یک پروتکل تشخیص و احراز هویت بیمار به منظور افزایش امنیت
الموضوعات :افسانه شرفی 1 , سپیده آدابی 2 , علی موقر 3 , صلاح المجید 4
1 - دانشگاه آزاد اسلامی واحد تهران شمال،گروه مهندسی کامپیوتر
2 - دانشگاه آزاد اسلامی واحد تهران شمال،گروه مهندسی کامپیوتر
3 - دانشگاه صنعتی شریف،گروه مهندسی کامپیوتر
4 - دانشگاه لینکلن انگلستان،دانشکده علوم کامپیوتر
الکلمات المفتاحية: اینترنت اشیا, احراز هویت, امنیت, سیگنال EEG,
ملخص المقالة :
امروزه فناوری اطلاعات همراه با گسترش روزافزون اینترنت اشیا، جهان فیزیکی را به تعامل بیشتر با محرکها، حسگرها و دستگاهها سوق داده است. نتیجه این تعامل، برقراری ارتباط "هر زمان و هر مکان" در دنیای واقعی است. خلأ تحقیقی که بتواند در کنار فراهمساختن پروتکلی چندلایه و بسیار امن (پروتکلی که همزمان، کار شناسایی و احراز هویت را انجام میدهد) و در عین حال بار محاسباتی کمی داشته باشد، احساس میشود. بنابراین در حوزه سلامت و درمان و به منظور پایش از راه دور بیمارانی با معلولیت جسمی و ذهنی (مانند بیماران فلج مغزی و قطع نخاع) نیاز مبرم به یک پروتکل بسیار امن وجود دارد. پروتکل پیشنهادی ما در این مطالعه یک پروتکل دولایه به نام "شناسایی- احراز هویت" میباشد که بر اساس EEG و اثر انگشت ساخته شده است. همچنین مرحله احراز هویت ما، الگوریتم اصلاحشده دیفی- هلمن است. این الگوریتم به دلیل مشکل امنیتی (وجود نفر سوم) نیاز به اصلاح دارد که روش پیشنهادی با دریافت اثر انگشت و سیگنال EEG بیمار، با دقت بسیار بالا و سرعت بالایی قادر به انجام احراز هویت بیمار است. پروتکل پیشنهادی با استفاده از دادههای 40 بیمار مبتلا به آسیب نخاعی ارزیابی شده و نتایج پیادهسازی، امنیت بیشتر این پروتکل را نشان میدهد. صحت عملکرد این پروتکل مورد بررسی قرار گرفته و زمان پردازش آن در مرحله احراز هویت نیز به 0215/0 ثانیه کاهش یافته است.
[1] I. A. Shah, F. A. Malik, and S. A. Ahmad, "Enhancing security in IoT based home automation using Reed Solomon codes," in Proc. IEEE Int. Conf. on Wireless Communications, Signal Processing and Networking, pp. 1639-1642, Chennai, India, 23-25 Mar. 2016.
[2] Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, "A survey on security and privacy issues in Internet-of-Things," IEEE Internet of Things J., vol. 4, no. 5, pp. 1250-1258, Oct. 2017.
[3] F. A. Alaba, M. Othman, I. A. T. Hashem, and F. Alotaibi, "Internet of Things security: a survey," J. of Network and Computer Applications, vol. 88, pp. 10-28, Jun. 2017.
[4] K. Ashton, "Internet of Things," RFID J., vol. 22, no. 7, pp. 97-114, Jun. 2009.
[5] D. Miorandi, S. Sicari, F. de Pellegrini, and I. Chlamtac, "Internet of things: vision, applications and research challenges," Ad hoc Networks, vol. 10, no. 7, pp. 1497-1516, Sept. 2012.
[6] J. H. Ziegeldorf, O. G. Morchon, and K. Wehrle, "Privacy in the Internet of Things: threats and challenges," Security and Communication Networks, vol. 7, no. 12, pp. 2728-2742, Dec. 2014.
[7] M. Abomhara and G. M. Køien, "Security and privacy in the Internet of Things: current status and open issues," in Proc. Int. Conf. on Privacy and Security in Mobile Systems, 8 pp., Aalborg, Denmark, 8 pp., 11-14 May 2014.
[8] R. Dantu, G. Clothier, and A. Atri, "EAP methods for wireless networks," Computer Standards & Interfaces, vol. 29, no. 3, pp. 289-301, Mar. 2007.
[9] S. T. F. Al-Janabi and M. A. S. Rasheed, "Public-key cryptography enabled kerberos authentication," Developments in E-Systems Engineering, pp. 209-214, Dubai, United Arab Emirates, 6-8 Dec. 2011.
[10] J. Liu, Y. Xiao, and C. P. Chen, "Authentication and access control in the Internet of Things," in Proc. IEEE 32nd Int. Conf. on, Distributed Computing Systems Workshops, pp. 588-592, Macau, China, 18-21 Jun. 2012.
[11] M. P. Pawlowski, A. J. Jara, and M. J. Ogorzalek, "Compact extensible authentication protocol for the Internet of Things: enabling scalable and efficient security commissioning," Mobile Information Systems, vol. vol. 2015, pp. 1-11, Nov. 2015.
[12] I. Karabey and G. Akman, "A cryptographic approach for secure client-server chat application using public key infrastructure (PKI)," in Proc. IEEE 11th Int. Conf. on Internet Technology and Secured Trans., pp. 442-446, Barcelona, Spain, 5-7 Dec. 2016.
[13] E. Cho, M. Park, and T. Kwon, "TwinPeaks: a new approach for certificateless public key distribution," in Proc. IEEE Conf. on Communications and Network Security, pp. 10-18, Philadelphia, PA, USA, 17-19 Oct. 2016.
[14] W. B. Hsieh and J. S. Leu, "Anonymous authentication protocol based on elliptic curve Diffie-Hellman for wireless access networks," Wireless Communications and Mobile Computing, vol. 14, no. 10, pp. 995-1006, Jul. 2014.
[15] N. Tirthani and R. Ganesan, "Data Security in Cloud Architecture Based on Diffie Hellman and Elliptical Curve Cryptography," IACR Cryptology ePrint Archive, 2014, 49, 2014.
[16] P. Joshi, M. Verma, and P. R. Verma, "Secure authentication approach using diffie-hellman key exchange algorithm for WSN," in Proc. IEEE Int. Conf. o, Control, Instrumentation, Communication and Computational Technologies, pp. 527-532, Kumaracoil, India, 18-19 Dec. 2015.
[17] S. Kumar and R. K. Singh, "Secure authentication approach using Diffie-Hellman key exchange algorithm for WSN," International J. of Communication Networks and Distributed Systems, vol. 17, no. 2, pp. 189-201, Sept. 2016.
[18] A. R. Sfar, E. Natalizio, Y. Challal, and Z. Chtourou, "A roadmap for security challenges in the Internet of Things," Digital Communications and Networks, vol. 4, no. 2, pp. 118-137, Apr. 2018.
[19] R. Vijaysanthi, N. Radha, M. J. Shree, and V. Sindhujaa, "Fingerprint authentication using Raspberry Pi based on IoT," in Proc. IEEE Int. Conf. on Algorithms, Methodology, Models and Applications in Emerging Technologies, 3 pp., Chennai, India, 16-18 Feb. 2017.
[20] P. Hu, H. Ning, T. Qiu, Y. Xu, X. Luo, and A. K. Sangaiah, "A unified face identification and resolution scheme using cloud computing in Internet of Things," Future Generation Computer Systems, vol. 81, pp. 582-592, Apr. 2018.
[21] Y. Lu, S. Wu, Z. Fang, N. Xiong, S. Yoon, and D. S. Park, "Exploring finger vein based personal authentication for secure IoT," Future Generation Computer Systems, vol. 77, pp. 149-160, Dec. 2017.
[22] P. Kumari and A. Vaish, "Brainwave based authentication system: research issues and challenges," International J. of Computer Engineering and Applications, vol. 4, no. 1, pp. 89-108. Feb. 2014.
[23] Y. S. Soni, S. B. Somani, and V. V. Shete, "Biometric user authentication using brain waves," in Proc. IEEE Int. Conf. on Inventive Computation Technologies, vol. 2, 6 pp., Coimbatore, India, 26-27 Aug. 2016.
[24] S. Marcel and J. D. R. Millan, "Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation," IEEE Trans. on Pattern Analysis and Machine Intelligence, vol. 29, no. 4, pp. 743-752, Feb. 2007.
[25] E. G. M. Kanaga, R. M. Kumaran, M. Hema, R. G. Manohari, and T. A. Thomas, "An experimental investigation on classifiers for Brain Computer Interface (BCI) based authentication," in Proc. IEEE Int. Conf. on, Trends in Electronics and Informatics, 6 pp., Tirunelveli, India, 11-12 May 2017.
[26] I. Švogor and T. Kišasondi, "Two factor authentication using EEG augmented passwords," in Proc. IEEE of the ITI 34th Int. Conf. on Information Technology Interfaces, pp. 373-378, Cavtat, Croatia, 25-28 Jun. 2012.
[27] C. Y. Cheng, EEG-Based Person Identification System and Its Longitudinal Adaptation, Master in Computer Science, National Chiao Tung University, Hsinchu, Taiwan, 2013.
[28] T. Alladi and V. Chamola, and Naren, "HARCI: a two-way authentication protocol for three entity healthcare IoT networks networks," IEEE J. on Selected Areas in Communications, vol. 39, no. 2, pp. 361-369, Feb. 2020.
[29] A. R. Elshenaway and S. K. Guirguis, "Adaptive thresholds of EEG brain signals for IoT devices authentication," IEEE Access, vol. 9, pp. 100294-100307, Jun. 2021.
[30] R. Zhang, B. Yan, L. Tong, J. Shu, X. Song, and Y. Zeng, "Identity authentication using portable electroencephalography signals in resting states," IEEE Access, vol. 7, pp. 160671-160682, 2019.
[31] A. Vallabhaneni, T. Wang, and B. He, "Brain-computer interface," Neural Engineering, pp. 85-121, Boston, MA: Springer, 2005.
[32] H. H. Jasper, "The ten-twenty electrode system of the International Federation," Electroencephalogr. Clin. Neurophysiol., vol. 10, pp. 370-375, 1958.
[33] P. Kumari and A. Vaish, "Information-theoretic measures on intrinsic mode function for the individual identification using EEG sensors," IEEE Sensors J., vol. 15, no. 9, pp. 4950-4960, Sept. 2015.
[34] Q. Gui, Z. Jin, M. V. R. Blondet, S. Laszlo, and W. Xu, "Towards EEG biometrics: pattern matching approaches for user identification," in Proc. IEEE Int. Conf. on,,Identity, Security and Behavior Analysis, 6 pp., Hong Kong, China, 23-25 Mar. 2015.
[35] W. Kong, L. Wang, S. Xu, F. Babiloni, and H. Chen, "EEG fingerprints: phase synchronization of EEG signals as biomarker for subject identification," IEEE Access, vol. 7, pp. 121165-121173, 2019.
