摘要: |
代理重签名在保证委托双方私钥安全的前提下, 通过半可信代理实现了双方签名的转换, 在本文方案中, 通过代理重签名实现了在通信过程中终端用户对于身份的隐私要求。移动医疗服务系统因为其有限的计算和存储能力, 需要借助云服务器来对医疗数据进行计算和存储。然而, 在将医疗数据外包给云服务器后, 数据便脱离了用户的控制, 这给用户隐私带来了极大地安全隐患。现有的无证书代理重签名方案大多都不具有撤销功能, 存在着密钥泄露等安全性问题。为了解决这一问题, 本文提出了一种可撤销的无证书代理重签名方案, 在不相互信任的移动医疗服务系统中, 实现了医疗数据传输过程以及云存储过程中的用户匿名性, 同时, 本文方案具有单向性和非交互性, 更适合在大规模的移动医疗系统中使用。此外, 当用户私钥泄露时, 本文利用 KUNode 算法实现了对用户的高效撤销, 并利用移动边缘计算技术将更新密钥和撤销列表的管理外包给移动边缘计算设备,降低了第三方的计算成本, 使其具有较低的延迟。最后, 在随机谕言机模型下证明了所构造的方案在自适应选择消息攻击下的不可伪造性, 并利用 JPBC 库与其他方案进行计算与通信开销的对比。其结果表明, 本方案在具备更优越的功能的同时, 具有较小的计算成本、通信成本和撤销成本。 |
关键词: 无证书代理重签名 随机谕言机模型 外包撤销 移动医疗系统 云计算 |
DOI:10.19363/J.cnki.cn10-1380/tn.2024.05.01 |
Received:July 07, 2022Revised:October 03, 2022 |
基金项目:本课题得到国家自然科学基金资助项目(No. 62072369, No. 62072371)、陕西省重点研发计划基金资助项目(No. 2020ZDLGY08-04)、陕西省创新能力支持计划基金资助项目(No. 2020KJXX-052)、陕西高校青年创新团队的资助。 |
|
Revocable Certificateless Proxy Re-signature Scheme in Mobile Healthcare System |
GUO Rui,LIU Yingfei,WANG Yicheng,MENG Tong |
School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China;National Engineering Laboratory for Wireless Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China |
Abstract: |
Proxy re-signature is a semi-trusted proxy that converts the signatures of both parties on the premise of ensuring the security of the private keys of the entrusting parties. In this scheme, proxy re-signing realizes the privacy requirements of the terminal users for identity in the communication process. Due to its limited computing and storage capacity, mobile healthcare service system needs to use cloud server to calculate and store healthy data. However, after outsourcing healthy data to cloud servers, the data will be out of users' control, causing great security risks to users' privacy. Most of the existing certificateless proxy re-signature schemes do not have the revocation function and have security problems such as key leakage. In order to solve this problem, a revocable unidirectional certificateless proxy re-signature scheme was proposed. In a mobile healthcare service system without mutual trust, this scheme realizes user anonymity in the process of healthy data transmission and cloud storage. At the same time, the scheme in this paper is unidirectional and non-interactive, which is more suitable for large-scale mobile healthcare service system. In addition, when the user's private key is leaked, this paper uses KUNode algorithm to realize the efficient revocation of the user, and uses mobile edge computing technology to outsource the management of updating the key and revocation list to mobile edge computing equipment, which reduces the computing cost of the third party and makes it have a lower delay. Finally, the proposed scheme was proved to be existentially unforgeable against chosen-message attacks on a random oracle model, and the computational and communication costs were compared with other schemes using JPBC library. The result shows that the scheme has better function and less computation cost, communication cost and revocation cost. |
Key words: certificateless proxy re-signature random oracle model outsourcing revocation mobile healthcare system cloud computing |