1 / 27

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks. DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN , JIAJUN BU Ad Hoc & Sensor Wireless Networks 2010 Vol . 0, pp. 1–11 Citation: 14 Presenter: 林致良 Date: 2013/4/22. Outline. Introduction Related work

winter-decker
Download Presentation

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Enhanced Two-factor UserAuthentication Scheme inWireless Sensor Networks DAOJING HE,YI GAO, SAMMY CHAN, CHUN CHEN ,JIAJUN BU Ad Hoc & Sensor Wireless Networks2010 Vol. 0, pp. 1–11 Citation:14 Presenter: 林致良 Date: 2013/4/22

  2. Outline • Introduction • Related work • The new proposed protocol • Security and performance analysis • Conclusion

  3. Outline • Introduction • Related work • The new proposed protocol • Security and performance analysis • Conclusion

  4. Introduction • In WSNs, both Gateway (GW) nodes and external parties (users) are able to access directly the real-time data from the sensor nodes. • A two-factor authentication is a concept used to describe an authentication mechanism, where more than one factor is required to authenticate the communicating party.

  5. Introduction

  6. Introduction This paper points out: • Security weaknesses in Das M.’s schemesuch as suffering from insider attack. This paper presents : • An enhanced two-factor user authentication protocol.

  7. Outline • Introduction • Related work • The new proposed protocol • Security and performance analysis • Conclusion

  8. Related work Das M.'s scheme consists of two phases:  1. Registration phase 2. Authentication phase (1) Login phase (2) Verification Phase

  9. Das M.'s scheme Registration phase Select , [ ,] (secure channel) symmetric key: K one-way hash function: h(⋅) User() GW node Compute Smart card {, h(), h(⋅), }

  10. Related work Das M.'s scheme consists of two phases:  1. Registration phase 2. Authentication phase (1) Login phase (2) Verification Phase • This phase is invoked when Userwants to perform some queries to or accessdata from the network.

  11. Das M.'s scheme Login phase Input , smart card validates with the stored ones in it. Smart card {, h(), h(⋅), } User() GW node T : current timestamp :dynamic login identity of Compute: Compute:

  12. Verification Phase User() GW node (T*−T)≤ΔT Compute:

  13. Verification Phase GW node :nearest sensor node Compute: =

  14. Attack on Das M.'s scheme Registration phase Select , [ ,] (secure channel) • A privileged insider of the GW-node can obtain a user the message < ,>. • The insider can impersonate the user touse it to impersonate to access other GW-nodes. User() GW node

  15. Design weakness on Das M.'s scheme • The GW-node, as a registration and access center, should know the real identities of all users in the authentication phase. • Although can be obtained by computing = ⊕h , the GW-node cannot get the real identity of any user because no password/verifier table is kept.

  16. Outline • Introduction • Related work • The new proposed protocol • Security and performance analysis • Conclusion

  17. The new proposed protocol The proposed scheme consists of three phases: 1. Registration phase 2. Authentication phase (1) Login phase (2) Verification Phase 3. Password updating phase

  18. The new proposed protocol Registration phase Select ,,b [, h(b ⊕)] (secure channel) arbitrary number: b (large) secret number: K, J User() GW node Compute h(b ⊕) Compute: Smart card {, h(⋅), }

  19. The new proposed protocol Login phase Input , smart card validates with the stored ones in it. Smart card {, h(⋅) , } User() GW node Compute: T : current timestamp :dynamic login identity of

  20. Verification Phase User() GW node (T*−T)≤ΔT Compute:

  21. Verification Phase GW node :nearest sensor node Compute: =

  22. Password updating phase Smart card {, h(⋅) , } Input , smart card validates with the stored ones in it. User() Compute:

  23. Outline • Introduction • Related work • The new proposed protocol • Security and performance analysis • Conclusion

  24. Security Analysis The scheme can withstand the insider attack and the impersonation attack: registers to the GW-node by presenting h(b⊕) instead of the insider of the GW-node cannot directly obtain The scheme can obtain an user’s real identity: TheGW-node obtains the users real identity by computing = ⊕h(T||).

  25. Performance Analysis : the delay time for the communication between a user and the GW-node. : the delay time for the communication between a GW-node and a sensor node. : the delay time for the communication between and a sensor node and a user. Note: XOR operation requires very few computations, thus its computation cost is neglected here.

  26. Outline • Introduction • Related work • The new proposed protocol • Security and performance analysis • Conclusion

  27. Conclusion • This paper points out the security weaknesses in a two-factor user authentication protocol for wireless sensor networks. • The analysis has shown that the security issues in that scheme can be solved in a very simple way, which is the proposal in this paper.

More Related