面向多网关的无线传感器网络多因素认证协议

Multi factor User Authentication Scheme for Multi gateway Wireless Sensor Networks

无线传感器网络作为物联网的重要组成部分,广泛应用于环境监测、医疗健康、智能家居等领域.身份认证为用户安全地访问传感器节点中的实时数据提供了基本安全保障,是保障无线传感器网络安全的第一道防线;前向安全性属于系统安全的最后一道防线,能够极大程度地降低系统被攻破后的损失,因此一直被学术及工业界视为重要的安全属性.设计面向多网关的可实现前向安全性的无线传感器网络多因素身份认证协议是近年来安全协议领域的研究热点.由于多网关无线传感器网络身份认证协议往往应用于高安全需求场景,一方面需要面临强大的攻击者,另一方面传感器节点的计算和存储资源却十分有限,这给如何设计一个安全的多网关无线传感器网络身份认证协议带来了挑战.近年来,大量的多网关身份认证协议被提出,但大部分都随后被指出存在各种安全问题.2018年,Ali等人提出了一个适用于农业监测的多因素认证协议,该协议通过一个可信的中心(基站)来实现用户与外部的传感器节点的认证;Srinivas等人提出了一个通用的面向多网关的多因素身份认证协议,该协议不需要一个可信的中心,而是通过在网关之间存储共享秘密参数来完成用户与外部传感器节点的认证.这两个协议是多网关无线传感器网络身份认证协议的典型代表,分别代表了两类实现不同网关间认证的方式:1)基于可信基站,2)基于共享秘密参数.分析指出这两个协议对离线字典猜测攻击、内部攻击是脆弱的,且无法实现匿名性和前向安全性.鉴于此,本文提出一个安全增强的可实现前向安全性的面向多网关的无线传感器网络多因素认证协议.该协议采用Srinivas等协议的认证方式,即通过网关之间的共享秘密参数完成用户与外部传感器节点的认证,包含两种典型的认证场景.对新协议进行了BAN逻辑分析及启发式分析,分析结果表明该协议实现了双向认证,且能够安全地协商会话密钥以及抵抗各类已知的攻击.与相关协议的对比结果显示,新协议在提高安全性的同时,保持了较高的效率,适于资源受限的无线传感器网络环境.

Wireless sensor networks,as a fundamental infrastructure of internet of things,have played an important role in security-critical applications,such as environmental monitoring,personas health and smart home.User authentication can guarantee that users securely access real-time data in sensor nodes,and it is the first line of defense to ensure the security of wireless sensor networks.In addition,forward security can be regarded as the last line of defense for the security of systems,which can greatly reduce the loss of information security after the system is compromised.Therefore,it has been regarded as an important security attribute by academics and industry.The design of a multifactor user authentication for multi-gateway wireless sensor networks has attracted intensive discussions in the field of security protocols.However,confronted with a powerful adversary,resource-constrained hardware and an impressive list of attributes,it is full of challenging in designing a secure user authentication scheme for multi-gateway wireless sensor networks.Recently,many multi-factor user authentication schemes for multi-gateway wireless sensor networks are proposed,but most of them are found insecure shortly.Specifically,most of them cannot resist smart card loss attacks,insider attacks and cannot achieve user anonymity and forward secrecy.In 2018,Ali et al.proposed a multi-factor user authentication scheme for agriculture monitoring under multi-gateway wireless sensor networks.In Ali et al.’s scheme,a trusted center(base station)is required to support the authentication between users and sensor nodes that are not connected to the home gateway.In the same year,Srinivas et al.’s also presented a multi-factor authentication for multigateway wireless sensor networks,their scheme does not need a trusted center,and it builds a shared secret key to finish the authentication between users and foreign sensor nodes.These two schemes are typical representatives of multi-factor user authentication schemes for multi-gateway wireless sensor networks,and they represent two types of authentication methods for the authentication between different gateways:1)based on the trusted base station;2)based on the shared secret parameters.In this paper,we analyze these two recent typical user authentication schemes for multi-gateway wireless sensor networks,hoping to take these two schemes as study cases to identify the common weaknesses of user authentication schemes and providing corresponding specific solutions.We find that they both are vulnerable to offline-dictionary guessing attack,insider attack and fail to achieve forward secrecy and user anonymity.To overcome these weaknesses,we propose an enhanced multifactor user authentication scheme for multi-gateway wireless sensor networks with forward secrecy.The proposed scheme adopts Srinivas et al.’s method and achieves the authentication between users and foreign sensor nodes by using a shared secret key among gateways,including two typical authentication scenarios.We prove that it achieves mutual authentication,provides secure session key agreement and can resist to know attacks via BAN logic and heuristic analysis.We compare it with several typical relevant user authentication schemes for multi-gateway wireless sensor networks from the security and performance.The results show that the proposed scheme provides better security for the applications of multi-gateway wireless sensor networks that have high security requirements,and thus it is more suitable to resource-constrained environments.