An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks

User authentication with unlinkability is one of the corner stone services for many security and privacy services which are required to secure communications in wireless sensor networks (WSNs). Recently, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs, and claimed that their scheme achieves identity and password protection, and the resiliency of stolen smart card attacks. However, we observe that Xue et al.’s scheme is subject to identity guessing attack, tracking attack, privileged insider attack and weak stolen smart card attack. In order to fix the drawbacks, we propose an enhanced authentication scheme with unlinkability. Additionally, the proposed scheme further cuts the computational cost. Therefore, the proposed scheme not only remedies its security flaws but also improves its performance. It is more suitable for practical applications of WSNs than Xue et al.’s scheme.     

基于二元多项式的短波自组网密钥预分配方案

针对短波通信在传输过程中连通率低及容易遭受敌方截获和攻击的缺点,提出一种基于二元多项式的密钥预分配方案。该方案采用对称加密技术保证报文加/解密的效率;运用公钥密码体制复杂性提高会话密钥的安全性;引入hash函数对报文进行签名,验证报文的真实性与完整性;基于区域划分对节点进行分簇,实现节点之间100%的连通率。实验结果表明,该方案能有效抵御敌方的攻击,保证网络的安全通信。     

可证安全的面向无线传感器网络的双因素认证方案

随着无线传感器网络的快速发展,对外部用户的身份进行确认已成为获取传感器网络中实时数据所要解决的关键问题。基于Nam提出的首个广泛适用于面向无线传感器网络的双因素认证方案的安全模型,设计了一个新的可证安全的用户认证密钥协商方案。该方案基于椭圆曲线密码体制,达到用户、网关节点及传感器节点之间的双向认证,满足匿名性并建立会话密钥,最后基于ECCDH困难性假设证明了新方案的安全性。与Nam提出的方案相比,在满足安全性的同时,将参与者的计算效率达到最优,更符合资源受限环境及现实应用。     

基于WSN安全的用户认证协议

随着无线传感器网路的迅速发展,其安全问题变得很重要.在传感器网络的许多应用(如军事目标的检测和跟踪等)中,如何防止非法用户的入侵来保证网络的安全运行是亟待解决的问题.因此,提出了一种基于无线传感器网络的用户认证协议,并对其安全性和成本两方面进行了分析,可以看出该协议具有一定的可行性.     

A dynamic password-based user authentication scheme for hierarchical wireless sensor networks

Most queries in wireless sensor network (WSN) applications are issued at the point of the base station or gateway node of the network. However, for critical applications of WSNs there is a great need to access the real-time data inside the WSN from the nodes, because the real-time data may no longer be accessed through the base station only. So, the real-time data can be given access directly to the external users (parties) those who are authorized to access data as and when they demand. The user authentication plays a vital role for this purpose. In this paper, we propose a new password-based user authentication scheme in hierarchical wireless sensor networks. Our proposed scheme achieves better security and efficiency as compared to those for other existing password-based approaches. In addition, our scheme has merit to change dynamically the user's password locally without the help of the base station or gateway node. Furthermore, our scheme supports dynamic nodes addition after the initial deployment of nodes in the existing sensor network.     

An efficient and DoS-resistant user authentication scheme for two-tiered wireless sensor networks

Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints.Considering that most large-scale WSNs follow a two-tiered architecture,we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs.The proposed approach reduces the computational load,since it performs only simple operations,such as exclusive-OR and a one-way hash function.This feature is more suitable for the resource-limited sensor nodes and mobile devices.And it is unnecessary for master nodes to forward login request messages to the base station,or maintain a long user list.In addition,pseudonym identity is introduced to preserve user anonymity.Through clever design,our proposed scheme can prevent smart card breaches.Finally,security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.     

A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks

User authentication is one of the most important security services required for the resource-constrained wireless sensor networks (WSNs). In user authentication, for critical applications of WSNs, a legitimate user is allowed to query and collect the real-time data at any time from a sensor node of the network as and when he/she demands for it. In order to get the real-time information from the nodes, the user needs to be first authenticated by the nodes as well as the gateway node (GWN) of WSN so that illegal access to nodes do not happen in the network. Recently, Jiang et al. proposed an efficient two-factor user authentication scheme with unlinkability property in WSNs Jiang (2014). In this paper, we analyze Jiang et al.’s scheme. Unfortunately, we point out that Jiang et al.’s scheme has still several drawbacks such as (1) it fails to protect privileged insider attack, (2) inefficient registration phase for the sensor nodes, (3) it fails to provide proper authentication in login and authentication phase, (4) it fails to update properly the new changed password of a user in the password update phase, (5) it lacks of supporting dynamic sensor node addition after initial deployment of nodes in the network, and (6) it lacks the formal security verification. In order to withstand these pitfalls found in Jiang et al.’s scheme, we aim to propose a three-factor user authentication scheme for WSNs. Our scheme preserves the original merits of Jiang et al.’s scheme. Our scheme is efficient as compared to Jiang et al.’s scheme and other schemes. Furthermore, our scheme provides better security features and higher security level than other schemes. In addition, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. The simulation results clearly demonstrate that our scheme is also secure.     

On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks,principle and solutions

Anonymity is among the important properties of two-factor authentication schemes for wireless sensor networks (WSNs) to preserve user privacy. Though impressive efforts have been devoted to designing schemes with user anonymity by only using lightweight symmetric-key primitives such as hash functions and block ciphers, to the best of our knowledge none has succeeded so far. In this work, we take an initial step to shed light on the rationale underlying this prominent issue. Firstly, we scrutinize two previously-thought sound schemes, namely Fan et al.’s scheme and Xue et al.’s scheme, and demonstrate the major challenges in designing a scheme with user anonymity.Secondly, using these two foremost schemes as case studies and on the basis of the work of Halevi–Krawczyk (1999) [44] and Impagliazzo–Rudich (1989) [43], we put forward a general principle: Public-key techniques are intrinsically indispensable to construct a two-factor authentication scheme that can support user anonymity. Furthermore, we discuss the practical solutions to realize user anonymity. Remarkably, our principle can be applied to two-factor schemes for universal environments besides WSNs, such as the Internet, global mobility networks and mobile clouds. We believe that our work contributes to a better understanding of the inherent complexity in achieving user privacy, and will establish a groundwork for developing more secure and efficient privacy-preserving two-factor authentication schemes.     

A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps

Spread of wireless network technology has opened new doors to utilize sensor technology in various areas via Wireless Sensor Networks (WSNs). Many authentication protocols for among the service seeker users, sensing component sensor nodes (SNs) and the service provider base-station or gateway node (GWN) are available to realize services from WSNs efficiently and without any fear of deceit. Recently, Li et al. and He et al. independently proposed mutual authentication and key agreement schemes for WSNs. We find that both the schemes achieve mutual authentication, establish session key and resist many known attacks but still have security weaknesses. We show the applicability of stolen verifier, user impersonation, password guessing and smart card loss attacks on Li et al.’s scheme. Although their scheme employs the feature of dynamic identity, an attacker can reveal and guess the identity of a registered user. We demonstrate the susceptibility of He et al.’s scheme to password guessing attack. In both the schemes, the security of the session key established between user and SNs is imperfect due to lack of forward secrecy and session-specific temporary information leakage attack. In addition both the schemes impose extra computational load on resource scanty sensor-nodes and are not user friendly due to absence of user anonymity and lack of password change facility. To handle these drawbacks, we design a mutual authentication and key agreement scheme for WSN using chaotic maps. To the best of our knowledge, we are the first to propose an authentication scheme for WSN based on chaotic maps. We show the superiority of the proposed scheme over its predecessor schemes by means of detailed security analysis and comparative evaluation. We also formally analyze our scheme using BAN logic.     

A fuzzy-based interleaved multi-hop authentication scheme in wireless sensor networks

In sensor networks, a compromised node can either generate fabricated reports with false votes or inject false votes into real reports, which causes severe damage such as false alarms, energy drain and information loss. An interleaved hop-by-hop authentication (IHA) scheme addresses the former attack by detecting and filtering false reports in a deterministic and hop-by-hop fashion. Unfortunately, in IHA, all en-route nodes must join to verify reports while only a few are necessary to the authentication procedure. In this paper, we propose a fuzzy-based interleaved multi-hop authentication scheme based on IHA. In our scheme, the fuzzy logic system only selects some nodes for verification based on the network characteristics. Moreover, we apply a voting method and a hash-based key assignment mechanism to improve network security. Through performance evaluation, the proposed scheme is found to save up to 13% of the energy consumption and to provide more network protection compared to IHA.     

一种无线传感器网络双要素用户认证会话机制

针对无线传感器网络中外部用户直接访问内部传感器节点的安全威胁,提出了一种基于双要素用户认证方案的简单会话机制.该机制通过智能卡和密码两种因素来验证用户的有效性,并根据可供管理员配置的时间间隔来确定用户在会话中的状态,进而根据用户状态来限制其可用操作.该机制有效地缓解了用户认证单次有效的通信压力,且避免了用户认证长期有效的安全风险,同时它也为外部用户查询无线传感器内部节点的应用层增加了可实现性.     

对两个无线传感器网络中匿名身份认证协议的安全性分析

针对设计安全高效的无线传感器网络环境下匿名认证协议的问题,基于广泛接受的攻击者能力假设,采用基于场景的攻击技术,对新近提出的两个无线传感器网络环境下的双因子匿名身份认证协议进行了安全性分析。指出刘聪等提出的协议(刘聪,高峰修,马传贵,等.无线传感器网络中具有匿名性的用户认证协议.计算机工程,2012,38(22):99-103)无法实现所声称的抗离线口令猜测攻击,且在协议可用性方面存在根本性设计缺陷;指出闫丽丽等提出的协议(闫丽丽,张仕斌,昌燕.一种传感器网络用户认证与密钥协商协议.小型微型计算机系统,2013,34(10):2342-2344)不能抵抗用户仿冒攻击和离线口令猜测攻击,且无法实现用户不可追踪性。结果表明,这两个匿名身份认证协议都存在严重安全缺陷,不适于在实际无线传感器网络环境中应用。     

一种远程用户身份认证方案的密码分析和改进

通过密码分析学的验证方案证明Yoon等人提出的基于Hwang等其他人所证明的远程用户使用智能卡的方案中存在着多个安全漏洞,仍然是脆弱和不稳定的.同时给出如何改进并避免这些漏洞的方法.     

A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks

Wireless sensor network (WSN) can be deployed in any unattended environment. With the new developed IoT (Internet of Things) technology, remote authorized users are allowed to access reliable sensor nodes to obtain data and even are allowed to send commands to the nodes in the WSN. Because of the resource constrained nature of sensor nodes, it is important to design a secure, effective and lightweight authentication and key agreement scheme. The gateway node (GWN) plays a crucial role in the WSN as all data transmitted to the outside network must pass through it. We propose a temporal-credential-based mutual authentication scheme among the user, GWN and the sensor node. With the help of the password-based authentication, GWN can issue a temporal credential to each user and sensor node. For a user, his/her temporal credential can be securely protected and stored openly in a smart card. For a sensor node, its temporal credential is related to its identity and must privately stored in its storage medium. Furthermore, with the help of GWN, a lightweight key agreement scheme is proposed to embed into our protocol. The protocol only needs hash and XOR computations. The results of security and performance analysis demonstrate that the proposed scheme provides relatively more security features and high security level without increasing too much overhead of communication, computation and storage. It is realistic and well adapted for resource-constrained wireless sensor networks.     

无线传感器网络密钥管理方案前向安全性研究

对现有的基于椭圆曲线的无线传感器网络密钥管理方案进行了分析研究,针对现有密钥管理算法不具备前向安全性的问题,以相对简单及较为经典的两个方案为基础,将前向安全的概念引入到密钥管理方案之中,实现了前向安全在椭圆曲线无线传感器网络密钥管理方案中的应用。在此基础上,应用硬件节点MICAz进行硬件模拟,分析了方案的安全性、存储消耗、运行时间,验证了方案的适用性。     

无线传感器网络中的广播认证协议

在总结广播认证协议理想属性的基础上,对现有基于数字签名技术和对称加密技术的广播认证协议优缺点进行了分析讨论,并指出其对无线传感器网络广播认证协议设计的借鉴价值。将广播认证协议中的参数初始化和密钥更新等与密钥管理相关的问题归结为认证系统的完备性问题,并指出现有技术方案在解决该问题时存在的缺陷。初步探讨了无线传感器网络广播认证协议分级安全功能支持的意义,并给出了相应的方案设计思路。     

在多服务器环境下的双因素动态身份鉴别方案

针对Li等人基于智能卡的多服务器身份认证方案,分析指出了其中存在的安全性问题,提出了一个改进的双因素动态身份鉴别方案.该方案为用户提供了一种关于身份注册信息的自我更新机制,用户可以在不与远程服务器通信的状态下,动态更新身份标志、口令和秘密参数等相关信息.另外,自验证的时间戳技术的借鉴利用,不仅避免了时钟同步问题,而且节约了产生随机数的开销.该方案还实现了用户的动态登录和对用户登录操作的可追踪性.新方案不仅继承了Li方案计算量低、存储量小的优点,而且还提高了认证方案的安全性和实用性,可以适用于实际的网络环境和应用.     

一种基于Smart Card的远程用户身份验证方案的安全性讨论

身份验证是计算机通信的一个重要方面。由于密码验证协议的简单性,它已经被广泛地用于身份验证。最近,Lee氏等利用Smart Card,提出了一个基于随机数的远程用户验证方案。指出了这个方案并不像其提出者所声称的那样安全,同时提出了两种攻击方法以破解其验证方案。     

Efficient and secure two-factor dynamic ID-based password authentication scheme with provable security

Password-based remote user authentication schemes using smart cards are designed to ensure that only a user who possesses both the smart card and the corresponding password can gain access to the remote servers. Despite many research efforts, it remains a challenging task to design a secure password-based authentication scheme with user anonymity. The author uses Kumari et al.’s scheme as the case study. Their scheme uses non-public key primitives. The author first presents the cryptanalysis of Kumari et al.’s scheme in which he shows that their scheme is vulnerable to user impersonation attack, and does not provide forward secrecy and user anonymity. Using the case study, he has identified that public-key techniques are indispensable to construct a two-factor authentication scheme with security attributes, such as user anonymity, unlinkability and forward secrecy under the nontamper resistance assumption of the smart card. The author proposes a password-based authentication scheme using elliptic curve cryptography. Through the informal and formal security analysis, he shows that proposed scheme is secure against various known attacks, including the attacks found in Kumari’s scheme. Furthermore, he verifies the correctness of mutual authentication using the BAN logic.