Jongho Moon, Youngsook Lee, Hyungkyu Yang, Taeui Song, Dongho Won
{"title":"Cryptanalysis of a privacy-preserving and provable user authentication scheme for wireless sensor networks based on Internet of Things security","authors":"Jongho Moon, Youngsook Lee, Hyungkyu Yang, Taeui Song, Dongho Won","doi":"10.1109/ICOIN.2018.8343154","DOIUrl":null,"url":null,"abstract":"User authentication in wireless sensor networks is more complex than normal networks due to sensor network characteristics such as unmanned operation, limited resources, and unreliable communication. For this reason, various authentication protocols have been presented to provide secure and efficient communication. In 2017, Wu et al. presented a provable and privacy-preserving user authentication protocol for wireless sensor networks. Unfortunately, we found that Wu et al.'s protocol was still vulnerable against user impersonation attack, and had a problem in the password change phase. We show how an attacker can impersonate an other user and why the password change phase is ineffective.","PeriodicalId":228799,"journal":{"name":"2018 International Conference on Information Networking (ICOIN)","volume":"61 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Information Networking (ICOIN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOIN.2018.8343154","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
User authentication in wireless sensor networks is more complex than normal networks due to sensor network characteristics such as unmanned operation, limited resources, and unreliable communication. For this reason, various authentication protocols have been presented to provide secure and efficient communication. In 2017, Wu et al. presented a provable and privacy-preserving user authentication protocol for wireless sensor networks. Unfortunately, we found that Wu et al.'s protocol was still vulnerable against user impersonation attack, and had a problem in the password change phase. We show how an attacker can impersonate an other user and why the password change phase is ineffective.