An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment

https://doi.org/10.1016/j.jnca.2016.12.008Get rights and content

Highlights

  • Novel and efficient authentication and key agreement scheme for IoT.

  • Authentication scheme for multi-gateway WSN in IoT deployment.

  • Provably-secure authentication and key agreement scheme for IoT.

Abstract

Wireless sensor networks (WSNs) for Internet of Things (IoT) can be deployed in a wide range of industries such as agriculture and military. However, designing a secure and reliable authentication scheme for WSNs that can be deployed in IoT remains a research and operational challenge. For example, recently in 2016, Amin and Biswas showed that the Turcanović et al.'s scheme is vulnerable to smart card loss attack, user impersonation attack, etc. They then proposed a new authentication scheme for WSNs with multi-gateway. In this paper, we revisit the scheme of Amin and Biswas and reveal previously unknown vulnerabilities in the scheme (i.e. sensor capture attack, user forgery attack, gateway forgery attack, sensor forgery attack and off-line guessing attack). In addition, we demonstrate that the user in the scheme can be tracked due to the use of a constant pseudo-identity and previously established session keys can be calculated by the attacker. Rather than attempting to fix a broken scheme, we present a novel authentication scheme for multi-gateway based WSNs. We then demonstrate the security of the proposed scheme using Proverif, as well as evaluating the good performance of the scheme using NS-2 simulation.

Introduction

Internet of Things (IoT) is an increasingly popular concept that has been widely adopted in a wide range of applications, partly due to decreasing costs of digital devices (e.g. mobile and portable devices such as sensors) and Internet services. In a typical IoT deployment, one could obtain information sent by sensors installed in rural and remote areas as long as there is Internet connection, for example via WiFi or a wireless sensor network (WSN). WSNs are all around us from traffic monitoring to temperature and moisture collection, or from blood pressure detection to wildlife tracking. Initially, homogenous sensors were used in a WSN, where every sensor within the WSN has the same capacity, power and other parameters. However, a modern day WSN generally contains different heterogeneous sensors designed to collect different kinds of information from the surroundings in real-time (i.e. sensors with different parameters), and researchers put their concentration on various usages (Xie and Wang, 2014, Shen et al., 2015b). However, due to the wireless nature of the communication channel, there are many inherent security and privacy risks (e.g. potentially vulnerable to eavesdropping, forgery attacks and off-line guessing attacks).

To solve the security disadvantages, many aspects of schemes are presented, such as key agreement (Chaudhry et al., 2016a, Chaudhry et al., 2016b, Li et al., 2013a, Li et al., 2013b, Li et al., 2015, Chaudhry, 2015), signatures (Ren et al., 2015, Guo et al., 2014), and frames for multi-layered security (Chang et al., 2016, Chang and Ramachandran, 2016) and location privacy (Sun et al., 2016a, Sun et al., 2016b). In the existing WSN security literature, designing schemes that provide both mutual authentication and anonymity is one of current interests (see Jiang et al., 2015a, Jiang et al., 2015b, Jiang et al., 2016, Wu et al., 2015b, Wu et al., 2015d, Amin et al., 2016, Shen et al., 2015a, He et al., 2015). Mutual authentication guarantees that messages received by the recipient in the session are indeed sent by the correct sender. Anonymity is a relatively new property proposed in recent years. Identities, especially the users, are protected if this property is held. There are also attempts to include two-factor authentication (e.g. physical possession of a smart card and knowledge of the password) to enhance the security of WSN. In such a setting, a registered user can only successfully login to a system if the user has both items (e.g. smart card and password). Many such schemes have also been proposed in the literature (see Jiang et al., 2015a, Wu et al., 2015b, Wu et al., 2016b, Xu and Wu, 2015a, Xu and Wu, 2015b).

Generally, there are three types of participants in a WSN. First, sensors are deployed on or in special objects in a region. Second, a gateway is a special node with relatively strong computation power in the WSN. Third, users who wish to obtain information from particular objects can access the sensors after mutual authentication. Once the user is authenticated, a session key should be generated and will be used as the symmetric key to encrypt subsequent messages. Xue et al. (2013) listed five different authentication structures for WSNs. For example, the user contacts the gateway, who then communicates with the sensor. In the schemes presented in Turkanović et al. (2014) and Farash et al. (2016), however, the sensor is designed to be the media sitting between a user and the server. However, Amin and Biswas (2016) explained that the setting in Turkanović et al. (2014) and Farash et al. (2016) is not suitable for WSN due to the drain on the battery life of the sensors involved. Generally once the sensors and the gateway nodes are placed, they are stationary. In wireless circumstance, the cost of sending and receiving messages increases while the distance between the participants and the whole network increase simultaneously. It is better to make only the gateway nodes have the ability to communicate with the users who is relatively far away. However, data flow with high speed may collide and the performance of the WSN will be slow down where there is only one gateway. So if the sensors are distributed in a large scale, more gateway nodes are needed. Thus, to cater for situations where user needs to have access to sufficient sensors which may be located a fair distance away, an authentication scheme for WSNs based on multi-gateway is proposed in paper (Amin and Biswas, 2016). In their scheme, users can register with a gateway in the vicinity (referred to as home gateway node – HGWN). Other gateways are then referred to as foreign gateway nodes (FGWNs). Through the nearby FGWNs, users have the capability to access sensors physically located at a distance away, as long as they are managed by participating FGWNs – see Fig. 1.

There have been a large number of proposed authentication and key agreement (also known as key establishment) schemes for WSNs in the literature. For example, Watro et al. and Das (2009) presented an authentication scheme for WSNs based on RSA and a two-factor authentication scheme for WSNs, respectively. Other two-factor authentication schemes designed for WSNs include those detailed in Althobaiti et al., 2013, Amin and Biswas, 2016, Amin et al., 2016, Chen and Shih, 2010, Choi et al., 2014, Farash et al., 2016, He et al., 2010, Jiang et al., 2015a, Khan and Alghathbar, 2010, Khan and Kumari, 2014, Kumar and Lee, 2011 and Shi and Gong (2013). However, papers (Chen and Shih, 2010, He et al., 2010, Khan and Alghathbar, 2010) showed that weaknesses such as destitution of mutual authentication, and vulnerability to the user forgery attack existed in the scheme of Das (2009). Similar to the history of key establishment protocols not specifically designed for WSNs (see Choo et al.; Choo, 2009, Choo et al., 2006), a number of schemes were subsequently found to be vulnerable to attacks. For example, Yoo et al. (2012) and Kumar and Lee (2011) illustrated that the schemes in Chen and Shih (2010), He et al. (2010), Khan and Alghathbar (2010) suffer from a number of security vulnerabilities. Chen et al.'s scheme (Chen and Shih, 2010) is vulnerable to replay and forgery attacks. He et al.'s scheme (He et al., 2010) does not achieve user anonymity and mutual authentication, as claimed. Similarly, Khan et al.'s scheme (Khan and Alghathbar, 2010) does not provide mutual authentication. In 2013, Xue et al. (2013) presented a lightweight and temporal-credential-based authentication scheme for WSNs. Temporal credential is a hash result containing user information such as identity and expiration time. The scheme was subsequently broken by Jiang et al. (2015a), who pointed out that the scheme is vulnerable to off-line password guessing attack, identity guessing attack, and user tracking attack. Here the user tracking attack is stronger than pure user anonymity. Generally, we consider that a random string representing the user's identity in the session as the property user anonymity. But if this string appears in every session, the attacker can track it and know that it is a special user. This is what user tracking attack means. To avoid this, it is better that the user should employ different random strings as the pseudo-identity in different sessions. Jiang et al. then presented an enhanced scheme, and Wu et al. (2015c) pointed out that the revised scheme is vulnerable to de-synchronization and off-line guessing attacks. In 2014, Turkanović et al. (2014) presented a new two-factor authentication and key agreement scheme for WSNs. The scheme includes only two kinds of computations, namely: hash functions and exclusive-or. However, subsequent research (Farash et al., 2016, Amin and Biswas, 2016) pointed out that the scheme is not able to withstand identity guessing attack, off-line password guessing attack and user impersonation attack. More recently in 2016, Amin et al. (2016) also demonstrated that the scheme in Farash et al. (2016) is vulnerable to off-line password guessing attack and user forgery attack, and presented a fix.

In this work, we revisit the scheme in Amin and Biswas (2016) and point out that the scheme is vulnerable to sensor capture, the off-line guessing and de-synchronization attacks. We then present a novel and efficient authentication scheme for multi-gateway WSNs, and seek to prove its security using Proverif and a security analysis. Also, a simulation with the famous tool NS-2 is shown to illustrate the practicality of our scheme.

The remainder of the paper is organized as follows. Background materials are presented in Section 2. We revisit the scheme of Amin and Biswas (2016) and reveal the weaknesses in Section 3. Our scheme and the security analysis are presented in 4 Proposed scheme, 5 Security analysis, respectively. We evaluate the performance of the scheme in Section 6 as well as using NS-2 simulation in Section 7. Finally, we conclude this paper in Section 8.

Section snippets

Notations

The notations used in this paper are described in Table 1.

Threat model

In the threat model we use to argue the security of the proposed scheme, an adversary A has the following capabilities.

Assumption 1

Data in smart card could potentially be obtained using side-channel attacks (Kocher et al., 1999); thus, we allow A to obtain information stored on a smart card that A has physical access to (e.g. misplaced or stolen card).

Assumption 2

In Item 3, Section 1.5 of Amin and Biswas (2016), Amin and Biswas show a hypothesis that in

The scheme

There are seven phases in the scheme (Amin and Biswas, 2016), and similarities between the dynamic node addition phase and the sensor registration phase. The password change phase plays no role in the attacks we will be describing. Hence, we only list the remaining five phases.

System setup

The systems administrator SA chooses SIDj for the Sj, selects a random number rsr and computes xj=h(SIDjrsr). SA stores (SIDj,xj,rsr) into Sj. Here rsr is known to all GWNs and secretly stored.

Sensor registration

Sj computes Aj=xjrsr and

Proposed scheme

There are five phases in our scheme, namely: initialization, registration, login, authentication and key agreement, and password change. If a new sensor joins the WSN, we employ the sensor registration part to complete that task.

Formal verification

Proverif is a mature tool to test if a cryptography protocol is secure. Main cryptographic primitives including digital signature, symmetric and asymmetric encryption, hash function, etc. are supported by Proverif. It can also give the results such as correspondence assertion and reachability. New properties like traceability, privacy and verifiability can also be judged. In this tool, protocol analysis with unlimited sessions and messages is applied to verify the security. It is applied in

Performance evaluation

We evaluate and compare our scheme with those presented in Amin and Biswas (2016) and Das et al. (2016) for the performance, in terms of the following:

  • Tm (time of one scalar multiplication on elliptic curve) is 0.427576 ms (ms) (Wu et al., 2016a).

  • TRep (time of a Rep operation for biometrics) is approximate Tm (Das, 2016).

  • Ts (time of one average symmetric encryption/decryption) is 0.0214385 ms (Wu et al., 2016a).

  • Th (time of a one-way hash function) is 0.0000328 ms (Wu et al., 2016a).

  • The bit lengths

Practical perspective: NS2 simulation study

The proposed scheme is simulated using the widely-accepted NS2 simulator tool to provide the practical perspective.

Concluding remarks

IoT is a trend that is unlikely to fade anytime soon, and designing lightweight cryptographic schemes suitable for IoT deployment remains a research challenge. In this paper, we pointed out that multi-gateway WSN can help facilitate user in accessing data from different sensor regions (a typical IoT deployment). We first revisited the authentication scheme of Amin and Biswas for multi-gateway WSNs, and despite their security claims, we revealed previously unpublished vulnerabilities (e.g.

Acknowledgements

The authors thank the anonymous reviewers for their valuable comments. This research is supported by Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369, University Distinguished Young Research Talent Training Program of Fujian Province (Year 2016), the National Natural Science Foundation of China under Grant No. 61300220, and the Scientific Research Fund of Hunan Provincial Education Department under Grant no. 16B089. It is also supported

References (53)

  • O. Althobaiti et al.

    An efficient biometric authentication protocol for wireless sensor networks

    Int. J. Distrib. Sens. Netw.

    (2013)
  • V. Chang et al.

    Towards achieving data security with the cloud computing adoption framework

    IEEE Trans. Serv. Comput.

    (2016)
  • S.A. Chaudhry et al.

    An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography

    J. Med. Syst.

    (2015)
  • S.A. Chaudhry et al.

    An improved and provably secure privacy preserving authentication protocol for SIP

    Peer-to-Peer Netw. Appl.

    (2015)
  • S.A. Chaudhry et al.

    An improved remote user authentication scheme using elliptic curve cryptography

    Wirel. Pers. Commun.

    (2016)
  • S.A. Chaudhry et al.

    A provably secure anonymous authentication scheme for session initiation protocol

    Secur. Commun. Netw.

    (2016)
  • S.A. Chaudhry

    A secure biometric based multi-server authentication scheme for social multimedia networks

    Multimed. Tools Appl.

    (2015)
  • T.-H. Chen et al.

    A robust mutual authentication protocol for wireless sensor networks

    ETRI J.

    (2010)
  • Y. Choi et al.

    Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography

    Sensors

    (2014)
  • Choo, K.-K.R., Boyd, C., Hitchcock, Y., Errors in computational complexity proofs for protocols. In: International...
  • K.-K.R. Choo et al.

    The importance of proofs of security for key establishment protocols: formal analysis of jan-chen, yang-shen-shieh, kim-huh-hwang-lee, lin-sun-hwang, and yeh-sun protocols

    Comput. Commun.

    (2006)
  • K. Choo, 2009. Secure Key Establishment. Advances in Information Security, vol....
  • A.K. Das et al.

    An efficient multi-gateway-based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks

    Secur. Commun. Netw.

    (2016)
  • M.L. Das

    Two-factor user authentication in wireless sensor networks

    IEEE Trans. Wirel. Commun.

    (2009)
  • A.K. Das

    A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks

    Peer-to-Peer Netw. Appl.

    (2016)
  • P. Guo et al.

    A variable threshold-value authentication architecture for wireless mesh networks

    J. Internet Technol.

    (2014)
  • Cited by (151)

    View all citing articles on Scopus
    View full text