進階搜尋


   電子論文尚未授權公開,紙本請查館藏目錄
(※如查詢不到或館藏狀況顯示「閉架不公開」,表示該本論文不在書庫,無法取用。)
系統識別號 U0026-1208201315583900
論文名稱(中文) 適用於電子病歷資訊系統之使用者認證機制
論文名稱(英文) User Authentication Schemes for an Integrated EPR Information System
校院名稱 成功大學
系所名稱(中) 製造工程研究所
系所名稱(英) Institute of Manufacturing Engineering
學年度 101
學期 2
出版年 102
研究生(中文) 張益賓
研究生(英文) I-Pin Chang
學號 P98931052
學位類別 博士
語文別 英文
論文頁數 80頁
口試委員 指導教授-王清正
共同指導教授-李添福
召集委員-陳順宇
口試委員-利德江
口試委員-李賢得
口試委員-陳聯文
口試委員-張怡玲
口試委員-李南逸
中文關鍵字 整合電子病歷資訊系統  網路安全  群組金鑰  使用者認證 
英文關鍵字 Integrated EPR information system  network security  group key  authentication 
學科別分類
中文摘要 整合電子病歷資訊系統可提供更便利與快速的醫療服務,除可提供病患個人化照護並協助醫務人員迅速做出正確的決策;在整合電子病歷資訊系統(Integrated EPR information system)中對於每一個使用者,例如:醫生、護士及病患等,如何有效且安全的保存個人密碼是值得深入探討;因此,電子病歷資訊系統如何提供安全、高效率的認證機制以有效保障病人的電子病歷(EPRs),是非常重要的議題。
本研究提出一套整合電子病歷資訊系統的使用者認證機制;所提認證機制比其他認證機制所需要的運算量更少,除了不需要在伺服器儲存任何有關使用者密碼等訊息,同時可以抵抗各種惡意的網路攻擊,例如密碼猜測攻擊、竊取伺服器驗證值攻擊、伺服器偽裝攻擊或是偽冒攻擊等。
此外,本研究並針對整合電子病歷資訊系統提出一個群組密碼認證機制(group password-based authenticated key agreement, GPAKE),此認證機制可提供一群使用者如醫生、護士及病患等建立一個暫時性的共同會議金鑰(a common session key) 。此協定不需使用到公開公鑰技術,對於群組使用者而言,僅需記住自已的通行密碼(weak password),即可與驗證伺服器相互認證身分,並與群組使用者產生共同的會議金鑰(common session key)做為後續的通訊傳輸使用。
本研究針對整合電子病歷資訊系統所提的二個使用者驗證機制,不僅提升了使用者使用上的便利性,並且不失其安全性。
英文摘要 Integrated EPR information systems support convenient and rapid e-medicine services. Passwords play an important role for each user, such as a doctor, a nurse or a patient, to achieve a secure and efficient authentication scheme for an integrated EPR information system that safeguards electronic patient records (EPRs), and helps health-care workers and medical personnel to make correct clinical decisions rapidly.
This research develops an efficient password-based authentication scheme for an integrated EPR information system. Compared with related approaches, the proposed scheme not only has a lower computational cost and does not require verifier tables for storing the secret information of the users, but also withstands various attacks such as password guessing attacks, stolen-verifier attacks, server spoofing attacks, impersonation attacks.
Additionally, the group password-based authenticated key agreement (GPAKE) scheme allowed a group of users, such as doctors, nurses and patients, to establish a common session key using password authentication. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for an integrated EPR information system. It does not require using the server or public keys of the users. Each user only remembers its weak password shared with a trusted server, and can thus obtain a common session key. Then, all users can securely communicate using this session key. The proposed two protocols are not only effective, but also highly secure.
論文目次 摘 要 I
Abstract II
誌 謝 III
Contents IV
List of Tables VI
List of Figures VII
1 Introduction 1
1.1 Research Motivation 1
1.2 Research Objectives 2
1.3 Organization 3
2 Literature Review 4
2.1 Transmission and Access to EPRs on the Internet 4
2.2 Password Authentication Schemes 6
2.3 Cryptography 8
2.4 Diffie–Hellman Key Agreement 11
2.5 Security Requirements and Definitions 13
3 A Password-Based User Authentication Scheme Using Smart Cards 16
3.1 Introduction 16
3.2 Review of the Authentication Scheme of Wu et al. 17
3.3 Weaknesses of the Scheme of Wu et al. 21
3.4 The Proposed Secure and Efficient Authentication Scheme 22
3.5 Security Analyses 27
3.6 Performance Analyses 31
4 Simple Group Password-Based Authenticated Protocols 45
4.1 Descript of the Integrated EPR Information System 45
4.2 Group Key Agreement Protocols 46
4.3 Description of the Simple Group Password-Based Authenticated Protocols 48
4.4 The Proposed SGPAKE Protocol 53
4.5 An Example of the Proposed Scheme 56
4.6 Security Analyses 61
4.7 Performance Analyses 65
5 Conclusion 71
Bibliography 74
Publication List 80
參考文獻 1. Abdalla, M., & Pointcheval, D. (2005), Simple password-based encrypted key exchange protocols. Topics in cryptology–CT-RSA 2005, 191-208.
2. Abdalla, M., Bresson, E., Chevassut, O., & Pointcheval, D. (2006), Password-based group key exchange in a constant number of rounds. Public Key Cryptography-PKC 2006, 427-442.
3. Boyd, C., & Nieto, J. (2002), Round-optimal contributory conference key agreement. Public Key Cryptography—PKC 2003, 161-174.
4. Bresson, E., Chevassut, O., & Pointcheval, D. (2001), Provably authenticated group Diffie-Hellman key exchange—the dynamic case. Advances in Cryptology—ASIACRYPT 2001, 290-309.
5. Bresson, E., Chevassut, O., & Pointcheval, D. (2002), Dynamic group Diffie-Hellman key exchange under standard assumptions. In Advances in Cryptology—EUROCRYPT 2002, 321-336.
6. Bresson, E., Chevassut, O., & Pointcheval, D. (2002), Group Diffie-Hellman key exchange secure against dictionary attacks. Advances in Cryptology—ASIACRYPT 2002, 603-610.
7. Carter, G., Clark, A., Dawson, E., & Nielsen, L. (1992), Analysis of DES double key mode. In IFIP TC, 08-12.
8. Chen, T. L., Chung, Y. F., & Lin, F. Y. (2012), A study on agent-based secure scheme for electronic medical record system. Journal of medical systems, 1-13.
9. Chen, W. H., Wu, Z. Y., Lai, F., Chien, Y. H., & Hwu, W. L. (2011), A reliable password-based user authentication scheme for Web-based Human Genome Database System. Digital Ecosystems and Technologies Conference (DEST), Proceedings of the 5th IEEE International Conference on. IEEE, 227-232.
10. Diffie, W., & Hellman, M. (1976), New directions in cryptography. Information Theory, IEEE Transactions on, 22(6), 644-654.
11. Dutta, R., & Barua, R. (2006), Password-based encrypted group key agreement. International Journal of Network Security, 3(1), 30-41.
12. Debiao, H., Jianhua, C., & Rui, Z. (2012), A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1989-1995.
13. Hsieh, W. B., & Leu, J. S. (2012), Anonymous authentication protocol based on elliptic curve Diffie–Hellman for wireless access networks. Wireless Communications and Mobile Computing.
14. Jeong, I. R., & Lee, D. H. (2007), Key agreement for key hypergraph. Computers & Security, 26(7), 452-458.
15. Joyce, R., & Gupta, G. (1990), Identity authentication based on keystroke latencies. Communications of the ACM, 33(2), 168-176.
16. Kim, H. J. (1995), Biometrics, is it a viable proposition for identity authentication and access control?. Computers & Security, 14(3), 205-214.
17. Kim, H. J., Lee, S. M., & Lee, D. (2004), Constant-round authenticated group key exchange for dynamic groups. Advances in Cryptology-ASIACRYPT 2004, 127-140.
18. Lee, J. K., Ryu, S. R., & Yoo, K. Y. (2002), Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters, 38(12), 554-555.
19. Lee, N. Y., & Chiu, Y. C. (2005), Improved remote authentication scheme with smart card. Computer Standards & Interfaces, 27(2), 177-180.
20. Lee, S., Hwang, J., & Lee, D. (2004), Efficient password-based group key exchange. Trust and Privacy in Digital Business, 191-199.
21. Lee, T.-F., Hwang, T. (2006), Improvement of the round-optimal conference key agreement protocol of Boyd and Nieto. 16th Information Security Conference, 98-102.
22. Lee, T.-F., Wen, H.-A., Hwang, T. (2006), A weil pairing-based round-efficient and fault-tolerant group key agreement protocol for sensor networks. IEEE Press - Sensor Network Operations, 571-579.
23. Lee, T.-F., Wen, H.-A., Jin, Y.-C., Chen, C.-S. (2008), Password-based group key agreement with server's public key for Hypergraphs. 2008 Symposium on Applications of Information, Management and Communication Technology.
24. Lee, W. B., & Lee, C. D. (2008), A cryptographic key management solution for HIPAA privacy/security regulations. Information Technology in Biomedicine, IEEE Transactions on, 12(1), 34-41.
25. Lin, C. H., & Lai, Y. Y. (2004), A flexible biometrics remote user authentication scheme. Computer Standards & Interfaces, 27(1), 19-23.
26. Lovis, C., Baud, R. H., & Scherrer, J. R. (1998), Internet integrated in the daily medical practice within an electronic patient record. Computers in biology and medicine, 28(5), 567.
27. Lu, R., Cao, Z., Chai, Z., & Liang, X. (2008), A simple user authentication scheme for grid computing. International Journal of Network Security, 7(2), 202-206.
28. Merkle, R. C. (1990), A fast software one-way hash function. Journal of Cryptology, 3(1), 43-58.
29. Rind, D. M., & Safran, C. (1993), Real and imagined barriers to an electronic medical record. In Proceedings of the Annual Symposium on Computer Application in Medical Care. American Medical Informatics Association, 74.
30. Rivest, R. L., Shamir, A., & Adleman, L. (1978), A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120-126.
31. Safran, C., & Goldberg, H. (2000), Electronic patient records and the impact of the Internet. International Journal of Medical Informatics, 60(2), 77-83.
32. Takeda, H., Matsumura, Y., Kuwata, S., Nakano, H., Sakamoto, N., & Yamamoto, R. (2000), Architecture for networked electronic patient record systems. International Journal of Medical Informatics, 60(2), 161-167.
33. Tsai, F. S. (2010), Security issues in e-healthcare. Journal of Medical and Biological Engineering, 30(4), 209-214.
34. Tzeng, W. G., & Tzeng, Z. J. (2000), Round-efficient conference key agreement protocols with provable security. Advances in Cryptology—ASIACRYPT 2000, 614-627.
35. Tzeng, W. G. (2002), A secure fault-tolerant conference-key agreement protocol. Computers, IEEE Transactions on, 51(4), 373-379.
36. Uslu, A. M., & Stausberg, J. (2008), Value of the electronic patient record: an analysis of the literature. Journal of Biomedical Informatics, 41(4), 675-682.
37. Van der Haak, M., Wolff, A. C., Brandner, R., Drings, P., Wannenmacher, M., & Wetter, T. (2003), Data security and protection in cross-institutional electronic patient records. International journal of medical informatics, 70(2-3), 117-130.
38. Van Ginneken, A. M. (2002), The computerized patient record: balancing effort and benefit. International journal of medical informatics, 65(2), 97-119.
39. Wang, Y. Y., Liu, J. Y., Xiao, F. X., & Dan, J. (2009), A more efficient and secure dynamic ID-based remote user authentication scheme. Computer communications, 32(4), 583-585.
40. Wei, J., Hu, X., & Liu, W. (2012), An improved authentication scheme for telecare medicine information systems. Journal of medical systems, 36(6), 3597-3604.
41. Wu, S. T., & Chieu, B. C. (2003), A user friendly remote authentication scheme with smart cards. Computers & Security, 22(6), 547-550.
42. Wu, Z. Y., Chung, Y., Lai, F., & Chen, T. S. (2012), A password-based user authentication scheme for the integrated EPR information system. Journal of medical systems, 36(2), 631-638.
43. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., & Chung, Y. (2012), A secure authentication scheme for telecare medicine information systems. Journal of medical systems, 36(3), 1529-1535.
44. Wu, Z. Y., Tseng, Y. J., Chung, Y., Chen, Y. C., & Lai, F. (2012), A reliable user authentication and key agreement scheme for web-based hospital-acquired infection surveillance information system. Journal of medical systems, 36(4), 2547-2555.
45. Zhu, Z. (2012), An efficient authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(6), 3833-3838.
論文全文使用權限
  • 同意授權校內瀏覽/列印電子全文服務,於2023-12-31起公開。


  • 如您有疑問,請聯絡圖書館
    聯絡電話:(06)2757575#65773
    聯絡E-mail:etds@email.ncku.edu.tw