对两个无线传感器网络中匿名身份认证协议的安全性分析

针对设计安全高效的无线传感器网络环境下匿名认证协议的问题,基于广泛接受的攻击者能力假设,采用基于场景的攻击技术,对新近提出的两个无线传感器网络环境下的双因子匿名身份认证协议进行了安全性分析。指出刘聪等提出的协议(刘聪,高峰修,马传贵,等.无线传感器网络中具有匿名性的用户认证协议.计算机工程,2012,38(22):99-103)无法实现所声称的抗离线口令猜测攻击,且在协议可用性方面存在根本性设计缺陷;指出闫丽丽等提出的协议(闫丽丽,张仕斌,昌燕.一种传感器网络用户认证与密钥协商协议.小型微型计算机系统,2013,34(10):2342-2344)不能抵抗用户仿冒攻击和离线口令猜测攻击,且无法实现用户不可追踪性。结果表明,这两个匿名身份认证协议都存在严重安全缺陷,不适于在实际无线传感器网络环境中应用。

Cryptanalysis of two anonymous user authentication schemes for wireless sensor networks

Aiming at the problem of designing secure and efficient user authentication protocols with anonymity for wireless sensor networks, based on the widely accepted assumptions about the capabilities of attackers and using the scenarios-based attacking techniques, the security of two recently proposed two-factor anonymous user authentication schemes for wireless sensor networks was analyzed. The following two aspects were pointed out:1) the protocol suggested by Liu etc. (LIU C, GAO F, MA C, et al. User authentication protocol with anonymity in wireless sensor network. Computer Engineering, 2012, 38(22):99-103) cannot resist against offline password guessing attack as the authors claimed and is also subject to a serious design flaw in usability; 2) the protocol presented by Yan etc. (YAN L, ZHANG S, CHANG Y. A user authentication and key agreement scheme for wireless sensor networks. Journal of Chinese Computer Systems, 2013, 34(10):2342-2344) cannot withstand user impersonation attack and offline password guessing attack as well as fall short of user un-traceability. The analysis results demonstrate that, these two anonymous authentication protocols have serious security flaws, which are not suitable for practical applications in wireless sensor networks.