an enhanced two-factor user authentication scheme in wireless sensor networks daojing he, yi gao,...
TRANSCRIPT
![Page 1: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/1.jpg)
1
An Enhanced Two-factor UserAuthentication Scheme inWireless Sensor Networks
DAOJING HE, YI GAO, SAMMY CHAN,CHUN CHEN , JIAJUN BU
Ad Hoc & Sensor Wireless Networks 2010Vol. 0, pp. 1–11
Citation: 14Presenter: 林致良
Date: 2013/4/22
![Page 2: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/2.jpg)
2
Outline
• Introduction• Related work• The new proposed protocol • Security and performance analysis • Conclusion
![Page 3: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/3.jpg)
3
Outline
• Introduction• Related work• The new proposed protocol • Security and performance analysis • Conclusion
![Page 4: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/4.jpg)
4
Introduction
• In WSNs, both Gateway (GW) nodes and external parties (users) are able to access directly the real-time data from the sensor nodes.
• A two-factor authentication is a concept used to describe an authentication mechanism, where more than one factor is required to authenticate the communicating party.
![Page 5: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/5.jpg)
5
Introduction
![Page 6: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/6.jpg)
6
Introduction
This paper points out:• Security weaknesses in Das M.’s scheme such
as suffering from insider attack.
This paper presents :• An enhanced two-factor user authentication
protocol.
![Page 7: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/7.jpg)
7
Outline
• Introduction• Related work• The new proposed protocol • Security and performance analysis • Conclusion
![Page 8: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/8.jpg)
8
Related work
Das M.'s scheme consists of two phases:
1. Registration phase 2. Authentication phase (1) Login phase (2) Verification Phase
![Page 9: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/9.jpg)
9
Registration phase
Select ,
[ ,] (secure channel)
Das M.'s scheme
GW nodeUser()
Compute
Smart card { , h(), h( )⋅ , }
symmetric key: K one-way hash function: h( )⋅
![Page 10: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/10.jpg)
10
Related work
Das M.'s scheme consists of two phases:
1. Registration phase 2. Authentication phase (1) Login phase (2) Verification Phase• This phase is invoked when User wants to perform
some queries to or access data from the network.
![Page 11: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/11.jpg)
11
Login phase
Input ,smart card validates with the stored ones in it.
Das M.'s scheme
GW nodeUser()
Compute:Compute:
Smart card { , h(), h( )⋅ , }
T : current timestamp :dynamic login identity of
![Page 12: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/12.jpg)
12
Verification Phase
GW nodeUser()
(T*−T)≤ΔT
Compute:
![Page 13: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/13.jpg)
13
Verification Phase
:nearest sensor nodeGW node
Compute:
=
![Page 14: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/14.jpg)
14
Registration phase
Select ,
[ ,] (secure channel)
• A privileged insider of the GW-node can obtain a user the message < , >.
• The insider can impersonate the user to use it to impersonate to access other GW-nodes.
Attack on Das M.'s scheme
GW nodeUser()
![Page 15: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/15.jpg)
15
Design weakness on Das M.'s scheme
• The GW-node, as a registration and access center, should know the real identities of all users in the authentication phase.
• Although can be obtained by computing = ⊕h , the GW-node cannot get the real identity of any user because no password/verifier table is kept.
![Page 16: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/16.jpg)
16
Outline
• Introduction• Related work• The new proposed protocol • Security and performance analysis • Conclusion
![Page 17: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/17.jpg)
17
The new proposed protocol
The proposed scheme consists of three phases: 1. Registration phase 2. Authentication phase (1) Login phase (2) Verification Phase 3. Password updating phase
![Page 18: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/18.jpg)
18
Registration phase
Select ,, b
[ , h(b ⊕ )] (secure channel)
The new proposed protocol
GW nodeUser()
Compute:
Smart card { , h( )⋅ , }
arbitrary number: b (large)secret number: K, J
Compute h(b ⊕ )
![Page 19: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/19.jpg)
19
Login phase
Input ,smart card validates with the stored ones in it.
The new proposed protocol
GW nodeUser()
Compute:
Smart card { , h( ) ⋅ , }
T : current timestamp :dynamic login identity of
![Page 20: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/20.jpg)
20
Verification Phase
GW nodeUser()
(T*−T)≤ΔT
Compute:
![Page 21: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/21.jpg)
21
Verification Phase
:nearest sensor nodeGW node
Compute:
=
![Page 22: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/22.jpg)
22
Input , smart card validates with the stored ones in it.
Password updating phase
User()
Compute:
Smart card { , h( ) ⋅ , }
![Page 23: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/23.jpg)
23
Outline
• Introduction• Related work• The new proposed protocol • Security and performance analysis • Conclusion
![Page 24: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/24.jpg)
24
Security Analysis
The scheme can withstand the insider attack and the impersonation attack: registers to the GW-node by presenting h(b⊕) instead of the insider of the GW-node cannot directly obtain
The scheme can obtain an user’s real identity:The GW-node obtains the users real identity by computing = ⊕h(T||).
![Page 25: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/25.jpg)
25
Performance Analysis
: the delay time for the communication between a user and the GW-node.: the delay time for the communication between a GW-node and a sensor node.: the delay time for the communication between and a sensor node and a user.
Note: XOR operation requires very few computations, thus its computationcost is neglected here.
![Page 26: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/26.jpg)
26
Outline
• Introduction• Related work• The new proposed protocol • Security and performance analysis • Conclusion
![Page 27: An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless](https://reader038.vdocuments.net/reader038/viewer/2022103023/56649dba5503460f94aaaa99/html5/thumbnails/27.jpg)
27
Conclusion
• This paper points out the security weaknesses in a two-factor user authentication protocol for wireless sensor networks.
• The analysis has shown that the security issues in that scheme can be solved in a very simple way, which is the proposal in this paper.