Upload
baldric-matthews
View
218
Download
2
Embed Size (px)
Citation preview
1
An Enhanced Two-factor UserAuthentication Scheme inWireless Sensor Networks
DAOJING HE, YI GAO, SAMMY CHAN,CHUN CHEN , JIAJUN BU
Ad Hoc & Sensor Wireless Networks 2010Vol. 0, pp. 1–11
Citation: 14Presenter: 林致良
Date: 2013/4/22
2
Outline
• Introduction• Related work• The new proposed protocol • Security and performance analysis • Conclusion
3
Outline
• Introduction• Related work• The new proposed protocol • Security and performance analysis • Conclusion
4
Introduction
• In WSNs, both Gateway (GW) nodes and external parties (users) are able to access directly the real-time data from the sensor nodes.
• A two-factor authentication is a concept used to describe an authentication mechanism, where more than one factor is required to authenticate the communicating party.
5
Introduction
6
Introduction
This paper points out:• Security weaknesses in Das M.’s scheme such
as suffering from insider attack.
This paper presents :• An enhanced two-factor user authentication
protocol.
7
Outline
• Introduction• Related work• The new proposed protocol • Security and performance analysis • Conclusion
8
Related work
Das M.'s scheme consists of two phases:
1. Registration phase 2. Authentication phase (1) Login phase (2) Verification Phase
9
Registration phase
Select ,
[ ,] (secure channel)
Das M.'s scheme
GW nodeUser()
Compute
Smart card { , h(), h( )⋅ , }
symmetric key: K one-way hash function: h( )⋅
10
Related work
Das M.'s scheme consists of two phases:
1. Registration phase 2. Authentication phase (1) Login phase (2) Verification Phase• This phase is invoked when User wants to perform
some queries to or access data from the network.
11
Login phase
Input ,smart card validates with the stored ones in it.
Das M.'s scheme
GW nodeUser()
Compute:Compute:
Smart card { , h(), h( )⋅ , }
T : current timestamp :dynamic login identity of
12
Verification Phase
GW nodeUser()
(T*−T)≤ΔT
Compute:
13
Verification Phase
:nearest sensor nodeGW node
Compute:
=
14
Registration phase
Select ,
[ ,] (secure channel)
• A privileged insider of the GW-node can obtain a user the message < , >.
• The insider can impersonate the user to use it to impersonate to access other GW-nodes.
Attack on Das M.'s scheme
GW nodeUser()
15
Design weakness on Das M.'s scheme
• The GW-node, as a registration and access center, should know the real identities of all users in the authentication phase.
• Although can be obtained by computing = ⊕h , the GW-node cannot get the real identity of any user because no password/verifier table is kept.
16
Outline
• Introduction• Related work• The new proposed protocol • Security and performance analysis • Conclusion
17
The new proposed protocol
The proposed scheme consists of three phases: 1. Registration phase 2. Authentication phase (1) Login phase (2) Verification Phase 3. Password updating phase
18
Registration phase
Select ,, b
[ , h(b ⊕ )] (secure channel)
The new proposed protocol
GW nodeUser()
Compute:
Smart card { , h( )⋅ , }
arbitrary number: b (large)secret number: K, J
Compute h(b ⊕ )
19
Login phase
Input ,smart card validates with the stored ones in it.
The new proposed protocol
GW nodeUser()
Compute:
Smart card { , h( ) ⋅ , }
T : current timestamp :dynamic login identity of
20
Verification Phase
GW nodeUser()
(T*−T)≤ΔT
Compute:
21
Verification Phase
:nearest sensor nodeGW node
Compute:
=
22
Input , smart card validates with the stored ones in it.
Password updating phase
User()
Compute:
Smart card { , h( ) ⋅ , }
23
Outline
• Introduction• Related work• The new proposed protocol • Security and performance analysis • Conclusion
24
Security Analysis
The scheme can withstand the insider attack and the impersonation attack: registers to the GW-node by presenting h(b⊕) instead of the insider of the GW-node cannot directly obtain
The scheme can obtain an user’s real identity:The GW-node obtains the users real identity by computing = ⊕h(T||).
25
Performance Analysis
: the delay time for the communication between a user and the GW-node.: the delay time for the communication between a GW-node and a sensor node.: the delay time for the communication between and a sensor node and a user.
Note: XOR operation requires very few computations, thus its computationcost is neglected here.
26
Outline
• Introduction• Related work• The new proposed protocol • Security and performance analysis • Conclusion
27
Conclusion
• This paper points out the security weaknesses in a two-factor user authentication protocol for wireless sensor networks.
• The analysis has shown that the security issues in that scheme can be solved in a very simple way, which is the proposal in this paper.