A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks☆
Introduction
In the last decade, wireless communication, and sensor technologies have seen tremendous growth. Wireless Sensor Networks (WSN) are widely used in many fields (such as military surveillance, environmental monitoring industrial control, medical monitoring). WSN consists of many resource-constrained sensor nodes and is deployed in some unattended environment [7]. WSN can be used for data collection and transmitting the same either in the area where it is deployed or to the remote base station.
For example, considering applications of the WSN in a medical environment, the workflow of various events in the WSN is demonstrated as follows. As shown in Fig. 1, there are three parts in the medical WSN, i.e. the sensor, the gateway node (GWN) and the medical worker (such as doctor, nurse). First, the medical worker and medical sensors register with the gateway and get their private keys. Second, the medical worker places medical sensors on the patient’s body or implant them in the patient’s body. At last, the medical worker uses his/her private key to generate legal login message and sends it to the GWN and the medical sensor through the Internet. After verifying the legality of the medical worker, the medical sensor sends the patient’s vital data (such as temperature, blood pressure and pulse rate) to the medical worker with the help of the GWN. Upon receiving those vital data, the medical worker could analyze the patient’s status and give effective treatments. In such an application, all operations are executed remotely and no face-to-face measurement or treatment is needed. The type of application can improve efficiency and can provide convenience to both patients and medical workers.
Compared with traditional networks, WSN is vulnerable to various types of attacks because its communication is done in wireless environment. Therefore, how to ensure secure communication in WSNs has attracted a lot of attention in recent years. The mutual authentication and key agreement (MAAKA) scheme is suitable in such an environment for solving the security problem in WSNs because it could provide mutual authentication among the user, the sensor node and the GWN for generating a session key for future communication. Recently, many MAAKA schemes for WSNs were proposed which are discussed as follows.
Benenson et al. [1] discussed security issues of authentication in WSNs and proposed the concept of -authentication. Later, Benenson et al. [2] proposed a MAAKA scheme for WSNs using elliptic curve cryptography (ECC). However, Binod et al. [4] pointed out that Benenson et al.’s MAAKA scheme [2] cannot provide user anonymity as they claimed. Watro et al. [21] use RSA and Diffie–Hellman algorithms to construct another MAAKA scheme for WSNs. Unfortunately, Das [8] demonstrated that Watro et al.’s MAAKA scheme cannot withstand the impersonation attack. To improve performance, Wong et al. [22] proposed a password-based MAAKA scheme for WSNs. Wong et al.’s scheme is more efficient than previous MAAKA schemes because only hash function operations are needed in their scheme. However, Das [8] found that Wong et al.’s scheme is vulnerable to the stolen-verifier attack and the many logged-in user attack. Tseng et al. [20] also pointed out that Wong et al.’s scheme [22] is vulnerable to the replay, and the forgery attacks. Tseng proposed an improved scheme to overcome weaknesses in Wong et al.’s MAAKA scheme. Later, Lee [16] also proposed two security enhanced MAAKA schemes to overcome weaknesses in Wong et al.’s MAAKA scheme. Later, Ko [14] pointed out that Tseng’s MAAKA scheme cannot provide mutual authentication. Ko also proposed a security enhanced MAAKA scheme to solve security problems in Tseng’s MAAKA scheme. Moreover, Binod et al. [3] found that Tseng’ MAAKA scheme is vulnerable to the replay attack and the man-in-the-middle attack. Das [8] proposed a two-factor MAAKA scheme for WSNs using password and smart card. However, Nyang and Lee [18] pointed out that Das’s MAAKA scheme [8] is vulnerable to the off-line password guessing attack and the sensor node compromising attack. Kan and Alghathbar [13] also demonstrated that Das’s MAAKA scheme [8] cannot withstand the GWN bypassing attack and the privileged-insider attack. Kan and Alghathbar proposed an improved MAAKA scheme to solve security problems in Das’s MAAKA scheme. Later, several other MAAKA schemes [14], [15], [16], [17], [18] for WSNs were proposed to enhance security based on Das’s MAAKA scheme. However, Khan and Alghathbar’s MAAKA scheme [13] is not suitable for practical applications since the password has no specific signification in the initial verification process and GWN needs to share a unique security key with each user and sensor node. Chen and Shih’s MAAKA scheme [6] is vulnerable to the replay forgery and the GWN bypassing attacks. Besides increasing computational complexity, Yeh et al.’s MAAKA scheme [24], Shi and Gong’s MAAKA scheme [19] and Yuan et al.’s MAAKA scheme [25] also require additional storage overhead for public keys of other sensor nodes and users. Recently, Xue et al. [23] proposed a temporal-credential-based MAAKA scheme for WSNs. In their scheme, GWN issues a temporal credential to each user and sensor node with the help of password-based authentication. Using the temporal credentials, the user, the sensor node and the GWN can authenticate each other. In their MAAKA scheme, only hash function, and XOR operations are needed. Therefore, their scheme is very efficient.
In this paper, an efficient temporal-credential-based MAAKA scheme is proposed. Compared with related MAAKA schemes, the proposed MAAKA scheme has better performance because only hash function, and XOR operations are needed when authentication process is executed. The major contributions of this paper are described as follows.
- •
First, this paper reviews and analyzes Xue et al.’s MAAKA scheme for WSNs. Five security vulnerabilities of Xue et al.’s MAAKA scheme are described in different subsections.
- •
Second, this paper proposes an efficient temporal-credential-based MAAKA scheme for WSNs. The proposed MAAKA scheme solves security problems in Xue et al.’s MAAKA scheme and reduces the computation burden.
- •
Finally, this paper analyzes the security of the proposed MAAKA scheme using the Burrows–Abadi–Needham logic [5], which has been widely used to analyze security authentication schemes. Besides, this paper shows the proposed MAAKA scheme could satisfy security requirements in WSNs.
The organization of the paper is structured as follows. Section 2 gives some preliminaries used in this paper. Section 3 gives a review of Xue et al.’s MAAKA scheme. Section 4 analyzes the security of Xue et al.’s MAAKA scheme and proposes its five security weaknesses. Section 5 proposes an efficient MAAKA scheme for WSNs. Sections 6 Security analysis, 7 Performance analysis discuss the security and performance evaluation of the proposed MAAKA scheme respectively. At last, Section 8 presents conclusions of this paper.
Section snippets
Notations
For convenience, some notations used in this paper are described as follows.
- •
: a user;
- •
: a gateway node;
- •
: a sensor node;
- •
: Confirm information generated by , and separately;
- •
: dynamic identities of and separately;
- •
: a secure hash function;
- •
: the identity of ;
- •
: the password of ;
- •
: private security parameters only known to ;
- •
: keys generated by and separately;
- •
: a session key shared between and ;
- •
Review of Xue et al.’s MAAKA scheme
Xue et al.’s MAAKA scheme consists of three phases, i.e., the registration phase, the login phase and the authentication, and key agreement phase. These phases are described as follows.
Security analysis of Xue et al.’s MAAKA scheme
This section analyzes the security of Xue et al.’s MAAKA scheme. Five security weaknesses are presented in the following five subsections.
The proposed MAAKA scheme
This section proposes a secure temporal-credential-based MAAKA scheme for WSNs to overcome security weaknesses in Xue et al.’s MAAKA scheme. Like Xue et al.’s MAAKA scheme, the proposed MAAKA scheme also consists of three phases, i.e., the registration phase, the login phase, and the authentication and key agreement phase. The details of these phases are described as follows.
Security analysis
In this section, the security of our temporal-credential-based MAAKA scheme for WSNs is analyzed. The BAN-logic [5] is used to show the proposed MAAKA scheme is valid and practical. Detailed analysis also shows the proposed scheme could withstand various types of attacks and satisfy security requirements in WSNs.
Performance analysis
This subsection compares the performance of Yeh et al.’s MAAKA scheme [24], Xue et al. MAAKA scheme [23], and the proposed MAAKA scheme. Since the registration phase will be executed once, it is easy to say that the only comparison of the authentication and key agreement phase’s performance is needed. For convenience, some notations are defined as follows.
- •
: The time for executing the hash function operation;
- •
: The time for executing the bit XOR operation;
- •
: The time for executing the
Conclusion
Recently, Xue et al. proposed a temporal-credential-based MAAKA scheme for WSNs and proved that it could withstand various attacks. However, this paper points out that the existing MAAKA scheme is vulnerable to four kinds of attacks and cannot provide identity protection. To overcome those weaknesses, this paper presents a new temporal-credential-based MAAKA scheme for WSNs. Analysis through the BAN logic shows that the proposed MAAKA scheme could achieve security requirements with respect to
Acknowledgment
This research was supported by National Science foundation of China (Nos. 61472074, 61272112).
References (25)
- et al.
A temporal-credential-based MAAKA scheme for wireless sensor networks
J. Netw. Comput. Appl.
(2013) - Z. Benenson, C.G. Felix, K. Dogan, User authentication in sensor networks, in: 2004 Proceedings of Workshop Sensor...
- Z. Benenson, N. Gedicke, O. Raivio, Realizing robust user authentication in sensor networks, in: Proceedings of...
- V. Binod, S.S. Jorge, J.P. Joel, Robust dynamic user authentication scheme for ireless sensor networks, in: Proceedings...
- et al.
User authentication schemes with pseudonymity for ubiquitous sensor network in NGN
Int. J. Commun. Syst.
(2010) - et al.
A logic of authentication
ACM Trans. Comput. Syst.
(1990) - et al.
A robust mutual authentication protocol for wireless sensor networks
ETRI J.
(2010) - et al.
Sensor networks: evolution, opportunities and challenges
Proc. IEEE
(2003) Two-factor user authentication in wireless sensor networks
IEEE Trans. Wirel. Commun.
(2009)- et al.
Robust anonymous authentication protocol for healthcare applications using wireless medical sensor networks
Multimedia Syst.
(2014)
Enhanced three-factor security protocol for USB consumer storage devices
IEEE Trans. Consum. Electron.
Robust biometrics-based authentication scheme for multi-server environment
IEEE Syst. J.
Cited by (232)
A robust and effective 3-factor authentication protocol for smart factory in IIoT
2024, Computer CommunicationsBandwidth and power efficient lightweight authentication scheme for healthcare systeme<sup>☆☆☆☆☆☆</sup>
2023, Journal of King Saud University - Computer and Information SciencesA novel two-factor multi-gateway authentication protocol for WSNs
2023, Ad Hoc NetworksA PLS-HECC-based device authentication and key agreement scheme for smart home networks
2022, Computer NetworksA dual-factor access authentication scheme for IoT terminal in 5G environments with network slice selection
2022, Journal of Information Security and ApplicationsRCBE-AS: Rabin cryptosystem–based efficient authentication scheme for wireless sensor networks
2024, Personal and Ubiquitous Computing
- ☆
This paper is the full version of our earlier proposed solution “A secure temporal-credential-based MAAKA scheme with pseudo identity for wireless sensor networks” presented at ISWPC 2014, 20–22 November, 2014, Taiwan.