Abstract
Smart Connected Health Systems (SCHSs) belong to health systems that provide services of health care remotely. They provide the doctors with access to electronic medical records with the aid of medical sensors, smart wearable devices and smart medical instruments. Although SCHSs have many applications in the area of health care, securing massive amount of valuable and sensitive data of the patients and preserving the privacy are challenging. User authentication based on public key cryptographic techniques is playing a crucial role in SCHSs for protecting the privacy of patients. However, quantum computers will break such techniques. Rainbow signature is one of the candidates of the next generation of cryptographic algorithms which can resist attacks on quantum computers. However, it is vulnerable to Differential Power Analysis (DPA) attacks, which is based on information gained from the cryptographic implementations. We present techniques to exploit the countermeasures to protect Rainbow against DPA attacks. We propose a variant of Rainbow with resistance to DPA attacks. First, we take a random vector to randomize the power consumption of private keys during computing the first affine transformation; Second, random variables are adopted during computing central map transformation; Third, we take two random vectors during computing the second affine transformation to randomize the power consumption of private keys. We analyze the efficiency and implement the scheme on hardware. Compared with the related implementations, our scheme is efficient and suitable for signature generations on hardware. Besides, we propose a secure authentical scheme based on the implementation for protecting record of patients in SCHSs.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ghaffar, A., Langlois, E.V., Rasanathan, K., et al., Strengthening health systems through embedded research[J]. Bull. World Health Organ. 95(2):87–87, 2017.
Kutzin, J., and Sparkes, S.P., Health systems strengthening, universal health coverage, health security and resilience[J]. Bull. World Health Organ. 94(1):2, 2016.
Kieny, M.P., Bekedam, H., Dovlo, D., et al., Strengthening health systems for universal health coverage and sustainable development[J]. Bull. World Health Organ. 95(7):537–539, 2017.
Lin, C., Song, Z., Song, H., et al., Differential privacy preserving in big data analytics for connected Health[J]. J. Med. Syst. 40(4):97, 2016.
Vlahugjorgievska, E., Koceski, S., Kulev, I., et al., Connected-Health Algorithm: Development and Evaluation.[J]. J. Med. Syst. 40(4):1–7, 2016.
Rantos, K., Fysarakis, K., Manifavas, C., et al., Policy-Controlled Authenticated Access to LLN-Connected Healthcare Resources[J]. IEEE Syst. J. PP(99):1–11, 2018.
Bloss, R., Embedded medical sensors, an emerging technology to monitor hearts, brains, nerves and addressing other medical applications for improved patient care[J]. Sens. Rev. 36(2):115–119, 2016.
Vasiliev, A., Varfolomeev, A., Volkov, I., et al.: Reducing humidity response of gas sensors for medical applications: use of spark discharge synthesis of metal oxide nanoparticles[J]. Sensors, 18(8), 2018
Polsky, R., Narayan, R., and Miller, P., Microneedle-Based Sensors for medical Diagnosis[J]. J. Mater. Chem. B 4(8):1379–1383, 2016.
Ullah, S., Pedrycz, W., Karagiannidis, G.K., et al., Guest editorial special issue on communications technologies and infrastructures for smart e-health systems[J]. IEEE Syst. J. 12 (1): 16–19 , 2018.
Huang, H., Gong, T., Ye, N., et al., Private and secured medical data transmission and analysis for wireless sensing healthcare System[J]. IEEE Trans. Ind. Inf. 13(3):1227–1237, 2017.
Zhang, L., Zhang, Y., Tang, S., et al., Privacy protection for E-Health systems by means of dynamic authentication and Three-Factor key Agreement[J]. IEEE Trans. Ind. Electron. 65(3):2795–2805, 2017.
Sharma, S., Chen, K., and Sheth, A., Towards practical privacy-preserving analytics for iot and cloud based healthcare systems[J]. IEEE Internet Comput. PP(99):1–1, 2018.
Fontaine, J., Zheng, K., Van, D.V.C., et al., Evaluation of a proximity card authentication system for health care settings[J]. Int. J. Med. Inform. 92:1–7, 2016.
Mohit, P., Amin, R., Karati, A., et al., A standard mutual authentication protocol for cloud computing based health care System[J]. J. Med. Syst. 41(4):1–13, 2017.
Kumar, V., Jangirala, S., and Ahmad, M., An efficient mutual authentication framework for healthcare system in cloud Computing[J]. J. Med. Syst. 42(8):142, 2018.
Brown, D.R., and Breaking, RSA, May be as difficult as Factoring[J]. J. Cryptol. 29(1):220–241, 2016.
Sharma, G., Bala, S., and Verma, A.K., PF-IBS Pairing-Free Identity based digital signature algorithm for wireless sensor Networks[J]. Wirel. Pers. Commun. 97(2):1–12, 2017.
Barenghi, A., Bertoni, G.M., Breveglieri, L., et al., A Fault-Based secret key retrieval method for ECDSA: Analysis and Countermeasure[J]. ACM J. Emerg. Technol. Comput. Syst. 13(1):8, 2016.
Bernstein, D.J., and Lange, T., Post-quantum cryptography[J]. Nature 549(7671):188, 2017.
Howe, J., Khalid, A., Rafferty, C., et al., On practical discrete gaussian samplers for lattice-based cryptography[J]. IEEE Trans. Comput. PP(99):322–334, 2018.
Butin, D., Hash-Based signatures: State of Play[J]. IEEE Secur. Priv. 15(4):37–43, 2017.
Sendrier, N., Code-Based cryptography: State of the art and Perspectives[J]. IEEE Secur. Priv. 15(4):44–50, 2017.
Ding, J., and Petzoldt, A., Current state of multivariate Cryptography[J]. IEEE Secur. Priv. 15(4):28–36, 2017.
Ding, J., and Schmidt, D., Rainbow, a new multivariable polynomial signature Scheme[J]. Applied Cryptography & Network Security 3531:164–175, 2005.
Billet, O., and Gilbert, H.: Cryptanalysis of rainbow[C]. In: International Conference on Security and Cryptography for Networks, Springer, pp 336–347, 2006
Ding, J., Yang, B.Y., Chen, C.H.O., et al., New Differential-Algebraic Attacks and Reparametrization of Rainbow[M], applied cryptography and network security, pp. 242–257. Berlin: Springer, 2008.
Petzoldt, A., Bulygin, S., Buchmann, J., and CyclicRainbow, C: A Multivariate Signature Scheme with a Partially Cyclic Public Key[C]. In: Progress in Cryptology - Indocrypt 2010 -, International Conference on Cryptology in India, Hyderabad, India, December 12-15, 2010. Proceedings. DBLP, pp 33–48, 2010
Petzoldt, A., Bulygin, S., and Buchmann, J.: Selecting parameters for the rainbow signature Scheme[C]. In: International Conference on Post-Quantum Cryptography, Springer, pp 218–240, 2010
Yasuda, T., Sakurai, K., and Takagi, T., Reducing the key size of rainbow using non-commutative rings[J]. Lect. Notes Comput. Sci 7178:68–83, 2012.
Thomae, E., Quo Vadis Quaternion? Cryptanalysis of Rainbow over Non-commutative Rings[M]// Security and Cryptography for Networks, pp. 361–373. Berlin: Springer, 2012.
Petzoldt, A., Bulygin, S., and Buchmann, J., Fast Verification for Improved Versions of the UOV and Rainbow Signature Schemes[M]// Post-Quantum Cryptography, pp. 188–202. Berlin: Springer, 2013.
Yasuda, T., Takagi, T., and Sakurai, K.: Efficient Variant of Rainbow without Triangular Matrix Representation[C]. In: Information and Communication Technology - EurAsia Conference, pp 532–541, 2014
Yasuda, T., Takagi, T., and Sakurai, K., Efficient variant of Rainbow using sparse secret keys. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 5:3–13, 2014.
Yasuda, T., and Sakurai, K., A Multivariate Encryption Scheme with Rainbow[M]// Information and Communications Security. Berlin: Springer International Publishing, 2015.
Mohamed, M.S.E., Petzoldt A., and RingRainbow, C.: An efficient multivariate ring signature scheme[C]. In: International Conference on Cryptology in Africa, pp. 3–20. Springer, Cham, 2017.
Peng, Z., and Tang S., Circulant Rainbow: A new rainbow variant with shorter private key and faster signature Generation[J]. IEEE Access 5(99):11877–11886, 2017.
Balasubramanian, S., Bogdanov, A., Rupp, A., et al.: Fast multivariate signature generation in hardware: The case of Rainbow[C]. In: International Symposium on Field-Programmable Custom Computing Machines, IEEE, pp 281–282, 2008
Tang, S., Yi, H., Ding, J., et al., High-speed Hardware Implementation of Rainbow Signature on FPGAs[m], Post-Quantum Cryptography, pp. 228–243. Berlin: Springer, 2011.
Yi, H., Under quantum computer attack: Is rainbow a replacement of RSA and elliptic curves on Hardware?[J]. Security & Communication Networks 2018:1–9, 2018.
Okeya, K., Takagi, T., and Vuillaume, C.: On the importance of protecting δ in SFLASH against side channel attacks. In: International Conference on Coding and Computing (ITCC 2004), pp. 560–568. IEEE, Washington, 2004.
Yi, H., and Nie, Z.: On the security of MQ cryptographic systems for constructing secure Internet of medical things[J]. Personal & Ubiquitous Computing, pp 1–7, 2018
Mahanta, H.J., and Khan, A.K., Securing RSA against power analysis attacks through non-uniform exponent partitioning with randomisation[J]. IET Inf. Secur. 12(1):25–33, 2018.
Liu, Z., Liu, D., and Zou, X., An efficient and flexible hardware implementation of the dual-field elliptic curve cryptographic processor[J]. IEEE Trans. Ind. Electron. PP(99):1–1, 2017.
Yi, H., and Li, W., On the importance of checking multivariate public key cryptography for side-channel attacks: the case of enTTS scheme[J]. Comput. J. 60(8):1–13, 2017.
Acknowledgments
This study was funded by the Joint Funds of the National Natural Science Foundation of China under Key Program Grant (No. U1713212), Natural Science Foundation of Guangdong Province, China (No. 2018A030310030), Foundation for Distinguished Young Talents in Higher Education of Guangdong, China (No. 2017GkQNCX059), Special funds for Shenzhen Strategic Emerging Industries and Future Industrial Development (No. 20170502142224600), Shenzhen Science and Technology Program under Grant (No. JCYJ20170306144219159), Science and Technology Program of Shenzhen Polytechnic (No. 601722K20018).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interests
All authors declare that they have no conflict of interest. This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection on Security and Privacy in Smart Connected Health Systems
Rights and permissions
About this article
Cite this article
Yi, H., Li, J., Lin, Q. et al. A Rainbow-Based Authentical Scheme for Securing Smart Connected Health Systems. J Med Syst 43, 276 (2019). https://doi.org/10.1007/s10916-019-1320-7
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-019-1320-7