A Study on Symmetric-Key based User Authentication in IoT

  • Authors

    • Jae young Lee
    • . .
    2018-06-08
    https://doi.org/10.14419/ijet.v7i2.33.18011
  • IoT, User Authentication, Symmetric-Key, Smart-Card, Attack, Wireless Sensor Network.
  • Background/Objectives: The user authentication scheme by Lee et al., during logins, contains errors of identifiable user IDs and vulnerability to attacks as significant random numbers of servers are easily calculated.

    Methods/Statistical analysis: User authentication scheme by Lee et al., utilizes message values from login requests. At this point, to avoid the issues of unidentifiable user IDs, which supposed to be from the messages, but are omitted, being used for calculations, they are set to be stored in RGB instead. For random number issues being easily calculated, when executing logins with smart-cards issued for users who completed server registrations, h(b||x) is used instead.

    Findings: The thesis modified the uses of unidentifiable user IDs from login request messages for authentications into of stored values which resulted from connections between user IDs and a secret key, by servers. Servers practice registrations, calculating figures, including Ji, Qi, Yi, Ri, Li, Ai, Mi and AIDi by using the received IDi, calculated RPWi, secret key k, withdrawal of user registration request Ni and random number b. At this point, having servers use IDi⊕x stored in RGR, instead of the problematic unidentifiable user IDs, IDi, for calculations of Ji, Yi and AIDi, authentication process is improved.

    Random number b is significant for authentications. If it is exposed to attackers, it can be abused by various attacks. To improve the random number being easily calculated during user logins with issued smart-cards, the Ri, Li and Ai formulas using b were modified into using h(b||x). During logins, smart-cards calculate ri=Ki⊕h(IDi||PWi) and RPWi=h(ri||PWi) with IDiand PWi, and h(b||x)=Ri⊕h(IDi||x) with Bi, Ri and the deducted h(IDi||x)=Bi⊕RPWi⊕ri. Deducting b via using h(b||x) is unavailable.

    Improvements/Applications: Based on the proposed authentication scheme by Lee et al., errors prior to authentication and random number being easily calculated are improved, hence, enabled countermeasures against attacks abusing random number.

     

     

  • References

    1. [1] Kim, D.H. (2013). Security for IoT Service. Journal of Korea Institute of Communication and Information Services, 30(8), 53-65.

      [2] Pyo,C.S., Kang, H.Y.,Kim, N. S., Bang, H.C.(2013). IoT (M2M) technology trends and development prospects. Journal of The Korean Institute of Communication Sciences, 30(8), 3-10.

      [3] Park, K.S., Lee, S.Y., Park, Y.H., Park, Y.H.(2015). An ID-based Remote User Authentication Scheme in IoT. Journal of Korea Multimedia Society, 18(12), 1483-1491.

      [4] Moon, J. H., Choi, Y. S., Won, D. H. (2016). A Secure Attribute-based Authentication Scheme for Cloud Computing. KIISE Transaction on Computing Practices, 22(8), 345- 350.

      [5] Wang, Y. Y.,Liu, J. Y., Xiao, F. X., Dan, J. (2009). A more Efficient and Secure Dynamic ID-based Remote User Authentication Scheme. Computer Communications, 32(4), 583-585.

      [6] Chang,Y. F.,Tai, W. L., Chang, H. C. (2014). Untraceable Dynamic-identity-based Remote User Authentication Scheme with Verifiable Password Update. International Journal of Communication Systems, 27(11), 3430-3440.

      [7] Li, X., Niu, J.,Liao, J., Liang, W. (2015).Cryptanalysis of a Dynamic Identity-based Remote User Authentication Scheme with Verifiable Password Update. International Journal of Communication Systems, 28(2), 374-382.

      [8] Kumari, S., Khan, M.K.,Li, X. (2014).An Improved Remote User Authentication Scheme with Key Agreement. Computers & Electrical Engineering, 40(6), 1997-2012.

      [9] Ramasamy, R.,Muniuandi, A.P. (2009).New Remote Mutual Authentication Scheme Using Smart Cards. Transactions on Data Privacy, 2(2), 141-152.

      [10] Lee, Y. S., Won, D. H. (2010). Cryptanalysis and Enhancement of a Remote User Authentication Scheme Using Smart Cards. Journal of the Korea Society of Computer and Information, 15(1), 139-147.

      [11] Hwang, M. S., Li, L. H.(2002). A New Remote User Authentication Scheme using Smart Cards. IEEE transactions on Consumer Electronics, 46(1), 28-30.

      [12] Kim, H.S.(2015). Remote User Authentication Scheme with Key Agreement Providing Forward Secrecy. Journal of Security Engineering, 12(1), 1-12.

      [13] Lee, S.Y., Park, K.S., Park, Y.H., Park, Y. H. (2016). Symmetric Key-Based Remote User Authentication Scheme with Forward Secrecy. Journal of Korea Multimedia Society, 19(3), 585-594.

      [14] Moon, J.H., Won, D.H.(2017). An Enhanced Symmetric Key-Based Remote User Authentication Scheme with Forward Secrecy. Journal of Korea Multimedia Society,20(3), 500-510.

  • Downloads

  • How to Cite

    young Lee, J., & ., . (2018). A Study on Symmetric-Key based User Authentication in IoT. International Journal of Engineering & Technology, 7(2.33), 1177-1180. https://doi.org/10.14419/ijet.v7i2.33.18011