A Study on Symmetric-Key based User Authentication in IoT
DOI:
https://doi.org/10.14419/ijet.v7i2.33.18011Published:
2018-06-08Keywords:
IoT, User Authentication, Symmetric-Key, Smart-Card, Attack, Wireless Sensor Network.Abstract
Background/Objectives: The user authentication scheme by Lee et al., during logins, contains errors of identifiable user IDs and vulnerability to attacks as significant random numbers of servers are easily calculated.
Methods/Statistical analysis: User authentication scheme by Lee et al., utilizes message values from login requests. At this point, to avoid the issues of unidentifiable user IDs, which supposed to be from the messages, but are omitted, being used for calculations, they are set to be stored in RGB instead. For random number issues being easily calculated, when executing logins with smart-cards issued for users who completed server registrations, h(b||x) is used instead.
Findings: The thesis modified the uses of unidentifiable user IDs from login request messages for authentications into of stored values which resulted from connections between user IDs and a secret key, by servers. Servers practice registrations, calculating figures, including Ji, Qi, Yi, Ri, Li, Ai, Mi and AIDi by using the received IDi, calculated RPWi, secret key k, withdrawal of user registration request Ni and random number b. At this point, having servers use IDi⊕x stored in RGR, instead of the problematic unidentifiable user IDs, IDi, for calculations of Ji, Yi and AIDi, authentication process is improved.
Random number b is significant for authentications. If it is exposed to attackers, it can be abused by various attacks. To improve the random number being easily calculated during user logins with issued smart-cards, the Ri, Li and Ai formulas using b were modified into using h(b||x). During logins, smart-cards calculate ri=Ki⊕h(IDi||PWi) and RPWi=h(ri||PWi) with IDiand PWi, and h(b||x)=Ri⊕h(IDi||x) with Bi, Ri and the deducted h(IDi||x)=Bi⊕RPWi⊕ri. Deducting b via using h(b||x) is unavailable.
Improvements/Applications: Based on the proposed authentication scheme by Lee et al., errors prior to authentication and random number being easily calculated are improved, hence, enabled countermeasures against attacks abusing random number.
References
[1] Kim, D.H. (2013). Security for IoT Service. Journal of Korea Institute of Communication and Information Services, 30(8), 53-65.
[2] Pyo,C.S., Kang, H.Y.,Kim, N. S., Bang, H.C.(2013). IoT (M2M) technology trends and development prospects. Journal of The Korean Institute of Communication Sciences, 30(8), 3-10.
[3] Park, K.S., Lee, S.Y., Park, Y.H., Park, Y.H.(2015). An ID-based Remote User Authentication Scheme in IoT. Journal of Korea Multimedia Society, 18(12), 1483-1491.
[4] Moon, J. H., Choi, Y. S., Won, D. H. (2016). A Secure Attribute-based Authentication Scheme for Cloud Computing. KIISE Transaction on Computing Practices, 22(8), 345- 350.
[5] Wang, Y. Y.,Liu, J. Y., Xiao, F. X., Dan, J. (2009). A more Efficient and Secure Dynamic ID-based Remote User Authentication Scheme. Computer Communications, 32(4), 583-585.
[6] Chang,Y. F.,Tai, W. L., Chang, H. C. (2014). Untraceable Dynamic-identity-based Remote User Authentication Scheme with Verifiable Password Update. International Journal of Communication Systems, 27(11), 3430-3440.
[7] Li, X., Niu, J.,Liao, J., Liang, W. (2015).Cryptanalysis of a Dynamic Identity-based Remote User Authentication Scheme with Verifiable Password Update. International Journal of Communication Systems, 28(2), 374-382.
[8] Kumari, S., Khan, M.K.,Li, X. (2014).An Improved Remote User Authentication Scheme with Key Agreement. Computers & Electrical Engineering, 40(6), 1997-2012.
[9] Ramasamy, R.,Muniuandi, A.P. (2009).New Remote Mutual Authentication Scheme Using Smart Cards. Transactions on Data Privacy, 2(2), 141-152.
[10] Lee, Y. S., Won, D. H. (2010). Cryptanalysis and Enhancement of a Remote User Authentication Scheme Using Smart Cards. Journal of the Korea Society of Computer and Information, 15(1), 139-147.
[11] Hwang, M. S., Li, L. H.(2002). A New Remote User Authentication Scheme using Smart Cards. IEEE transactions on Consumer Electronics, 46(1), 28-30.
[12] Kim, H.S.(2015). Remote User Authentication Scheme with Key Agreement Providing Forward Secrecy. Journal of Security Engineering, 12(1), 1-12.
[13] Lee, S.Y., Park, K.S., Park, Y.H., Park, Y. H. (2016). Symmetric Key-Based Remote User Authentication Scheme with Forward Secrecy. Journal of Korea Multimedia Society, 19(3), 585-594.
[14] Moon, J.H., Won, D.H.(2017). An Enhanced Symmetric Key-Based Remote User Authentication Scheme with Forward Secrecy. Journal of Korea Multimedia Society,20(3), 500-510.
How to Cite
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution Licensethat allows others to share the work with an acknowledgement of the work''s authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal''s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Accepted 2018-08-20
Published 2018-06-08