On the design of secure user authenticated key management scheme for multigateway‐based wireless sensor networks using ECC

In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.     

A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor

User authentication is a prominent security requirement in wireless sensor networks (WSNs) for accessing the real‐time data from the sensors directly by a legitimate user (external party). Several user authentication schemes are proposed in the literature. However, most of them are either vulnerable to different known attacks or they are inefficient. Recently, Althobaiti et al. presented a biometric‐based user authentication scheme for WSNs. Although their scheme is efficient in computation, in this paper, we first show that their scheme has several security pitfalls such as (i) it is not resilient against node capture attack; (ii) it is insecure against impersonation attack; and (iii) it is insecure against man‐in‐the‐middle attack. We then aim to propose a novel biometric‐based user authentication scheme suitable for WSNs in order to withstand the security pitfalls found in Althobaiti et al. scheme. We show through the rigorous security analysis that our scheme is secure and satisfies the desirable security requirements. Furthermore, the simulation results for the formal security verification using the most widely used and accepted Automated Validation of Internet Security Protocols and Applications tool indicate that our scheme is secure. Our scheme is also efficient compared with existing related schemes. Copyright © 2015 John Wiley & Sons, Ltd.     

A Robust User Authentication Scheme Using Dynamic Identity in Wireless Sensor Networks

In modern, wireless sensor networks (WSNs) stand for the next evolutionary and innovative development step in utilities, industrial, building, home, shipboard, and transportation systems automation. The feature of WSNs is easy to deploy and has wide range of applications. Therefore, in distributed and unattended locations, WSNs are deployed to allow a legitimated user to login to the network and access data. Consequently, the authentication between users and sensor nodes has become one of the important security issues. In 2009, M. L. Das proposed a two-factor authentication for WSNs. Based on one-way hash function and exclusive-OR operation, the scheme is well-suited for resource constrained environments. Later, Khan and Algahathbar pointed out the flaws and vulnerabilities of Das’s scheme and proposed an alternative scheme. However, Vaidya et al. found that both Das’s and Khan–Algahathbar’s schemes are vulnerable to various attacks including stolen smart card attacks. Further, Vaidya et al. proposed an improved two-factor user authentication to overcome the security weakness of both schemes. In this paper, we show that Vaidya et al.’s scheme still exposes to a malicious insider attack that seriously threatens the security of WSNs. Furthermore, we propose an improve scheme that mends those vulnerabilities.     

A provably secure biometrics and ECC‐based authentication and key agreement scheme for WSNs

Wireless sensor networks (WSNs) underpin many applications of the Internet of Things (IoT), ranging from smart cities to unmanned surveillance and others. Efficient user authentication in WSNs, particularly in settings with diverse IoT device configurations and specifications (eg, resource‐constrained IoT devices) and difficult physical conditions (eg, physical disaster area and adversarial environment such as battlefields), remains challenging, both in research and in practice. Here, we put forth a user anonymous authentication scheme, relying on both biometrics and elliptic curve cryptography, to establish desired security features like forward and backward secrecy. We then make use of the Random‐or‐Real (RoR) model to prove the security of our scheme. We have implemented the proposed scheme in an environment compatible with WSNs. We show after conducting the comparison of the proposed scheme with some recent and related existent schemes that it satisfies various essential and desirable security attributes of a WSN environment. We conclude that the proposed scheme is suitable for the WSN scenario demanding high security.     

A Robust Mutual Authentication Protocol for Wireless Sensor Networks

Authentication is an important service in wireless sensor networks (WSNs) for an unattended environment. Recently, Das proposed a hash‐based authentication protocol for WSNs, which provides more security against the masquerade, stolen‐verifier, replay, and guessing attacks and avoids the threat which comes with having many logged‐in users with the same login‐id. In this paper, we point out one security weakness of Das' protocol in mutual authentication for WSN's preservation between users, gateway‐node, and sensor nodes. To remedy the problem, this paper provides a secrecy improvement over Das' protocol to ensure that a legal user can exercise a WSN in an insecure environment. Furthermore, by presenting the comparisons of security, computation and communication costs, and performances with the related protocols, the proposed protocol is shown to be suitable for higher security WSNs.     

A New Lightweight User Authentication and Key Agreement Scheme for WSN

The Internet of Things (IoT) is one of the most up-to-date and newest technologies that allows remote control of heterogeneous networks and has a good outlook for industrial applications. Wireless sensor networks (or in brief WSNs) have a key role on the Internet of industrial objects. Due to the limited resources of the sensor nodes, designing a balanced authentication scheme to provide security in reasonable performance in wireless sensor networks is a major challenge in these applications. So far, several security schemes have been presented in this context, but unfortunately, none of these schemes have provided desired security in reasonable cost. In 2017, Khemissa et al. proposed a security protocol for mutual authentication between sensor node and user in WSNs, however, in this paper we show that this protocol is not safe enough in the confrontation of desynchronization, user impersonation and gateway impersonation attacks. The proposed attacks succeed with the probability of one and to be realized only require an execution of the protocol. Given merits of the Khemissa et al.’s protocol, we also improved their protocol in such a way that provides suitable level of security, and also we prove its security using two formal ways, i.e. BAN logic and also the Scyther tool. We also argue informally about the improved protocol’s security.

     

A lightweight anonymous two‐factor authentication protocol for wireless sensor networks in Internet of Vehicles

Internet of Vehicles (IoV), as the next generation of transportation systems, tries to make highway and public transportation more secure than used to be. In this system, users use public channels for their communication so they can be the victims of passive or active attacks. Therefore, a secure authentication protocol is essential for IoV; consequently, many protocols are presented to provide secure authentication for IoV. In 2018, Yu et al proposed a secure authentication protocol for WSNs in vehicular communications and claimed that their protocol could satisfy all crucial security features of a secure authentication protocol. Unfortunately, we found that their protocol is susceptible to sensor capture attack, user traceability attack, user impersonation attack, and offline sink node's secret key guessing attack. In this paper, we propose a new authentication protocol for IoV which can solve the weaknesses of Yu et al's protocol. Our protocol not only provides anonymous user registration phase and revocation smart card phase but also uses the biometric template in place of the password. We use both Burrow‐Abadi‐Needham (BAN) logic and real‐or‐random (ROR) model to present the formal analysis of our protocol. Finally, we compare our protocol with other existing related protocols in terms of security features and computation overhead. The results prove that our protocol can provide more security features and it is usable for IoV system.     

无线传感器网络中的“双重”身份验证

如今,无线传感器网络是一种新的和有前途的下一代实时无线监控应用的解决方案。如果在考虑部署传感器网络之前没有适当的安全考虑,可以成为一个威胁。但是,如果有任何安全漏洞,即可能向攻击者敞开了大门并且危害应用。因此,用户身份验证的核心要求之一,以防止未经授权的无线传感器网络的数据访问用户。在这方面提出一个有效的双重身份验证的无线传感器网络,它是基于密码和智能卡（双重）。计划提供了相互认证,使用户能够选择和频繁地改变自己密码。再者,通过合理计算成本,提供强大的保护防止不同类型的攻击。     

A secure and enhanced elliptic curve cryptography‐based dynamic authentication scheme using smart card

In remote system security, 2‐factor authentication is one of the security approaches and provides fundamental protection to the system. Recently, numerous 2‐factor authentication schemes are proposed. In 2014, Troung et al proposed an enhanced dynamic authentication scheme using smart card mainly to provide anonymity, secure mutual authentication, and session key security. By the analysis of Troung et al's scheme, we observed that Troung et al' s scheme does not provide user anonymity, perfect forward secrecy, server's secret key security and does not allow the user to choose his/her password. We also identified that Troung et al's scheme is vulnerable to replay attack. To fix these security weaknesses, a robust authentication scheme is proposed and analyzed using the formal verification tool for measuring the robustness. From the observation of computational efficiency of the proposed scheme, we conclude that the scheme is more secure and easy to implement practically.     

A pairing‐free identity‐based handover AKE protocol with anonymity in the heterogeneous wireless networks

Nowadays, seamless roaming service in heterogeneous wireless networks attracts more and more attention. When a mobile user roams into a foreign domain, the process of secure handover authentication and key exchange (AKE) plays an important role to verify the authenticity and establish a secure communication between the user and the access point. Meanwhile, to prevent the user's current location and moving history information from being tracked, privacy preservation should be also considered. However, existing handover AKE schemes have more or less defects in security aspects or efficiency. In this paper, a secure pairing‐free identity‐based handover AKE protocol with privacy preservation is proposed. In our scheme, users' temporary identities will be used to conceal their real identities during the handover process, and the foreign server can verify the legitimacy of the user with the home server's assistance. Besides, to resist ephemeral private key leakage attack, the session key is generated from the static private keys and the ephemeral private keys together. Security analysis shows that our protocol is provably secure in extended Canetti‐Krawczyk (eCK) model under the computational Diffie‐Hellman (CDH) assumption and can capture desirable security properties including key‐compromise impersonation resistance, ephemeral secrets reveal resistance, strong anonymity, etc. Furthermore, the efficiency of our identity‐based protocol is improved by removing pairings, which not only simplifies the complex management of public key infrastructure (PKI) but also reduces the computation overhead of ID‐based cryptosystem with pairings. It is shown that our proposed handover AKE protocol provides better security assurance and higher computational efficiency for roaming authentication in heterogeneous wireless networks.     

An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC

The telecare medicine information systems (TMISs) not only help patients to receive incessant health care services but also assist the medical staffs to access patients' electronic health records anytime and from anywhere via Internet. Since the online communications are exposed to numerous security threats, the mutual authentication and key agreement between patients and the medical servers are of prime significance. During the recent years, various user authentication schemes have been suggested for the TMISs. Nonetheless, most of them are susceptible to some known attacks or have high computational cost. Newly, an effective remote user authentication and session key agreement protocol has been introduced by Ravanbakhsh and Nazari for health care systems. Besides the nice contributions of their work, we found that it has two security weaknesses, namely, known session‐specific temporary information attack and lack of perfect forward secrecy. As a result, to overcome these deficiencies, this paper suggests a novel anonymous and unlinkable user authentication and key agreement scheme for TMISs using the elliptic curve cryptosystem (ECC). We have evaluated the security of the proposed scheme by applying the automated validation of internet security protocols and applications (AVISPA) tool with the intention of indicating that our scheme can satisfy the vital security features. In addition, we have compared the proposed protocol with related schemes to show that it has a proper level of performance. The obtained results demonstrate that the new scheme is more preferable considering both efficiency and security criteria.     

基于智能卡和密码保护的WSN远程用户安全认证方案

针对无线传感器网络（WSN）用户远程安全认证问题,分析现有方案的不足,提出一种新颖的基于智能卡的WSN远程用户认证方案。通过用户、网关节点和传感器节点之间的相互认证来验证用户和节点的合法性,并结合动态身份标识来抵抗假冒攻击、智能卡被盗攻击、服务拒绝攻击、字典攻击和重放攻击。同时对用户信息进行匿名保护,且用户能够任意修改密码。性能比较结果表明,该方案具有较高的安全性能,且具有较小的计算开销。     

An enhanced bilinear pairing based authenticated key agreement protocol for multiserver environment

To circumvent using of multiple single servers, the theory of multiserver communication exists and numerous authentication protocols put forward for providing secure communication. Very recently, Amin‐Biswas proposes bilinear pairing–based multiserver scheme by describing some security pitfalls of Hsieh‐Leu protocol and claims that it is secured against related security threats. However, this paper claims that Amin‐Biswas protocol is still susceptible to off‐line identity and password guessing attack, user untraceability attack, and server masquerading attack. The cryptographic protocol should be attacks‐free for real‐time application. To achieve attacks‐free security, we put forward smart card–based multiserver authentication protocol by using the concept of bilinear pairing operation. The formal method strand space model has been used to prove the correctness of the proposed scheme. Additionally, rigorous security analysis ensures pliability of common security threats. The performance and security features of our scheme are also compared with that of the similar existing schemes. The comparison results show that our protocol achieves more security features with less complexity.     

A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security

Ubiquitous networks provide roaming service for mobile nodes enabling them to use the services extended by their home networks in a foreign network. A mutual authentication scheme between the roamed mobile node and the foreign network is needed to be performed through the home network. Various authentication schemes have been developed for such networks, but most of them failed to achieve security in parallel to computational efficiency. Recently, Shin et al. and Wen et al. separately proposed two efficient authentication schemes for roaming service in ubiquitous networks. Both argued their schemes to satisfy all the security requirements for such systems. However, in this paper, we show that Shin et al. 's scheme is susceptible to: (i) user traceability; (ii) user impersonation; (iii) service provider impersonation attacks; and (iv) session key disclosure. Furthermore, we show that Wen et al. 's scheme is also insecure against: (i) session key disclosure; and (ii) known session key attacks. To conquer the security problems, we propose an improved authentication scheme with anonymity for consumer roaming in ubiquitous networks. The proposed scheme not only improved the security but also retained a lower computational cost as compared with existing schemes. We prove the security of proposed scheme in random oracle model. Copyright © 2015 John Wiley & Sons, Ltd.     

A Secure and Effective Anonymous User Authentication Scheme for Roaming Service in Global Mobility Networks

In global mobility networks, anonymous user authentication is an essential task for enabling roaming service. In a recent paper, Jiang et al. proposed a smart card based anonymous user authentication scheme for roaming service in global mobility networks. This scheme can protect user privacy and is believed to have many abilities to resist a range of network attacks, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Jiang et al.’s scheme, and show that the scheme is in fact insecure against the stolen-verifier attack and replay attack. Then, we also propose a new smart card based anonymous user authentication scheme for roaming service. Compared with the existing schemes, our protocol uses a different user authentication mechanism, which does not require the home agent to share a static secret key with the foreign agent, and hence, it is more practical and realistic. We show that our proposed scheme can provide stronger security than previous protocols.     

An efficient and secure 3‐factor user‐authentication protocol for multiserver environment

In the last decade, the number of web‐based applications is increasing rapidly, which leads to high demand for user authentication protocol for multiserver environment. Many user‐authentication protocols have been proposed for different applications. Unfortunately, most of them either have some security weaknesses or suffer from unsatisfactory performance. Recently, Ali and Pal proposed a three‐factor user‐authentication protocol for multiserver environment. They claimed that their protocol can provide mutual authentication and is secure against many kinds of attacks. However, we find that Ali and Pal's protocol cannot provide user anonymity and is vulnerable to 4 kinds of attacks. To enhance security, we propose a new user‐authentication protocol for multiserver environment. Then, we provide a formal security analysis and a security discussion, which indicate our protocol is provably secure and can withstand various attacks. Besides, we present a performance analysis to show that our protocol is efficient and practical for real industrial environment.     

Dynamic ID-based remote user mutual authentication scheme with smartcard using Elliptic Curve Cryptography

In the literature, several dynamic ID-based remote user mutual authentication schemes are implemented using password, smartcard and Elliptic Curve Cryptography （ECC）, however, none of them provides resilience against different attacks. Therefore, there is a great need to design an efficient scheme for practical applications. In this paper, we proposed such a scheme in order to provide desired security attributes and computation efficiencies. Compared with other existing techniques, our scheme is more efficient and secured. In addition, our scheme is provably secure in the random oracle model under the hardness assumption of computational Diffie-Hellman problem.     

An ID‐based mutual authentication with key agreement protocol for multiserver environment on elliptic curve cryptosystem

Mutual authentication is used to validate the legitimacy of a remote login user and a server. Conventional user authentication protocols are suited to solve the privacy and security problems for the single client/server architecture environment. However, the use of computer networks and information technology has grown spectacularly. More and more network architectures are used in multi‐server environments. Recently, several authentication schemes for multi‐server environments have been proposed. However, the performance of these schemes is not suitable for applications. To improve the performance, we propose a new ID‐based mutual authentication protocols for multi‐server environment without bilinear pairings. We also show that the proposed scheme is provable secure in the random oracle model. Copyright © 2012 John Wiley & Sons, Ltd.     

Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’

With the use of smart card in user authentication mechanisms, the concept of two‐factor authentication came into existence. This was a forward move towards more secure and reliable user authentication systems. It elevated the security level by requiring a user to possess something in addition to know something. In 2010, Sood et al. and Song independently examined a smart‐card‐based authentication scheme proposed by Xu et al. They showed that in the scheme of Xu et al., an internal user of the system can turn hostile to impersonate other users of the system. Both of them also proposed schemes to improve the scheme of Xu et al. Recently, Chen et al. identified some security problems in the improved schemes proposed by Sood et al. and Song. To fix these problems, Chen et al. presented another scheme, which they claimed to provide mutual authentication and withstand lost smart card attack. Undoubtedly, in their scheme, a user can also verify the legitimacy of server, but we find that the scheme fails to resist impersonation attacks and privileged insider attack. We also show that the scheme does not provide important features such as user anonymity, confidentiality to air messages, and revocation of lost/stolen smart card. Besides, the scheme defies the very purpose of two‐factor security. Furthermore, an attacker can guess a user's password from his or her lost/stolen smart card. To meet these challenges, we propose a user authentication method with user anonymity. We show through analysis and comparison that the proposed scheme exhibits enhanced efficiency in contrast to related schemes, including the scheme of Chen et al. Copyright © 2013 John Wiley & Sons, Ltd.     

Evaluating Authentication Schemes for Real-Time Data in Wireless Sensor Network

There have been discussed many user authentication schemes for wireless sensor networks. This paper intends to review the existing authentication techniques for their pros and cons. The techniques are primarily classified on the basis of factors used therein that include one-factor, two-factor, and three-factor schemes. Twelve architecture models on which various authentication schemes are based. The pros and cons of models are also discussed. The security and functionality feature is also used as criteria for evaluation metrics. In this paper, we have also considered various one-factor, two-factor and three-factor authentication scheme. The communication, computation cost, security feature and the security tool are the most important criteria for comparing the authentication techniques. This whole analysis can be used by other researchers to design their own authentication schemes considering the stated criteria.