适用于无线传感器网络的动态ID认证方案  被引量：3

作　　者：昝亚洲 刘文芬 魏江宏 王君 

机构地区：[1]数学工程与先进计算国家重点实验室 [2]92187部队

出　　处：《密码学报》2014年第5期422-436,共15页Journal of Cryptologic Research

基　　金：国家重点基础研究发展项目(973计划)(2012CB315905)

摘　　要：目前,无线传感器网络以其成本低、部署方便、组网灵活等特点已被广泛应用于军事和民用领域.但由于无线传感器网络具有环境开放、信道公共、节点资源限制等特点,因此相对传统网络更容易受到安全方面的威胁和挑战.尤其近些年来,随着无线传感器网络的发展,外部用户需直接访问传感器内部节点来获取相应服务,因此如何认证外部用户身份,只允许合法用户获取传感节点数据,已成为当前传感器网络安全领域的热点问题.最近,Yuan提出一个加强的双因子外部用户认证方案,并声称其方案能够抵抗各种攻击,且用GNY逻辑证明了其安全性.然而本文发现Yuan方案不能抵抗离线口令猜测攻击、匹配泄露攻击和网关节点冒充攻击,且未能实现会话密钥协商.为克服这些安全缺陷,本文引入椭圆曲线公钥密码技术提出一个新方案,并做了安全和效率分析.结果表明,新方案弥补了原方案的不足,且保持了较高的效率,更适用于实际环境.最后,用SPALL方法证明了新方案满足密钥协商正确性、密钥机密性、外部用户与网关节点的相互认证及传感器节点与网关节点的相互认证.At present, wireless sensor networks(WSNs) have been widely used in military and industry. Because WSNs have some special properties, such as open environment, public channel and limited nodecapacity, they are facing more security threats than the traditional networks. With the development of WSNs, external users need to access real-time data directly from the desired nodes inside WSNs without involving the gateway node. How to authenticate user identity that allows only authorized users to access the data is one of the important security issues in the field of WSNs. Recently, Yuan proposed an enhanced two-factor user authentication scheme for WSNs. Then he illustrated that his scheme could be free of potential network attacks, and validated the scheme by using GNY logic. However, this paper shows that his scheme is vulnerable to off-line password guessing attack, privileged insider attack and gateway node impersonation attack, and it cannot provide the protection of query response. To overcome these security weaknesses, we propose a novel dynamic ID-based user authentication scheme for WSNs by using the elliptic curve public key cryptography. By security and performance analysis, we show that the new scheme eliminates the defects of Yuan's scheme while keeping a high performance. Besides, according to SPALL proof and security analysis, the new scheme has correctness of key agreement, key confidentiality and authentication.

关 键 词：身份认证 智能卡 椭圆曲线密码 无线传感器网络 

分 类 号：TN929.5[电子电信—通信与信息系统] TP212.9[电子电信—信息与通信工程]