DOI QR코드

DOI QR Code

계층적 무선 센서 네트워크를 위한 패스워드 기반 사용자 인증 스킴의 보안 취약점 분석

Analysis on Security Vulnerabilities of a Password-based User Authentication Scheme for Hierarchical Wireless Sensor Networks

  • 주영도 (강남대학교 컴퓨터미디어정보공학부)
  • Joo, Young-Do (Dept. of Computer & Media Information, Kangnam University)
  • 투고 : 2015.07.15
  • 심사 : 2015.08.07
  • 발행 : 2015.08.31

초록

유비쿼터스 시대의 도래와 함께 센서를 기반으로 하는 무선 센서 네트워크의 응용 분야는 광범위하게 확산되고 있다. 따라서 무선 센서 네트워크에서 센서들로부터 수집되는 기밀 데이터를 허가 받지 않은 사용자로부터 보호하기 위해, 널리 사용되어지는 스마트카드와 패스워드 기반의 사용자 인증도 견고한 보안을 요구한다. 최근 무선 센서 네트워크는 클러스터 헤드와 센서 노드 이원화를 통해 운용상 보다 효과적인 계층적 무선 센서 네트워크로 전개 발전되고 있다. 2012년 Das 등은 계층적 무선 센서 네트워크에 실제 적용 가능한 동적 패스워드 기반 사용자 인증 스킴을 제안하였다. 본 논문은 안정성 분석을 통해 Das 등의 스킴이 그들의 주장과 달리 여전히 중간자 공격, 패스워드 추측 공격, 패스워드 변경 공격을 막을 수 없을 뿐 아니라, 필수적인 보안 요구사항인 사용자와 클러스터 헤드 간의 상호인증을 투명하게 제공하지 못함을 입증한다.

The numerous improved schemes of user authentication based on password have been proposed in order to prevent the data access from the unauthorized person. The importance of user authentication has been remarkably growing in the expanding application areas of wireless sensor networks. Recently, emerging wireless sensor networks possesses a hierarchy among the nodes which are divided into cluster heads and sensor nodes. Such hierarchical wireless sensor networks have more operational advantages by reducing the energy consumption and traffic load. In 2012, Das et al. proposed a user authentication scheme to be applicable for the hierarchical wireless sensor networks. Das et al. claimed that their scheme is effectively secure against the various security flaws. In this paper, author will prove that Das et al.'s scheme is still vulnerable to man-in-the-middle attack, password guessing/change attack and does not support mutual authentication between the user and the cluster heads.

키워드

참고문헌

  1. A. K. Das, "An Unconditionally Secure Key Management Scheme for Large-scale Wireless Sensor Networks", IEEE International Conference on Communication systems and Networks, pp. 1-10, 2009.
  2. A. K. Das, P. Sharma, S. Chatterjee, and J. K. Sing, "A Dynamic Password-based User Authentication Scheme for Hierarchical Wireless Sensor Networks", Journal of Network and Computer Applications, Vol. 35, No, 5, pp. 1646-1656, 2012. https://doi.org/10.1016/j.jnca.2012.03.011
  3. L. Lamport, "Password Authentication with Insecure Communication", Communications of the ACM, Vol. 24, No. 11, pp. 770-772, 1981. https://doi.org/10.1145/358790.358797
  4. R. Watro, and D. Kong, et al., "Securing Sensor Network with Public Key Technology", ACM Workshop Security of Ad Hoc Sensor Network, pp. 59-64, 2004.
  5. K. Wong, Y. Zheng, and J. Cao, et al., "A Dynamic User Authentication Scheme for Wireless Sensor Networks", IEEE International Conference Sensor Networks, Ubiquitous and Trustworthy Computing, IEEE Computing Society, pp. 244-251, 2006.
  6. M. L. Das, "Two-factor User Authentication Scheme in Wireless Sensor Network", IEEE Transactions on Wireless Communications, Vol. 8, No. 3, pp. 1086-1090, 2009. https://doi.org/10.1109/TWC.2008.080128
  7. M. K. Khan, and K. Alghathbar, "Cryptanalysis and Security Improvements of Two-factor User Authentication in Wireless Sensor Networks", Sensors, Vol. 10, No. 3, pp. 2450-2459, 2010. https://doi.org/10.3390/s100302450
  8. D. He, Y. Gao, S. Chan, C. Chen, and J. Bu, "An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks", Ad Hoc & Sensor Wireless Networks, Vol. 10, No. 4, pp. 361-371, 2010.
  9. H. L. Yeh, T. H. Chen, P. C. Liu, T. H. Kim, and H. W. Wei, "A Secure Authentication Protocol for Wireless Sensor Network Using Elliptic Curve Cryptography", Sensors, Vol. 11, No. 5, pp. 4767-4779, 2011. https://doi.org/10.3390/s110504767
  10. C. T. Li, C. Y. Weng, and C. C. Lee, et al., "Security Flaws of a Password Authentication Scheme for Hierarchical WSNs", Journal of Advances in Computer Networks, Vol. 1, No. 2, pp. 121-124, 2013.
  11. J. Yuan, C. Jiang, and Z. Jiang, "A Biometric-Based User Authentication for Wireless Sensor Networks", Wuhan University Journal of Natural Science, Vol. 15, No. 3, pp. 272-276, 2010. https://doi.org/10.1007/s11859-010-0318-2
  12. H. Lee, and Y. Park, "A Design and Implementation of User Authentication System using Biometric Information", Journal of the Korea Academia-Industrial Cooperation Society(JKAIS), Vol. 11, No. 9, pp. 3548-3557, 2010. https://doi.org/10.5762/KAIS.2010.11.9.3548
  13. Y. Joo, "Analysis on Security Vulnerabilities of a Biometric-based User Authentication Scheme for Wireless Sensor Networks", Journal of the Institute of Internet, Broadcasting and Communication(JIIBC), Vol. 14, No. 2, pp. 147-153, 2014. https://doi.org/10.7236/JIIBC.2014.14.2.147
  14. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis", Proceedings of Advances in Cryptology, pp. 388-397, 1999.
  15. T. S. Messerges, E. A. Dabbish, and R. H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks", IEEE Transactions on Computers, Vol. 51, No. 5, pp. 541-552, 2002 https://doi.org/10.1109/TC.2002.1004593