物联网应用中基于生物识别的安全用户认证协议的密码分析

2022 3rd International Conference on Communication, Computing and Industry 4.0 (C2I4) Pub Date : 2022-12-15 DOI:10.1109/C2I456876.2022.10051341

P. Ramalingam, P. Pabitha

{"title":"物联网应用中基于生物识别的安全用户认证协议的密码分析","authors":"P. Ramalingam, P. Pabitha","doi":"10.1109/C2I456876.2022.10051341","DOIUrl":null,"url":null,"abstract":"In the 21st century various Biometric based user authentication schemes for Internet of Things network applications are evolving. As a part, Vinoth et al. proposed an Biometric authenticated key agreement scheme for industrial IoT. As the IoT environments are rapidly connecting with various public networks for the communication and data transfer, there are high chance for security attacks. The schemes used in these kind of IoT networks needs to maintain the security with lightweight operations. Validation of existing schemes are highly important to protect the environment. We cryptanalysis the Vinoth et al.'s scheme and identified a security design flaw. Their scheme is failed to protect the biometric and not achieving the key freshness. As a result, their scheme is vulnerable to Biometric template attack, user impersonation attack and failed to meet the user anonymity security feature. This work proposes a technique to address the flaws identified. The proposed scheme has been implemented and verified using the AVISPA simulator.","PeriodicalId":165055,"journal":{"name":"2022 3rd International Conference on Communication, Computing and Industry 4.0 (C2I4)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Cryptanalysis of Biometric Based Secure User Authentication Protocol for IoT Applications\",\"authors\":\"P. Ramalingam, P. Pabitha\",\"doi\":\"10.1109/C2I456876.2022.10051341\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the 21st century various Biometric based user authentication schemes for Internet of Things network applications are evolving. As a part, Vinoth et al. proposed an Biometric authenticated key agreement scheme for industrial IoT. As the IoT environments are rapidly connecting with various public networks for the communication and data transfer, there are high chance for security attacks. The schemes used in these kind of IoT networks needs to maintain the security with lightweight operations. Validation of existing schemes are highly important to protect the environment. We cryptanalysis the Vinoth et al.'s scheme and identified a security design flaw. Their scheme is failed to protect the biometric and not achieving the key freshness. As a result, their scheme is vulnerable to Biometric template attack, user impersonation attack and failed to meet the user anonymity security feature. This work proposes a technique to address the flaws identified. The proposed scheme has been implemented and verified using the AVISPA simulator.\",\"PeriodicalId\":165055,\"journal\":{\"name\":\"2022 3rd International Conference on Communication, Computing and Industry 4.0 (C2I4)\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 3rd International Conference on Communication, Computing and Industry 4.0 (C2I4)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/C2I456876.2022.10051341\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 3rd International Conference on Communication, Computing and Industry 4.0 (C2I4)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/C2I456876.2022.10051341","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

在21世纪，各种基于生物识别的物联网网络应用用户认证方案正在不断发展。Vinoth等人提出了一种用于工业物联网的生物识别认证密钥协议方案。随着物联网环境与各种公共网络快速连接以进行通信和数据传输，安全攻击的可能性很高。在这类物联网网络中使用的方案需要通过轻量级操作来维护安全性。验证现有计划对保护环境非常重要。我们对Vinoth等人的方案进行了密码分析，发现了一个安全设计缺陷。他们的方案未能保护生物特征，也没有达到关键的新鲜度。因此，该方案容易受到生物特征模板攻击、用户冒充攻击，无法满足用户匿名的安全特性。这项工作提出了一种技术来解决已识别的缺陷。该方案已在AVISPA模拟器上实现并验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Cryptanalysis of Biometric Based Secure User Authentication Protocol for IoT Applications

In the 21st century various Biometric based user authentication schemes for Internet of Things network applications are evolving. As a part, Vinoth et al. proposed an Biometric authenticated key agreement scheme for industrial IoT. As the IoT environments are rapidly connecting with various public networks for the communication and data transfer, there are high chance for security attacks. The schemes used in these kind of IoT networks needs to maintain the security with lightweight operations. Validation of existing schemes are highly important to protect the environment. We cryptanalysis the Vinoth et al.'s scheme and identified a security design flaw. Their scheme is failed to protect the biometric and not achieving the key freshness. As a result, their scheme is vulnerable to Biometric template attack, user impersonation attack and failed to meet the user anonymity security feature. This work proposes a technique to address the flaws identified. The proposed scheme has been implemented and verified using the AVISPA simulator.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 3rd International Conference on Communication, Computing and Industry 4.0 (C2I4)

自引率

0.00%

发文量