一种分层无线传感网的匿名双因素用户认证协议
An Anonymous Two-factor User Authentication Protocol for Hierarchical Wireless Sensor Network
作者:房卫东(中国科学院 上海微系统与信息技术研究所 微系统技术重点实验室, 上海 201899;上海无线通信研究中心, 上海 201210);张武雄(中国科学院 上海微系统与信息技术研究所 微系统技术重点实验室, 上海 201899;上海无线通信研究中心, 上海 201210);潘涛(神华信息技术有限公司, 北京 100011;福建省信息处理与智能控制重点实验室(闽江学院), 福建 福州 350121);高智伟(广州市智能网联汽车示范区运营中心, 广东 广州 510610);倪业鹏(中国传媒大学 数据科学与智能媒体学院, 北京 100024)
Author:FANG Weidong(Sci. and Technol. on Micro-system Lab., Shanghai Inst. of Micro-system and Info. Technol., Chinese Academy of Sciences, Shanghai 201899, China;Shanghai Research Center for Wireless Communication, Shanghai 201210, China);ZHANG Wuxiong(Sci. and Technol. on Micro-system Lab., Shanghai Inst. of Micro-system and Info. Technol., Chinese Academy of Sciences, Shanghai 201899, China;Shanghai Research Center for Wireless Communication, Shanghai 201210, China);PAN Tao(Shenhua Info. Technol. Co., Ltd., Beijing 100011, China;Fujian Provincial Key Lab. of Info. Processing and Intelligent Control (Minjiang Univ.), Fuzhou 350121, China);GAO Zhiwei(Guangzhou Intelligence Connteted Vehicle Pilot Zone Operation Center, Guangzhou 510610, China);NI Yepeng(School of Data Sci. and Media Intelligence, Communication Univ. of China, Beijing 100024, China)
收稿日期:2019-09-05 年卷(期)页码:2020,52(3):168-177
期刊名称:工程科学与技术
Journal Name:Advanced Engineering Sciences
关键字:无线传感网;用户认证协议;双因素;匿名性
Key words:wireless sensor network (WSN);user authentication protocol (UAP);two-factors;anonymity
基金项目:国家自然科学基金项目(61571303;61571004);国家重点研发计划项目(2019YFB2101602;2017YFC0804307);国家科技重大专项(2018ZX03001031);中国传媒大学中央高校基本科研业务费专项资金(CUC19ZD002);上海市自然科学基金项目(17ZR1429100);上海科技创新行动计划项目(17DZ2281600;17DZ2292000);福建省信息处理与智能控制重点实验室(闽江学院)开放基金项目(MJUKF–IPIC201905)
中文摘要
用户认证协议可以确保无线传感网访问用户的合法性与传感器节点感知信息的接入安全。现有用户认证协议(Fan协议)存在各种安全缺陷,易遭受多种网络安全攻击,尤其是节点妥协攻击、口令猜测攻击、内部特权攻击等,也不支持用户的匿名性,无法保障用户的隐私。针对这些安全挑战,提出了一种分层无线传感网的匿名双因素用户认证协议,该协议在注册阶段以哈希隐藏方式传输口令,提高了口令传输的安全性;增大网关节点秘密参数与用户的相关性,实现了秘密参数的唯一性;在认证阶段,增大会话密钥与系统时间和用户的关联性,实现会话密钥的唯一性和动态性;引入口令更新机制,用户可以在不联系簇头节点的情况下,自由更新口令,保障了口令的新鲜性。逻辑分析与仿真结果表明,与Fan协议相比,本协议在仅增加少量计算开销的基础上,不仅可以防御节点妥协攻击、口令猜测攻击和内部特权攻击,而且实现了用户匿名性;与Nam、He–Kumar、Mir等协议相比,本协议采用了哈希函数、级联操作和异或操作等轻量级安全操作,减少了传感器节点计算开销,优化了传感器节点向网关节点的注册流程,综合性能优于上面提到的3种用户认证协议。因此,本协议不但适用于资源受限的传感器节点,而且显著提高了无线传感网安全性。
英文摘要
In wireless sensor network (WSN), the user authentication protocol (UAP) is an important scheme to guarantee the legality of admitted-users and access security of sensing information for sensor node. These are various security flaws in many proposed UAPs (i.e. Fan protocol), which are vulnerable to diverse cyber security attacks. In particular, they could not effectively defend against the node compromised attack, the password guessing attack, the privileged-insider attack, and so forth. In addition, the user’s anonymity is not supported so that the user privacy cannot be preserved. To tackle these security challenges, an anonymous two-factor user authentication protocol (AT–UAP) for hierarchical WSN was proposed. In the registration phase of AT–UAP, the password was transmitted via hiding Hash to enhance the transmission security, and the correlation between the secret parameters of gateway node and the users was increased to achieve the uniqueness of the secret parameter. Furthermore, in the authentication phase of AT–UAP, the association between the session key, system time and the user identity was enhanced to achieve the uniqueness and the dynamicity of the session key. Then a password update scheme was introduced to change the password freely and to guarantee the freshness of the password without contacting the cluster head. The logic analysis and the simulation results show that, compared with Fan protocol, AT–UAP can not only defend against the node compromised attack, the password guessing attack, and the privileged-insider attack, but also achieve the anonymity of user authentication on the basis of only adding a small amount of computational overhead. Moreover, compared with Nam protocol, He–Kumar protocol, and Mir protocol, AT–UAP utilizes the lightweight security operations such as hash function, cascade operation, and XOR operation to reduce the computation overhead of sensor node, also optimizes the registration process of sensor nodes to gateway nodes. Its comprehensive performance was better than that of three UAPs mentioned above. Hence, AT–UAP is suitable for the resource-constrained sensor nodes. Meantime, it could significantly improve the security of the wireless sensor network.
【关闭】