한국인터넷방송통신학회논문지 (The Journal of the Institute of Internet, Broadcasting and Communication)

  • 제16권6호
  • /
  • Pages.95-101
  • /
  • 2016
  • /
  • 2289-0238(pISSN)
  • /
  • 2289-0246(eISSN)
한국인터넷방송통신학회 (The Institute of Internet, Broadcasting and Communication)
권호 표지
DOI QR코드

DOI QR Code

스마트 카드 분실 공격에 안전한 사용자 인증 스킴의 취약점 및 개선방안

Weaknesses and Improvement of User Authentication Scheme against Smart-Card Loss Attack

  • 최윤성 (호원대학교 사이버수사보안학부)
  • Choi, Younsung (Dept. of Cyber Investigation Security, Howon University)
  • 투고 : 2016.09.02
  • 심사 : 2016.12.09
  • 발행 : 2016.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

최근에는 인터넷 및 통신망 기술의 발달과 함께 무선 센서 네트워크 기술에 대한 연구가 활발해지고 있다. 그와 더불어 무선 센서 네트워크 환경을 적법하게 사용하기 위해서, 사용자 및 센서에 대한 인증기술에 대한 중요성도 커져가고 있다. 처음으로 Das가 스마트 카드와 패스워드를 이용한 무선 센서 네트워크 환경에서의 인증 스킴을 제안한 이후로, 취약점 분석 및 안전한 인증기술에 관한 연구가 활발히 진행되고 있다. 그 중 Chen 등은 스마트 카드 분실 공격에 안전한 인증 스킴을 제안하였다. Chen 등이 제안한 스킴은 효율적이지만 여전히 완전 순방향 비밀성 미보장, 익명성 미보장, GW에 의한 세션키 노출 문제와 패스워드 검사가 제공되지 못하여 발생하는 취약점들이 분석되었다. 이를 해결하기 위해서 본 논문에서는 퍼지추출 기술, 타원곡선 암호, 동적 ID 기술 등을 스킴에 적용하여, 보안성이 향상된 사용자 인증 스킴을 제안하고, 제안하는 스킴의 안전성을 분석하였다.

With the rapid development of Internet and communication network technology, various studies had proceeded to develop the technology of wireless sensor networks. Authentication schemes for user and sensor are critical and important security issue to use wireless sensors legally. First, Das introduce a user authentication scheme using smart card and password for wireless sensor networks, various studies had proceeded. Chem et al. suggested a secure user authentication scheme against smart card loss attack but Chen et al. scheme does not still resolve some security vulnerability such as perfect forward secrecy, session key exposure by gateway node, anonymity, and the password check. To resolve the problems, this paper proposes a security enhanced user authentication using the fuzzy extraction, elliptic curves cryptography and dynamic ID and analyzes the security.

키워드

참고문헌

  1. Eunju Kim, Jong-Woong Park, Sung-Han Sim, Development of Wireless Smart Sensing Framework for Structural Health Monitoring of High-speed Railway Bridges, Journal of the Korea Academia-Industrial cooperation Society, Vol. 17, No. 5 pp. 1-9, 2016 DOI: http://dx.doi.org/10.5762/KAIS.2016.17.5.1
  2. Sunho Kim, Kangwoo Lee, Yonghee Lee, A study on implementation of standard protocol for communication of health signals in mobile environment, The Journal of The Institute of Internet, Broadcasting and Communicatioin, Vol. 16, No. 5, pp.125-129, Oct. 31, 2016. DOI: http://dx.doi.org/10.7236/JIIBC.2016.16.5.125
  3. Young-Do Joo, Analysis on Security Vulnerabilities of a Biometric-based User Authentication Scheme for Wireless Sensor Networks, The Journal of The Institute of Internet, Broadcasting and Communication, VOL. 14 No. 1, pp.147-153, Feb. 28, 2014. DOI: http://dx.doi.org/10.7236/jiibc.2014.14.1.147
  4. Young-Hwa An, Young-Do Joo, Security Enhancement of Biometrics-based Remote User Authentication Scheme Using Smart Cards, The Journal of The Institute of Internet, Broadcasting and Communication, VOL. 12 No. 1, pp.231-237, Feb. 28, 2012. DOI: http://dx.doi.org/10.7236/jiwit.2012.12.1.231
  5. M. L. Das, "Two-factor user authentication in wireless sensor networks" IEEE Transactions on Wireless Communications, vol. 8, no. 3, pp. 1086-1090, 2009. DOI: http://dx.doi.org/10.1109/twc.2008.080128
  6. M. K. Khan and K. Alghathbar, "Security analysis of 'two-factor user authentication in wireless sensor networks'," in Advances in Computer Science and Information Technology, vol. 6059 of LNCS, pp. 55-60, Springer, Germany, 2010. DOI: http://dx.doi.org/10.1007/978-3-642- 13577-4_5
  7. J. J. Yuan, "An enhanced two-factor user authentication in wireless sensor networks," Tele communication Systems, vol. 55, no. 1, pp. 105-13, 2014. DOI: http://dx.doi.org/10.1007/s11235-013-9755-5
  8. H. L. Yeh et al. "A secured authentication protocol for wireless sensor networks using Elliptic Curves Cryptography," Sensors, vol. 11, no. 5, pp. 4767-4779, 2011.10. DOI: http://dx.doi.org/10.3390/s110504767
  9. L. Chen, W. Fushan, and M. Chuangui, "A Secure User Authentication Scheme against Smart-Card Loss Attack for Wireless Sensor Networks Using Symmetric Key Techniques," International Journal of Distributed Sensor Networks, 2015. DOI: http://dx.doi.org/10.1155/2015/704502
  10. Younsung Choi, Youngsook Lee and Dongho Won, Cryptanalysis on Symmetric Key Techniques based Authentication Scheme for Wireless Sensor Networks, CSA 2015 (Cebu) Springer, LNEE 373, pp. 7-13, 2015.12.15. DOI: http://dx.doi.org/10.1007/978-981-10-0281-6_2
  11. Younsung Choi, Junghyun Nam, Donghoon Lee, Jiye Kim, Jaewook Jung and Dongho Won, Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme Using Smart Cards and Biometrics, The Scientific World Journal, Vol.2014, DOI: http://dx.doi.org/10.1155/2014/281305
  12. Younsung Choi, Donghoon Lee, Jiye Kim, Jaewook Jung, Junghyun Nam and Dongho Won "Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography" Sensors, vol. 14, no. 6, pp. 10081-10106, 2014. DOI: http://dx.doi.org/10.3390/s140610081