Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Rong Fan,Dao-jing He,Xue-zeng Pan,Ling-di Ping

DOI: https://doi.org/10.1631/jzus.c1000377

2011-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints. Considering that most large-scale WSNs follow a two-tiered architecture, we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs. The proposed approach reduces the computational load, since it performs only simple operations, such as exclusive-OR and a one-way hash function. This feature is more suitable for the resource-limited sensor nodes and mobile devices. And it is unnecessary for master nodes to forward login request messages to the base station, or maintain a long user list. In addition, pseudonym identity is introduced to preserve user anonymity. Through clever design, our proposed scheme can prevent smart card breaches. Finally, security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.

Yuanchao Shu,Yu (Jason) Gu,Jiming Chen

DOI: https://doi.org/10.1109/tpds.2013.153

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial, and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges cannot be transferred among trusted users. In this work, we introduce a dynamic authentication with sensory information for the access control systems. By combining sensory information obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss, stolen, and duplication. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with sensory information of different sensors and empirically demonstrate simple rotations can increase key space by more than 1,000,000 times with an authentication accuracy of 90 percent. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Ding Wang,Ping Wang,Chenyu Wang

DOI: https://doi.org/10.1145/3325130

2020-01-01

ACM Transactions on Cyber-Physical Systems

Abstract:It is challenging to design a secure and efficient multi-factor authentication scheme for real-time data access in wireless sensor networks. On the one hand, such real-time applications are generally security critical, and various security goals need to be met. On the other hand, sensor nodes and users’ mobile devices are typically of a resource-constrained nature, and expensive cryptographic primitives cannot be used. In this work, we first revisit four foremost multi-factor authentication schemes (i.e., those of Amin et al. (JNCA’18), Srinivas et al. (IEEE TDSC’18), Li et al. (JNCA’18), and Li et al. (IEEE TII’18)) and use them as case studies to reveal the difficulties and challenges in designing a multi-factor authentication scheme for wireless sensor networks correctly. We identify the root causes for their failures in achieving truly multi-factor security and forward secrecy. We further propose a robust multi-factor authentication scheme that makes use of the imbalanced computational nature of the RSA cryptosystem, particularly suitable for scenarios where sensor nodes (but not the user’s device) are the main energy bottleneck. Comparison results demonstrate the superiority of our scheme. As far as we know, it is the first two-factor authentication scheme for real-time data access in WSNs that can satisfy all 12 criteria of the state-of-the-art evaluation metric under the harshest adversary model so far.

Xiong Li,Jieyao Peng,Mohammad S. Obaidat,Fan Wu,Muhammad Khurram Khan,Chaoyang Chen

DOI: https://doi.org/10.1109/jsyst.2019.2899580

IF: 4.802

2020-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) enables all objects to connect to the Internet and exchange data via different emerging technologies, which makes the intelligent identification and management a reality. Wireless sensor networks (WSNs), as a crucial basis of IoT, have been applied in many fields like smart health care and smart transportation. With the development of WSNs, data security has attracted more and more attention, and user authentication is a popular mechanism to ensure the information security of WSNs. Recently, many authentication mechanisms for wireless medical sensor networks (WMSNs) have been proposed, but most of the protocols cannot achieve the features of local password change and forward secrecy while resisting stolen smart card attack. To enhance the security based on previous work, an ECC-based secure three-factor authentication protocol with forward secrecy for WMSN is proposed in this paper. It utilizes a fuzzy commitment scheme to handle the biometric information. Meanwhile, fuzzy verifier and honey_list techniques are used to solve the contradiction of local password verification and mobile device lost attack. The security of our protocol is evaluated by provable security, Proverif tool, and information analysis. Besides, the comparisons with the relevant protocols are given, and the results indicate that our protocol is robust and secure for WMSN systems.

jing ying zhao,hai guo,wei wei

DOI: https://doi.org/10.4028/www.scientific.net/AMM.147.320

2012-01-01

Applied Mechanics and Materials

Abstract:Nowadays, Wireless sensor networks (WSNs) are appeared to be new and promising solutions for next generation real-time wireless monitoring applications. These WSNs could become a threat if suitable security is not considered before the deployment. However, if there is any loophole in security, that might opens the door to attackers and hence, endanger for the applications. So, user authentication is one of the core requirements to protect WSNs data access from the unauthorized users. In this regard, we propose an efficient two-factor user authentication for WSNs, which is based on password and smart card (two-factors). Our scheme provides mutual authentication, enables the user to choose and change their password frequently. Moreover, they provides strong protection against different kind of attacks at reasonable computation cost.

Yi Li,Yuling Tian

DOI: https://doi.org/10.1109/jsyst.2022.3152561

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In recent years, wireless sensor networks (WSNs) have been extensively used in many fields, which provide great convenience for peoples daily work and life. With the popularity of WSNs, peoples demands for related authentication protocols are developing in a comprehensive and perfect direction, and relevant designs are focusing more on two aspects: security and performance. However, current research cannot avoid the problem that security and efficiency are not compatible. Some studies use time-consuming cryptographic structures for security, while most lightweight schemes are designed without considering certain security properties, such as perfect forward secrecy, the resistance to known session-specific temporary information attack, etc. In our view, this conflict can be resolved by using lightweight cryptography primitives with special attention to protocol vulnerabilities and ever-evolving security requirements of people. By abandoning all unnecessary cryptographic structures, we propose a comprehensive lightweight three-factor authentication protocol with various security requirements, including adaptive privacy preservation, which is suitable for the user-friendly scenario in the WSN. Through security analysis, real-or-random (ROR) model proof, Automated Validation of Internet Security Protocols and Applications experimental verification, and security aspect comparison, it is proved that our protocol is superior in the security aspect. The performance experiment under MIRACL library shows that this study has advantages in performance compared with other recent research.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Wenting Li,Bin Li,Yiming Zhao,Ping Wang,Fushan Wei

DOI: https://doi.org/10.1155/2018/8539674

2018-01-01

Abstract:Nowadays wireless sensor networks (WSNs) have drawn great attention from both industrial world and academic community. To facilitate real-time data access for external users from the sensor nodes directly, password-based authentication has become the prevalent authentication mechanism in the past decades. In this work, we investigate three foremost protocols in the area of password-based user authentication scheme for WSNs. Firstly, we analyze an efficient and anonymous protocol and demonstrate that though this protocol is equipped with a formal proof, it actually has several security loopholes been overlooked, such that it cannot resist against smart card loss attack and violate forward secrecy. Secondly, we scrutinize a lightweight protocol and point out that it cannot achieve the claimed security goal of forward secrecy, as well as suffering from user anonymity violation attack and offline password guessing attack. Thirdly, we find that an anonymous scheme fails to preserve two critical properties of forward secrecy and user friendliness. In addition, by adopting the "perfect forward secrecy (PFS)" principle, we provide several effective countermeasures to remedy the identified weaknesses. To test the necessity and effectiveness of our suggestions, we conduct a comparison of 10 representative schemes in terms of the underlying cryptographic primitives used for realizing forward secrecy.

Chen Yulei,Chen Jianhua

DOI: https://doi.org/10.1007/s11227-021-03820-6

IF: 3.3

2021-01-01

The Journal of Supercomputing

Abstract:Wireless sensor networks (WSNs) are usually deployed in hostile or unattended areas, and users need to obtain real-time data from WSNs. The data collected by sensor nodes are usually relatively private and sensitive, so users must pass the identity authentication before obtaining the information perceived by sensor nodes. In order to enhance the security of wireless sensor networks and prevent illegal users from accessing sensor nodes, this paper designs an efficient and secure identity authentication protocol for wireless sensor networks. The proposed protocol makes full use of the advantages of lightweight cryptographic primitives such as physical unclonable function, one-way hash function and bitwise exclusive operation. Moreover, users only need to use biometrics (such as fingerprints, iris) to access the remote systems and do not need to rely on any password, which avoids the trouble of memorizing and losing password. To prove the scheme's security, the well-known formal security proof with random oracle model and traditional heuristic discussion are given. Additionally, the performance comparison results show that our scheme has less communication overhead and computation complexity, and is effective for the resource constrained sensor devices in WSNs.

Jiaqing Mo,Hang Chen

DOI: https://doi.org/10.1155/2019/2136506

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:Wireless sensor networks (WSNs) have great potential for numerous domains of application because of their ability to sense and understand unattended environments. However, a WSN is subject to various attacks due to the openness of the public wireless channel. Therefore, a secure authentication mechanism is vital to enable secure communication within WSNs, and many studies on authentication techniques have been presented to build robust WSNs. Recently, Lu et al. analyzed the security defects of the previous ones and proposed an anonymous three-factor authenticated key agreement protocol for WSNs. However, we found that their protocol is vulnerable to some security weaknesses, such as the offline password guessing attack, known session-specific temporary information attack, and no session key backward secrecy. We propose a lightweight security-improved three-factor authentication scheme for WSNs to overcome the previously stated weaknesses. In addition, the improved scheme is proven to be secure under the random oracle model, and a formal verification is conducted by ProVerif to reveal that the proposal achieves the required security features. Moreover, the theoretical analysis indicates that the proposal can resist known attacks. A comparison with related works demonstrates that the proposed scheme is superior due to its reasonable performance and additional security features.

Fan Wu,Lili Xu,Saru Kumari,Xiong Li

DOI: https://doi.org/10.1007/s12083-016-0485-9

IF: 3.488

2016-01-01

Peer-to-Peer Networking and Applications

Abstract:In wireless sensor networks(WSNs), the process that a legal user retrieving the information in real-time from the sensor nodes should be based on mutual authentication among the user, the sensors and the gateway. So security issues have attracted researchers. In 2014, A. K. Das proposed a new three-factor user authentication scheme for WSNs to overcome the disadvantages in Jiang et al.'s two-factor user authentication scheme. However, we find that the scheme has several weaknesses including susceptibility to the off-line guessing attack and the de-synchronization attack and destitution of strong forward security. We also find weaknesses in two three-factor user authentication schemes for WSNs presented by A. K. Das in 2015, containing under the off-line password guessing attack and the user forgery attack. Also, the two schemes lack user anonymity and strong forward security. Then we give an improved three-factor remote authentication scheme for WSNs to eliminate the above weaknesses. To illustrate the security of our scheme, we give a standard formal proof in the random oracle model, a formal verification with ProVerif and the informal analysis of security properties. The results demonstrate that our scheme is robust enough to keep away from various security vulnerabilities. Through the comparison with some other recent schemes, ours is suitable for the application.

Min Wu,Jianhua Chen,Wenxia Zhu,Zhenyang Yuan

DOI: https://doi.org/10.1504/ijesdf.2016.079447

2016-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:The security of authentication scheme, especially multi-factor biometric authentication scheme based on password, smart card, and biometric in wireless communication is an important and significant issue that researchers have been focusing on lately. Most recently, Liling Cao et al. improved a multi-factor biometric authentication scheme which demonstrated that their scheme can resist masquerading attack, user masquerading attack, replay attack, and provide mutual authentication, and so on. In this paper, it is indicated that their scheme is vulnerable to stolen smart card attack, user impersonation attack, server impersonation attack and man-in-the-middle-attack. Then, in order to avoid these attacks, a revised scheme with slight high computation costs but more security than other related schemes is presented.

Daojing He,Yi Gao,Sammy Chan,Chun Chen,Jiajun Bu

2010-01-01

Abstract:Designing a user authentication protocol for wireless sensor networks is a difficult task because wireless networks are susceptible to attacks and sensor node has limited energy, processing and storage resources. Recently, several authentication schemes have been proposed. This short paper shows some security problems and design weaknesses in those schemes. Furthermore, an enhanced two-factor user authentication protocol is presented. The proposed scheme only uses hash function, and a successful user authentication just requires three message exchanges. Security and performance analyses demonstrate that compared to the well-known authentication schemes, our proposal is more secure and efficient.

Mingwei Zhao,Xiaochen Yu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.076

2015-01-01

Abstract:Compared with traditional static password identity authentication technology,the identity authentication system with dynamic password is more secure.Current schemes of dynamic password authentication have difficulties in heavy computation load and key storage because of the use of the public key encryption system mostly.In view of this,we propose a new identity authentication scheme with dynamic password which combines hash function,symmetric encryption mechanism and Challenge /Response mechanism.At the same time,we carry out the performance test and analysis on the scheme.Experimental results show that the scheme not only realises mutual authentication between server and clients under the network environment,but also has the advantages of high safety,strong practicability,low cost etc., which can be used as the identity authentication in most insecure network channels.

Rifaqat Ali,Arup Kumar Pal,Saru Kumari,Arun Kumar Sangaiah,Xiong Li,Fan Wu

DOI: https://doi.org/10.1007/s12652-018-1015-9

IF: 3.662

2024-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:With the rapid growth of wireless medical sensor networks ( WMSNs ) based healthcare applications, protecting both the privacy and security from illegitimate users, are major concern issues since patient’s precise information is vital for the proper diagnosis procedure. So, authentication protocol is one of the efficient mechanisms to deal with trustworthy and authentic users. Several authentication protocols have been proposed in WMSNs environment. However, the most of these protocols are so susceptible to security threats and not suitable for practical use. In this article, recently proposed Amin et al.’s authentication scheme is reviewed and some vulnerabilities like off-line password guessing attack, user impersonation attack, known session-key temporary information attack, the revelation of secret parameters, and identity guessing attack are pointed out. To overcome all the above mentioned vulnerabilities, we have proposed an enhanced three-factor based remote user authentication protocol in WMSNs environment. Further, the proposed protocol is validated using Burrows–Abadi–Needham logic and then simulated using Automated Validation of Internet Security Protocols and Applications tool. Moreover, the security analysis ensures that the proposed protocol is well protected from various types of malicious attacks. In addition, the performance evaluation shows better efficiency and suitability of our protocol over other related protocols.

Ding Wang,Ping Wang

DOI: https://doi.org/10.1016/j.adhoc.2014.03.003

IF: 4.816

2014-01-01

Ad Hoc Networks

Abstract:•We show various security flaws in two password authentication schemes for HWSN.•We put forward three general principles to explicate repeated security failures.•Public-key techniques are indispensible to achieve truly two-factor security.•We take the first step toward investigating into the rationales of design choices.

Ding Wang,Xizhe Zhang,Zijian Zhang,Ping Wang

DOI: https://doi.org/10.1016/j.cose.2019.101619

IF: 5.105

2020-01-01

Computers & Security

Abstract:Revealing the security flaws of existing cryptographic protocols is the key to understanding how to achieve better security. Dozens of multi-factor authentication schemes for multi-server environments were successively proposed, yet most of them have been shortly found problematic. The research pattern of this area has fallen into the undesirable "break-fix-break-fix" cycle, in which lots of efforts have been devoted but little real progress has been made. In this paper, we revisit five leading two-factor authentication schemes for multi-server environments (i.e., Xu et al. scheme at ICICS'17, Wu et al. scheme at FC'17, Leu-Hsieh's scheme at IET IS'14, Zhou et al. scheme at WINET'18 and Roy et al. scheme at IEEE TII'19), and demonstrate that all of them suffer from critical security defects (e.g., no truly multi-factor security and temporary information leakage attack) or are short of important properties (e.g., no user anonymity). Our results invalidate any use of these five schemes for practical applications without further improvement, and underscore some new challenges (e.g., attacks arising from the leakage of session-specific parameters and from malicious insiders) in designing sound multi-factor schemes for multi-server environments. We also draw some useful lessons from the cryptanalysis results. (C) 2019 Elsevier Ltd. All rights reserved.

Hao Feng,Bowen Cai

DOI: https://doi.org/10.3390/electronics13214289

IF: 2.9

2024-11-01

Electronics

Abstract:Wireless Sensor Networks (WSNs) are rapidly being integrated into various fields, significantly impacting and facilitating many aspects of human life. However, the increasingly prominent security issues associated with WSNs have become a significant challenge. This paper provides an in-depth analysis of the security challenges faced by WSNs in resource constrained and open communication environments. As a key component of the Internet of Things (IoT), a WSN can perceive, collect and transmit physical environmental data in real-time, and is widely used in military, medical, agricultural and other fields. However, the insecurity of communication channels and unauthorized user access pose severe threats to network security and data integrity. To address these challenges, this paper proposes a provably secure two-factor authentication protocol. This protocol utilizes a Chebyshev chaotic map and a two-factor authentication mechanism, which not only enhances security in WSNs but also improves authentication efficiency. The protocol is validated through security proof and performance experiments, demonstrating excellent security, functionality and efficiency. This provides strong support for secure and efficient communication in WSNs across various application scenarios.

engineering, electrical & electronic,computer science, information systems,physics, applied

Hanguang Luo,Guangjun Wen,Jian Su

DOI: https://doi.org/10.1007/s11276-018-1841-x

IF: 2.701

2018-01-01

Wireless Networks

Abstract:Wireless sensor networks (WSNs) have rapidly increased to be applicable in many different areas due to their wireless mobile connectivity, large scale deployment and ad hoc network. However, these characteristics make WSNs usually deployed in unattended and hostile field, which may bring some new threats such as information tampering and eavesdropping attacks, etc. User authentication is one of the most important security services that allowed the legitimate user to query and collect the real-time data from a sensor node in WSN. Since the sensor nodes are resource-constrained devices which have limited storage, power and computing resource, the proposed authentication scheme should be low cost and lightweight. Recently, Gope et al. proposed a two-factor lightweight authentication scheme for real-time data access in WSN. However, according to the analysis, there still exist several drawbacks in their scheme as well as in other two-factor schemes. In this paper, we propose a novel lightweight three-factor authentication scheme for WSN to withstand such threats as well as providing higher operational efficiency than most of the recently presented schemes. Both analysis and simulation show that our scheme is more suitable for the security real-time data access in WSN.

Zengpeng Li,Zheng Yang,Pawel Szalachowski,Jianying Zhou

DOI: https://doi.org/10.1109/jiot.2020.3008773

IF: 10.6

2021-01-15

IEEE Internet of Things Journal

Abstract:Industrial Internet of Things (IIoT) brings together computers, devices, advanced analytics, and people in industries such as transportation, oil plant and power grid, that leads to major efficiency and productivity gains for almost any industrial procedures. Due to the interconnection of devices in IIoT, communication security has become a critical issue to address in many emerging industry standards which require the authentication and key exchange procedure to be done to guarantee the authorized machine access (e.g., from users) and secure the data transmission between machines. To overcome the shortcoming (i.e., low entropy) of the memorable password in user authentication, it is rightfully recommended by industry standards (such as IEC-62443 family) to use multi-factor authentication for higher security levels. Notably, latency is one of the main sources of inefficiency when a device is communicating with other machines on IIoT. To mitigate latency, smooth projective hash function (SPHF) built from wellstudied standard assumptions is used to achieve low-interactivity multi-factor authenticated key exchange protocol (MFAKE), because SPHF allows each party to prove to the others that he knows the right authentication factor(s). In this paper, we are therefore motivated to build a new MFAKE named "secure remote multifactor (SRMF)" to achieve the human involved "machine-to-machine" secure communication in IIoT. That is, SRMF leverages multiple user-centric authentication factors (such as password, biometric fingerprints, and PIN), and it can synergistically support multi-factor registration (MFR), multi-factor authentication (MFA) and multifactor key exchange (MFKE). Further, to prevent authentication factors stored at the server exposing to attackers, the password-harden service (i.e., Pythia-PRF, USENIX'15) inspires us to develop a multifactor hardening service (MFHS) -tilizing an oblivious pseudorandom function (OPRF). The balanced security of the proposed protocol is proved under the model of Bellare-Pointcheval-Rogaway (EUROCRYPTO' 00) along with theoretical and experimental evaluations.

computer science, information systems,telecommunications,engineering, electrical & electronic