Presentation is loading. Please wait.

Presentation is loading. Please wait.

User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:

Published byHester Wilcox Modified over 9 years ago

Similar presentations

Presentation on theme: "User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:"— Presentation transcript:

1 User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source: International Journal of Communication Systems, vol. 23, p.p. 1201-1222, 2010. Presenter: Yung-Chih Lu ( 呂勇志 ) Date: 2010/03/18 1

2 Outline Introduction Dynamic user authentication schemes Proposed Scheme Performance Evaluation Security Analysis Conclusion Comment 2

3 Introduction (1/3) Goal ◦ Mutual authentication and User privacy ◦ Saving resource  Computation cost  Communication cost  Storage Overhead 3

4 Introduction (2/3) Ubiquitous Sensor Network in NGN ◦ Support for a wide range of services ◦ Unrestricted access by users to different service providers 4 NGN : Next Generation Network GW: Registration Sensor Gateway UD : User’s Device LN: Sensor Login-Node

5 Introduction (3/3) Ubiquitous Sensor Network in NGN 5 NGN : Next Generation Network GW: Registration Sensor Gateway UD : User’s Device LN: Sensor Login-Node

6 Dynamic user authentication schemes (1/3) Registration Phase 6 User Device Sensor Gateway Sensor Login- Node UID, h(PW) 1.Compute N=h(PW) ㊉ h(x ㊉ UID) 2.Store UID, h(PW), N, TS Secure Channel Successful Reg. UID, N, TS (Lee-Chun Ko, IEEE ISWCS 2008) UID: A user’s identity ⊕ : Bitwise XOR operation TS: Timestamp PW: A user’s password h(.): A one-way hash function Store UID, N, TS

7 Dynamic user authentication schemes (2/3) Login & Authentication Phase 7 User Device Sensor Gateway Sensor Login-Node UID, A, t1 UID, C, t1,t3 A=h(h(PW) ㊉ t1) 1.Check(t2-t1)> △ T 2.Check UID C=h(A ㊉ h(N ㊉ t3)) 1.Check UID and t1 2.Check (t4-t3)> △ T 3.Verify if C=C’ Store t in the database A’=h(h(PW) ㊉ t1), C’=h(A’ ㊉ h(N ㊉ t3)) 4.MA SN =h(A ㊉ N ㊉ t5),MA U =h(A ㊉ h(PW)) Permit Login, MA SN ㊉ MA U, h(MA U ), t5 1.Check(t6-t5)> △ T 2. Compute MA SN =h(A ㊉ N ㊉ t5), 3.Verify h(MA U ) 4. Compute MA * U =h (MA U ||t7) UID: A user’s identity ⊕ : Bitwise XOR operation t, TS: Timestamp PW: A user’s password U: The user SN: The sensor login-node

8 Dynamic user authentication schemes (3/3) Login & Authentication Phase (Cont.) 8 User Device Sensor Gateway Sensor Login- Node Permit_Login, MA * U, t7 1.Check(t8-t7)> △ T 2.Compute MA U =h(A ㊉ h(PW)) 3.verify MA * U Password Change Phase UID, h(PW), h(PW’) 1.Check(UID, h(PW))in the database 2. N’=h(PW’) ㊉ h(x ㊉ UID) 3.Update UID, h(PW’), N’, TS’) Successful Change UID, N’, TS’ UID: A user’s identity ⊕ : Bitwise XOR operation t, TS: Timestamp PW: A user’s password U: The user SN: The sensor login-node Secure Channel

9 Proposed Scheme (1/3) Registration Phase 9 User Device Sensor Gateway Sensor Login- Node UID, vpw 1.Compute g=h(UID) 2. Compute TID=g ㊉ N 0 3.Compute X=h(TID||x) 4.Store TID, vpw, X, TS Secure Channel Succ_Reg(X, N 0 ) TID, X, TS vpw=h(PW) 1.Compute g = h(UID) 2.Compute TID=g ㊉ N 0 3.Store TID, X UID: A user’s identity ⊕ : Bitwise XOR operation t, T, TS: Timestamp PW: A user’s password N0, N1: Random nonces x: gateway’s Secret key ∆T: Allowed time interval for transmission delay Store TID, X, TS

10 Proposed Scheme (2/3) Login & Authentication Phase 10 User Device Sensor Gateway Sensor Login-Node TID, A, t TID, C K,T 0, t A=h(vpw||t) 1.Check TID 2.Check (T 0 -t) ≧△ T 3.C k =h(X ㊉ A ㊉ T 0 ) 1.Check TID and t 2.Check (T 1 -T 0 ) ≧△ T ; (T 0 -t) ≧△ T 3.Verify if C K =C K ’ Store t in the database A’=h(vpw||t), C K ’=h(X ㊉ A’ ㊉ T 0 ) 4.V M =h(X||A’||T 1 ) 5. Store t Acc_login, V M, T 1 1.Check (T 2 -T 1 ) ≧△ T 2.Verify V M = V M ’ V M ’=h(X||A||T 1 ) 3. Compute Y K =H(V M '||T 2 ) UID: A user’s identity ⊕ : Bitwise XOR operation PW: A user’s password N0, N1: Random nonces t, T, TS: Timestamp ∆T: Allowed time interval for transmission delay

11 Proposed Scheme (3/3) Login & Authentication Phase (Cont.) 11 User Device Sensor Gateway Sensor Login- Node Acc_login, Y K, T 1, T 2 Password Change Phase TID, vpw, vpw 1 1.Compute TID 1 =g ⊕ N 1 2.Compute X 1 =H(TID 1 ||x) 3.Compute TID 1 ’=TID 1 ⊕ X 4.Update TID, vpw, X, TS TID, TID 1 ’, X 1, TS 1 Compute vpw 1 =H(PW 1 ) Succ_Change(X1, N 1 ) 1.Obtain TID 1 =g ⊕ N 1 2.Update TID, X 1.Obtain TID 1 =TID 1 ’ ⊕ X 2.Update TID, X, TS 1.Check (T 3 -T 2 ) ≧△ T ; (T 2 -T 1 ) ≧△ T 2.Verify Y K =Y K ’ V M ''= h(X||A||T 1 ) Y K '= h(V M ''||T 2 ) TID:Temporary User ID ⊕ : Bitwise XOR operation t, T, TS: Timestamp PW: A user’s password N0, N1: Random nonces x: gateway’s Secret key ∆T: Allowed time interval for transmission delay Secure Channel

12 Performance Evaluation (1/4) Overheads Cost 12 K: The number of sensor nodes T XOR : The time for performing an XOR operation T H : The time for performing a one-way hash function C MH : The delay time for the communication taken place between the LN and the GW in multi-hops

13 Performance Evaluation (2/4) Functional Requirements 13

14 Performance Evaluation (3/4) Computational overheads for authentication 14

15 Performance Evaluation (4/4) Authentication latency time 15

16 Security Analysis (1/3) Replay attack ◦ Login message  Solution: timestamp ◦ Accept login message  Solution: timestamp Forgery attack with node capture attack ◦ Get TID, X, TS, C K, T 0, t  Solution: A cannot be capture ◦ Get TID, X, TS, TID, A, t  Solution: t is already in the database A: the stored bits by the adversary. B: the common stored bits by two neighboring sensor nodes α : the number of broadcasted random bits 16

17 Security Analysis (2/3) Man-in-the-middle attack ◦ Get TID, A, t, C K, T 0, t  Solution: X cannot be capture Stolen verifier attack with node capture attack ◦ Get vpw, TID, X, TS  Solution: user pseudomynity Secret key forward secrecy ◦ Get secret key x, TID, A, t  Solution: without knowing X=(TID||x) 17

18 Security Analysis (3/3) Provide user pseudonymity ◦ Reason: TID=h(UID) ㊉ N 0 Provide Mutual authentication ◦ Reason: common secret value 18

19 Conclusion The proposed protocols are robust against many security attacks and have better security properties in terms of user privacy and mutual authentication. They have analyzed the proposed schemes using simulations and the results show that both are quite efficient. 19

20 Comment Key Recovery In login phase, (T 0 -t) ≧△ T is an unnecessary check. Maybe ⊕ is simpler than ||. 20

Download ppt "User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:"

Similar presentations

A key agreement protocol using mutual Authentication for Ad-Hoc Networks IEEE 2005 Authors : Chichun Lo, Chunchieh Huang, Yongxin Huang Date : 2005_11_29.

A key agreement protocol using mutual Authentication for Ad-Hoc Networks IEEE 2005 Authors : Chichun Lo, Chunchieh Huang, Yongxin Huang Date : 2005_11_29.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:

Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.

LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟.

Computer and Information Security 期末報告 學號 姓名 莊玉麟.
An Authentication Scheme for Mobil Satellite Communication Systems Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 92321527) Date: 2004/05/26.

An Authentication Scheme for Mobil Satellite Communication Systems Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 ) Date: 2004/05/26.
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
A password authentication scheme with secure password updating SEC 期末報告 學號: 89321037 姓名:翁玉芬.

A password authentication scheme with secure password updating SEC 期末報告 學號: 姓名:翁玉芬.
1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.
Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security 92321509 Ming-Hong Shih.

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security Ming-Hong Shih.
90321011 孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : 2003.11.26 in Computers & Security.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,
APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.

APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Similar presentations

Ads by Google