A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion

doi:10.1016/j.adhoc.2014.03.009

Ad Hoc Networks

Volume 20, September 2014, Pages 96-112

https://doi.org/10.1016/j.adhoc.2014.03.009 Get rights and content

Abstract

The idea of the Internet of Things (IOT) notion is that everything within the global network is accessible and interconnected. As such Wireless Sensor Networks (WSN) play a vital role in such an environment, since they cover a wide application field. Such interconnection can be seen from the aspect of a remote user who can access a single desired sensor node from the WSN without the necessity of firstly connecting with a gateway node (GWN). This paper focuses on such an environment and proposes a novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks. The proposed scheme enables a remote user to securely negotiate a session key with a general sensor node, using a lightweight key agreement protocol. The proposed scheme ensures mutual authentication between the user, sensor node, and the gateway node (GWN), although the GWN is never contacted by the user. The proposed scheme has been adapted to the resource-constrained architecture of the WSN, thus it uses only simple hash and XOR computations. Our proposed scheme tackles these risks and the challenges posed by the IOT, by ensuring high security and performance features.

Introduction

We are evermore surrounded by ubiquitous, intelligent interconnected objects (i.e. smart objects) which engage us with new applicative perspectives on our everyday lives, like RFID, smartphones, semantic web, wireless sensors, etc. This can be seen as the Internet of Things (IOT) notion, which was announced a decade ago [1]. The idea was that in the future everything (i.e. including live objects) would be accessible, sensed, and interconnected inside the global, dynamic, living structure of the Internet. Wireless sensor networks (WSN) play an important role regarding this notion, since they cover a wide application field by collecting various environmental information.

In the early years WSNs started as simple and ambivalent research projects mainly motivated and funded by the military, e.g. DARPA (Defense Advanced Research Projects Agency) [2]. These early military-funded WSN research projects, according to their type of applications, presented a definition of the WSN as a large-scale, wireless, ad hoc, multi-hop, un-partitioned network of homogeneous, tiny, mostly immobile sensor nodes which are randomly deployed within a particular area of interest [2]. Such a definition does not apply to all of today’s WSN applications, since WSN applications can also be heterogeneous, single-hop, infrastructure-based (i.e. non ad hoc), have mobile sensor nodes, etc. At that time the WSN research papers focused only on the theoretical and broad applicative uses of WSNs (e.g. military, environment, healthcare), but the research and applicative use of WSN has significantly increased over the last few years. Today we talk about the use of WSN for traffic monitoring [3], pipeline monitoring [4], landslide detection [5], methane leak detection [6], border patrol [7], precision agriculture [8], rehabilitation applications [9], laboratory tutoring [10], asset tracking [11], real-time soccer playing monitoring [12] and many more [13], [14], [15], [16]. A list of real-life applicative WSN projects was summed up by Romer and Mattern [2].

In the beginning it was thought that WSN would only be homogeneous, consisting only of equal sensor nodes. Today we also talk of heterogeneous WSNs since sensor networks can be built with different types of nodes, some more computationally-powerful than others (e.g. gate-way nodes). In view of the IOT notion, the heterogeneity of a WSN is not the only thing rapidly adapting, hence the infrastructure has moved from mainly infrastructure-based networks, where nodes can only communicate directly with the base station, to ad hoc networks whereby nodes can also communicate directly with each other and with rest of the world.

WSNs are becoming evermore numerous and interconnected with the IOT, thereby presenting new opportunities but also challenges which need to be addressed. An example of such would be a remote user who wants to access a particular sensor node of the WSN. Such a user needs to be authorized and, if done positively, allowed to gather data from or send commands to the sensor node. Since the most important and distinct characteristic of WSNs is their resource-constrained architecture (i.e., limited computational and communicational capabilities), a lightweight security solution is required, thus urging the security design to be more prudent.

A key challenge is how to enable the establishment of a shared cryptographic key in a secure and lightweight manner, between the sensor node and the user outside the network. Mutual authentication is also needed for such a scenario, and is highly important since all parties need to be sure of the legitimacies of all the entities involved. Numerous cryptographic schemes for the security of the WSN have been proposed but very few have addressed the aforementioned scenarios, challenges, and requirements [17], [18], [19], [20], [21], [22], [23], [24], [25], [26], [27]. This was the motivation for us to develop and propose a challenge-specific cryptographic scheme, which uses a rare four-step authentication model that we believe is the most appropriate for the mentioned scenario, when a remote user wants to connect to a sensor node inside a WSN. Since our scheme uses smart cards for users to authenticate, the security architecture is also smart-card oriented. The proposed scheme is also lightweight and resource-friendly, hence it is based only on symmetric cryptography, whereby using only hash and XOR computation.

The remainder of the paper is organized as follows. Section 2 for better understanding of the topic below, provides some brief preliminaries. We present an overview of the existing work in Section 3. Our proposed mutual authentication and key agreement scheme for heterogeneous wireless sensor ad hoc networks is presented in Section 4, followed by the security and performance evaluations in Sections 5 Security evaluation of the proposed scheme, 6 Performance evaluation of the proposed scheme. Finally, Section 7 concludes the paper.

Section snippets

Preliminaries

Heterogeneous WSN consists of multiple, simple, low-cost sensor nodes that have limited computational and communicational capabilities and of at least one sink node, also called gateway node (GWN) [28]. GWN are bigger, more secure and have more computational and communicational capabilities. Since they are more powerful, they are being used to act as proxies between the sensor network and the outside world. Their functionalities are sometimes gathering and processing data from each sensor node

Related work

This section briefly discusses some existing and related user authentication schemes for WSNs.

Numerous user authentication schemes have been proposed for the security of the WSN. Most schemes concentrate on the establishment of a cryptographic key between the user and the base station or the GWN. Asymmetric schemes represent good foundations for the secure exchange of keys within a network but require much more computational and communicational powers. Such cryptographic architecture is

Proposed scheme

This section presents our new lightweight mutual authentication scheme for heterogeneous ad hoc wireless sensor networks. The scheme is designed to work in correlation with the IOT notion. We have developed this scheme based on a rare four-step authentication model (Fig. 1), where a remote user initiates the authentication phase by firstly connecting with a sensor node of interest. The scheme ensures important features like mutual authentication, password security, single registration, key

Security evaluation of the proposed scheme

In this section we provide the details of the security analysis of the proposed scheme. The security of authentication protocols is highly important but also hard to achieve. We show that our scheme ensures and provides a secure key agreement, mutual authentication, password protection, and is resilient against replay attacks, man-in-the-middle attacks, impersonation attacks, privileged insider attacks, stolen-verifier attacks, stolen smart card attacks, smart card breach attacks, many

Performance evaluation of the proposed scheme

This section introduces the performance evaluation like the comparison of computational costs, security features, communication costs and storage consumption, between our proposed scheme and other related user-authentication schemes for WSNs. The evaluations give an insight into the effectiveness of the proposed scheme and the possible network lifetime while using the scheme. Not all schemes have been developed with the same objective as our proposed scheme, hence the more similar one is the

Conclusion

This paper proposed a user and mutual authentication key agreement scheme for heterogeneous ad hoc WSNs using smart cards. This scheme focuses on the IOT notion, thereby enabling the remote user to directly contact a specific sensor node. Using a novel key agreement protocol, a user can negotiate a session key with a desired sensor node without personally connecting with the GWN, and use it to establish a secure communication. Our scheme uses a rare four-step authentication model which is,

Acknowledgments

The authors sincerely thank the anonymous reviewers and the Area Editor of the Journal for their helpful concerns, comments and suggestions, which helped with the improvement of the original content.

Muhamed Turkanović received his B.Sc. degree in Computer Science and Informatics from the University of Maribor in 2011. He is currently pursuing his Ph.D. degree in Computer Science and Informatics from the University of Maribor. His current research interests include cryptography, information security, network security and wireless sensor networks.

References (47)

L. Atzori et al.
The Internet of things: a survey
Comput. Netw.
(2010)
M. Bottero et al.
Wireless sensor networks for traffic monitoring in a logistic centre
Transp. Res. Part C: Emerg. Technol.
(2013)
G. Owojaiye et al.
Focal design issues affecting the deployment of wireless sensor networks for pipeline monitoring
Ad Hoc Netw.
(2013)
M.V. Ramesh
Design, development, and deployment of a wireless sensor network for detection of landslides
Ad Hoc Netw.
(2014)
A. Somov et al.
Deployment and evaluation of a wireless sensor network for methane leak detection
Sens. Actuat. A: Phys.
(2013)
Z. Sun et al.
BorderSense: border patrol through advanced wireless sensor networks
Ad Hoc Netw.
(2011)
X. Dong et al.
Autonomous precision agriculture through integration of wireless underground sensor networks with center pivot irrigation systems
Ad Hoc Netw.
(2013)
A. Hadjidj et al.
Wireless sensor networks for rehabilitation applications: challenges and opportunities
J. Netw. Comput. Appl.
(2013)
M. Jou et al.
Ubiquitous tutoring in laboratories based on wireless sensor networks
Comput. Hum. Behav.
(2013)
A. Pietrabissa et al.
Optimal planning of sensor networks for asset tracking in hospital environments
Decis. Support Syst.
(2013)

V. Sivaraman et al.

An experimental study of wireless connectivity and routing in ad hoc sensor networks for real-time soccer player monitoring

Ad Hoc Netw.

(2013)

A.A. Rezaee et al.

HOCA: healthcare aware optimized congestion avoidance and control protocol for wireless sensor networks

J. Netw. Comput. Appl.

(2014)

N. Barroca et al.

Wireless sensor networks for temperature and humidity monitoring within concrete structures

Constr. Build. Mater.

(2013)

M.C. Bell et al.

Novel wireless pervasive sensor network to improve the understanding of noise in street canyons

Appl. Acoust.

(2013)

Y.-C. Chang et al.

eFurniture for home-based frailty detection using artificial neural networks and wireless sensors

Med. Eng. Phys.

(2013)

A. Das et al.

A dynamic password-based user authentication scheme for hierarchical wireless sensor networks

J. Netw. Comput. Appl.

(2012)

I.F. Akyildiz et al.

Wireless sensor networks: a survey

Comput. Netw.

(2002)

S. Ozdemir et al.

Secure data aggregation in wireless sensor networks: a comprehensive overview

Comput. Netw.

(2009)

J. Xu et al.

An improved smart card based password authentication scheme with provable security

Comput. Stand. Interf.

(2009)

R. Song

Advanced smart card based password authentication protocol

Comput. Stand. Interf.

(2010)

M.A. Simplicio et al.

Survey and comparison of message authentication solutions on wireless sensor networks

Ad Hoc Netw.

(2013)

K. Romer et al.

The design space of wireless sensor networks

Wireless Commun., IEEE

(2004)

H.-F. Huang, Y.-F. Chang, C.-H. Liu, Enhancement of two-factor user authentication in wireless sensor networks, in:...

Cited by (570)

Blockchain-enabled authentication framework for Maritime Transportation System empowered by 6G-IoT
2024, Computer Networks
In recent years, Maritime Transportation Systems (MTS) have experienced significant advancements through the adoption of Internet of Things (IoT) technology. The introduction of 6G mobile networks has further expanded possibilities by offering enhanced communication services and additional functionalities such as processing, caching, sensing, and control for a wide array of IoT devices. Despite these technological advancements, the integration of IoT and 6G has introduced new risks and challenges in terms of safety and reliability. The involvement of various maritime stakeholders in scheduling and managing marine transportation exacerbates these challenges. Moreover, the MTS has encountered escalating security and privacy concerns with unauthorized data access and message tampering pose significant vulnerabilities in the 6G-IoT-enabled MTS environment. Therefore, a shared and controlled access mechanism that cannot be manipulated or tampered with by unauthorized parties is also an essential requirement in MTS. To address these issues, this paper presents an authentication framework leveraging blockchain technology, specifically designed for 6G-IoT-enabled MTS. The objective is to handle real-time data using decentralized peer-to-peer cloud servers with minimal latency, all while addressing security and privacy concerns specific to MTS. This integration also serves to mitigate various security threats. The protocol’s security and privacy are verified through rigorous evaluations, including the ROR model, Scyther tool, and informal security analysis. A simulation of the proposed protocol using MIRACL is conducted, offering a comprehensive assessment of its computational costs and security features when compared to existing protocols, demonstrating its superior security and efficiency.
A survey on security and cryptographic perspective of Industrial-Internet-of-Things
2024, Internet of Things (Netherlands)
The Industrial-Internet-of-Things (IIoT) powers several applications in the modern world: smart city, smart grid, smart manufacturing, smart logistics management, etc. The increased connectivity and smartness bring a rich attack surface for adversaries. Past research efforts have extensively explored the security aspects of IIoT. Still, none of them took a cryptographic perspective of IIoT security, which is imperative because almost all modern cyber defenses are based on cryptographic primitives. We address this issue in this work. We present a cryptographic perspective of IIoT for the designers and developers. We review the desirable security properties and existing attacks against the IIoT infrastructure. We then review conventional cryptographic tools used to secure modern IIoT networks. Finally, we discuss shortcomings associated with traditional cryptography and recommend Post-Quantum Cryptography (PQC) techniques that could be integrated with IIoT. Finally, we present future research directions on using cryptography for IIoT environments.
A privacy preserving four-factor authentication protocol for internet of medical things
2024, Computers and Security
Medical applications of the Internet of Things (IoT) have gained significant attention, especially in the context of monitoring health-related information for elderly individuals living alone and patients receiving home-based care, especially during the COVID-19 pandemic. These applications offer immense convenience and contribute to the reduction of infection risk. Consequently, safeguarding the privacy of patient data has become increasingly vital. However, the resource limitations inherent to IoT present challenges in implementing complex algorithms. Numerous researchers have proposed authentication schemes based on three factors: passwords, biometric features, and smart cards. While three-factor authentication protocols are generally more secure than two-factor ones, recent studies have unveiled vulnerabilities in existing protocols designed for IoT environments, particularly concerning sensor node capture attack and smart card stolen attack. Only a few protocols provide reliable solutions to address these issues. To tackle this challenge, we propose a lightweight authentication protocol that introduces the Physical Unclonable Function (PUF) as the fourth factor, enhancing the security and privacy of the system. By integrating PUF technology into servers and embedding it into the integrated circuit chips of sensors, our protocol is specifically designed to thwart attacks like sensor node capture and smart card stolen. We validate the security of our proposed protocol using formal BAN logic and ProVerif simulator tool, demonstrating its capability to provide secure mutual authentication. Moreover, through informal analysis, we illustrate that our scheme can withstand multiple attacks. Furthermore, our proposed protocol outperforms existing protocols in terms of computational cost, storage cost, communication cost, and security requirements.
Multi-strategy enhanced grey wolf algorithm for obstacle-aware WSNs coverage optimization
2024, Ad Hoc Networks
Moving sensor nodes can mitigate the coverage problem of random deployment in wireless sensor networks. However, the movement of nodes affects the lifetime and integrity of the network. Therefore, both energy saving and efficient coverage are crucial factors. In this paper, we propose an energy-efficient coverage optimization technique with the help of the multi-Strategy grey wolf optimization (MSGWO) algorithm. This method can reduce energy consumption and improve coverage area by mixing higher-order multinomial sensing models and a sort-driven hybrid opposition-based learning. In addition, node movement and boundary strategies are proposed to help nodes jump out of obstacles when facing obstacle-aware deployments. The MSGWO is validated and compared on several classical test functions, and the results show that the MSGWO performs well. The MSGWO algorithm is applied to optimize the WSN coverage on different obstacle scenarios, the experimental results show that the algorithm helps to increase the network coverage from 84 % to 97.86 %, extends the network lifecycle by 50 %, reduces the cost of node deployment, and the network has good connectivity and scalability.
A roadmap from classical cryptography to post-quantum resistant cryptography for 5G-enabled IoT: Challenges, opportunities and solutions
2023, Internet of Things (Netherlands)
5th Generation(5G) -enabled Internet of Things (IoT) connects billions of devices for high-speed data transfer. The data collected fuel many automation applications such as smart cities, industrial automation 5.0, autonomous vehicles and healthcare sectors. However, the critical challenges concerning such an environment are Open Web Security and Mutual Authentication. The recent security protocols of IoT are based on hard mathematical cryptographic structures. Nevertheless, dependency on the security of classical cryptographic primitives is at risk of being broken by Quantum Computing. Recent Quantum attacks on IoT security have motivated us to survey Quantum-resistant solutions comprehensively. Therefore in this paper, we analysed how the technology shifts from classical cryptographic techniques towards quantum-enabled solutions to achieve end-to-end security. The main objective of this survey is to provide a systematic roadmap in the area of Quantum secured 5G-enabled IoT communication by covering current research on 5G-enabled IoT with its key enabling technologies, threats imposed on 5G-enabled IoT applications, state-of-the-art quantum-based solutions and initiatives. A detailed overview of the quantum computing preliminaries, Post Quantum Cryptography (PQC) schemes, Quantum Cryptography (QC), and Quantum Key Distribution (QKD) with their significant advantage in securing IoT-enabled communication over classical scenarios are also presented. Particularly, we emphasize Post-Quantum resistant techniques that must be used soon to secure 5G-enabled IoT communications. The comparative analysis of quantum-resistant schemes with classical cryptographic schemes in terms of key size, data size, time complexity and impact of quantum computers on these schemes are discussed. This paper identifies the technical challenges in Quantum-based schemes and provides future research directions to enable Post-Quantum resistant cryptography for secure communication in 5G-enabled IoT.
A survey on cryptographic methods to secure communications for UAV traffic management
2023, Vehicular Communications
Unmanned Aerial Systems (UAS) have a wide variety of applications, and their development in terms of capabilities is continuously evolving. Many missions performed by an Unmanned Aerial Vehicle (UAV) require flying in public airspace. This requires very high safety standards, similar to those mandatory in commercial civil aviation. A safe UAV Traffic Management (UTM) requires several communication links between aircraft, their pilots, and UTM systems. The integrity of these communication links is critical for the safety of operations. Several security requirements also have to be met on each of these links. Unfortunately, current cryptographic standards used over the internet are often unsuitable for UAS due to the limited resources and dynamic nature of UAVs. This survey discusses the security required for every communication link to enable safe traffic management. Research works focusing on the security of communication links using cryptographic primitives are then presented and discussed. Authentication protocols developed for UAVs or other constrained systems are compared and evaluated as solutions for UAS security. Symmetrical alternatives to the AES algorithm are also presented. Works to secure current UTM protocols such as ADS-B and RemoteID are discussed. The analysis reveals a need for the development of a complete security architecture able to provide authentication and integrity to external systems (other aircraft, UTM systems...).

View all citing articles on Scopus

Boštjan Brumen received his B.Sc. in Electrical Engineering from the University of Maribor in 1996 and his Ph.D. degree in Computer Science and Informatics from the University of Maribor in 2004. He is currently an assistant professor (part time) at Faculty of Electrical Engineering and Computer Science, University of Maribor. His research interests include cryptography, network security, data security, data analyses, and data reusability. As a member of Database Technologies Laboratory he actively participates in several international and national projects, related to data issues. He cooperates with researchers at Tampere University of Technology since 1999. The results were published at several international conferences and in journals.

Marko Hölbl received his Ph.D. degree in Computer Science and Informatics from the University of Maribor in 2009. His first degree is Bachelor of Science (Bs.C.) in Computer Science and Informatics, received from University of Maribor in 2004. He is currently an assistant professor for Information Technology at the Faculty of Electrical Engineering and Computer Science, University of Maribor. His research interests include cryptography, network security, web security, smart cards and mobile communications security.

View full text

A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion

Abstract

Introduction

Section snippets

Preliminaries

Related work

Proposed scheme

Security evaluation of the proposed scheme

Performance evaluation of the proposed scheme

Conclusion

Acknowledgments

Comput. Netw.

Transp. Res. Part C: Emerg. Technol.

Ad Hoc Netw.

Ad Hoc Netw.

Sens. Actuat. A: Phys.

Ad Hoc Netw.

Ad Hoc Netw.

J. Netw. Comput. Appl.

Comput. Hum. Behav.

Decis. Support Syst.

Ad Hoc Netw.

J. Netw. Comput. Appl.

Constr. Build. Mater.

Appl. Acoust.

Med. Eng. Phys.

J. Netw. Comput. Appl.

Comput. Netw.

Comput. Netw.

Comput. Stand. Interf.

Comput. Stand. Interf.

Ad Hoc Netw.

The design space of wireless sensor networks

Wireless Commun., IEEE