Journal of Computer Applications ›› 2015, Vol. 35 ›› Issue (12): 3424-3428.DOI: 10.11772/j.issn.1001-9081.2015.12.3424

• Information security • Previous Articles     Next Articles

Cryptanalysis of two anonymous user authentication schemes for wireless sensor networks

XUE Feng1, WANG Ding1,2, CAO Pinjun1, LI Yong1   

  1. 1. Department of Training, PLA Bengbu Automobile Sergeant Institute, Bengbu Anhui 233011, China;
    2. School of Electronics Engineering and Computer Science, Peking University, Beijing 100871, China
  • Received:2015-06-02 Revised:2015-07-19 Online:2015-12-10 Published:2015-12-10


薛锋1, 汪定1,2, 曹品军1, 李勇1   

  1. 1. 解放军蚌埠汽车士官学校训练部, 安徽蚌埠 233011;
    2. 北京大学信息科学技术学院, 北京 100871
  • 通讯作者: 汪定(1985-),男,湖北十堰人,博士研究生,CCF会员,主要研究方向:密码学、无线网络安全
  • 作者简介:薛锋(1975-),男,陕西宜川人,讲师,主要研究方向:密码学、信息安全工程;曹品军(1979-),男,山东曹县人,硕士,主要研究方向:密码与信息安全;李勇(1980-),男,山东新泰人,讲师,主要研究方向:网络与信息安全。
  • 基金资助:

Abstract: Aiming at the problem of designing secure and efficient user authentication protocols with anonymity for wireless sensor networks, based on the widely accepted assumptions about the capabilities of attackers and using the scenarios-based attacking techniques, the security of two recently proposed two-factor anonymous user authentication schemes for wireless sensor networks was analyzed. The following two aspects were pointed out:1) the protocol suggested by Liu etc. (LIU C, GAO F, MA C, et al. User authentication protocol with anonymity in wireless sensor network. Computer Engineering, 2012, 38(22):99-103) cannot resist against offline password guessing attack as the authors claimed and is also subject to a serious design flaw in usability; 2) the protocol presented by Yan etc. (YAN L, ZHANG S, CHANG Y. A user authentication and key agreement scheme for wireless sensor networks. Journal of Chinese Computer Systems, 2013, 34(10):2342-2344) cannot withstand user impersonation attack and offline password guessing attack as well as fall short of user un-traceability. The analysis results demonstrate that, these two anonymous authentication protocols have serious security flaws, which are not suitable for practical applications in wireless sensor networks.

Key words: identity authentication, two-factor protocol, anonymity, offline password guessing attack, user impersonation attack

摘要: 针对设计安全高效的无线传感器网络环境下匿名认证协议的问题,基于广泛接受的攻击者能力假设,采用基于场景的攻击技术,对新近提出的两个无线传感器网络环境下的双因子匿名身份认证协议进行了安全性分析。指出刘聪等提出的协议(刘聪,高峰修,马传贵,等.无线传感器网络中具有匿名性的用户认证协议.计算机工程,2012,38(22):99-103)无法实现所声称的抗离线口令猜测攻击,且在协议可用性方面存在根本性设计缺陷;指出闫丽丽等提出的协议(闫丽丽,张仕斌,昌燕.一种传感器网络用户认证与密钥协商协议.小型微型计算机系统,2013,34(10):2342-2344)不能抵抗用户仿冒攻击和离线口令猜测攻击,且无法实现用户不可追踪性。结果表明,这两个匿名身份认证协议都存在严重安全缺陷,不适于在实际无线传感器网络环境中应用。

关键词: 身份认证, 双因子协议, 匿名性, 离线口令猜测攻击, 用户仿冒攻击

CLC Number: