Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지
DOI QR코드

DOI QR Code

Security Improvement of User Authentication Protocol for Heterogeneous Wireless Sensor Networks for the Internet of Things Environment

Heterogeneous Wireless Sensor Networks 환경에서의 안전한 사용자 인증 프로토콜

  • 이영숙 (호원대학교 IT소프트웨어보안학과)
  • Received : 2021.02.26
  • Accepted : 2021.03.31
  • Published : 2021.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, the use of sensor devices is gradually increasing. As various sensor device emerge and the related technologies advance, there has been a dramatic increase in the interest in heterogeneous wireless sensor networks (WSNs). While sensor device provide us many valuable benefits, automatically and remotely supported services offered and accessed remotely through WSNs also exposes us to many different types of security threats. Most security threats were just related to information leakage and the loss of authentication among the involved parties: users, sensors and gateways. An user authentication protocol for wireless sensor networks is designed to restrict access to the sensor data only to user. In 2019, Chen et al. proposed an efficient user authentication protocol. However, Ryu et al. show that it's scheme still unstable and inefficient. It cannot resist offline password guessing attack and session key attack. In this paper, we propose an improved protocol to overcome these security weaknesses by storing secret data in device. In addition, security properties like session-key security, perfect forward secrecy, known-key security and resistance against offline password attacks are implied by our protocol.

최근 센서를 이용한 장치들의 사용은 증가추세이다. 이런 센서 장치들은 이종무선 센서네트워크 환경에서 최신 기술들과 연관 지어 폭발적으로 증가하고 있다. 이런 환경에서 센서디바이스의 사용은 우리에게 편리함을 제공하기는 하나 여러 형태의 보안위협이 도사리고 있는 실정이다. 무선선서네트워크를 이용하여 원격으로 접속하여 제공받는 서비스에 존재하는 보안위협 중 대부분은 전송되는 정보의 유출과 사용자, 센서, 게이트웨이 사이의 인증에 대한 손실이 대부분이다. 2019년 Chen 등이 이종무선 센서 네트워크에 안전한 사용자 인증 프로토콜을 제안하였다. 그러나 Ryu 등이 제안한 논문에서 그들이 제안 프로토콜은 password guessing attack과 session key attack에 취약하다는 것을 주장하였다. 본 논문은 이전에 제안된 논문의 취약점을 개선하여 더욱 안전하고 효율적인 사용자 인증 프로토콜을 제안하였다.

Keywords

References

  1. Y. Chen, J. S. Chou, H. S. Wu, "Improved on an efficient user authentication scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment," Journal of Engineering Technology, 8(1), pp. 143-157, 2019.
  2. J. Ryu, H. Lee, H. Kim, D. Won, "Secure and Efficient Three-Factor Protocol for Wireless Sensor Networks," Sensors, 18(12), 4481, 2018. https://doi.org/10.3390/s18124481
  3. K. H. Wong, Y. Zheng, J. Cao, S. Wang, "A dynamic user authentication scheme for wireless sensor networks," In IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06), 1(8), 2006.
  4. Rawat, P.; Singh, K.; Chaouchi, H.; Bonnin, J. Wireless sensor networks: A survey on recent developments and potential synergies. J. Supercomput. 68, 1-48, 2014. https://doi.org/10.1007/s11227-013-1021-9
  5. B. Vaidya, J. S Silva, J. J. Rodrigues, "Robust dynamic user authentication scheme for wireless sensor networks," In Proceedings of the 5th ACM symposium on QoS and security for wireless and mobile networks, pp. 88-91, 2009.
  6. B. Vaidya, M. Chen, J. J. Rodrigues, "Improved robust user authentication scheme for wireless sensor networks," In 2009 Fifth International Conference on Wireless Communication and Sensor Networks (WCSN), pp. 1-6, IEEE, 2009.
  7. Y. Faye, I. Niang, H. Guyennet, "A user authentication-based probabilistic risk approach for Wireless Sensor Networks," In 2012 International Conference on Selected Topics in Mobile and Wireless Networking, IEEE, pp. 124-129, 2012.
  8. Kumar, P.; Choudhury, A.; Sain, M.; Lee, S.; Lee, H. RUASN: A robust user authentication framework for wireless sensor networks. Sensors, 11, 5020-5046, 2011. https://doi.org/10.3390/s110505020
  9. Khan, M.; Kumari, S. An improved user authentication protocol for healthcare services via wireless medical sensor networks. Int. J. Distrib. Sens. Netw. 2014, 2014, No. 347169, 2014.
  10. Das, M. Two-factor user authentication in wireless sensor networks. IEEE Trans. Wirel. Commun. 2009, 8, 1086-1090, 2009.
  11. J. Nam, M. Kim, J. Paik, Y. Lee, D. Won, "A Provably-Secure ECC-Based Authentication Scheme for Wireless Sensor Networks", Sensors, 14, pp. 21023-21044, 2014. https://doi.org/10.3390/s141121023
  12. J. Ryu, H. kim, Y. Lee, D. Won, "Cryptanalysis of protocol for Heterogenous of the Internet of Thihs Environment", IMCOM 2020, Taichung, Taiwan, pp. 1-4, 2020.
  13. Y. Lee, "Security Improvement to a Remote User Authentication Scheme for Multi-Server Environment", The Korea-Society of Digital Industry& Information Management, 7(4), 23-30, 2011.
  14. Y. Lee, "Security Enhancement to an Biometric Authentication Protocol for WSN Environment", Convergence Security Journal, 16(6), 83-88, 2016.