transitioning from traditional single-factor authentication towards multifaceted approaches,including key update and identity authentication.In this thesis,we conduct research on access control in IoMT,taking into account the characteristics and usage scenarios of IoMT group.This thesis focuses on three key issues: group token update under dynamic change of group nodes,group key update without computing inverse element,and authentication when the group is established.In this thesis,a key update and authentication protocol under IoMT is proposed.The details of the research are as follows:(1)This thesis developes a protocol for updating group tokens and generating aggregate signature,utilizing the Chinese remainder theorem and Fermat’s little theorem.This protocol is designed to accommodate dynamic changes in group node structures and security requirements.Initially,the medical server establishes a group consisting of multiple medical smart terminal nodes.Utilizing the Chinese remainder theorem,it constructs congruent groups and embeds the group token into broadcast messages.The medical smart terminal decrypts the group token using modulo power operation and Fermat’s little theorem.Additionally,this thesis designs a session negotiation mechanism between the medical smart terminal and the server to establish a common session key.In response to authorization or revocation of group nodes,the medical server adjusts the number in the congruent group to determine the decryption capability of authorized or revoked nodes.Updated group token is concealed in new broadcast messages to ensure that only authorized group nodes can decrypt it.Furthermore,the protocol enables aggregated signature and verification using the updated group token,enhancing the reliability of medical message transmission and verification efficiency.Finally,leveraging the ROM model,the protocol provides a security proof demonstrating its existential unforgeability against chosen-aggregate key attacks.Additionally,it implements various security properties including dynamic update of group token,forward and backward security of group token,conditional privacy protection,mutual authentication,etc.(2)This thesis designs a group key update and batch verification protocol leveraging the Chinese remainder theorem and Euler’s function.The protocol addresses the dynamic changes in group nodes and the difficulty of inverse element computation in the key update process.Initially,a medical fog node and its corresponding edge nodes form a cluster,where the medical fog node creates a set of congruence equations and embeds the group key in a broadcast message.Then the message is broadcasted to all edge nodes within the cluster for distributing the group key.In response to scenarios involving the addition or removal of nodes in the IoMT cluster,this thesis devises a corresponding key update protocol.The protocol eliminates the need for computing inverse elements,thus avoiding issues such as non-existence of inverse elements in certain scenarios.This significantly reduces the overhead associated with solving inverse elements using the extended Euclidean algorithm,effectively easing the computational burden on IoMT devices.Furthermore,this thesis utilizes the group key for batch verification of medical messages.By combining the updated group key with the message signature,this thesis enable batch verification of signatures amidst dynamic changes in group nodes.Finally,employing the ROM model,this thesis provides a security proof demonstrating its existential unforgeability against chosen-message attacks.Additionally,the protocol ensures security properties such as message integrity authentication,dynamic update of group key,forward and backward security of group key,and conditional privacy protection of identity.(3)This thesis devises a blockchain-assisted lightweight anonymous authentication protocol tailored to the constraints of limited terminal resources within IoMT.Firstly,this thesis devises a multi-round session key negotiation mechanism.It implements session key negotiation between the patient and the healthcare server,which ensures communication security under IoMT.This authentication process adopts anonymity.It prevents attackers from stealing the real identity of the patient,thus protecting the patient’s privacy.The registration center has traceability capability if there is a malicious user.It can detect and trace the real identity of the malicious user.Secondly,this thesis employes fuzzy extraction techniques to enable the extraction and recovery of the patient’s multimodal biometric features.Concurrently,this thesis integrates lightweight authentication protocols to facilitate assisted authentication.Furthermore,the protocol leverages blockchain and smart contract technologies to ensure the confidentiality and integrity of the patient’s private data.Finally,employing BAN logic,this thesis performs formalized security proofs to ensure the security of the protocol.The security analysis shows that this protocol has the ability of anonymity and privacy protection,data confidentiality and integrity,resistance to falsification and tampering,and resistance to multiple attacks.