An enhanced two-factor user authentication in wireless sensor networks

Since wireless sensor networks (WSN) are often deployed in an unattended environment and sensor nodes are equipped with limited computing power modules, user authentication is a critical issue when a user wants to access data from sensor nodes. Recently, M.L. Das proposed a two-factor user authentication scheme in WSN and claimed that his scheme is secure against different kinds of attack. Later, Khan and Alghathbar (K-A) pointed out that Das’ scheme has some security pitfalls and showed several improvements to overcome these weaknesses. However, we demonstrate that in the K-A-scheme, there is no provision of non-repudiation, it is susceptible to the attack due to a lost smart card, and mutual authentication between the user and the GW-node does not attained. Moreover, the GW-node cannot prove that the first message comes from the user. To overcome these security weaknesses of the K-A-scheme, we propose security patches and prove our scheme.     

基于智能卡和密码保护的WSN远程用户安全认证方案

针对无线传感器网络（WSN）用户远程安全认证问题,分析现有方案的不足,提出一种新颖的基于智能卡的WSN远程用户认证方案。通过用户、网关节点和传感器节点之间的相互认证来验证用户和节点的合法性,并结合动态身份标识来抵抗假冒攻击、智能卡被盗攻击、服务拒绝攻击、字典攻击和重放攻击。同时对用户信息进行匿名保护,且用户能够任意修改密码。性能比较结果表明,该方案具有较高的安全性能,且具有较小的计算开销。     

Security and key management in IoT‐based wireless sensor networks: An authentication protocol using symmetric key

Wireless sensor networks (WSN) consist of hundreds of miniature sensor nodes to sense various events in the surrounding environment and report back to the base station. Sensor networks are at the base of internet of things (IoT) and smart computing applications where a function is performed as a result of sensed event or information. However, in resource‐limited WSN authenticating a remote user is a vital security concern. Recently, researchers put forth various authentication protocols to address different security issues. Gope et al presented a protocol claiming resistance against known attacks. A thorough analysis of their protocol shows that it is vulnerable to user traceability, stolen verifier, and denial of service (DoS) attacks. In this article, an enhanced symmetric key‐based authentication protocol for IoT‐based WSN has been presented. The proposed protocol has the ability to counter user traceability, stolen verifier, and DoS attacks. Furthermore, the proposed protocol has been simulated and verified using Proverif and BAN logic. The proposed protocol has the same communication cost as the baseline protocol; however, in computation cost, it has 52.63% efficiency as compared with the baseline protocol.     

A Robust Mutual Authentication Protocol for Wireless Sensor Networks

Authentication is an important service in wireless sensor networks (WSNs) for an unattended environment. Recently, Das proposed a hash‐based authentication protocol for WSNs, which provides more security against the masquerade, stolen‐verifier, replay, and guessing attacks and avoids the threat which comes with having many logged‐in users with the same login‐id. In this paper, we point out one security weakness of Das' protocol in mutual authentication for WSN's preservation between users, gateway‐node, and sensor nodes. To remedy the problem, this paper provides a secrecy improvement over Das' protocol to ensure that a legal user can exercise a WSN in an insecure environment. Furthermore, by presenting the comparisons of security, computation and communication costs, and performances with the related protocols, the proposed protocol is shown to be suitable for higher security WSNs.     

A provably secure biometrics and ECC‐based authentication and key agreement scheme for WSNs

Wireless sensor networks (WSNs) underpin many applications of the Internet of Things (IoT), ranging from smart cities to unmanned surveillance and others. Efficient user authentication in WSNs, particularly in settings with diverse IoT device configurations and specifications (eg, resource‐constrained IoT devices) and difficult physical conditions (eg, physical disaster area and adversarial environment such as battlefields), remains challenging, both in research and in practice. Here, we put forth a user anonymous authentication scheme, relying on both biometrics and elliptic curve cryptography, to establish desired security features like forward and backward secrecy. We then make use of the Random‐or‐Real (RoR) model to prove the security of our scheme. We have implemented the proposed scheme in an environment compatible with WSNs. We show after conducting the comparison of the proposed scheme with some recent and related existent schemes that it satisfies various essential and desirable security attributes of a WSN environment. We conclude that the proposed scheme is suitable for the WSN scenario demanding high security.     

On-demand fuzzy clustering and ant-colony optimisation based mobile data collection in wireless sensor network

Wireless Networks - In a wireless sensor network (WSN), sensor nodes collect data from the environment and transfer this data to an end user through multi-hop communication. This results in high...     

On the design of secure user authenticated key management scheme for multigateway‐based wireless sensor networks using ECC

In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.     

一种改进的动态用户认证协议

针对用户快速认证问题,对动态用户认证协议作了介绍,并指出了其可能的安全隐患.提出了对动态用户认证协议的改进方案,并对改进协议的性能进行讨论,并论述了该协议在异构环境下无线传感器网络中的应用.     

基于生物特征标识的无线传感器网络三因素用户认证协议

为满足高安全级别场景（如军事、国家安全、银行等）的应用需求,进一步提高无线传感器网络用户认证协议的安全性,提出了基于生物特征识别的三因素用户认证协议.针对Althobaiti协议无法防御节点妥协攻击、模拟攻击、中间人攻击和内部特权攻击的安全缺陷,增加智能卡和密码作为协议基本安全因素,并利用生物特征标识信息生成函数与回复函数处理的生物特征标识作为附加安全因素;在密钥管理中,为每个节点配置了与网关节点共享唯一密钥,保证认证过程的独立性与安全性;实现用户自主选择与网关节点的共享密钥,提高公共信道通信的安全性;在网关节点不参与的情况下,设计密码和生物特征标识更新机制,保证二者的新鲜性.通过Dolev-Yao拓展威胁模型的分析与AVISPA的OFMC分析终端的仿真,结果证明该认证协议克服了Althobaiti协议安全缺陷,且对计算能力的需求小于公钥加密.权衡安全性与计算成本,该协议适用于资源受限且安全需求高的无线传感器网络应用.     

基于ECC和ID签名的WSN广播快速认证方案

广播认证是无线传感器网络(WSN)的一种基本安全服务,针对现有认证方案的计算量大、认证速度慢等问题,提出一种基于椭圆曲线加密(ECC)和身份(ID)签名的WSN广播快速认证方案.对现有EIBAS签名认证方案进行改进,通过节点间的合作,共享中间计算结果来减少邻居节点的计算量,以此提高认证速度,减少能量消耗.同时,提出一种安全机制,通过对多个邻居共享数据的对比来抵御恶意节点的攻击.实验结果表明,该方案相对于传统的椭圆曲线加密算法能够提高约42％的签名认证速度,降低约36％的能耗,大大延长网络生命周期.     

A Strong Authentication Scheme with User Privacy for Wireless Sensor Networks

Wireless sensor networks (WSNs) are used for many real‐time applications. User authentication is an important security service for WSNs to ensure only legitimate users can access the sensor data within the network. In 2012, Yoo and others proposed a security‐performance‐balanced user authentication scheme for WSNs, which is an enhancement of existing schemes. In this paper, we show that Yoo and others' scheme has security flaws, and it is not efficient for real WSNs. In addition, this paper proposes a new strong authentication scheme with user privacy for WSNs. The proposed scheme not only achieves end‐party mutual authentication (that is, between the user and the sensor node) but also establishes a dynamic session key. The proposed scheme preserves the security features of Yoo and others' scheme and other existing schemes and provides more practical security services. Additionally, the efficiency of the proposed scheme is more appropriate for real‐world WSNs applications.     

一种新型的WSN量子加密系统

目前无线传感器网络越来越普及,在不久的将来无线传感器网络的服务将会遍布全球。由于无线传感器网络在用户数据方面并没有IPSec的安全策略,因此具有一定程度的安全风险。我们在此设计了一种量子加密机制。这种应用于无线传感器网络的加密机制试图不仅使用类似于IPSec的策略,而且使用新型的量子加密技术。这种系统将有助于改善无线传感器网络的安全性。     

Codeword Authenticated Key Exchange (CAKE) light weight secure routing protocol for WSN

Wireless Sensor Network (WSN) is developing rapidly and used extensively in various critical applications like military, health, environment etc. Sometimes, the WSN is indiscriminately deployed in unattended hostile terrains such as border or remote region where besides energy efficiency, security is another important issue to be addressed. The adversary can have unauthorised access which can lead to tampering, modification, interception, eavesdropping etc. With the intention of improving the energy efficacy of WSN, clustering methods are developed, but dynamic behaviour of sensor nodes with limited storage and processing makes security a more challenging problem as resource intensive security solutions are not feasible in practical scenario. Key management is capable of addressing this problem by protecting the network from different attacks. In this paper, a highly secure Codeword Authenticated Key Exchange (CAKE) protocol is proposed which is based on one‐way hashing with one time password and codeword authentication. BAN logic and Random Oracle Model are used for formal proof, and AVISPA tool is used for simulating the proposed work. CAKE is compared with other existing mutual authentication schemes which depicts significant reduction in computational time and energy consumption. The proposed protocol preserves Confidentiality, Integrity, and mutual authentication and can counter several attacks like offline guessing attack, replay attack, Dos attack, impersonation attack etc. and preserve perfect forward secrecy making the protocol suitable for various WSN applications.     

LoWaNA: low overhead watermark based node authentication in WSN

Nodes in a wireless sensor network (WSN) are generally deployed in unattended environments making them susceptible to attacks. Therefore, the need of defending such attacks is of utmost importance. The challenge in providing security in this network is that the securing mechanism must be lightweight to make it implementable for such resource-constrained nodes. A robust security solution for such networks must facilitate authentication of sensor nodes. So far, only data authentication has drawn much attention from the research community. In this paper, a digital watermark based low-overhead solution (LoWaNA) is proposed for node authentication. The proposed watermarking technique consists of three modules viz. watermark generation, embedding and detection. The robustness of the algorithm is measured in terms of cracking probability and cracking time. This robustness analysis helps us to set the design guideline regarding size of watermark. Performance of the scheme is analyzed in terms of storage, computation and communication overhead. The analytical results are compared with two of the existing schemes and that show significant reduction of all such overheads. Thus it proves the suitability of the proposed scheme for resource-constrained networks like WSN. Finally the entire scheme is simulated in Cooja, the Contiki network simulator to make it readily implementable in real life mote e.g. MICAz.

     

面向无线传感器网络的混沌加密与消息鉴别算法

针对数字混沌密码无法直接在轻量的传感节点上实现,介绍了一种基于整数型混沌映射的轻量级分组加密算法,并提出一种新型的消息鉴别码方案,具有输出长度可变、混沌序列复合安全等特点,最后实现了一个完整的无线传感网数据安全传输应用方案,并在Mica2节点上给出性能分析。实验表明该方案对无线传感网具有更高的实用性。     

Achieving distributed user access control in sensor networks

User access control in sensor networks defines a process of granting user an access right to the stored information. It is essential for future real sensor network deployment in which sensors may provide users with different services in terms of data and resource accesses. A centralized access control mechanism requires the base station to be involved whenever a user requests to get authenticated and access the information stored in the sensor node, which is inefficient, not scalable, and is exposed to many potential attacks along long communication paths. In this paper, we propose a distributed user access control under a realistic adversary model in which sensors can be compromised and user may collude. We split the access control into local authentication conducted by a group of sensors physically close to a user, and a light remote authentication based on the endorsement of the local sensors. We implement the access control protocols on a testbed of TelosB motes. Our analysis and experimental results show that our schemes are feasible for real access control requirements.     

无线传感器网络中的“双重”身份验证

如今,无线传感器网络是一种新的和有前途的下一代实时无线监控应用的解决方案。如果在考虑部署传感器网络之前没有适当的安全考虑,可以成为一个威胁。但是,如果有任何安全漏洞,即可能向攻击者敞开了大门并且危害应用。因此,用户身份验证的核心要求之一,以防止未经授权的无线传感器网络的数据访问用户。在这方面提出一个有效的双重身份验证的无线传感器网络,它是基于密码和智能卡（双重）。计划提供了相互认证,使用户能够选择和频繁地改变自己密码。再者,通过合理计算成本,提供强大的保护防止不同类型的攻击。     

Energy conscious deterministic self-healing new generation wireless sensor network: smart WSN using the <Emphasis Type="Italic">Aatral</Emphasis> framework

It is expected that in the next year, over a billion wireless sensor network (WSN) nodes will be deployed throughout the world, constituting a wide variety of sensor applications. In such a domain, management of the randomly distributed sensor networks is complicated by issues such as knowledge of energy consumption and coverage, extended lifetimes and demands for improved quality of service parameters. Several researchers have addressed these issues through their own innovations and discoveries of different schemes, methods, techniques or mathematical models and architectures or applications, using a variety of node designs. This in turn, has lead to multiple different choices of hardware and software options. However, this has not simplified the process of setting up application testbeds considering energy consumption. There is no readily available solution for setting up a WSN with user selected profiles and parameters. Multiple communication protocols, routing protocols, signal calibration and propagation methods, data aggregation schemes, clustering formations with multiple variations have been proposed for different research objectives. This paper proposes a method for consolidating all the initiatives and integrating these in a service panel framework that helps manage the desired WSN with options to set up an individual WSN profile and supporting the energy engineering processes involved in the WSN.     

Secure multi‐factor remote user authentication scheme for Internet of Things environments

Because of the exponential growth of Internet of Things (IoT), several services are being developed. These services can be accessed through smart gadgets by the user at any place, every time and anywhere. This makes security and privacy central to IoT environments. In this paper, we propose a lightweight, robust, and multi‐factor remote user authentication and key agreement scheme for IoT environments. Using this protocol, any authorized user can access and gather real‐time sensor data from the IoT nodes. Before gaining access to any IoT node, the user must first get authenticated by the gateway node as well as the IoT node. The proposed protocol is based on XOR and hash operations, and includes: (i) a 3‐factor authentication (ie, password, biometrics, and smart device); (ii) mutual authentication ; (iii) shared session key ; and (iv) key freshness . It satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for resource constrained IoT environment. Further, the informal and formal security analysis using AVISPA proves security strength of the protocol and its robustness against all possible security threats. Simulation results also prove that the scheme is secure against attacks.     

Belief based data cleaning for wireless sensor networks

Wireless sensor network (WSN) data is often subjected to corruption and losses due to wireless medium of communication and presence of hardware inaccuracies in the nodes. For a WSN application to deduce an appropriate result it is necessary that the data received is clean, accurate, and lossless. WSN data cleaning systems exploit contextual associations existing in the received data to suppress data inconsistencies and anomalies. In this work we attempt to clean the data gathered from WSN by capturing the influence of changing dynamics of the environment on the contextual associations existing in the sensor nodes. Specifically, our work validates the extent of similarities among the sensed observations from contextually (spatio‐temporally) associated nodes and considers the time of arrival of data at the sink to educate the cleaning process about the WSN's behavior. We term the data cleaning technique proposed in this work as time of arrival for data cleaning (TOAD). TOAD establishes belief on spatially related nodes to identify potential nodes that can contribute to data cleaning. By using information theory concepts and experiments on data sets from a real‐time scenario we demonstrate and establish that validation of contextual associations among the sensor nodes significantly contributes to data cleaning. Copyright © 2010 John Wiley & Sons, Ltd.