对两个无线传感器网络中匿名身份认证协议的安全性分析

doi:10.11772/j.issn.1001-9081.2015.12.3424

计算机应用 ›› 2015, Vol. 35 ›› Issue (12): 3424-3428.DOI: 10.11772/j.issn.1001-9081.2015.12.3424

对两个无线传感器网络中匿名身份认证协议的安全性分析

薛锋¹, 汪定^1,2, 曹品军¹, 李勇¹

1. 解放军蚌埠汽车士官学校训练部, 安徽蚌埠 233011;
2. 北京大学信息科学技术学院, 北京 100871

收稿日期:2015-06-02 修回日期:2015-07-19 出版日期:2015-12-10 发布日期:2015-12-10
通讯作者: 汪定(1985-),男,湖北十堰人,博士研究生,CCF会员,主要研究方向:密码学、无线网络安全
作者简介:薛锋(1975-),男,陕西宜川人,讲师,主要研究方向:密码学、信息安全工程;曹品军(1979-),男,山东曹县人,硕士,主要研究方向:密码与信息安全;李勇(1980-),男,山东新泰人,讲师,主要研究方向:网络与信息安全。
基金资助:
国家自然科学基金资助项目(61472016)。

Cryptanalysis of two anonymous user authentication schemes for wireless sensor networks

XUE Feng¹, WANG Ding^1,2, CAO Pinjun¹, LI Yong¹

1. Department of Training, PLA Bengbu Automobile Sergeant Institute, Bengbu Anhui 233011, China;
2. School of Electronics Engineering and Computer Science, Peking University, Beijing 100871, China

Received:2015-06-02 Revised:2015-07-19 Online:2015-12-10 Published:2015-12-10

摘要/Abstract

摘要： 针对设计安全高效的无线传感器网络环境下匿名认证协议的问题,基于广泛接受的攻击者能力假设,采用基于场景的攻击技术,对新近提出的两个无线传感器网络环境下的双因子匿名身份认证协议进行了安全性分析。指出刘聪等提出的协议(刘聪,高峰修,马传贵,等.无线传感器网络中具有匿名性的用户认证协议.计算机工程,2012,38(22):99-103)无法实现所声称的抗离线口令猜测攻击,且在协议可用性方面存在根本性设计缺陷;指出闫丽丽等提出的协议(闫丽丽,张仕斌,昌燕.一种传感器网络用户认证与密钥协商协议.小型微型计算机系统,2013,34(10):2342-2344)不能抵抗用户仿冒攻击和离线口令猜测攻击,且无法实现用户不可追踪性。结果表明,这两个匿名身份认证协议都存在严重安全缺陷,不适于在实际无线传感器网络环境中应用。

关键词: 身份认证, 双因子协议, 匿名性, 离线口令猜测攻击, 用户仿冒攻击

Abstract: Aiming at the problem of designing secure and efficient user authentication protocols with anonymity for wireless sensor networks, based on the widely accepted assumptions about the capabilities of attackers and using the scenarios-based attacking techniques, the security of two recently proposed two-factor anonymous user authentication schemes for wireless sensor networks was analyzed. The following two aspects were pointed out:1) the protocol suggested by Liu etc. (LIU C, GAO F, MA C, et al. User authentication protocol with anonymity in wireless sensor network. Computer Engineering, 2012, 38(22):99-103) cannot resist against offline password guessing attack as the authors claimed and is also subject to a serious design flaw in usability; 2) the protocol presented by Yan etc. (YAN L, ZHANG S, CHANG Y. A user authentication and key agreement scheme for wireless sensor networks. Journal of Chinese Computer Systems, 2013, 34(10):2342-2344) cannot withstand user impersonation attack and offline password guessing attack as well as fall short of user un-traceability. The analysis results demonstrate that, these two anonymous authentication protocols have serious security flaws, which are not suitable for practical applications in wireless sensor networks.

Key words: identity authentication, two-factor protocol, anonymity, offline password guessing attack, user impersonation attack

中图分类号:

TP393.08

薛锋, 汪定, 曹品军, 李勇. 对两个无线传感器网络中匿名身份认证协议的安全性分析[J]. 计算机应用, 2015, 35(12): 3424-3428.

XUE Feng, WANG Ding, CAO Pinjun, LI Yong. Cryptanalysis of two anonymous user authentication schemes for wireless sensor networks[J]. Journal of Computer Applications, 2015, 35(12): 3424-3428.

参考文献

[1] NEWELL A, YAO H, RYKER A. Node-capture resilient key establishment in sensor networks:design space and new protocols[J]. ACM Computing Surveys, 2014, 47(2):1-24.
[2] WANG D, WANG P. On the anonymity of two-factor authentication schemes for wireless sensor networks:attacks, principle and solutions[J]. Computer Networks, 2014, 73:41-57.
[3] BONNEAU J. The science of guessing:analyzing an anonymized corpus of 70 million passwords[C]//Proceedings of the 2012 IEEE Symposium on Security and Privacy. Piscataway:IEEE, 2012:538-552.
[4] DAS M. Two-factor user authentication in wireless sensor networks[J]. IEEE Transactions on Wireless Communications, 2009, 8(3):1086-1090.
[5] HE D, GAO Y, CHAN S, et al. An enhanced two-factor user authentication scheme in wireless sensor networks[J]. Ad Hoc Sensor & Wireless Networks, 2010, 10(4):361-371.
[6] XUE K, MA C, HONG P, et al.A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks[J]. Journal of Network and Computer Applications, 2012, 36(1):316-323.
[7] MESSERGES T S, DABBISH E A, SLOAN R H. Examining smart-card security under the threat of power analysis attacks[J]. IEEE Transactions on Computers, 2002, 51(5):541-552.
[8] KIM T H, KIM C, PARK I. Side channel analysis attacks using AM demodulation on commercial smart cards with seed[J]. Journal of Systems and Software, 2012, 85(12):2899-2908.
[9] WANG D, WANG P. Offline dictionary attack on password authentication schemes using smart cards[C]//Proceedings of the 16th Information Security Conference. Berlin:Springer, 2014:1-16.
[10] LIU C, GAO F, MA C, et al. User authentication protocol with anonymity in wireless sensor network[J]. Computer Engineering, 2012, 38(22):99-103. (刘聪,高峰修,马传贵,等.无线传感器网络中具有匿名性的用户认证协议[J].计算机工程,2012,38(22):99-103.)
[11] YAN L, ZHANG S, CHANG Y. A user authentication and key agreement scheme for wireless sensor networks[J]. Journal of Chinese Computer Systems, 2013, 34(10):2342-2344. (闫丽丽,张仕斌,昌燕.一种传感器网络用户认证与密钥协商协议[J].小型微型计算机系统,2013,34(10):2342-2344.)
[12] WANG D, MA C,WENG C,et al. Cryptanalysis and improvement of a remote user authentication scheme for resource-limited environment[J]. Journal of Electronics & Information Technology, 2012, 34(10):2520-2526. (汪定,马春光,翁臣,等.一种适于受限资源环境的远程用户认证方案的分析与改进[J].电子与信息学报,2012,34(10):2520-2526.)
[13] ZAN Y, LIU W, JIANG F. Remote user mutual authentication scheme based on dynamic ID[J]. Journal of Information Engineering University, 2014,15(3):262-269. (昝亚洲,刘文芬,蒋峰云.基于动态ID的远程用户交互认证方案[J].信息工程大学学报,2014,15(3):262-269.)
[14] XUE F, WANG D, WANG L, et al. Cryptanalysis of two smartcard-based remote user password authentication protocols[J]. Journal of Computer Applications, 2012, 32(7):221-224. (薛锋,汪定,王立萍,等.对两个基于智能卡的远程用户口令认证协议的安全性分析[J].计算机应用,2012,32(7):221-224.)
[15] MA C, WANG D, ZHAO S. Security flaws in two improved remote user authentication schemes using smart cards[J]. International Journal of Communication Systems, 2014, 27(10):2215-2227.

对两个无线传感器网络中匿名身份认证协议的安全性分析

Cryptanalysis of two anonymous user authentication schemes for wireless sensor networks

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	杜心雨, 王化群. LTE-A网络中基于动态组的有效的身份认证和密钥协商方案[J]. 计算机应用, 2021, 41(6): 1715-1722.
[2]	张兴兰, 赵怡静. 基于单光子的量子双向同步身份认证协议[J]. 计算机应用, 2020, 40(9): 2634-2638.
[3]	江泽涛, 徐娟娟. 云环境下基于签密的异构跨域身份认证方案[J]. 计算机应用, 2020, 40(3): 740-746.
[4]	王松伟, 陈建华. 基于混沌映射的多因子认证密钥协商协议[J]. 计算机应用, 2018, 38(10): 2940-2944.
[5]	刘威, 汪阳, 郑建彬, 詹恩奇. 基于加速度传感器的中文签名身份认证[J]. 计算机应用, 2017, 37(4): 1004-1007.
[6]	胡振宇, 李志华, 陈超群. 基于用户社会关系的移动终端认证方案[J]. 计算机应用, 2016, 36(6): 1552-1557.
[7]	王康, 李清宝. 结合容量伪装和双文件系统的文件隐藏方法[J]. 计算机应用, 2016, 36(4): 979-984.
[8]	庞永春, 孙子文, 王尧. 基于手机触摸屏传感器多点触摸身份认证算法[J]. 计算机应用, 2015, 35(6): 1780-1784.
[9]	刘超耿焕同刘文杰. 基于对称W态和身份认证的安全量子通信协议[J]. 计算机应用, 2014, 34(2): 438-441.
[10]	戴永张维静孙广武. 金融交易密码多模态化方法[J]. 计算机应用, 2013, 33(01): 135-137.
[11]	李晓琳梁向前刘奎潘帅. 可验证环签名方案的分析和改进[J]. 计算机应用, 2012, 32(12): 3466-3469.
[12]	薛锋汪定王立萍马春光. 对两个基于智能卡的口令认证协议的安全性分析[J]. 计算机应用, 2012, 32(07): 2007-2009.
[13]	李福林徐开勇李立新. 基于ESB的统一身份认证系统设计与实现[J]. 计算机应用, 2012, 32(01): 52-55.
[14]	孙丽娜常桂然王兴伟. 无线网络下可信移动节点接入认证方案[J]. 计算机应用, 2011, 31(11): 2950-2953.
[15]	谌双双陈泽茂王浩. 基于身份的无线传输层安全握手协议改进方案[J]. 计算机应用, 2011, 31(11): 2954-2956.