臺灣博碩士論文加值系統

隨著雲計算技術的成熟，以及分散式網路的應用越來越多，越來越多的數據被存儲在雲中，因此可以普及的被應用。同時，目前的獨立醫療記錄系統往往效率低，並且該領域的大多數研究未能滿足匿名和不可追蹤的安全要求。一些方案甚至容易受到模仿攻擊。因此，本研究中提出的方案結合了公有雲和私有雲，以便更有效和安全地保存和管理電子病歷（EMR）。本研究提出了一種新的安全EMR授權系統，該系統採用橢圓曲線加密和公開金鑰加密，為醫療保健系統提供公有雲和私有雲環境的訊息認證機制，實現醫療資源的安全共享。分析表明，所提出的方案可以防止已知的攻擊，例如重送攻擊，中間人攻擊和模仿攻擊，並提供用戶匿名，不可追蹤性，完整性，不可否認性以及前向和後向保密。

As cloud computing technology matures, along with an increased application of distributed networks, increasingly larger amounts of data are being stored in the cloud, and is thus available for pervasive application. At the same time, current independent medical record systems tend to be inefficient, and most previous studies in this field fail to meet the security requirements of anonymity and unlinkability. Some proposed schemes are even vulnerable to malicious impersonation attacks. The scheme proposed in this study therefore combines public and private clouds in order to more efficiently and securely preserve and manage electronic medical records (EMR). In this study, a new secure EMR authorization system is proposed, which uses elliptic curve encryption and public-key encryption, providing a health care system with both public and private cloud environments with a message authentication mechanism, allowing the secure sharing of medical resources. Analysis shows that the proposed scheme prevents known attacks, such as replay attacks, man-in-the-middle attacks and impersonation attacks, and provides user anonymity, unlinkability, integrity, non-repudiation, and forward and backward security.

TABLE OF CONTENTS
中文摘要 I
ABSTRACT II
誌謝 III
TABLE OF CONTENTS IV
LIST OF TABLES VI
LIST OF FIGURES VII
Chapter 1 Introduction 1
Chapter 2 Preliminary 5
2.1 Elliptic Curve Group 5
2.2 Ban logic 6
Chapter 3 The Proposed Scheme 9
3.1 System Architecture 9
3.2 Notation 12
3.3 Registration phase 13
3.3.1 The patient registers with the public cloud 13
3.3.2 The hospital’s private cloud registers with the public cloud 14
3.3.3 The doctor registers with the public cloud 15
3.4 Patient visiting doctor (consultation) phase 17
3.5 EMR search phase 21
3.6 Diagnosis phase 28
Chapter 4 Security Analysis 30
4.1. Mutual authentication 30
4.1.1 Goals 30
4.1.2 Messages delivered between parties 31
4.1.3 Assumptions 31
4.1.4 The doctor authenticates the patient 33
4.1.5 The patient authenticates the doctor 35
4.1.6 The hospital’s private cloud authenticates the doctor 37
4.1.7 The doctor authenticates the hospital’s private cloud 38
4.2. User anonymity and unlinkability 40
4.3. Integrity 41
4.3.1 The patient visiting doctor (consultation) phase 41
4.3.2 The EMR search phase 42
4.4. Non-repudiation 43
4.5. Forward and backward security 45
4.6. Known attacks 46
4.6.1 Replay attack 46
4.6.2 Man-in-the-middle attack 47
4.6.3 Impersonation attack 48
Chapter 5 Discussion 51
5.1. Security comparison 51
5.2. Computation cost 52
5.3. Communication cost 54
Chapter 6 Conclusion 57
References 59






LIST OF TABLES
Table 1 BAN logic notation 7
Table 2 Notation 12
Table 3 Proof of the non-repudiation offered by the proposed scheme 44
Table 4. Comparison of the security attributes of the proposed scheme with those of other schemes 51
Table 5. Comparison of computation costs 53
Table 6. Computation cost comparison 55

LIST OF FIGURES
Figure 1 Architecture of the proposed distributed EMR storage and sharing scheme 11
Figure 2 (a) Flow chart of patient registering with the public cloud 15
Figure 2 (b) Flow chart of the hospital’s private cloud registering with the public cloud 15
Figure 3 The doctor registers with the public cloud 16
Figure 4 Patient visiting doctor phase 20
Figure 5 EMR search phase 27
Figure 6 Flow chart of diagnosis phase 29
Figure 7 Diagnosis phase 29

1.World Health Organization. The top 10 causes of death Available online:https://www.who.int/news-room/fact-sheets/detail/the-top-10-causes-of-death. (accessed on 27.12.2018.)
2.M. Qi, J. Chen & Y. Chen, A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC, Computer methods and programs in biomedicine, 164 (2018): 101-109.
3.M. Masdari & S. Ahmadzadeh, A survey and taxonomy of the authentication schemes in Telecare Medicine Information Systems, Journal of Network and Computer Applications, 87 (2017): 1-19.
4.D. Puthal, R. Ranjan, A. Nanda, P. Nanda, P. P. Jayaraman & A. Y. Zomaya, Secure authentication and load balancing of distributed edge datacenters, Journal of Parallel and Distributed Computing, 124 (2019): 60-69
5.S. J. Iribarren, W. Brown III, R. Giguere, P. Stone, R. Schnall, N. Staggers & A. Carballo-Diéguez, Scoping review and evaluation of SMS/text messaging platforms for mHealth projects or clinical interventions, International journal of medical informatics, 101(2017): 28-40.
6.R. Song. Advanced smart card based password authentication protocol, Comput Stand Interfaces, 32(5-6)(2010):321-325
7.S. Chatterjee, S. Roy, A. K. Das, S. Chattopadhyay, N. Kumar, A. G. Reddy & Y. Park. On the design of fine grained access control with user authentication scheme for telecare medicine information systems, IEEE Access, 5(2017): 7012-7030.
8.R. Amin, S. H. Islam, G. P. Biswas, M. K. Khan & N. Kumar, A robust and anonymous patient monitoring system using wireless medical sensor networks, Future Generation Computer Systems, 80(2018): 483-495.
9.P. Mohit, R. Amin & G. P. Biswas, Design of authentication protocol for wireless sensor network-based smart vehicular system, Vehicular Communications, 9 (2017): 64-71.
10.M. Wazid, A. K. Das, S. Kumari, X. Li & F. Wu, Design of an efficient and provably secure anonymity preserving three‐factor user authentication and key agreement scheme for TMIS, Security and Communication Networks, 9(13) (2016): 1983-2001.
11.A. K. Sutrala, V. Das, M. Odelu, Wazid & S. Kumari, Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Computer methods and programs in biomedicine, 135(2016): 167-185.
12.C. L. Chen, T. T. Yang & T. F. Shih, A secure medical data exchange protocol based on cloud environment, Journal of medical systems, 38(9) (2014), 112.
13.S. Y. Chiou, Z. Ying & J. Liu, Improvement of a privacy authentication scheme based on cloud for medical environment, Journal of medical systems, 40(4) (2016): 101.
14.P. Mohit, R. Amin, A. Karati, G. P. Biswas & M. K. Khan, A standard mutual authentication protocol for cloud computing based health care system, Journal of medical systems, 41(4)(2017): 50.
15.V. Kumar, S. Jangirala & M. Ahmad, An efficient mutual authentication framework for healthcare system in cloud computing. Journal of medical systems, 42(8) (2018): 142.
16.C. T. Li, D. H. Shih & C. C. Wang, Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems, Computer methods and programs in biomedicine, 157(2018): 191-203.
17.A. H. Moon, U. Iqbal & G. M. Bhat, Implementation of Node Authentication for WSN using Hash Chains, Procedia Computer Science, 89(2016): 90-98.
18.Y. P. Liao & C. M. Hsiao, A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol, Ad Hoc Networks, 18(2014): 133-146.
19.V. Odelu, A. K. Das & A. Goswami, An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card, Journal of Information Security and Applications, 21(2015): 1-19.
20.H. L. Yeh, T. H. Chen & W. K. Shih, Robust smart card secured authentication scheme on SIP using elliptic curve cryptography, Computer Standards & Interfaces, 36(2)(2014): 397-402.
21.S. K. Shankar, A. S. Tomar & G. K. Tak, Secure medical data transmission by using ECC with mutual authentication in WSNs, Procedia Computer Science, 70(2015): 455-461.
22.P. Chandrakar & H. Om, A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC, Computer Communications, 110(2017): 26-34.
23.M. Burrows, M. Abadi, R. Needham, “A logic of authentication”, Proceedings of the Royal Society, 426(1871) (1989):233-271.
24.O. P. Van, Extending cryptographic logics of belief to key agreement protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, ACM, (1993): 232-243.
25.M. J. Marcus, 5G and IMT for 2020 and beyond, IEEE Wireless Communications, 22(4) (2015):2-3.