Abstract
User authentication in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication, limited resources, and unattended operation. For these reasons, various authentication schemes have been proposed to provide secure and efficient communication. In 2016, Park et al. proposed a secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks. However, we found that their scheme was still insecure against impersonation attack, and had a problem in the smart card revocation/reissue phase. In this paper, we show how an adversary can impersonate a legitimate user or sensor node, illegal smart card revocation/reissue and prove that Park et al.’s scheme fails to provide revocation/reissue. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Finally, we provide security and performance analysis between previous schemes and the proposed scheme, and provide formal analysis based on the random oracle model. The results prove that the proposed scheme can solve the weaknesses of impersonation attack and other security flaws in the security analysis section. Furthermore, performance analysis shows that the computational cost is lower than the previous scheme.
Highlights
Wireless Sensor Networks (WSNs) generally consist of gateways, users, and a large number of sensor nodes
We show how an adversary can impersonate a legitimate user or a sensor node, and perform an illegal smart card revocation/reissue
The elliptic curve cryptosystem (ECC) was first proposed by Koblitz [15] and Miller [16] to design public key cryptosystems, and presently it is widely used in several cryptographic schemes to provide desired levels of security and performance
Summary
Wireless Sensor Networks (WSNs) generally consist of gateways, users, and a large number of sensor nodes. Choi et al [13] found that Yoon and Kim’s scheme [12] had various security problems, including a biometric recognition error, a user verification problem, lack of anonymity, perfect forward secrecy, session key exposure by the gateway node, vulnerability to DoS attacks, and a revocation problem To overcome these vulnerabilities, they proposed a biometric-based user authentication scheme using a fuzzy extractor, and claimed that their scheme is more secure than other authentication schemes. Park et al [14] demonstrated that Choi et al.’s scheme [13] was still insecure against user impersonation attacks, and had security weakness in the revocation/reissue phase They proposed an enhanced biometric-based authentication scheme for WSNs that has improved security functions. We show how an adversary can impersonate a legitimate user or a sensor node, and perform an illegal smart card revocation/reissue After demonstrating these problems, we propose an improved biometric authentication scheme.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have