隨著網路科技的快速發展,物聯網(IoT)和無線感測器網路(WSN)被廣泛使用在多種服務,如智慧居家、醫療保健、監測管理等。現在幾乎人手一機的時代,使用者能方便快速的利用通訊裝置連線至IoT節點,可以更便利的監督及管理。為了保護使用者的資訊,遠端安全驗證機制變得相當重要。以往基於密碼和智慧卡的雙因子認證機制較容易被攻擊,許多學者提出改善機制,如Dhillon等人所提出的物聯網遠端基於密碼、智慧卡和生物識別三個因子認證的驗證機制,但本研究發現該機制存在著許多安全漏洞,如智慧裝置遺失/竊取攻擊、仿冒攻擊、拒絕服務攻擊、中間人及平行會話攻擊及不具匿名性等。另外,Jiang等人改善Amin等人基於WSN的三因子認證機制,提出基於Rabin密碼系統的遠端使用者認證機制,但本研究發現該機制也存有安全漏洞,如偽裝感測節點攻擊及會議金鑰的前向私密性等問題。本研究並提出一個基於Dhillon等人機制的IoT無線感測網路的遠端使用者認證機制,透過安全性分析可以證明所提機制可有效的防制可能的安全漏洞,我們並藉由與現有機制的安全性及效能比較,說明新的機制將更適用於IoT的遠端使用者認證。
With the rapid development of the network. Internet of things (IoT) and Wireless Sensor Network (WSN) widely used in a variety of services such as the smart house, healthcare and monitor management. Nowadays, in almost an era smartphone, users can quickly and conveniently connect their device to the IoT node for supervision or management. To protect user information, the remote user authentication scheme of IoT becomes more critical.The past two-factor authentication based on passwords and smart cards is easier to attack. Many scholars proposed their schemes that are three-factors authentications based on the password, smart card, and biometric. Among them, Dhillon et al. proposed a lightweight biometrics based remote user authentication scheme. However, we found that Dhillon et al. authentication has several flaws such as stolen/lost smart device attacks, impersonation attacks, denial-of-service attacks, parallel session attacks, and no user anonymity.
In addition, Jiang et al. improved Amin et al.'s three-factor authentication scheme for WSN and proposed a remote user authentication scheme based on the Rabin cryp-tosystem. We also found that their scheme has suffered IoT node impersonation attacks and session key attacks.In this study, we also propose a light improved protocol of Dhillon et al.'s scheme to increase the security that can prevent possible security attack of theirs. After security and efficiency analysis, we can find that the proposed scheme will be more suitable for remote user authentication of wireless sensor networks in the context of the Internet of Thing.
