Browse > Article
http://dx.doi.org/10.7236/JIIBC.2014.14.1.147

Analysis on Security Vulnerabilities of a Biometric-based User Authentication Scheme for Wireless Sensor Networks  

Joo, Young-Do (Dept. of Computer and Media Information, Kangnam University)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.14, no.1, 2014 , pp. 147-153 More about this Journal
Abstract
The numerous improved schemes of remote user authentication based on password have been proposed in order to overcome the security weakness in user authentication process. Recently, some of biometric-based user authentication schemes to use personal biometric information have been introduced and they have shown the relatively higher security and the enhanced convenience as compared to traditional password-based schemes. These days wireless sensor network is a fundamental technology in face of the ubiquitous era. The wireless sensor networks to collect and process the data from sensor nodes in increasing high-tech applications require important security issues to prevent the data access from the unauthorized person. Accordingly, the research to apply to the user authentication to the wireless sensor networks has been under the progress. In 2010, Yuan et al. proposed a biometric-based user authentication scheme to be applicable for wireless sensor networks. Yuan et al. claimed that their scheme is effectively secure against the various security flaws including the stolen verifier attack. In this paper, author will prove that Yuan et al.'s scheme is still vulnerable to the password guessing attack, user impersonation attack and the replay attack, by analyzing their security weakness.
Keywords
Authentication Scheme; Biometrics; Wireless Sensor Network; Password Guessing Attack; Impersonation Attack;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 H. Jeong, J. O. Lee, N. S. Park, and J. Y. Lee, et al., "Technical Trends of Sensor Networking", Electronic and Telecommunication Trends, Vol. 22, No. 3, pp. 80-89, 2005.   과학기술학회마을
2 J. K. Lee, S. R. Ryu, and K. Y. Yoo, "Fingerprint-based Remote User Authentication Scheme Using Smart Cards", Electronic Letters, Vol. 38, No. 12, pp. 554-555, 2002.   DOI   ScienceOn
3 A. K. Das, "Analysis and Improvement on an Efficient Biometric-based Remote User Authentication Scheme Using Smart Cards", IET Information Security, Vol. 5, No. 3, pp. 541-552, 2011.
4 H. Lee, and Y. Park, "A Design and Implementation of User Authentication System using Biometric Information", Journal of Korea Academia-Industrial Cooperation Society, Vol. 11, No. 9, pp. 3548-3557, 2010.   과학기술학회마을   DOI
5 C. T. Li, and M. S. Hwang, "An Efficient Biometrics-based Remote User Authentication Scheme Using Smart Cards", Journal of Network and Computer Applications, Vol. 33, pp. 1-5, 2010.   DOI   ScienceOn
6 D. S. Wang, and J. Li, "A Novel Mutual Authentication Scheme Based on Fingerprint Biometric and Nonce Using Smart Cards", International Journal of Security and its Application, Vol. 5, No. 4, pp. 1-12, 2011.
7 J. Yuan, C. Jiang, and Z. Jiang, "A Biometric-Based User Authentication for Wireless Sensor Networks", Wuhan University Journal of Natural Science, Vol. 15, No. 3, pp. 272-276, 2010.   DOI
8 L. Lamport, "Password Authentication with Insecure Communication", Communications of the ACM, Vol. 24, No. 11, pp. 770-772, 1981.   DOI   ScienceOn
9 J. J. Shen, C. W. Lin, and M. S. Hwang, "Security Enhancement for Timestamp-based Password Authentication Scheme Using Smart Cards", Computers and Security, Vol. 22, No. 7, pp. 591-595, 2003.   DOI   ScienceOn
10 E. J. Yoon, E. K. Ryu, and K. Y. Yoo, "Further Improvements of an Efficient Password based Remote User Authentication Scheme Using Smart Cards", IEEE Transaction on Consumer Electronics, Vol. 50, No. 2, pp. 612-614, 2004.   DOI   ScienceOn
11 Y. Joo, and Y. An, "Security Improvement of Remote User Authentication Scheme based on Smart Cards", Journal of Institute of Internet, Broadcasting and Communication, Vol. 11, No. 5, pp. 131-137, 2011.
12 C. J. Fan, Y. C. Chan, and Z. K. Zhang, "Robust Remote Authentication Scheme with Smart Cards", Computers and Security, Vol. 24, No. 8, pp. 619-628, 2005.   DOI   ScienceOn
13 C. W. Lin, C. S. Tsai, and M. S. Hwang, "A New Strong-Password Authentication Scheme Using One-Way Hash Functions", Journal of Computer and Systems Sciences International, Vol. 45, No. 4, pp. 623-626, 2006.   DOI   ScienceOn
14 C. Lin, and C. Hung, "Cryptanalysis and Improvement on Lee-Chen's One-Time Password Authentication Scheme", International Journal of Security and its Application, Vol. 2, No. 2, pp. 1-8, 2008.
15 R. Watro, D. Kong, and S. Cuti, et al., "Securing Sensor Networks with Public Key Technology", ACM Workshop Security of Ad Hoc Sensor Network, ACM Press, pp. 59-64, 2004.
16 A. Perrig, R. Szewczyk, and V. Wen, et al., "SPINS: Security Protocols for Sensor Networks", Wireless Networks, Vol. 8, No. 5, pp. 521-534, 2002.   DOI   ScienceOn
17 N. Sastry, and D. Wagner, "Security Considerations for IEEE 802.15.4 Networks", ACM Workshop Wireless Security, ACM Press, pp. 32-42, 2004.
18 M Choi, T. Kim, S. Yeo, and E. Choi, "A Study on the Network Security Level Management", Journal of Korean Institute of Information Technology, Vol. 7, No. 1, pp. 214-219, 2009.
19 K. Wong, Y. Zheng, and J. Cao, et al., "A Dynamic User Authentication Scheme for Wireless Sensor Networks", IEEE International Conference Sensor Networks, Ubiquitous, Trustyworthy Computing, IEEE Computing Society, pp. 244-251, 2006.
20 P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis", Proceedings of Advances in Cryptology, pp. 388-397, 1999.
21 T. S. Messerges, E. A. Dabbish, and R. H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks", IEEE Transactions on Computers, Vol. 51, No. 5, pp. 541-552, 2002.   DOI   ScienceOn