ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

A Strong Authentication Scheme with User Privacy for Wireless Sensor Networks

  • Kumar, Pardeep (Centre for Wireless Communication, University of Oulu) ;
  • Gurtov, Andrei (Helsinki Institute for Information Technology (HIIT)) ;
  • Ylianttila, Mika (Centre for Wireless Communication, University of Oulu) ;
  • Lee, Sang-Gon (Division of Computer & Information Engineering, Dongseo University) ;
  • Lee, HoonJae (Division of Computer & Information Engineering, Dongseo University)
  • Received : 2013.01.28
  • Accepted : 2013.05.06
  • Published : 2013.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Wireless sensor networks (WSNs) are used for many real-time applications. User authentication is an important security service for WSNs to ensure only legitimate users can access the sensor data within the network. In 2012, Yoo and others proposed a security-performance-balanced user authentication scheme for WSNs, which is an enhancement of existing schemes. In this paper, we show that Yoo and others' scheme has security flaws, and it is not efficient for real WSNs. In addition, this paper proposes a new strong authentication scheme with user privacy for WSNs. The proposed scheme not only achieves end-party mutual authentication (that is, between the user and the sensor node) but also establishes a dynamic session key. The proposed scheme preserves the security features of Yoo and others' scheme and other existing schemes and provides more practical security services. Additionally, the efficiency of the proposed scheme is more appropriate for real-world WSNs applications.

Keywords

References

  1. K.H.M. Wong et al., "A Dynamic User Authentication Scheme for Wireless Sensor Networks," Proc. IEEE Int. Conf. Sensor Netw., Ubiquitous, Trustworthy Comput., Taichung, Taiwan, 2006.
  2. MICAz Datasheet, accessed 21 Dec. 2012. Available: http://www.openautomation.net/uploadsproductos/micaz_datasheet.pdf
  3. TelosB Datasheet. http://www.willow.co.uk/TelosB_Datasheet.pdf
  4. M.L. Das, "Two-Factor User Authentication in Wireless Sensor Networks," IEEE Trans. Wireless Commun., vol. 8, no. 3, 2009, pp. 1086-1090. https://doi.org/10.1109/TWC.2008.080128
  5. T.-H. Chen and W.-K. Shih, "A Robust Mutual Authentication Protocol for Wireless Sensor Networks," ETRI J., vol. 32, no. 5, Oct. 2010, pp. 704-712. https://doi.org/10.4218/etrij.10.1510.0134
  6. D. He et al., "An Enhanced Two-Factor User Authentication Scheme in Wireless Sensor Networks," Ad Hoc Sensor Wireless Netw., vol. 0, 2010, pp. 1-11.
  7. M.K. Khan and K. Alghathbar, "Cryptanalysis and Security Improvement of Two-Factor User Authentication in Wireless Sensor Networks," Sensors, 2010, pp. 2450-2459.
  8. S.-G. Yoo, K.-Y. Park, and J. Kim, "A Security-Performance- Balanced User Authentication Scheme for Wireless Sensor Networks," Int. J. Distr. Sensor Netw., 2012, Article ID 382810.
  9. D. Nyang and M. Lee, "Improvement of Das's Two-Factor Authentication Protocol in Wireless Sensor Networks," Cryptology ePrint Archive 2009/631, accessed 21 Apr. 2012. http://eprint.iacr.org/2009 /631.pdf
  10. H.F. Huang, Y.F. Chang, and C.H. Liu, "Enhancement of Two-Factor User Authentication in Wireless Sensor Networks," Proc. 6th Int. Conf. Intell. Inf. Hiding Multimedia Signal Process., Darmstadt, Germany, 2010, pp. 27-30.
  11. P. Kumar et al., "RUASN: A Robust User Authentication Framework for Wireless Sensor Networks," Sensors, vol. 11, 2011, pp. 5020-5046. https://doi.org/10.3390/s110505020
  12. H. Lee et al., "Security Weaknesses of Dynamic ID-Based Remote User Authentication Protocol," World Academy Sci., Eng., Technol., vol. 59, no. 35, 2009, pp. 190-193.
  13. H.R. Tseng, R.H. Jan, and W. Yang, "An Improved Dynamic User Authentication Scheme for Wireless Sensor Networks," IEEE GLOBECOM, Washington, DC, 2007, pp. 986-990.
  14. T.H. Lee, "Simple Dynamic User Authentication Protocols for Wireless Sensor Networks," Proc. 2nd Int. Conf. Sensor Technol. Appl., Cap Esterel, France, 2008, pp. 657- 660.
  15. L.-C. Ko, "A Novel Dynamic User Authentication Scheme for Wireless Sensor Networks," Proc. IEEE ISWCS, Reykjavik, Iceland, 2008, pp. 608-612.
  16. Z. Benenson, N. Gedicke, and O. Raivio, "Realizing Robust User Authentication in Sensor Networks," Workshop Real-World Wireless Sensor Netw., Stockholm, Sweden, 2005.
  17. B. Vaidya, J.J.P.C. Rodrigues, and J.H. Park, "User Authentication Schemes with Pseudonymity for Ubiquitous Sensor Network in NGN," Int. J. Commun. Syst., vol. 23, issue 9-10, Sept.-Oct. 2010, pp. 1201-1222. https://doi.org/10.1002/dac.1097
  18. E.-J. Yoon and K.-Y. Yoo, "Cryptanalysis of Robust Mutual Authentication Protocol for Wireless Sensor Networks," Proc. 10th IEEE Int. Conf. Cog. Inf. Cog. Comput., Banff, Alberta, Canada, 2011, pp. 392-396.
  19. P. Kumar and H.-J. Lee, "Cryptanalysis on Two User Authentication Protocols Using Smartcard for Wireless Sensor Networks," Proc. 7th IEEE Conf. Wireless Adv., King's College, London, U.K., June 2011, pp. 241-245.
  20. T.-H. Chen, H.-C. Hsiang, and W.-K. Shih, "Security Enhancement on Two Remote User Authentication Schemes Using Smart Cards," Future Generation Comput. Syst., vol. 27 Apr. 2011, pp. 377-380. https://doi.org/10.1016/j.future.2010.08.007
  21. D. Wang and C. Ma, "On the (In)security of Some Smart-Card-Based Password Authentication Schemes for WSN." Available: https://eprint.iacr.org/2012/581.pdf
  22. Crossbow Stargate Datasheet, accessed 21 Dec. 2012. Available: http://platformx.sourceforge.net/home.html
  23. G. Manes et al., "A Wireless Sensor Network for Precise Volatile Organic Compound Monitoring," Int. J. Distr. Sensor Netw., 2012, Article ID 820716.
  24. X. Lin et al., "SAGE: A Strong Privacy-Preserving Scheme against Global Eavesdropping for eHealth Systems," IEEE J. Sel. Areas Commun., vol. 27, no. 4, May 2009, pp. 365-378. https://doi.org/10.1109/JSAC.2009.090502
  25. L. Krishnamurthy et al., "Design and Deployment of Industrial Sensor Networks: Experiences from a Semiconductor Plant and the North Sea," Proc. SenSys, San Diego, CA, USA, 2-4 Nov. 2005, pp. 64-75.
  26. A. Koubaa and M. Alves, "A Two-tiered Architecture for Real-Time Communications in Large-Scale Wireless Sensor Networks: Research Challenges," Technical Report (TR-050701), v. 1.0, July 2005, accessed 18 Jan. 2013. Available: http://www.open-zb.net/publications/tr-hurray-050701.pdf
  27. H.-R. Tseng, R.-H. Jan, and W. Yang, "A Robust Password-based Authentication Scheme for Heterogeneous Sensor Networks," Commun. Institute Inf. Comput. Mach., vol. 11, no. 3, 2008, pp. 1-13. https://doi.org/10.1007/978-3-540-85379-4_1
  28. A. Gurtov, M. Komu, and R. Moskowitz, "Host Identity Protocol: Identifier/Locator Split for Host Mobility Identity and Multihoming," Internet Protocol J., vol. 12, no. 1, Mar. 2009, pp. 27-32.
  29. Y. Zhang et al., "A Secure Hierarchical Key Management Scheme in Wireless Sensor Networks," Int. J. Distr. Sensor Netw., 2012, Article ID547471.
  30. C. Karlor, N. Sastry, and D. Wagner, "TinySec: A Link Layer Security Architecture for Wireless Sensor Networks," Proc. ACM SenSys, Baltimore, MD, USA, Nov. 3-5, 2004, pp. 162-175.
  31. C. Chen et al., "Lightweight and Provably Secure User Authentication with Anonymity for the Global Mobility Networks," Int. J. Commun. Syst., vol. 24, no. 3, 2011, pp. 347-362. https://doi.org/10.1002/dac.1158
  32. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Proc. Adv. Cryptology, Santa Barbara, CA, USA, Aug. 1999, pp. 388-397.
  33. T.S. Messerges, E.A. Dabbish, and R.H. Sloan, "Examining Smart-Card Security Under the Threat of Power Analysis Attack," IEEE Trans. Comput., vol. 51, no. 5, May 2002, pp. 541-552. https://doi.org/10.1109/TC.2002.1004593

Cited by

  1. Flight Protection Data via Dynamic Sensor Networks vol.10, pp.2, 2013, https://doi.org/10.1155/2014/509313
  2. Secure and Efficient Mutual User Authentication Protocol for Wireless Sensor Networks vol.8, pp.3, 2013, https://doi.org/10.3923/jse.2014.184.193
  3. Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation vol.10, pp.4, 2013, https://doi.org/10.1371/journal.pone.0116709
  4. Privacy Models in Wireless Sensor Networks: A Survey vol.2016, pp.None, 2013, https://doi.org/10.1155/2016/4082084
  5. An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks vol.76, pp.None, 2013, https://doi.org/10.1016/j.jnca.2016.10.001
  6. A secure key agreement protocol for dynamic group vol.20, pp.3, 2013, https://doi.org/10.1007/s10586-017-0853-0
  7. A Privacy Protection User Authentication and Key Agreement Scheme Tailored for the Internet of Things Environment: PriAuth vol.2017, pp.None, 2013, https://doi.org/10.1155/2017/5290579
  8. A privacy‐aware two‐factor authentication protocol based on elliptic curve cryptography for wireless sensor networks vol.27, pp.3, 2013, https://doi.org/10.1002/nem.1937
  9. An Authentication Protocol for Future Sensor Networks vol.17, pp.5, 2013, https://doi.org/10.3390/s17050979
  10. An Enhanced Three-Factor User Authentication Scheme Using Elliptic Curve Cryptosystem for Wireless Sensor Networks vol.17, pp.12, 2013, https://doi.org/10.3390/s17122946
  11. SMAC-AS: MAC Based Secure Authentication Scheme for Wireless Sensor Network vol.107, pp.2, 2013, https://doi.org/10.1007/s11277-019-06336-8