A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments
Introduction
Internet of Things (IoT) (Atzori et al., 2010) is a burgeoning paradigm of modern wireless telecommunications, which makes the remote sensing and control across heterogeneous network a reality for special goals by using Radio Frequency IDentification (RFID) and Wireless Sensor Networks (WSNs). By combining with cloud computing (Xia et al., 2016a, Xia et al., 2016b, Fu et al., 2017, Kong et al., 2017, Shen et al., 2017a, Shen et al., 2017b), various smart environments such as smart grid, smart healthcare and intelligent transportation system can be built by using IoT. The core of the “smart” is the use of smart sensors to collect environment information. The WSN is composed of many sensor nodes, where each sensor connect other sensors via wireless communication channel. The WSNs are used in many industrial and consumer applications, such as industrial process monitoring and management, machine health monitoring and fault diagnosis, to collection the corresponding environment information automatically. Therefore, WSNs (Akyildiz et al., 2002) play a crucial role in industrial Internet of Things, and it is essential for the establishment of aforementioned smart environments (IoT applications). Generally, a WSN is composed of large numbers of sensor nodes with limited power, storage space and computational capacities. WSNs are often deployed in the target area of unattended, so how to extend the lifecycle of the WSNs is a big challenge. Research in Heinzelman et al. (2002) have pointed out that the energy consumption of sensor node is proportional to the distance between the sensor node and communication party, so in order to extend the lifecycle of sensor nodes, a gateway node is usually adopted as a bridge of communication between user and sensor nodes. Due to the resource limitation of sensor nodes and open feature of wireless channel, security become a big challenge in the application of WSNs. With the development of WSNs, a user can access the sensory data at anywhere, and authentication (Wang et al., 2015a, Wang et al., 2015b, Shen et al., 2016, Jiang et al., 2015, Li et al., 2013a, Li et al., 2013b, Li et al., 2015a) is an vital issue in the security of WSNs.
In 2009, Das (2009) presented a pioneering work on user authentication for WSNs using smart card, and it spawned many subsequent work. The work in He et al. (2010), Khan and Alghathbar (2010), Yeh et al. (2011) found some weaknesses of scheme in Das (2009), i.e. it lacks feature of mutual authentication, key agreement and user anonymity, and also suffers from some attacks, such as gateway bypassing, password guessing, sensor node capture and denial-of-service attacks. In 2011, Yeh et al. (2011) presented an two-factor authentication protocol for WSNs by using elliptic curves cryptosystem (ECC), where ECC provides better security features with lower computational cost when compared with traditional public cryptosystem. However, their scheme cannot achieve mutual authentication as they said, and does not support the function of user anonymity and key agreement. In 2013, based on the scheme in Yeh et al. (2011), Shi and Gong (2013) proposed an improved ECC-based authentication scheme for WSNs. The protocol in Shi and Gong (2013) is efficient and can provide more features than the protocol in Yeh et al. (2011). Unfortunately, Choi et al. (2014) pointed out that the protocol in Shi and Gong (2013) is suffer from unknown key share attack and stolen smart card attack, and they presented an enhanced protocol for WSNs. Xue et al. (2013) designed a user authentication scheme for WSNs using temporal credential. Their scheme has high efficiency due to only hash and XOR operations are used in their scheme. However, He et al. (2015) found that off-line password guessing, impersonation, and modification attacks are applicable to Xue et al.'s scheme (Xue et al., 2013). He et al. (2015) proposed an improved scheme to remove the weaknesses of Xue et al.'s scheme (Xue et al., 2013). But, the scheme in He et al. (2015) is found to be vulnerable to stolen smart card, user impersonation, and tracking attacks. Based on scheme in He et al. (2015), Jiang et al. (2016) proposed an untraceable user authentication scheme using ECC. In their design, the ECC point multiplication operations are performed by user and gateway node, and sensor node just needs hash function operations. However, we find some common flaws of schemes in Xue et al. (2013), He et al. (2015), Jiang et al. (2016), (1) all these schemes lack wrong password detection and password change mechanisms; (2) they don't suitable for to Internet of Thing environments since user exchanges messages directly with sensor nodes; (3) they are all vulnerable to known session-specific temporary information attack and clock synchronization problem. Based on previous work, this paper present a three-factor anonymity authentication scheme for WSNs in IoT environments by using biometric, where we adopt fuzzy commitment scheme and error-correcting codes to handle the user's biometric information. Analysis and comparison results show that our new scheme not only keeps computational efficiency, but also achieves more security and functional features. Compared with other related schemes, our scheme is more suitable for Internet of Things environments.
The remaining parts of this paper are as follow: Section 2 introduces some preliminaries used in this paper; the review and comment on scheme in Jiang et al. (2016) are given in Section 3; The proposed scheme is illustrated in Section 4; Section 5 and Section 6 give the BAN logic analysis and other security analysis of the proposed scheme, respectively. Section 7 compares our scheme with other related schemes. Finally, Section 8 concludes the full paper.
Section snippets
Preliminaries
In this part, we introduce some preliminaries, such as error-correcting codes and the fuzzy commitment scheme based on it.
Review and comment on Jiang et al.'s protocol
We first review Jiang et al.'s authentication protocol for wireless sensor networks (Jiang et al., 2016) in this section, and then point out some security and function flaws of their scheme. The used notations of full article are shown in Table 1.
Proposed protocol
Fingerprint identification is a mature biometric technology, and it is widely be used as a identity authentication mechanism in our daily life such as in mobile devices. In this section, a fingerprint identification based three-factor user authentication scheme for WSNs in IoT environments is proposed, where the fuzzy commit scheme is adopted to verify the validity of fingerprint information. The proposed scheme not only keeps the merit of the scheme in Jiang et al. (2016), but also removes the
Formal verification using BAN logic
In this section, we formally analyze the secure goals of our scheme using Burrows-Abadi-Needham logic (BAN logic) tool (Burrows et al., 1989, Li et al., 2015b), and some notations about the BAN logic analysis are as follows:
: P believes X.
: P sees X, i.e. P have received message X and may read it.
once said X or P had sent message X.
: P has jurisdiction over X.
: X is fresh.
: X or Y is a part of message .
: X is encrypted with Y.
: X or Y is hashed with the K
Security analysis
This section discusses the security and functional features of our scheme, and our scheme resists most of known attacks and achieves some ideal functional features.
Comparisons with other related schemes
In this section, security and functional features of our scheme and schemes in Choi et al. (2014), He et al. (2015), Jiang et al. (2016) are compared first. Then the performance and communication costs comparisons of schemes are presented, respectively.
Conclusion
In this paper, we first reviewed an recently proposed two-factor authentication scheme for WSNs. Then the functional and security flaws of their scheme are pointed out, and we find their scheme lacks the functions of password change and detection for wrong password login. Besides, their scheme suffers from known session-specific temporary information attack and faces the clock synchronization problem, and not applicable to IoT applications. Then, we designed a three-factor anonymous
Acknowledgements
This work was supported by the National Natural Science Foundation of China under Grant Nos. 61300220&61572013&61572188, the Scientific Research Fund of Hunan Provincial Education Department under Grant No. 16B089, the General and Special Financial Grant from China Postdoctoral Science Foundation under Grant Nos. 2014M550590&2015T80035, Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369, University Distinguished Young Research Talent
References (31)
- et al.
Wireless sensor networks: a survey
Comput. Netw.
(2002) - et al.
The internet of things: a survey
Comput. Netw.
(2010) - et al.
A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks
Inf. Sci.
(2015) - et al.
An untraceable temporal-credential-based two-factor authentication scheme using ecc for wireless sensor networks
J. Netw. Comput. Appl.
(2016) - et al.
A belief propagation-based method for task allocation in open and dynamic cloud environments
Knowl.-Based Syst.
(2017) - et al.
An enhanced smart card based remote user password authentication scheme
J. Netw. Comput. Appl.
(2013) - et al.
A novel smart card and dynamic id based remote user authentication scheme for multi-server environments
Math. Comput. Model.
(2013) - et al.
Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity
Inf. Sci.
(2015) - et al.
A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks
J. Netw. Comput. Appl.
(2013) - Burrows, M., Abadi, M., Needham, R.M., 1989. A logic of authentication. In: Proceedings of the Royal Society of London...
Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography
Sensors
Two-factor user authentication in wireless sensor networks
IEEE Trans. Wirel. Commun.
Privacy-preserving smart semantic search based on conceptual graphs over encrypted outsourced data
IEEE Trans. Inf. Forensics Secur.
An enhanced two-factor user authentication scheme in wireless sensor networks
Ad hoc Sens. Wirel. Netw.
An application-specific protocol architecture for wireless microsensor networks
IEEE Trans. Wirel. Commun.
Cited by (298)
Biometric template attacks and recent protection mechanisms: A survey
2024, Information FusionA comprehensive survey on hardware-assisted malware analysis and primitive techniques
2023, Computer NetworksLeveraging artificial intelligence and mutual authentication to optimize content caching in edge data centers
2023, Journal of King Saud University - Computer and Information SciencesDC-IIoT: A Secure and Efficient Authentication Protocol for Industrial Internet-of-Things Based on Distributed Control Plane
2023, Internet of Things (Netherlands)Internet of things: Conceptual network structure, main challenges and future directions
2023, Digital Communications and Networks