基于生物特征标识的无线传感器网络三因素用户认证协议  被引量：9

作　　者：房卫东[1,2] 张武雄 杨旸[1,2] 张传雷 陈伟[4] FANG Wei-dong;ZHANG Wu-xiong;YANG Yang;ZHANG Chuan-lei;CHEN Wei(Key Laboratory of Wireless Sensor Network&Communication,Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences,Shanghai 200051,China;Shanghai Research Center for Wireless Communication,Shanghai 201210,China;College of Computer Science and Information Engineering,Tianjin University of Science and Technology,Tianjin 300222,China;School of Computer Science and Technology,China University of Mining and Technology,Xuzhou,Jiangsu 221116,China)

机构地区：[1]中国科学院上海微系统与信息技术研究所无线传感网与通信重点实验室,上海200051 [2]上海无线通信研究中心,上海201210 [3]天津科技大学计算机科学与信息工程学院,天津300222 [4]中国矿业大学计算机科学与技术学院,江苏徐州221116

出　　处：《电子学报》2018年第3期702-713,共12页Acta Electronica Sinica

基　　金：国家自然科学基金(No.61471346;No.61461136003);上海市自然科学基金(No.17ZR1429100);上海市科技创新行动计划(No.17511105903;No.17DZ1200302);国家自然科学基金委员会-山西省人民政府煤基低碳联合基金(No.U1510115);青海省自然科学基金(No.2016-ZJ-922Q);青蓝工程资助;中国博士后科学基金特别资助项目(No.2013T60574);CEMEE国家实验室开放课题基金(No.CEMEE2017K0303B)

摘　　要：为满足高安全级别场景(如军事、国家安全、银行等)的应用需求,进一步提高无线传感器网络用户认证协议的安全性,提出了基于生物特征识别的三因素用户认证协议.针对Althobaiti协议无法防御节点妥协攻击、模拟攻击、中间人攻击和内部特权攻击的安全缺陷,增加智能卡和密码作为协议基本安全因素,并利用生物特征标识信息生成函数与回复函数处理的生物特征标识作为附加安全因素;在密钥管理中,为每个节点配置了与网关节点共享唯一密钥,保证认证过程的独立性与安全性;实现用户自主选择与网关节点的共享密钥,提高公共信道通信的安全性;在网关节点不参与的情况下,设计密码和生物特征标识更新机制,保证二者的新鲜性.通过Dolev-Yao拓展威胁模型的分析与AVISPA的OFMC分析终端的仿真,结果证明该认证协议克服了Althobaiti协议安全缺陷,且对计算能力的需求小于公钥加密.权衡安全性与计算成本,该协议适用于资源受限且安全需求高的无线传感器网络应用.To meet the application requirements in high-level security scenarios(i.e.,military,national security and banks),and further enhance the security for user authentication protocol in wireless sensor network(WSN),the biometric-based three-factor user authentication protocol(BTh-UAP)is proposed.For defending against the node compromise attack,the simulated attack,the man-in-the-middle attack and the privileged-insider attack in Althobaiti protocol,the smart card and password are taken as its basic secure factors,and the biometric identification that is operated by the biometric identification information generation and reply function is introduced as additional secure factor.In key management,a unique shared key for each node combined with gateway node is delivered to guarantee the independence and security in authentication phase.The shared key between user and gateway node is autonomously chosen to improve the security of the common communication channel.Furthermore,in the circumstance for non-participation of node,the updating scheme for password and biometric identification is designed to achieve the freshness.The results demonstrate that BTh-UAP not only overcomes Althobaiti’s security flaws,but also its requirements for computing capability are less than the public-key encryption via using the Dolev-Yao threat model analysis and AVISPA’s OFMC simulation.The tradeoff between security and computing costs indicates that BTh-UAP can be applied in high-level security scenarios for resource-constrained wireless sensor network.

关 键 词：无线传感器网络 信息安全 三因素 用户认证协议 生物特征标识 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]