Robust biometric-based user authentication scheme for wireless sensor networks

Transcription

1 Robut bometrc-baed uer autentcaton ceme for wrele enor network Debao He* cool of Matematc and tattc Wuan nverty Wuan Cna Emal: Abtract: Wrele enor network (WN) are appled wdely a varety of area uc a realtme traffc montorng meaurement of emc actvty wldlfe montorng and o on. er autentcaton n WN a crtcal ecurty ue due to ter unattended and otle deployment n te feld. In 010 Yuan et al. propoed te frt bometrc-baed uer autentcaton ceme for WN. However Yoon et al. ponted out tat Yuan et al. ceme vulnerable to te nder attack uer mperonaton attack GW-node mperonaton attack and enor node mperonate attack. To mprove ecurty Yoon et al. propoed an mproved ceme and clamed ter ceme could wttand varou attack. nfortunately we wll ow Yoon et al. ceme vulnerable to te denal-of-ervce attack (Do) and te enor node mperonaton attack. To overcome te weaknee n Yoon et al. ceme we propoe a new bometrc-baed uer autentcaton ceme for WN. Te analy ow our ceme more utable for practcal applcaton. Key word: ecurty; Autentcaton; Bometrc; Wrele enor network; Cryptograpy 1. Introducton Wrele enor network (WN) are nnovatve ad-oc wrele network contng of a large number of enor node wt lmted power computaton torage and communcaton capablte [1]. Wt te development of enor tecnology mcroelectronc tecnology network tecnology and wrele communcaton tecnology WN are wdely ued n mltary envronmental montorng medcal buldng condton montorng and o on. In order to guarantee ecure communcaton autentcaton ceme for WN ave uccefully drawn reearcer attenton and been tuded wdely. In 004 Benenon et al. [] frt decrbed everal ecurty ue n WN epecally te acce control problem. Ten Benenon et al. [] propoed a uer autentcaton ceme ung ellptc curve cryptograpy (ECC). Wong et al. [4] ponted out tat Benenon et al. [] vulnerable to mperonaton attack and denal-of-ervce (Do) attack. To mproved ecurty Wong et al. [4] propoed a dynamc uer autentcaton ceme for WN. Wong et al. ceme very 1

2 effcent nce only one-way a functon and mple XOR operaton are requred n t. nfortunately Wong et al. ceme vulnerable to many attack uc a replay attack forgery attack tolen-verfer attack and paword gueng attack [ ]. Vadya et al. [8] alo ponted out tat Teng et al. ceme [5] Lee et al. and Ko et al. ceme [7] are vulnerable to replay of account-logn attack man-n-te-mddle attack forgery attack and tolenverfer attack and node capture attack. Vadya et al. alo propoed two mproved ceme to mprove te ecurty. In tradtonal autentcaton ceme for WN [4-8] te ecurty of te autentcaton ceme baed on paword. However mple paword are eay to break by mple dctonary attack nce tey ave low entropy. To olve te problem cryptograpc key (e.g. 18bt for te advanced encrypton tandard AE; [9]) are ued. However cryptograpc key are dffcult to memorze nce tey are very long and random. Furtermore bot paword and cryptograpc key are unable to provde non-repudaton becaue tey can be forgotten lot or wen tey are ared wt oter people tere no-way to know wo actual uer [10]. Terefore bometrc key are propoed wc are baed on pyologcal and beavoral caractertc of peron uc a fngerprnt face re and geometry and palm prnt etc. ome advantage of bometrc key are decrbed a follow [11]: Bometrc key cannot be lot or forgotten. Bometrc key are very dffcult to copy or are. Bometrc key are extremely ard to forge or dtrbute Bometrc key cannot be gueed ealy. omeone bometrc not eay to break tan oter. A a reult bometrc-baed uer autentcaton are nerently more relable and ecure tan uual tradtonal uer autentcaton ceme. In 010 Yuan et al. [1] propoe te frt bometrc-baed uer autentcaton ceme for WN. Ter ceme very effcent nce only te a functon ued n t. However Yoon et al. [1] ponted out tat Yuan et al. ceme vulnerable to te nder attack uer mperonaton attack GWnode mperonaton attack and enor node mperonate attack. To mprove ecurty Yoon et al. propoed an mproved ceme and clamed ter ceme could wttand varou attack. In t paper we wll demontrate tat Yoon et

3 al. ceme vulnerable to te denal-of-ervce attack (Do) and te enor node mperonaton attack. We alo propoe an mproved ceme to overcome te weaknee n Yoon et al. ceme. Te ret of t paper organzed a follow. ecton revew te concept of Yoon et al. ceme and ecton dcue t weakne analy. ecton 4 ow te detal of our propoed ceme wle ecton 5 demontrate te ecurty analy of our propoed ceme. ecton 6 compare te performance of te related ceme. Fnally ecton 7 conclude t paper.. Revew of Yoon et al. ceme In t ecton we wll revew Yoon et al. ceme. For convenence te notaton ued trougout t paper are ummarzed a follow: : te t uer; ID PW repectvely; B : GW node : te gateway node of WN; : te t enor node; dentty paword and bometrc template ID : dentty; d() : ymmetrc parametrc functon; τ : predetermned treold for bometrc verfcaton; Ek () : a ymmetrc encrypton functon wt key k ; Dk () : te decrypton functon correpondng to Ek ( ) ; () : ecure one-way a functon; :bt-we excluve-or(xor) operaton; : concatenaton operaton; Yoon et al. ceme nclude tree pae: regtraton pae logn pae and autentcaton pae. Tey are decrbed a follow..1. Regtraton pae In t pae template lcene to ubmt a value of dentty ID and bometrc B to GW node n a ecure manner. Ten GW node ue a. Te detaled tep a own n Fg. 1 are depcted a follow:

4 1). nput bometrc B on te pecfc devce compute E = ( ID B) and end ID and E to te GW node n a ecure manner. ). On recevng ID and E te GW node compute R = ID ( x) E and W = ( ID y) E were ecret nformaton x known to only GW GW node and y a ecret parameter generated by node and tored n ome degnated enor node before te node n te feld are deployed. ). GW node generate a mart card wt parameter ID E R W () d( ) and τ were d( ) a ymmetrc parametrc functon and τ a predetermned treold [14] for bometrc verfcaton... Logn pae Wen Fg. 1. Regtraton pae of Yoon et al. ceme enter B n order to delver ome query to or acce data from te network a own Fg. te mart card mut perform te followng tep to valdate te legtmacy of. 1). nert mart card nto te card reader and nput B on te pecfc devce. ). Te mart card compute E = ( ID B) and read E from te mart card. If de ( E) τ ten te mart card top te eon. Oterwe te mart card compute D = R E F = W E and V = ( D F T) were T te current tmetamp. ) end te logn meage M1 = ( ID V T) to GW node... Autentcaton pae Wen GW node receve te logn meage M 1 at tme T t wll perform te followng tep to autentcate. 4

5 1). GW node ceck te frene of T by verfe weter te equaton T T Δ T old. If te equaton old GW node top te eon were Δ T te expected tme nterval for te tranmon delay. ). GW node compute D = ( ID x) F = ( ID y) and V = ( D F T). Ten GW node ceck weter V and V are equal. If tey are not equal GW node top te eon. Oterwe GW node compute V = ( ID ID F T ) and end te meage M = ( ID V T ) g g g g to were T g te current tmetamp. ). pon recevng te meage M ceck te frene of T g by verfe weter te equaton T Tg Δ T old were T te tme receve M. If te equaton old expected tme nterval for te tranmon delay. top te eon were Δ T te 4). ceck weter V g and ID ( ID ID ( y) T g) are equal. If tey are not equal top te eon key. Oterwe compute V = ( ID ( ID y) RM T) and end M = ( RM V T ) to were T te current tmetamp and RM repond. 5). pon recevng te meage M verfe weter te equaton receve M. If te equaton old expected tme nterval for te tranmon delay. ceck te frene of T by T T Δ T old were T te tme top te eon were Δ T te 6). ceck weter V and ID ( F RM T ) are equal. If tey are not equal meage RM. top te eon key. Oterwe accept te repone 5

6 Fg.. Logn and autentcaton pae of Yoon et al. ceme. Cryptanaly of Yoon et al ceme.1. Denal-of-ervce attack One of te fundamental properte of a ecure one-way a functon tat te output are very entve to mall perturbaton n ter nput. Te cryptograpc a functon cannot be appled tragtforwardly wen te nput data are wt noy uc a bometrc [15]. Ten te predetermned treold for bometrc verfcaton cannot be ued to meaure output of a functon. In regtraton pae of Yoon et al. ceme te uer compute E = ( ID B) baed on dentty ID and peronal bometrc template Te a value B. E tored n te mart card for purpoe of autentcaton. However te autentcaton procedure may reult n erou flaw becaue de ( E) < τ may never ucceed nce te nputted bometrc belongng to te ame peron may dffer lgtly from tme to tme. Tu te condton de ( E) < τ may never ucceed due to bac property of te one-way a functon ( ). A a reult t may caue te legal uer unable to pa bometrc verfcaton at te logn pae of Yoon et al. ceme. Terefore Yoon et al. ceme vulnerable to te denal-of-ervce attack. 6

7 .. enor node mperonaton attack Generally peakng enor node are often deployed n a otle envronment [16]. Ten ome enor node may be captured by te adverary A. Once A capture a enor node + 1 e could extract te ecret key y troug te dfferental power attack [17 18]. Ten e could mperonate any oter legal enor node GW a follow. 1) A ntercept te meage M = ( ID Vg Tg) ent to by node. ) A forge a repond RM compute V = ( ID ( ID y) RM T ) and end M = ( RM V T ) to were It to ay receved meage ent by te node mperonaton attack. V could pa te verfcaton of 4. Propoed ceme T te current tmetamp.. Ten beleve tat te. Terefore Yoon et al. ceme vulnerable to To olve te weakne of Yoon et al. ceme we propoe a new bometrcbaed uer autentcaton ceme for WN. In order to execute te propoed framework we condered tat te gateway a truted node and t old two mater key ( x and y ) wc are uffcently large for te enor network. Before tartng te ytem t aumed tat a long-term ecret key ID ( y ) generated by gateway tored n enor node before te node deployed were ID te dentty of Regtraton pae Wen a uer want to regter and become a new legal uer a own n Fg. te followng tep are performed durng te uer regtraton pae. 1). generate a random number b freely cooe dentty paword enor. PW and alo mprnt peronal bometrc mpreon ID B at te ten nteractvely ubmt { ID B ( PW B b )} to GW node va ecure cannel. 7

8 ) GW node compute R = ID ( x) PW ( B b) were x a ecret key mantaned by GW node. Ten GW node wrte te ecure nformaton { R B ( ) d( ) τ} to te memory of mart card and ue t to troug a ecure cannel. ) pon recevng te mart card nput te random number b and fn te regtraton. 4.. Logn pae Wen Fg.. Regtraton pae of our ceme enter B n order to delver ome query to or acce data from te network a own Fg. 4 te mart card mut perform te followng tep to valdate te legtmacy of. 1). nert mart card nto te card reader and nput B * on te pecfc devce. ) If d B B * ( ) τ mart card reect te requet. Oterwe enter paword PW and dentty ID and ten te mart card generate a random number r and compute D = Z ( PW B b) k = ( D T) C = E ( ID r) were T te current tmetamp. k ) end te logn meage M1 = ( ID C T) to GW node... Autentcaton pae Wen GW node receve te logn meage M 1 at tme T t wll perform te followng tep to autentcate. 8

9 1). GW node ceck te frene of T by verfe weter te equaton T T Δ T old. If te equaton old GW node top te eon were Δ T te expected tme nterval for te tranmon delay. ). GW node compute D = ( ID x) k = ( D T) and ID r = Dk ( C). Ten GW node ceck weter ID and ID are equal. If tey are not equal GW node top te eon. Oterwe GW node compute k = ( ( ID y) T ) C = E ( ID r ) and end te meage g g g kg M = ( ID Cg Tg) to were T g te current tmetamp. ). pon recevng te meage M ceck te frene of T g by verfe weter te equaton T Tg Δ T old were T te tme receve M. If te equaton old top te eon were Δ T te expected tme nterval for te tranmon delay. 4). compute k g = ( D Tg) and ID r = Dk ( Cg). Ten ceck g weter ID and ID are equal. If tey are not equal top te eon. Oterwe compute V = ( ID r RM T ) and end M = ( RM V T ) to were T te current tmetamp and RM repond. 5). pon recevng te meage M verfe weter te equaton receve M. If te equaton old expected tme nterval for te tranmon delay. ceck te frene of T by T T Δ T old were T te tme top te eon were Δ T te 6). ceck weter V and ID ( r RM T ) are equal. If tey are not equal meage RM. top te eon key. Oterwe accept te repone 9

10 Fg. 4. Logn and autentcaton pae of our ceme 4. ecurty analy In t ecton we wll dcu te ecurty of our ceme a follow. Denal-of-ervce attack. In our ceme wen te uer nput bometrc * B te mart wll ceck te valdty of B * bye ceckng weter db B * ( ) τ old. Troug te work n [15] we know tat * B could pa te verfcaton of te mart card altoug tere ome lgt dfference between B * and B. Terefore our ceme could wttand denal-of ervce attack. enor mperonaton attack. Te adverary A may capture ome enor node + 1 and extract te ecret key ID ( + 1 y) troug te dfferental power attack [17 18]. He may ntercept te meage M = ( ID C T ) g g tranmtted to te enor node. However e cannot decrypt te meage C g nce e doe not ave ecret key ID ( y ). Ten e cannot generate a legal meage M = ( RM V T ). Terefore our ceme could wttand te enor mperonaton attack. 10

11 er mperonaton attack. uppoe an attacker want to forge a logn meage M1 = ( ID C T). However te attacker can not forge C wtout knowng D = ( ID x) or te mater key x. Terefore our ceme could wttand uer mperonaton attack. Gateway mperonaton attack. A long a an attacker doe not poe te ecret key ID ( y ) e cannot mperonate te gateway and cannot ceat te enor node nce e cannot generate legal C g. Hence t frutrate attacker to generate te vald meage M = ( ID C T ) to te enor node. Terefore our g g ceme could wttand gateway mperonaton attack. Mutual autentcaton. Our ceme provde mutual autentcaton were all entte (.e. uer gateway and enor node) are mutually autentcatng eac oter. More pecfcally wen GW node receve te meage M1 = ( ID C T) t can make ure tat weter te meage generated by troug ceckng weter te equaton ID = ID old. Wen te enor node receve meage M = ( ID C T ) t enure tat t meage generated by g g GW node troug ceckng weter te equaton ID = ID. Furtermore wen te uer receve meage M = ( RM V T ) e can alo confrm tat t meage generated by te enor node by ceckng weter te equaton V = ( ID r RM T ) old. Terefore our ceme could provde mutual autentcaton. Replay attack. Our ceme retant to replay attack becaue te autentcty of meage M 1 M and M are valdated by ceckng te frene of four tmetamp. Let aume an ntruder ntercept a logn requet meage M1 = ( ID C T ) and attempt to acce te enor node by replayng te ame meage M 1. Te verfcaton of t logn attempt fal nce te tme dfference expre (.e. T T Δ T ). mlarly f an ntruder ntercept a vald meage M = ( ID C T ) and attempt to replay t to te enor node te g g verfcaton requet wll fal at te enor node becaue of te tme dfference expre agan (.e. attack. T Tg Δ T ). Terefore our ceme could wttand replay 11

12 Man-n-te-mddle attack: Man-n-te-mddle attack mean tat an actve attacker ntercept te communcaton lne between a legal uer and te erver and ue ome mean to uccefully maquerade a bot te erver to te uer and te uer to te erver. Ten te uer wll beleve tat e talkng to te ntended erver and vce vera. From te above dcuon we know tat our ceme can provde mutual autentcaton ten our ceme could wttand man-n-temddle attack. tolen-verfer attack. An attacker wo teal te paword-verfer (e.g. aed paword) from te gateway can ue te tolen-verfer to mperonate a legal uer to logn to te ytem. Te propoed ceme free from te tolen verfer attack. Tere no uc nformaton tored at te erver by wc an adverary can make a fabrcated logn requet to mperonate a legal uer to logn te erver or can mperonate te gateway to ceat te legal uer and te enor node. Inder attack. It poble n a real-tme envronment wen te gateway manager or ytem admntrator can ue te uer paword paword) to mperonate te uer PW (e.g. weak troug any oter network gateway. In t cae our ceme doe not gve any room for prvleged nder nce n te regtraton pae te uer paword. Tu te nder of GW pang PW ( B b ) ntead of te plan node cannot get pw ealy. Here b a uffcently g entropy number wc not revealed to GW node. Furtermore te propoed ceme doe not tore any verfer table and can ret te nder attack. 5. Performance comparon For te convenence of evaluatng te computatonal cot we defne ome notaton a follow T : Te tme of executng a one-way a functon. T ym : Te tme of executng a ymmetrc encrypton/decrypton functon. In Table 1 we ummarze te performance reult of te propoed ceme. Accordng to Table 1 we know tat te uer te enor node and te gate way requre T +1T ym T +1T ym T +T ym eparately. It well known tat a one- 1

13 way a functon and a ymmetrc encrypton/decrypton functon a almot ame computatonal cot. Ten te computatonal cot of te uer te enor node and te gate way n our ceme are lgtly ger tan tat of Yuan et al. ceme and Yoon et al. ceme. However Yuan et al. ceme cannot wttand denal-of-ervce attack nder attack uer mperonaton attack gateway node mperonaton attack and enor node mperonaton attack. Bede Yoon et al. ceme vulnerable denal-of-ervce attack and enor node mperonaton attack. It acceptable to enance te ecurty at te cot of ncreang uer computaton cot lgtly. Ten our ceme more utable for WN. 6. Concluon Te paper demontrate tat Yoon et al. ceme vulnerable to te denalof-ervce attack and te enor node mperonaton attack. To overcome te ecurty vulnerablty we provde a new bometrc-baed uer autentcaton ceme for WN. Te analy ow te propoed ceme more uted to WN envronment. Reference [1] Akyldz I. u W. an Y. Cayrc E. A urvey on aenor network. IEEE Comm. Mag [] Benenon Z.; Gartner F.; Kedogan D. er Autentcaton n enor network (extended abtract). In Proceedng of te Informatk Jaretagung der Geellcaft fur Informatk Workop on enor Network lm Germany eptember 004. [] Benenon Z.; Gedcke N.; Ravo O. Realzng robut uer autentcaton n enor network. In Proceedng of te Workop on Real-World Wrele enor Network (REALWN 05) tockolm weden 0 1 June 005. [4] Wong K.H.M.; Zeng Y.; Cao J.; Wang. A dynamc uer autentcaton ceme for wrele enor network. In Proceedng of te IEEE Internatonal Conference on enor Network bqutou and Trutworty Computng (TC 06) Tacung Tawan 5 7 June 006. [5] Teng H.R.; Jan R.H.; Yang W. An mproved dynamc uer autentcaton ceme for wrele enor network. In Proceedng of te IEEE Global Communcaton Conference (GLOBECOM 07) Wangton DC A 6 0 November 007; pp [6] Lee T.H. mple dynamc uer autentcaton protocol for wrele enor network. In Proceedng of te nd Internatonal Conference on enor Tecnologe and Applcaton (ENORCOMM 08) Cap Eterel France 5 1 Augut 008; pp

14 [7] Ko L.C. A novel dynamc uer autentcaton ceme for wrele enor network. In Proceedng of te IEEE Internatonal ympoum on Wrele Communcaton ytem 008 IWC'08 Reykavk Iceland 1 4 October 008; pp [8] Vadya B.; Rodrgue J.J.P.C.; Park J.H. er autentcaton ceme wt peudonymty for ubqutou enor network n NGN. Internatonal Journal Communcaton ytem [9] Advanced Encrypton tandard /ttp://crc.nt.gov/encrypton/ae/. [10] L C. Hwang M.: An effcent bometrc-baed remote autentcaton ceme ung mart card Journal of Network and Computer Applcaton [11] Ln C. La Y.: A flexble bometrc remote uer autentcaton ceme Comput. tandard Interf (1) 19. [1] Yuan J. Jang C. Jang Z. A bometrc-baed uer autentcaton for wrele enor network Wuan nverty Journal of Natural cence vol. 15 no. pp [1] Yoon E. Yoo K. A New Bometrc-baed er Autentcaton ceme wtout ung Paword for Wrele enor Network 011 0t IEEE Internatonal Workop on Enablng Tecnologe: Infratructure for Collaboratve Enterpre [14] Inuma M. Otuka A. Ima H. Teoretcal framework for contructng matcng algortm n bometrc autentcaton ytem In proc. of ICB 009 LNC 5558 pp [15] Lnnartz J.-P. Tuyl P.: New eldng functon to enance prvacy and prevent mue of bometrc template. Proc. Audo and Vdeo-Baed Bometrc Peron Autentcaton 00 (LNC 688) pp [16] Perrg A tankovc J Wagner D ecurty n Wrele enor Network. Communcaton of te ACM (6):5-57. [17] P. Kocer J. Jaffe B. Jun Dfferental power analy Proceedng of Advance n Cryptology (CRYPTO 99) 1999 pp [18] T.. Meerge E.A. Dabb R.H. loan Examnng mart-card ecurty under te treat of power analy attack IEEE Tranacton on Computer 00; 51 (5):

15 Table 1. Performance comparon among dfferent ceme Computatonal (er) Computatonal (enor node) Computatonal (Gateway) cot cot cot Ret denal-ofervce attack Ret mperonaton attack uer Ret enor node mperonaton attack Ret gateway mperonaton attack Yuan et al. ceme[1] 4T 1T 4T Yoon et al. ceme [1] T T 4T Our ceme T +1T ym 4T T +1T ym T T +T ym 5T Ret nde attack Mutual autentcaton Ret replay attack Ret tolen-verfer attack Ret man-n-temddle attack 15