A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments

https://doi.org/10.1016/j.jnca.2017.07.001Get rights and content

Abstract

Internet of Things (IoT) is an emerging technology, which makes the remote sensing and control across heterogeneous network a reality, and has good prospects in industrial applications. As an important infrastructure, Wireless Sensor Networks (WSNs) play a crucial role in industrial IoT. Due to the resource constrained feature of sensor nodes, the design of security and efficiency balanced authentication scheme for WSNs becomes a big challenge in IoT applications. First, a two-factor authentication scheme for WSNs proposed by Jiang et al. is reviewed, and the functional and security flaws of their scheme are analyzed. Then, we proposed a three-factor anonymous authentication scheme for WSNs in Internet of Things environments, where fuzzy commitment scheme is adopted to handle the user's biometric information. Analysis and comparison results show that the proposed scheme keeps computational efficiency, and also achieves more security and functional features. Compared with other related work, the proposed scheme is more suitable for Internet of Things environments.

Introduction

Internet of Things (IoT) (Atzori et al., 2010) is a burgeoning paradigm of modern wireless telecommunications, which makes the remote sensing and control across heterogeneous network a reality for special goals by using Radio Frequency IDentification (RFID) and Wireless Sensor Networks (WSNs). By combining with cloud computing (Xia et al., 2016a, Xia et al., 2016b, Fu et al., 2017, Kong et al., 2017, Shen et al., 2017a, Shen et al., 2017b), various smart environments such as smart grid, smart healthcare and intelligent transportation system can be built by using IoT. The core of the “smart” is the use of smart sensors to collect environment information. The WSN is composed of many sensor nodes, where each sensor connect other sensors via wireless communication channel. The WSNs are used in many industrial and consumer applications, such as industrial process monitoring and management, machine health monitoring and fault diagnosis, to collection the corresponding environment information automatically. Therefore, WSNs (Akyildiz et al., 2002) play a crucial role in industrial Internet of Things, and it is essential for the establishment of aforementioned smart environments (IoT applications). Generally, a WSN is composed of large numbers of sensor nodes with limited power, storage space and computational capacities. WSNs are often deployed in the target area of unattended, so how to extend the lifecycle of the WSNs is a big challenge. Research in Heinzelman et al. (2002) have pointed out that the energy consumption of sensor node is proportional to the distance between the sensor node and communication party, so in order to extend the lifecycle of sensor nodes, a gateway node is usually adopted as a bridge of communication between user and sensor nodes. Due to the resource limitation of sensor nodes and open feature of wireless channel, security become a big challenge in the application of WSNs. With the development of WSNs, a user can access the sensory data at anywhere, and authentication (Wang et al., 2015a, Wang et al., 2015b, Shen et al., 2016, Jiang et al., 2015, Li et al., 2013a, Li et al., 2013b, Li et al., 2015a) is an vital issue in the security of WSNs.

In 2009, Das (2009) presented a pioneering work on user authentication for WSNs using smart card, and it spawned many subsequent work. The work in He et al. (2010), Khan and Alghathbar (2010), Yeh et al. (2011) found some weaknesses of scheme in Das (2009), i.e. it lacks feature of mutual authentication, key agreement and user anonymity, and also suffers from some attacks, such as gateway bypassing, password guessing, sensor node capture and denial-of-service attacks. In 2011, Yeh et al. (2011) presented an two-factor authentication protocol for WSNs by using elliptic curves cryptosystem (ECC), where ECC provides better security features with lower computational cost when compared with traditional public cryptosystem. However, their scheme cannot achieve mutual authentication as they said, and does not support the function of user anonymity and key agreement. In 2013, based on the scheme in Yeh et al. (2011), Shi and Gong (2013) proposed an improved ECC-based authentication scheme for WSNs. The protocol in Shi and Gong (2013) is efficient and can provide more features than the protocol in Yeh et al. (2011). Unfortunately, Choi et al. (2014) pointed out that the protocol in Shi and Gong (2013) is suffer from unknown key share attack and stolen smart card attack, and they presented an enhanced protocol for WSNs. Xue et al. (2013) designed a user authentication scheme for WSNs using temporal credential. Their scheme has high efficiency due to only hash and XOR operations are used in their scheme. However, He et al. (2015) found that off-line password guessing, impersonation, and modification attacks are applicable to Xue et al.'s scheme (Xue et al., 2013). He et al. (2015) proposed an improved scheme to remove the weaknesses of Xue et al.'s scheme (Xue et al., 2013). But, the scheme in He et al. (2015) is found to be vulnerable to stolen smart card, user impersonation, and tracking attacks. Based on scheme in He et al. (2015), Jiang et al. (2016) proposed an untraceable user authentication scheme using ECC. In their design, the ECC point multiplication operations are performed by user and gateway node, and sensor node just needs hash function operations. However, we find some common flaws of schemes in Xue et al. (2013), He et al. (2015), Jiang et al. (2016), (1) all these schemes lack wrong password detection and password change mechanisms; (2) they don't suitable for to Internet of Thing environments since user exchanges messages directly with sensor nodes; (3) they are all vulnerable to known session-specific temporary information attack and clock synchronization problem. Based on previous work, this paper present a three-factor anonymity authentication scheme for WSNs in IoT environments by using biometric, where we adopt fuzzy commitment scheme and error-correcting codes to handle the user's biometric information. Analysis and comparison results show that our new scheme not only keeps computational efficiency, but also achieves more security and functional features. Compared with other related schemes, our scheme is more suitable for Internet of Things environments.

The remaining parts of this paper are as follow: Section 2 introduces some preliminaries used in this paper; the review and comment on scheme in Jiang et al. (2016) are given in Section 3; The proposed scheme is illustrated in Section 4; Section 5 and Section 6 give the BAN logic analysis and other security analysis of the proposed scheme, respectively. Section 7 compares our scheme with other related schemes. Finally, Section 8 concludes the full paper.

Section snippets

Preliminaries

In this part, we introduce some preliminaries, such as error-correcting codes and the fuzzy commitment scheme based on it.

Review and comment on Jiang et al.'s protocol

We first review Jiang et al.'s authentication protocol for wireless sensor networks (Jiang et al., 2016) in this section, and then point out some security and function flaws of their scheme. The used notations of full article are shown in Table 1.

Proposed protocol

Fingerprint identification is a mature biometric technology, and it is widely be used as a identity authentication mechanism in our daily life such as in mobile devices. In this section, a fingerprint identification based three-factor user authentication scheme for WSNs in IoT environments is proposed, where the fuzzy commit scheme is adopted to verify the validity of fingerprint information. The proposed scheme not only keeps the merit of the scheme in Jiang et al. (2016), but also removes the

Formal verification using BAN logic

In this section, we formally analyze the secure goals of our scheme using Burrows-Abadi-Needham logic (BAN logic) tool (Burrows et al., 1989, Li et al., 2015b), and some notations about the BAN logic analysis are as follows:

P|X: P believes X.

PX: P sees X, i.e. P have received message X and may read it.

P|X:P once said X or P had sent message X.

PX: P has jurisdiction over X.

(X): X is fresh.

(X,Y): X or Y is a part of message (X,Y).

XY: X is encrypted with Y.

(X,Y)K: X or Y is hashed with the K

Security analysis

This section discusses the security and functional features of our scheme, and our scheme resists most of known attacks and achieves some ideal functional features.

Comparisons with other related schemes

In this section, security and functional features of our scheme and schemes in Choi et al. (2014), He et al. (2015), Jiang et al. (2016) are compared first. Then the performance and communication costs comparisons of schemes are presented, respectively.

Conclusion

In this paper, we first reviewed an recently proposed two-factor authentication scheme for WSNs. Then the functional and security flaws of their scheme are pointed out, and we find their scheme lacks the functions of password change and detection for wrong password login. Besides, their scheme suffers from known session-specific temporary information attack and faces the clock synchronization problem, and not applicable to IoT applications. Then, we designed a three-factor anonymous

Acknowledgements

This work was supported by the National Natural Science Foundation of China under Grant Nos. 61300220&61572013&61572188, the Scientific Research Fund of Hunan Provincial Education Department under Grant No. 16B089, the General and Special Financial Grant from China Postdoctoral Science Foundation under Grant Nos. 2014M550590&2015T80035, Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369, University Distinguished Young Research Talent

References (31)

  • Y. Choi et al.

    Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography

    Sensors

    (2014)
  • M.L. Das

    Two-factor user authentication in wireless sensor networks

    IEEE Trans. Wirel. Commun.

    (2009)
  • Z. Fu et al.

    Privacy-preserving smart semantic search based on conceptual graphs over encrypted outsourced data

    IEEE Trans. Inf. Forensics Secur.

    (2017)
  • D. He et al.

    An enhanced two-factor user authentication scheme in wireless sensor networks

    Ad hoc Sens. Wirel. Netw.

    (2010)
  • W.B. Heinzelman et al.

    An application-specific protocol architecture for wireless microsensor networks

    IEEE Trans. Wirel. Commun.

    (2002)
  • Cited by (298)

    • Leveraging artificial intelligence and mutual authentication to optimize content caching in edge data centers

      2023, Journal of King Saud University - Computer and Information Sciences
    View all citing articles on Scopus
    View full text