Secure Multifactor Remote User Authentication Scheme for Internet
- Slides: 15
Secure Multi‐factor Remote User Authentication Scheme for Internet of Things Environments u. Source : International Journal of Communication Systems, In Press, 2017 u. Authors : Parwinder Kaur Dhillon and Sheetal Kalra u. Speaker : Hsiao-Ling Wu u. Date: 2017/09/07 1
Outline Introduction Proposed scheme Security analysis Performance analysis Conclusions 2
Introduction proposed network model 3
Proposed scheme(1/9) The registration phase The login phase The authentication phase Password change phase User Gateway Sensor 4
Proposed scheme(2/9) Notation Ui GWN Description A user A gateway Sj A sensor node Xg Secure password known only to the GWN Xgu, Xgn IDi, PWi, Bi NIDj MIi, MPi n, m Secured password shared with the user and with the sensor node User’s identity, password, biometric Sensor node’s identity User’s masked identity and password Two random numbers 5
Proposed scheme(3/9) The registration phase for user Gateway User Choose IDi, PWi, Bi Select random ri MPi = H(ri||PWi) MIi = H(ri||IDi) MBi = BH(ri||Bi) MPi, MIi, MBi Secure channel SC Add ri into SC SC = {ri, ei, fi, Xgu} Secure channel xi = H(MIi||Xg) yi = H(MPi||Xgu) zi = H(MBi||Xgu) ei = yi ⊕ xi fi = zi⊕ xi Smart card SC = {ei, fi, Xgu} 6
Proposed scheme(4/9) The registration phase for sensor node Xgn, NIDj Gateway Sensor Select random rj MPj = H(Xgn||rj||NIDj) MNj = rj⊕Xgn RMPj = MPj ⊕MNj NIDj, RMPj, MNj ej, xj Store rj, ej, xj into memory rj* = MNj⊕Xgn MPj* =? H(Xgn||rj*||NIDj) MPj = RMPj ⊕MNj MPj* =? MPj xj = H(NIDj||Xg) yj = H(MPj||Xgn) ej = xj⊕yj 7
Proposed scheme(5/9) The login phase SC = {ri, ei, fi, Xgu} User Input IDi*, PWi*, Bi* MIi* = H(ri||IDi*) MPi* = H(ri||PWi*) MBi* = BH(ri||Bi*) yi* = H(MPi*||Xgu) zi* = H(MBi*||Xgu) yi = ei ⊕ xi zi = f i ⊕ x i yi =? yi* zi =? zi* UNi=H(yi || zi ||Xgu||TS 1) UZi = n ⊕ xi Sensor MIi, ei, fi, UNi, UZi, TS 1 8
Proposed scheme(6/9) The authentication phase rj , e j , x j User MIi, ei, fi, UNi, UZi, TS 1 Gateway sensor Check |TS 1 -Tc| < △T yj = ej ⊕ xj Aj = H(Xgn||TS 1||TS 2)⊕yj MIi, ei, fi, UNi, NIDj, ej, Aj, TS 1, TS 2 9
Proposed scheme(7/9) The authentication phase sensor MIi, ei, fi, UNi, NIDj, ej, Aj, TS 1, TS 2 R 1, Hj, Vi, TS 1, TS 2, TS 3 Gateway Check |TS 2 -Tc| < △T xj* = h(NIDj*||Xg) yj* = ej ⊕ xj* yj = H(Xgn||TS 1||TS 2)⊕ Aj yj* =? yj xi* = h(MIi||Xg) yi* = ei ⊕ xi* zi* = fi ⊕ xi* UNi* =H(yi* || zi* ||Xgu||TS 1) UNi* =? UNi R 1 = xi* ⊕H(xj*||Xgn) Hj = H(xj*||Xgn||TS 1|| TS 2||TS 3) Vi = H(UNi* ||TS 1|| TS 2 ||TS 3) 10
Proposed scheme(8/9) The authentication phase User sensor Check |TS 3 -Tc| < △T Hj =? H(xj*||Xgn||TS 1|| TS 2||TS 3) xi* = R 1⊕H(xj||Xgn) n = UZi ⊕ xi* R = H(xi*||NIDj||TS 1|| TS 2||TS 3||TS 4)⊕m R 2 , T 1 , T 2 , T 3 , T 4 , V i 2 SK = H(H(n⊕m)||TS 1|| TS 2) Check |TS 4 -Tc| < △T Vi = H(UNi ||TS 1|| TS 2 ||TS 3) m = R 2⊕H(xi||NIDj||TS 1|| S 2||TS 3||TS 4) SK = H(H(n⊕m)||TS 1|| TS 2) 11
Proposed scheme(9/9) Password change phase SC = {ri, ei, fi, Xgu} User Input PWi*, Bi* MPi* = H(ri||PWi*) MBi* = BH(ri||Bi*) yi* = H(MPi*||Xgu) zi* = H(MBi*||Xgu) yi = ei ⊕ xi zi = f i ⊕ x i yi =? yi* zi =? zi* Input NPWi NMPi = H(ri||NPWi) nyi = H(NMPi||Xgu) nei = nyi ⊕ xi SC = {ri, nei, fi, Xgu} 12
Security analysis 11. An Y. Security analysis and enhancements of an effective biometric‐based remote user authentication scheme using smart cards. Biomed Res Int. 2012; 2012. 19. Chen B‐L, Kuo W‐C, Wuu L‐C. Robust smart‐card‐based remote user password authentication scheme. Int J Commun Syst. 2014; 27 (2): 377‐ 389. 16. Yeh H‐L, Chen T‐H, Liu P‐C, Kim T‐H, Wei H‐W. A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors. 2011; 11(5): 4767‐ 4779. 20. Xue K, Ma C, Hong P, Ding R. A temporal‐credential‐based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl. 2013; 36(1): 316‐ 323. 22. Turkanović M, Brumen B, Hölbl M. A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion. Ad Hoc Netw. 2014; 20: 96‐ 112. 38. Das AK, Goswami A. A robust anonymous biometric‐based remote user authentication scheme using smart cards. Journal of King Saud University‐Comput Inform Sci. 2015; 27(2): 193‐ 210. 43. He D, Kumar N, Chilamkurti N. A secure temporal‐credential‐based mutual authentication and key agreement scheme for wireless sensor networks, in Wireless and Pervasive Computing (ISWPC), 2013 International Symposium on, 2013; 1– 6. 13 29. Li C‐T, Weng C‐Y, Lee C‐C. An advanced temporal credential‐based security scheme with mutual authentication and key agreement for wireless sensor networks. Sensors. 2013; 13 (8): 9589‐ 9603.
Performance analysis 11. An Y. Security analysis and enhancements of an effective biometric‐based remote user authentication scheme using smart cards. Biomed Res Int. 2012; 2012. 19. Chen B‐L, Kuo W‐C, Wuu L‐C. Robust smart‐card‐based remote user password authentication scheme. Int J Commun Syst. 2014; 27 (2): 377‐ 389. 16. Yeh H‐L, Chen T‐H, Liu P‐C, Kim T‐H, Wei H‐W. A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors. 2011; 11(5): 4767‐ 4779. 20. Xue K, Ma C, Hong P, Ding R. A temporal‐credential‐based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl. 2013; 36(1): 316‐ 323. 22. Turkanović M, Brumen B, Hölbl M. A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion. Ad Hoc Netw. 2014; 20: 96‐ 112. 38. Das AK, Goswami A. A robust anonymous biometric‐based remote user authentication scheme using smart cards. Journal of King Saud University‐Comput Inform Sci. 2015; 27(2): 193‐ 210. 43. He D, Kumar N, Chilamkurti N. A secure temporal‐credential‐based mutual authentication and key agreement scheme for wireless sensor networks, in Wireless and Pervasive Computing (ISWPC), 2013 International Symposium on, 2013; 1– 6. 14 29. Li C‐T, Weng C‐Y, Lee C‐C. An advanced temporal credential‐based security scheme with mutual authentication and key agreement for wireless sensor networks. Sensors. 2013; 13 (8): 9589‐ 9603.
Conclusions Multi‐factor authentication scheme High security level lightweight Less storage 15
- My doom
- Rfc4949
- Remote authentication dial-in user service
- Security services x.800
- Iff
- Bomgar secure remote access
- Secure remote service
- Dell secure connect gateway
- Ssh_msg_kexinit
- Secure remote login ssh
- Ffiec authentication in an internet banking environment
- Arbitrage pricing theory model
- Multifactor models of risk and return
- Multifactor productivity example
- Multifactor productivity operations management
- Multifactor apt formula