A study on user authentication and key agreement protocol in wireless sensor network

  • Authors

    • Jae young Lee
    2018-04-03
    https://doi.org/10.14419/ijet.v7i2.12.11036
  • Wireless Sensor Network, User Authentication, Key Agreement, Impersonation Attack, Smart Card, Protocol.

  • Background/Objectives: The user authentication and key agreement protocol proposed by Jung et al., which is suitable for a wireless sensor network environment is vulnerable to an attack in which a user who is issued a smart card from the gateway, completing the registration step disguises as a random user.

    Methods/Statistical analysis: This study proposed a method of improving the problem of the security technique proposed by Jung et al., which is vulnerable to a user impersonation attack. This method uses the variable that recorded the times of a user’s request for registration to the gateway in the registration step in which the user is registered to the gateway and a smart card is issued and the login step in which the user issued the smart card is authenticated as a legitimate user.

    Findings: The security technique proposed in this study consists of four steps, same as the security technique of user authentication and key agreement proposed by Jung et al. In the first step, the registration step, if a user requests for registration to the gateway, the variables that recorded the times of the user’s request for registration (User: Un and Gateway: Gn) are renewed and stored respectively by the user and the gateway. Once the registration step is completed, the user who got a smart card issued from the gateway is authenticated as a legitimate user in the login step, using the issued smart card, ID, password and Un. When the login step is completed, in the third step, the authentication step, the authentication procedures are carried out for the gateway and the sensor node.

    An attacker obtains a user’s information through various attacks, such as smart-card loss attack, ID-guessing attack or password-guessing attack and attempts the login step, using the obtained information. However, the technique proposed in this study needs the variable that recorded the times of the user’s request for registration to the gateway in addition to a smart card, ID and password to proceed with user authentication in the login step. This variable is a value that only the user and the gateway know, not transmitted in any steps. The attacker who does not know the times of requests for registration cannot proceed with the login step, and the attacker cannot be authenticated as a legitimate user without proceeding to the login step. Thus, the user authentication and key agreement protocol proposed in this study is safe from an attacker’s attack of impersonation as a user.

    Improvements/Applications: This study proposed a technique of using the variable that recorded the times of the user’s request for registration to the gateway, managed and stored only by the user and the gateway, not transmitted in any steps in user authentication. The proposed technique is safe from an attacker’s attack of impersonation as a user.

     

     

  • References

    1. [1] Sungkon P.An Efficient Key management for Wireless Sensor Network.Journal of Digital Contents Society. 2012, 13(1), pp.129-139.

      [2] Sensor Network Security Technology. http://terms.naver.com/entry.nhn?docId=3435129&cid=58462&categoryId=58462

      [3] Deukhun K, Jin K.Design of Improved Authentication Protocol for Sensor Networks in IoT Environment.Journal of the Korea Institute of Information Security and Cryptology. 2015, 25(2), pp.467-478.

      [4] Haewon C, Hyunsung K.Impersonation Attacks on Anonymous User Authentication and Key Agreement Scheme in Wireless Sensor Networks.Journal of Digital Convergence. 2016, 14(10), pp.287-293.

      [5] Yiroo B, Kwangeun G, Jaecheol H.A Remote Authentication Protocol Using Smartcard to Guarantee User Anonymity.Journal of Korean Society for Internet Information. 2009, 10(6), pp. 229-239.

      [6] Hyunsung K. Remote User Authentication Scheme with Key Agreement Providing Forward Secrecy. Journal of Security Engineering. 2015, 12(1), pp.1-12.

      [7] Eunjun Y, Haejung K. Secure Anonymous Remote User Mutual Authentication and Key Agreement Protocol. The Institute of Electronics Engineers of Korea. 2012. pp.1918-1921.

      [8] Miog P. Weaknesses Cryptanalysis of Khan’s Scheme and Improved Authentication Scheme preserving User Anonymity. The Korean Society of Computer and Information. 2013, 18(2), pp.87-94.

      [9] Sungyup L, Kisung P, Yohan P, Youngho P. Symmetric Key-Based Remote User Authentication Scheme With Forward Secrecy. Journal of Korea Multimedia Society. 2016, 19(3), pp.585-594.

      [10] Jongho M, Dongho W. An Enhanced Symmetric Key-Based Remote User Authentication Scheme with Forward Secrecy.Journal of Korea Multimedia Society. 2017, 20(3), pp.500-510.

  • Downloads

  • How to Cite

    young Lee, J. (2018). A study on user authentication and key agreement protocol in wireless sensor network. International Journal of Engineering & Technology, 7(2.12), 58-61. https://doi.org/10.14419/ijet.v7i2.12.11036