The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis on Security Vulnerabilities of a Biometric-based User Authentication Scheme for Wireless Sensor Networks

무선 센서 네트워크를 위한 생체 정보 기반 사용자 인증 스킴의 보안 취약점 분석

  • Joo, Young-Do (Dept. of Computer and Media Information, Kangnam University)
  • 주영도 (강남대학교 컴퓨터미디어정보공학부)
  • Received : 2014.01.13
  • Accepted : 2014.02.07
  • Published : 2014.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

The numerous improved schemes of remote user authentication based on password have been proposed in order to overcome the security weakness in user authentication process. Recently, some of biometric-based user authentication schemes to use personal biometric information have been introduced and they have shown the relatively higher security and the enhanced convenience as compared to traditional password-based schemes. These days wireless sensor network is a fundamental technology in face of the ubiquitous era. The wireless sensor networks to collect and process the data from sensor nodes in increasing high-tech applications require important security issues to prevent the data access from the unauthorized person. Accordingly, the research to apply to the user authentication to the wireless sensor networks has been under the progress. In 2010, Yuan et al. proposed a biometric-based user authentication scheme to be applicable for wireless sensor networks. Yuan et al. claimed that their scheme is effectively secure against the various security flaws including the stolen verifier attack. In this paper, author will prove that Yuan et al.'s scheme is still vulnerable to the password guessing attack, user impersonation attack and the replay attack, by analyzing their security weakness.

스마트카드를 사용하는 원격 사용자 인증 스킴은 일반적으로 패스워드를 기반으로 하여 연구되었고, 지속적으로 보안성을 강화하는 개선안들이 제시되어 왔다. 최근 생체인식 기술의 발달과 함께, 다양한 인간 생체정보(biometrics)를 비밀키 값으로 사용하는 생체정보 기반 사용자 인증 스킴들이 소개되면서, 전통적인 패스워드 기반 인증 스킴보다 상대적으로 안전성과 편리성이 향상된 접근 방법으로 부상하고 있다. 한편 유비쿼터스 시대의 도래와 함께 핵심 기술이 되는 무선 센서 네트워크에 대한 관심이 증대되고 있다. 센서 노드를 이용하여 정보를 수집 처리하는 무선 센서 네트워크는 사회전반으로 응용분야가 확대됨과 동시에 네트워크의 구조적인 보안을 비롯한 다양한 보안 요구사항을 요구한다. 따라서 무선 센서 네트워크 응용계층에서 요구되는 사용자 인증에 대한 연구 또한 서서히 진행되고 있다. 2010년 Yuan 등은 생체정보를 기반으로 무선 센서 네트워크에 적용 가능한 효과적인 사용자 인증 스킴을 제안하였다. 본 논문은 안전성 분석을 통해 Yuan 등의 스킴이 그들의 주장과 달리 여전히 패스워드 추측 공격, 사용자 가장 공격 및 재전송 공격에 취약함을 입증한다.

Keywords

References

  1. H. Jeong, J. O. Lee, N. S. Park, and J. Y. Lee, et al., "Technical Trends of Sensor Networking", Electronic and Telecommunication Trends, Vol. 22, No. 3, pp. 80-89, 2005.
  2. J. K. Lee, S. R. Ryu, and K. Y. Yoo, "Fingerprint-based Remote User Authentication Scheme Using Smart Cards", Electronic Letters, Vol. 38, No. 12, pp. 554-555, 2002. https://doi.org/10.1049/el:20020380
  3. H. Lee, and Y. Park, "A Design and Implementation of User Authentication System using Biometric Information", Journal of Korea Academia-Industrial Cooperation Society, Vol. 11, No. 9, pp. 3548-3557, 2010. https://doi.org/10.5762/KAIS.2010.11.9.3548
  4. C. T. Li, and M. S. Hwang, "An Efficient Biometrics-based Remote User Authentication Scheme Using Smart Cards", Journal of Network and Computer Applications, Vol. 33, pp. 1-5, 2010. https://doi.org/10.1016/j.jnca.2009.08.001
  5. D. S. Wang, and J. Li, "A Novel Mutual Authentication Scheme Based on Fingerprint Biometric and Nonce Using Smart Cards", International Journal of Security and its Application, Vol. 5, No. 4, pp. 1-12, 2011.
  6. A. K. Das, "Analysis and Improvement on an Efficient Biometric-based Remote User Authentication Scheme Using Smart Cards", IET Information Security, Vol. 5, No. 3, pp. 541-552, 2011.
  7. J. Yuan, C. Jiang, and Z. Jiang, "A Biometric-Based User Authentication for Wireless Sensor Networks", Wuhan University Journal of Natural Science, Vol. 15, No. 3, pp. 272-276, 2010. https://doi.org/10.1007/s11859-010-0318-2
  8. L. Lamport, "Password Authentication with Insecure Communication", Communications of the ACM, Vol. 24, No. 11, pp. 770-772, 1981. https://doi.org/10.1145/358790.358797
  9. J. J. Shen, C. W. Lin, and M. S. Hwang, "Security Enhancement for Timestamp-based Password Authentication Scheme Using Smart Cards", Computers and Security, Vol. 22, No. 7, pp. 591-595, 2003. https://doi.org/10.1016/S0167-4048(03)00709-0
  10. E. J. Yoon, E. K. Ryu, and K. Y. Yoo, "Further Improvements of an Efficient Password based Remote User Authentication Scheme Using Smart Cards", IEEE Transaction on Consumer Electronics, Vol. 50, No. 2, pp. 612-614, 2004. https://doi.org/10.1109/TCE.2004.1309437
  11. C. J. Fan, Y. C. Chan, and Z. K. Zhang, "Robust Remote Authentication Scheme with Smart Cards", Computers and Security, Vol. 24, No. 8, pp. 619-628, 2005. https://doi.org/10.1016/j.cose.2005.03.006
  12. C. W. Lin, C. S. Tsai, and M. S. Hwang, "A New Strong-Password Authentication Scheme Using One-Way Hash Functions", Journal of Computer and Systems Sciences International, Vol. 45, No. 4, pp. 623-626, 2006. https://doi.org/10.1134/S1064230706040137
  13. C. Lin, and C. Hung, "Cryptanalysis and Improvement on Lee-Chen's One-Time Password Authentication Scheme", International Journal of Security and its Application, Vol. 2, No. 2, pp. 1-8, 2008.
  14. Y. Joo, and Y. An, "Security Improvement of Remote User Authentication Scheme based on Smart Cards", Journal of Institute of Internet, Broadcasting and Communication, Vol. 11, No. 5, pp. 131-137, 2011.
  15. A. Perrig, R. Szewczyk, and V. Wen, et al., "SPINS: Security Protocols for Sensor Networks", Wireless Networks, Vol. 8, No. 5, pp. 521-534, 2002. https://doi.org/10.1023/A:1016598314198
  16. N. Sastry, and D. Wagner, "Security Considerations for IEEE 802.15.4 Networks", ACM Workshop Wireless Security, ACM Press, pp. 32-42, 2004.
  17. M Choi, T. Kim, S. Yeo, and E. Choi, "A Study on the Network Security Level Management", Journal of Korean Institute of Information Technology, Vol. 7, No. 1, pp. 214-219, 2009.
  18. R. Watro, D. Kong, and S. Cuti, et al., "Securing Sensor Networks with Public Key Technology", ACM Workshop Security of Ad Hoc Sensor Network, ACM Press, pp. 59-64, 2004.
  19. K. Wong, Y. Zheng, and J. Cao, et al., "A Dynamic User Authentication Scheme for Wireless Sensor Networks", IEEE International Conference Sensor Networks, Ubiquitous, Trustyworthy Computing, IEEE Computing Society, pp. 244-251, 2006.
  20. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis", Proceedings of Advances in Cryptology, pp. 388-397, 1999.
  21. T. S. Messerges, E. A. Dabbish, and R. H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks", IEEE Transactions on Computers, Vol. 51, No. 5, pp. 541-552, 2002. https://doi.org/10.1109/TC.2002.1004593

Cited by

  1. A study of data harvest in distributed sensor networks vol.16, pp.5, 2015, https://doi.org/10.5762/KAIS.2015.16.5.3421