Embed Size (px)
Citation preview
Hyunsung Kim
Dept. of Cyber Security, Kyungil University
Korea
Non-interactive Hierarchical Key Agreement Protocol over WHMS
Sensor NetworkSensor node
SensingProcessingCommunication
229
Sensor Network (Limitations)
Modest processing power – 8 MHz Very little storage – a few hundred
kilobits Short communication range –
consumes a lot of power Small form factor – several mm3
Minimal energy – constrains protocols Batteries have a finite lifetime Passive devices provide little energy
329
Sensor Network (Example)
429
Sensor Network (Example)
529
Sensor Network (Example)
629
729
Index
Aging SocietyWireless Health Monitoring SystemsWHMS Security ConcernsWHMS Privacy IssuesNon-Interactive Hierarchical Key Agreement ProtocolConclusion
Aging Society
829
Aging Society
929
Aging Society
1029
Wireless Health Monitoring Systems (WHMSs)
The integration of IT technology into traditional medicineDiagnosis, monitoring and treatment of illness at remoteIt can help individuals to improve their personal health and wellbeing
1129
WHMS System Configuration
1229
Internet
Physician, PHi
uHealth Server, SV
EHR
Patient PAi
GWi
SNi1 SNi2
SNi3
SNi4
SNi5
SNi6 Access point
Tier 1 Tier 2 Tier 3data generation data transmission data storage and access
WHMS Security Concerns
Data Encryption: The data is encrypted so that it is not disclosed whilst in transitData Integrality: The recipient can be sure that the data has not been altered or changedAuthentication: It is an efficient method against impersonation attacksFreshness Protection: This prevents the attacker from replaying the old frames
1329
WHMS Privacy Issues
All communications are required to be encrypted to protect the user’s privacyIt is also necessary that, specific users should not be identified unless there is a needEducating general people to know privacy issues
1429
One round communication to setup a session key between two communication partiesNon-Interactive Hierarchical Key Agreement Protocol Non-interactive Hierarchical access control EHR security provision
Non-Interactive Hierarchical Key Agreement Protocol over WHMS
1529
NotationsSymbol Description
PAi Patient iPHi Attending physician i of PAi
SV u-Health serverGWi Gateway iSNi,j Sensor node j in the GWi
IDi Entity i’s identifierADi Amplified identity of IDi
(S1, S2, S3, S4) Private key set of PKG, SiZq*
SK Session key established between two entitiesri Random numberG1, G2 Cyclic groups of prime order qP A generator of G1
ê Bilinear map G1 G1 G2
H() One way hash function H : {0, 1}* G1*
EK(M) Symmetric key encryption of M by using a key K∙ Multiplication || Concatenation
1629
Bilinear Pairing
Definition 1: Let G is an additive group of prime order q and GT a multiplicative group of the same order. Let P denote a generator of G. An admissible pairing is a bilinear map ê : GGGT
Bilinear : given Q, R G and a, bZ*q, we
have ê(aQ, bR) = ê(Q, R)ab
Non-degenerate : ê(P, P)1GT
Computable : ê is efficiently computable
1729
Permission Hierarchy
1829
SV
PH1 PH2 PHi…
SN1,1,1
GW1,1
SN1,1,k
GW1,j GW2,1 GW2,j GWi,1 GWi,j………
… SN2,1,1SN2,1,k… SNi,j,1
SNi,j,k…… …
…
Tier
1T
ier 2
Tier
3
System Initialization
PKG initializes two cyclic groups, G1 and G2, of prime order q, a bilinear pairing ê: G1G1→G2 and a hash function H: {0, 1}* G1
*
PKG creates a private key set (S1, S2, S3, S4) for a WHMS
PKG computes ADSV=H(IDSV) and ADSV·S1
1929
Physician Registration
PHi SV
SV Checks the validity of IDPHi
Computes ADPHi =H(IDPHi) ADPHi ·S2
Issues a key pair (ADSV·S1, ADPHi ·S2, S3, S4) (ADSV, ADPHi)
2029
Physician, PHi
uHealth Server, SV
IDPHi
Hierarchical Key Setup
2129
SV
PH1
…
SN1,1,1
GW1,1
Tier
1T
ier 2
Tier
3
PHi
GWi,j
SNi,j,k
(ADSV·S1, S2, S3, S4)
(ADSV·S1, ADPH ·S2, S3, S4)1
(ADSV·S1, ADPH ·S2, S3, S4)i
…
…
Patient Registration
PAi SV
SV Checks the validity of IDPAi
Computes ADGWi,j =H(IDGWi,j), ADGWi,j ·S3 ADSNi,j,k=H(IDSNi,j,k), ADSNi,j,k ·S4
Issues a key pair (ADSV·S1, ADPHi·S2, ADGWi,j·S3, S4),(ADSV,ADPHi,ADGWi,j)(ADSV·S1, ADPHi·S2, ADGWi,j·S3, ADSNi,j,k·S4),(ADSV,ADPHi,ADGWi,j,ADSNi,j,k)
2229
uHealth Server, SV
Patient PAi
GWi
SNi1 SNi2
SNi3
SNi4
SNi5
SNi6
IDPAi
Hierarchical Key Setup
2329
SV
PH1
…
SN1,1,1
GW1,1
Tier
1T
ier 2
Tier
3
PHi
GWi,j
SNi,j,k
(ADSV·S1, S2, S3, S4)
(ADSV·S1, ADPH ·S2, S3, S4)1
(ADSV·S1, ADPH ·S2, ADGW ·S3, S4)1 1,1
(ADSV·S1, ADPH ·S2, ADGW ·S3, ADSN ·S4)1 1,1 1,1,1
(ADSV·S1, ADPH ·S2, S3, S4)i
(ADSV·S1, ADPH ·S2, ADGW ·S3, S4)i i,j
(ADSV·S1, ADPH ·S2, ADGW ·S3, ADSN ·S4)i i,j i,j,k
…
…
Non-Interactive Key Agreement and Secure Communication
2429
Patient PAjPhysician, PHi
uHealth Server, SV
SNi,j,d
(ADSV·S1, ADPH ·S2, ADGW ·S3, ADSN ·S4)i i,j i,j,d
(ADSV, ADPH , ADGW , ADSN )i i,j i,j,d
(ADSV·S1, ADPH ·S2, S3, S4)i
(ADSV, ADPH )i
Chooses r1
Computes R1=r1·ADSNi,j,d
Computes SK1=ê(ADSV·S1, ADSV)· ê(ADPHi·S2, ADPHi)·ê(ADGWi,j·S3, ADPHi)· ê(ADSNi,j,d·S4 , ADPHi)r
1
Computes M1=ESK1(Datai)Computes MAC1=H(SK1||R1||M1)
{R1, M1, ADSNi,j,d, MAC1}
EHR
Non-Interactive Key Agreement and Secure Communication
2529
Patient PAj
Physician, PHi
EHR
SNi,j,d
(ADSV·S1, ADPH ·S2, ADGW ·S3, ADSN ·S4)i i,j i,j,d
(ADSV, ADPH , ADGW , ADSN )i i,j i,j,d
(ADSV·S1, ADPH ·S2, S3, S4)i
(ADSV, ADPH )i
Chooses r1
Computes R1=r1·ADSNi,j,d
Computes SK1=ê(ADSV·S1, ADSV)· ê(ADPHi·S2, ADPHi)·ê(ADGWi,j·S3, ADPHi)· ê(ADSNi,j,d·S4 , ADPHi)r1
Computes M1=ESK1(Datai)Computes MAC1=H(SK1||R1||M1) {R1, M1, ADSNi,j,d, MAC1}
Authenticated by SVComputes SK1’=ê(ADSV·S1, ADSV)· ê(ADPHi·S2, ADPHi)·ê(ADPHi, ADGWi,j)S
3· ê(ADPHi, R1)S
4
Verify MAC1?=H(SK1’||R1’||M1)Retrieve Datai=DSK1’(M1)
Session Key Equivalence
SK1=ê(ADSV·S1, ADSV)·ê(ADPHi·S2, ADPHi)· ê(ADGWi,j·S3, ADPHi)·ê(ADSNi,j,d·S4 , ADPHi)r
1
=ê(ADSV·S1, ADSV)·ê(ADPHi·S2, ADPHi)· ê(ADGWi,j·S3, ADPHi)·ê(ADSNi,j,d , ADPHi)r
1·S
4
= ê(ADSV·S1, ADSV)·ê(ADPHi·S2, ADPHi)· ê(ADGWi,j, ADPHi)S
3·ê(ADSNi,j,d , ADPHi)r1·S
4
= ê(ADSV·S1, ADSV)·ê(ADPHi·S2, ADPHi)· ê(ADGWi,j, ADPHi)S
3·ê(R1, ADPHi)S4
= ê(ADSV·S1, ADSV)·ê(ADPHi·S2, ADPHi)· ê(ADPHi, ADGWi,j)S
3·ê(ADPHi, R1)S4
=SK1’
2629
Non-Interactive Key Agreement and Secure Communication
2729
Internet
Patient PAi Physician, PHi
uHealth Server, SV
EHR
GWi
SNi1 SNi2
SNi3
SNi4
SNi5
SNi6 Access point
Tier 1 Tier 2 Tier 3data generation data transmission data storage and access
SNi4 GWi
PHi
SV
EHR
2829
Conclusion
Importance of Security and Privacy in Wireless Health Monitoring SystemNon-Interactive Hierarchical Key Agreement Protocol One round key establishment Hierarchical access control EHR security provision
Thank You !
