| 摘要: | 在科技隨著時代的洪流迅速演變的現今社會,越來越多人習慣依賴網際網路與生活連結的技術,而物聯網(Internet of Things,簡稱IoT)正是現代社會的趨勢。物聯網的技術目前已經被廣泛的應用在各個領域,而健康與醫療領域是其中最具代表且廣為人知的應用。
在2013年,Jin等人提出一個居家健康照護系統的認證機制,他們認為能夠抵抗常見的重送攻擊、猜密碼攻擊、偽裝攻擊、猜伺服器密鑰攻擊。本研究探討Jin等人的認證機制後,發現仍舊存在竊取裝置攻擊及使用者偽裝攻擊。
而在2016年,Gope等人提出一個採用身體感測網路的健康照護系統的認證機制,他們認為能夠抵抗阻絕服務攻擊。但本研究發現一旦進入不同步的情況而啟用備用方案時,攻擊者能夠進行中斷服務攻擊(Interruption of Service,簡稱IoS)及訊息竄改。
因此,本研究提出一個健康照護系統認證機制的改良方案,進行安全性及效能分析,發現本研究提出之機制能夠在補足原機制之不足後,滿足更多安全性需求。
While science and technology rapidly grow as time goes on, more and more people are getting used to rely on them in life. Nowadays, Internet of Things (IoT) has become the trend of the society. The technology of IoT has been widely used in various fields, such as health and medical field, which is one of the most representative and well-known applications.
In 2013, Jin et al. proposed an authentication scheme for the home healthcare system. They consider that their scheme can resist various attacks, such as replay attack, password guessing attack, masquerading attack, and server's secret key guessing attack. In our study, we discuss the authentication scheme of Jin et al., then we find their scheme still suffer from device lost attack and user masquerading attack.
In 2016, Gope et al. proposed an authentication scheme for healthcare system which uses Body Sensor Network (BSN). They believe that they can resist Denial of Service (DoS) attack. However, in our study, we find that the attacker can conduct the Interruption of Service (IoS) attack and modify messages when the event of desynchronization occurs and the backup plan starts.
Therefore, in this study, we proposed an improved authentication scheme for healthcare system that Gope et al. proposed, analyze the security and compare their performance. After all, we find that our scheme not only can prevent the weakness of the Gope et al.’s scheme, but also can satisfy more security requirements. |
