PRIVACY PROTECTION AUTHENTICATION METHOD BASED ON WIRELESS BODY AREA NETWORK

Abstract

A privacy protection authentication method based on a wireless body area network may be applied to a smart home care system. The method provides an authentication method for two-way authentication and key verification between a device and a cloud server, can ensure identities of the device and the cloud server to be valid and prevent network information security from being affected by external invasion attacks. A physical unclonable function and an elliptic curve cryptography algorithm are introduced to encrypt key data in the authentication process, so that the whole authentication process is in a safe environment, and the security of the authentication process is further improved through adding and removing functions of a third-party identity. The privacy protection authentication protocol method can resist replay attacks and smart card impersonation attacks, the whole authentication process is safe and efficient, and has a high application value in smart home care scenes.

Claims

1. A privacy protection authentication method based on a wireless body area network, comprising: S1, initializing a cloud server HN; S2, submitting a registration request in a secure channel to a super administrator SA by a user through a device, and returning registration information to the device through the secure channel by the super administrator after computational processing; S3, submitting an authentication request to the cloud server HN, accessing the registration information from a memory and sending the registration information after being added with verification parameters to the cloud server HN, by the user through the device; S4, determining a session key K.sub.SH for the device and the cloud server HN, after the device and the cloud server HN both complete authentications; and S5, updating the registration information in the memory.

2. The privacy protection authentication method as claimed in claim 1, wherein the initializing a cloud server HN specifically comprises: selecting a function of an elliptic curve E.sub.p and a base point P on the elliptic curve E.sub.p by the super administrator SA, then determining a long-term key K.sub.CHN and secretly storing the long-term key K.sub.CHN in the cloud server HN by the super administrator SA, calculating a public key Q=K.sub.CHN.Math.P of the cloud server HN through the function of the elliptic curve E.sub.p, and making parameters except the long-term key K.sub.CHN public.

3. The privacy protection authentication method as claimed in claim 1, wherein the device and the cloud server HN transmit information EMS through a wireless public channel, the information EMS is relayed through a router AP, the router AP is responsible for relaying and forwarding the information EMS, and an identity id.sub.p of the router AP is added to or removed from the relayed information EMS.

4. The privacy protection authentication method as claimed in claim 1, wherein the S2 specifically comprises: S2.1, transmitting information with the super administrator SA through the secure channel by the user after installing a healthcare monitoring device; S2.2, sending the registration request to the super administrator SA through the secure channel by the user; S2.3, generating current time stamp T.sub.j and storing the current time stamp T.sub.j in the cloud server HN, by the super administrator SA after receiving the registration request; setting an identity id.sub.j and a random integer a.sub.j for a sensor node SN of the healthcare monitoring device by the super administrator SA, calculating public values x.sub.j and y.sub.j between the cloud server HN and the sensor node SN of the healthcare monitoring device and a secret value MN.sub.j between the cloud server HN and the sensor node SN of the healthcare monitoring device, and sending the registration information to the sensor node SN of the healthcare monitoring device through the secure channel; S2.4, storing the registration information {id.sub.j, x.sub.j, y.sub.j, MN} to the memory by the sensor node SN of the healthcare monitoring device after receiving the registration information; S2.5, setting an identity id.sub.p for a router AP by the super administrator SA, and storing the identity id.sub.p in both the router AP and the cloud server HN; and S2.6, generating a device challenge value Cha.sub.j based on a physical unclonable function (PUF), calculating a response value Res.sub.j, calculating a secret value ST.sub.j of the sensor node SN and storing Cha.sub.j, Res.sub.j, ST.sub.j in the memory, by the sensor node SN of the healthcare monitoring device.

5. The privacy protection authentication method as claimed in claim 1, wherein the authentications in the S4 are based on mutual authentication and key verification between a sensor node SN of a healthcare monitoring device and the cloud server HN.

6. The privacy protection authentication method as claimed in claim 5, wherein specific steps of the mutual authentication and key verification comprise: S4.1, generating current time stamp T.sub.1, obtaining an identity verification parameter Vid.sub.j through encrypted computation and sending information EMS.sub.1 to a router AP, by the sensor node SN of the healthcare monitoring device; S4.2, adding, by the router AP after receiving the information EMS.sub.1, an identity id.sub.p into the information EMS.sub.1 to obtain information EMS.sub.2, and sending the information EMS.sub.2 carrying the identity id.sub.p of the router AP to the cloud server HN by the router AP; S4.3, generating current time stamp T.sub.2 and judging the time stamp T.sub.1 and the identity id.sub.p in the information EMS.sub.2 by the cloud server HN; when any one of the time stamp T.sub.1 and the identity id.sub.p is judged to be invalid, terminating a first authentication; when the time stamp T.sub.1 and the identity id.sub.p both are judged to be valid, acquiring by the cloud server HN a time stamp T.sub.j and a long-term key K.sub.CHN from a database, performing computation on the time stamp T.sub.j and the long-term key K.sub.CHN together with parameters in the information EMS.sub.2 to obtain an identity comparison verification parameter Vid.sub.j* and comparing the identity comparison verification parameter Vid.sub.j* with the identity verification parameter Vid.sub.j in the information EMS.sub.2 to obtain a comparison result, terminating the first authentication when the comparison result indicates they are not equal, the first authentication being successful when the comparison result indicates they are equal; S4.4, generating a session key K.sub.SH by the cloud server HN after the first authentication is successful, and sending information EMS.sub.3 to the router AP after obtaining an identity verification parameter Δ through computation; S4.5, removing the identity id.sub.p by the router AP after receiving the information EMS.sub.3 to obtain information EMS.sub.4, and then sending the information EMS.sub.4 to the sensor node SN of the healthcare monitoring device; S4.6, generating current time stamp T.sub.3 and judging a time stamp T.sub.2 in the information EMS.sub.4 by the sensor node SN of the healthcare monitoring device; when the time stamp T.sub.2 is judged to be invalid, terminating a second authentication; when the time stamp T.sub.2 is judged to be valid, obtaining an identity id.sub.j from the sensor node SN by the sensor node SN of the healthcare monitoring device, performing computation on the identity id.sub.j together with parameters in the information EMS.sub.4 to obtain an identity comparison verification parameter Δ* and comparing the identity comparison verification parameter Δ* with the identity verification parameter A in the information EMS.sub.4 to obtain a second comparison result, terminating the second authentication when the second comparison result indicates they are not equal, the second authentication being successful when the second comparison result indicates they are equal; and S4.7, after the second authentication is successful, acquiring the session key K.sub.SH from the information EMS.sub.4 by the sensor node SN of the healthcare monitoring device, and updating the registration information in the memory.

7. The privacy protection authentication method as claimed in claim 6, wherein a method of time stamp judgement is |T.sub.n−T.sub.n+1|≤ΔT, where T.sub.n represents a time stamp contained in information sent from a previous stage, T.sub.n+1 represents current time stamp obtained by a device when receiving the information sent from the previous stage, and ΔT represents a preset maximum delay time allowed in a communication process; when a time difference between T.sub.n and T.sub.n+1 is greater than the threshold ΔT, an authentication is terminated, and whereas when the time difference is less than the threshold ΔT, going to a next step.

8. The privacy protection authentication method as claimed in claim 6, wherein the S4.1 specifically comprises: generating, by the sensor node SN of the healthcare monitoring device, a random number b.sub.j and the current time stamp T.sub.1, calculating two verification parameters S.sub.1=b.sub.j.Math.P and S.sub.2=b.sub.j.Math.Q through a function of an elliptic curve E.sub.p, calculating the identity verification parameter Vid.sub.j=h(id.sub.j∥x.sub.j∥y.sub.j∥S.sub.1∥S.sub.2∥h(S.sub.2, MH.sub.j) ∥T.sub.j∥T.sub.1), and adding {x.sub.j, y.sub.j, Vid.sub.j, S.sub.1, T.sub.1, T.sub.j} into the information EMS.sub.1, where x.sub.j and y.sub.j are acquired from the memory; wherein the S4.3 specifically comprises: when the time stamp T.sub.1 and the identity id.sub.p both are judged to be valid, calculating a.sub.j=x.sub.j⊕h(K.sub.HN, T.sub.j) , id.sub.j*=x.sub.j⊕h(K.sub.HN, a.sub.j, T.sub.j) by the cloud server HN based on content of the information EMS.sub.2, calculating S.sub.2*=K.sub.HN.Math.S.sub.1 through the function of the elliptic curve E.sub.p, and then obtaining the identity comparison verification parameter Vid.sub.j*=h(id.sub.j∥x.sub.j∥y.sub.j∥S.sub.1∥S.sub.2* ∥h(S.sub.2*, h(id.sub.j*, K.sub.HN)) ∥T.sub.j∥T.sub.1) through computation; wherein the S4.4 specifically comprises: generating two random numbers a.sub.i and b.sub.i by the cloud server HN, calculating two verification parameters S.sub.3=b.sub.i.Math.P and S.sub.4=b.sub.i.Math.S.sub.1 through the function of the elliptic curve E.sub.p, updating x.sub.j.sup.new=a.sub.i⊕h(K.sub.CHN∥T.sub.2) and y.sub.j.sup.new=id.sub.j*⊕h(K.sub.CHN∥a.sub.i∥T.sub.2), calculating transfer values μ=x.sub.j.sup.new⊕h(S.sub.2* ∥h(id.sub.j∥K.sub.CHN) ∥T.sub.2) and λ=y.sub.j.sup.new⊕h(T.sub.2∥S.sub.2* ∥h(id.sub.j* ∥K.sub.CHN)), calculating the session key K.sub.SH, calculating the identity verification parameter Δ=h(x.sub.j.sup.new∥y.sub.j.sup.new∥K.sub.SH∥T.sub.2), and adding {μ, λ, Δ, S.sub.3, T.sub.2, id.sub.p} into the information EMS.sub.3, where μ is configured to encrypt the x.sub.j.sup.new, and λ is configured to encrypt the y.sub.j.sup.new; wherein the S4.6 specifically comprises: when the time stamp T.sub.2 is judged to be valid, calculating S.sub.4*=b.sub.j.Math.S.sub.3 through the function of the elliptic curve E.sub.p by the sensor node SN of the healthcare monitoring device, calculating updated x.sub.j.sup.new*=μ⊕h(S.sub.3∥MH.sub.j∥T.sub.2) and updated y.sub.j.sup.new*=λ⊕h(T.sub.2∥S.sub.2∥MH.sub.j), calculating a session key K.sub.SH* based on content of the information EMS.sub.4, and calculating the identity comparison verification parameter Δ*=h(x.sub.j.sup.new* ∥y.sub.j.sup.new* ∥K.sub.SH* ∥T.sub.2); wherein identity verification parameter comparison is comparing an identity verification parameter carried by information EMS sent from a previous stage with an identity comparison verification parameter obtained by each of the sensor node SN of the health monitoring device and the cloud server HN based on existing parameters, the identity verification parameter carried by information EMS sent from a previous stage is one of Vid.sub.j=h(id.sub.j∥x.sub.j∥y.sub.j∥S.sub.1∥S.sub.2∥h(S.sub.2, MH.sub.j) ∥T.sub.j∥T.sub.1) of the sensor node SN of the healthcare monitoring device and Δ=h(x.sub.j.sup.new∥y.sub.j.sup.new∥K.sub.SH∥T.sub.2) of the cloud server HN, the identity comparison verification parameter obtained by each of the sensor node SN of the health monitoring device and the cloud server HN based on existing parameters is one of Vid.sub.j*=h(id.sub.j* ∥x.sub.j∥y.sub.j∥S.sub.1∥S.sub.2∥h(S.sub.2*, h(id.sub.j*, K.sub.HN)) ∥T.sub.j∥T.sub.1) of the cloud server HN and Δ*=h(x.sub.j.sup.new* ∥y.sub.j.sup.new6l * ∥K.sub.SH∥T.sub.2) of the sensor node SN of the healthcare monitoring device.

9. The privacy protection authentication device as claimed in claim 1, wherein the updating the registration information specifically comprises: after the device and the cloud server HN complete mutual authentication and key verification, acquiring, by the device, parameters from information EMS.sub.4 sent by the cloud server HN, calculating x.sub.j.sup.new*=μ⊕h(S.sub.3∥MH.sub.j∥T.sub.2) and y.sub.j.sup.new*=λ⊕h(T.sub.2∥S.sub.2∥MH.sub.j), using x.sub.j.sup.new* to replace x.sub.j of the registration information in the memory, and using y.sub.j.sup.new* to replace y.sub.j of the registration information in the memory.

10. The privacy protection authentication device as claimed in claim 6, wherein the updating the registration information specifically comprises: after the device and the cloud server HN complete the mutual authentication and key verification, acquiring, by the healthcare monitoring device, parameters from the information EMS.sub.4 sent by the cloud server HN, calculating x.sub.j.sup.new*=μ⊕h(S.sub.3∥MH.sub.j∥T.sub.2) and y.sub.j.sup.new*=λ⊕h(T.sub.2∥S.sub.2∥MH.sub.j), using x.sub.j.sup.new* to replace x.sub.j of the registration information in the memory, and using y.sub.j.sup.new* to replace y.sub.j of the registration information in the memory.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0045] FIG. 1 illustrates a schematic flowchart of a privacy protection authentication method based on wireless body area networks according to an embodiment of the invention.

[0046] FIG. 2 illustrates a schematic flowchart associated with mutual authentication and key verification between a sensor node SN of a healthcare monitoring device and a cloud server HN according to an embodiment of the invention.

DETAILED DESCRIPTION OF EMBODIMENTS

[0047] Embodiments of the invention will be described in detail below in conjunction with the accompanying drawings.

[0048] As illustrated in FIG. 1, a privacy protection authentication method based on a wireless body area network (WBAN) is provided. The privacy protection authentication method may be applied to a smart home care system (also referred to as smart elderly care system) and may include steps S1˜S5 as follows.

[0049] S1, initializing a cloud server HN. Herein, HN is the abbreviation of “Hub Node” and thus “cloud server HN” may also be referred to as “cloud server hub node”.

[0050] S2, submitting a registration request in a secure channel to a super administrator SA by a user through a device, returning registration information to the device of the user through the secure channel by the super administrator SA after computational processing, and storing the registration information in a memory.

[0051] S3, submitting an authentication request to the cloud server HN, accessing the registration information from the memory and sending the registration information after being added with verification parameters to the cloud server HN, by the user through the device.

[0052] S4, performing authentications by both the device and the cloud server HN, thereby determining a session key K.sub.SH for the device and the cloud server HN.

[0053] S5, updating the registration information in the memory.

[0054] The initializing a cloud server HN may include: selecting a function of an elliptic curve E.sub.p and a base point P on the elliptic curve E.sub.p by the super administrator SA, then determining a long-term key K.sub.CHN and secretly storing the long-term key K.sub.CHN in the cloud server HN by the super administrator SA, calculating a public key Q=K.sub.CHN.Math.P of the cloud server HN through the function of the elliptic curve E.sub.p, and making above parameters except the long-term key K.sub.CHN public.

[0055] In some embodiments, the S2 specifically includes S2.1˜S2.6 as follows.

[0056] S2.1, transmitting information with the cloud server HN through a router AP by the user after installing a healthcare monitoring device. Herein, AP is the abbreviation of “Access Point”.

[0057] S2.2, sending the registration request to the super administrator SA through the secure channel by the user.

[0058] S2.3, generating current time stamp T.sub.j and storing the current time stamp T.sub.j in the cloud server HN, by the super administrator SA after receiving the registration request; setting an identity id.sub.j and a random integer a.sub.j for a sensor node SN of the healthcare monitoring device by the super administrator SA, calculating x.sub.j=a.sub.j⊕h(K.sub.CHN, T.sub.j) used for hiding the random integer a.sub.j, calculating y.sub.j=id.sub.j⊕h(K.sub.CHN, a.sub.j, T.sub.j) used for hiding the identity id.sub.j, calculating a secret value MN.sub.j=h(id.sub.j, K.sub.CHN) between the cloud server HN and the sensor node SN of the healthcare monitoring device, and sending the registration information to the sensor node SN of the healthcare monitoring device through the router AP.

[0059] S2.4, storing the registration information {id.sub.j, x.sub.j, y.sub.j, MN.sub.J} into the memory by the sensor node SN of the healthcare monitoring device after receiving the registration information.

[0060] S2.5, setting an identity id.sub.p for the router AP by the super administrator SA, and storing the identity id.sub.p in both the router AP and the cloud server HN.

[0061] S2.6, generating a device challenge value Cha.sub.j based on a physical unclonable function (PUF), calculating a response value Res.sub.j, calculating a secret value ST.sub.j of the sensor node SN and storing Cha.sub.j, Res.sub.j, ST.sub.j in the memory, by the sensor node SN of the healthcare monitoring device.

[0062] As illustrated in FIG. 2, a schematic flowchart associated with mutual authentication (also referred to as two-way authentication) and key verification between the sensor node SN of the healthcare monitoring device and the cloud server HN is shown. Specific steps S4.1˜S4.7 are carried out as follows.

[0063] S4.1, generating a random number b.sub.j and current time stamp T.sub.1 by the sensor node SN of the healthcare monitoring device, calculating two verification parameters S.sub.1=b.sub.j.Math.P and S.sub.2=b.sub.j.Math.Q through the function of the elliptic curve E.sub.p, calculating an identity verification parameter Vid.sub.j=h(id.sub.j∥x.sub.j∥y.sub.j∥S.sub.1∥S.sub.2∥h(S.sub.2, MH.sub.j) ∥T.sub.j∥T.sub.1), and sending EMS.sub.1 {x.sub.j, y.sub.j, Vid.sub.j, S.sub.1, T.sub.1, T.sub.j} to the router AP.

[0064] S4.2, adding, by the router AP after receiving the information EMS.sub.1, the identity id.sub.p into the information EMS, to obtain information EMS.sub.2{x.sub.j, y.sub.j, Vid.sub.j, S.sub.1, T.sub.1, T.sub.j, id.sub.p}, and sending the information EMS.sub.2 carrying the identity id.sub.p to the cloud server HN by the router AP.

[0065] S4.3, generating current time stamp T.sub.2 and judging the time stamp T.sub.1 and the identity id.sub.p in the information EMS.sub.2 by the cloud server HN after receiving the information EMS.sub.2; when any one of the time stamp T.sub.1 and the identity id.sub.p is judged to be invalid, terminating the authentication;

[0066] Whereas, when both of them are passed, i.e., the time stamp T.sub.1 and the identity id.sub.p both are judged to be valid, acquiring by the cloud server HN the time stamp T.sub.j and the long-term key K.sub.CHN from a database, calculating a.sub.j=x.sub.j⊕h(K.sub.HN, T.sub.j), id.sub.j*=x.sub.j⊕h(K.sub.HN, a.sub.j, T.sub.j) by the cloud server HN based on content of the information EMS.sub.2, calculating S.sub.2*=K.sub.HN.Math.S.sub.1 through the function of the elliptic curve E.sub.p, and then calculating an identity comparison verification parameter Vid.sub.j*=h(id.sub.j* ∥x.sub.j∥y.sub.j∥S.sub.1∥S.sub.2∥h(S.sub.2*, K.sub.HN)) ∥T.sub.j∥T.sub.1), and comparing the identity comparison verification parameter Vid.sub.j* with the identity verification parameter Vid.sub.j in the information EMS.sub.2; terminating the authentication when the comparison result indicates they are not equal, or the authentication being successful when the comparison result indicates they are equal.

[0067] S4.4, generating two random numbers a.sub.i and b.sub.i by the cloud server HN after successfully authenticating the sensor node SN, calculating two verification parameters S.sub.3=b.sub.i.Math.P and S.sub.4=b.sub.i.Math.S.sub.1 through the function of the elliptic curve E.sub.p, updating x.sub.j.sup.new=a.sub.i⊕h(K.sub.CHN∥T.sub.2) and y.sub.k.sup.new=id.sub.j*⊕h(K.sub.CHN∥a.sub.i∥T.sub.2), calculating transfer values μ=x.sub.j.sup.new⊕h(S.sub.2* ∥h(id.sub.j* ∥K.sub.CHN) ∥T.sub.2), λ=y.sub.j.sup.new⊕h(T.sub.2∥S.sub.2∥h(id.sub.j* ∥K.sub.CHN)) and a session key K.sub.SH=h(S.sub.1, S.sub.2, S.sub.3, S.sub.4, id.sub.j*, T.sub.2), calculating an identity verification parameter Δ=h(x.sub.k.sup.new∥y.sub.j.sup.new∥K.sub.SH∥T.sub.2), and sending EMS.sub.3{μ, λ, Δ, S.sub.3, T.sub.2, id.sub.p} to the router AP. Herein, μ is configured (i.e., structured and arranged) to encrypt the x.sub.j.sup.new, and λ is configured to encrypt the y.sub.j.sup.new.

[0068] S4.5, removing the identity id.sub.p by the router AP after receiving the information EMS.sub.3 to obtain information EMS.sub.4{μ, λ, Δ, S.sub.3, T.sub.2}, and then sending the information EMS.sub.4{μ, λ, Δ, S.sub.3, T.sub.2} to the sensor node SN of the healthcare monitoring device.

[0069] S4.6, judging the time stamp T.sub.2 in the information EMS.sub.4 by the sensor node SN of the healthcare monitoring device after receiving the information EMS.sub.4, and when the time stamp T.sub.2 is judged to be invalid, terminating the authentication;

[0070] Whereas, when it is passed (i.e., the time stamp T.sub.2 is judged to be valid), calculating S.sub.4*=b.sub.j.Math.S.sub.3 through the function of the elliptic curve E.sub.p by the sensor node SN of the healthcare monitoring device, calculating updated x.sub.j.sup.new*=μ⊕h(S.sub.3∥MH.sub.j∥T.sub.2) and updated y.sub.j.sup.new*=λ⊕h(T.sub.2∥S.sub.2∥MH.sub.j), calculating K.sub.SH*=h(S.sub.1∥S.sub.2∥S.sub.3∥S.sub.4* ∥id.sub.j∥T.sub.2) based on content of the information EMS.sub.4, calculating an identity comparison verification parameter Δ*=h(x.sub.j.sup.new* ∥y.sub.j.sup.new* ∥K.sub.SH∥T.sub.2), and comparing the identity comparison verification parameter Δ* with the identity verification parameter Δ in the information EMS.sub.4; terminating the authentication when the comparison result indicates they are not equal, or the authentication being successful when the comparison result indicates they are equal.

[0071] S4.7, after the authentication is passed (i.e., the sensor node SN successfully authenticates the cloud server HN), acquiring the session key K.sub.SH*=h(S.sub.1∥S.sub.2∥S.sub.3∥S.sub.4* ∥id.sub.j∥T.sub.2) from the information EMS.sub.4 by the sensor node SN of the healthcare monitoring device, using x.sub.j.sup.new* to replace x.sub.j of the registration information in the memory, and using y.sub.j.sup.new* to replace y.sub.j of the registration information in the memory.

[0072] A method for time stamp judgement may be that ∥T.sub.n-T.sub.n+1∥≤ΔT, where T.sub.n is the time stamp contained in the information sent from a previous stage, T.sub.n+1 is the current time stamp obtained by a device when receiving the information, and ΔT is a preset maximum delay time allowed in a communication process. When the time difference between T.sub.n and T.sub.n+1 is greater than the threshold ΔT, the authentication is terminated, and whereas when the time difference is less than the threshold ΔT, going to the next step.

[0073] The above parameters with the symbol “*” are information may be stolen or impersonated by the third party in the authentication processes.

PRIVACY PROTECTION AUTHENTICATION METHOD BASED ON WIRELESS BODY AREA NETWORK

Inventors

Cpc classification

Classification Explorer

H04L63/0428

ELECTRICITY

Classification Explorer

H04L63/0869

ELECTRICITY

Classification Explorer

H04L9/0844

ELECTRICITY

Classification Explorer

H04W12/06

ELECTRICITY

Classification Explorer

H04W12/02

ELECTRICITY

Classification Explorer

H04L2209/80

ELECTRICITY

Classification Explorer

H04L9/0894

ELECTRICITY

Classification Explorer

H04L63/1483

ELECTRICITY

Classification Explorer

H04W12/12

ELECTRICITY

Classification Explorer

H04W84/18

ELECTRICITY

International classification

Classification Explorer

H04L9/32

ELECTRICITY

Classification Explorer

H04L9/40

ELECTRICITY

Classification Explorer

H04W12/02

ELECTRICITY

Classification Explorer

H04W84/18

ELECTRICITY

Abstract

Claims

Description