Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Rong Fan,Dao-jing He,Xue-zeng Pan,Ling-di Ping

DOI: https://doi.org/10.1631/jzus.c1000377

2011-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints. Considering that most large-scale WSNs follow a two-tiered architecture, we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs. The proposed approach reduces the computational load, since it performs only simple operations, such as exclusive-OR and a one-way hash function. This feature is more suitable for the resource-limited sensor nodes and mobile devices. And it is unnecessary for master nodes to forward login request messages to the base station, or maintain a long user list. In addition, pseudonym identity is introduced to preserve user anonymity. Through clever design, our proposed scheme can prevent smart card breaches. Finally, security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.

Ding Wang,Ping Wang

DOI: https://doi.org/10.1016/j.comnet.2014.07.010

IF: 5.493

2014-01-01

Computer Networks

Abstract:•We demonstrate privacy breaches into two password authentication schemes for WSNs.•Public-key techniques are indispensible to achieve user untraceability.•Our principle is applicable to two-factor authentication for universal environments.•We discuss the viable solutions to practical realization of user anonymity.•Experimental timings of related public-key operations on small devices are reported.

WangDing,WangPing

IF: 5.493

2014-01-01

Computer Networks

Abstract:Display Omitted We demonstrate privacy breaches into two password authentication schemes for WSNs.Public-key techniques are indispensible to achieve user untraceability.Our principle is applicable ...

jing ying zhao,hai guo,wei wei

DOI: https://doi.org/10.4028/www.scientific.net/AMM.147.320

2012-01-01

Applied Mechanics and Materials

Abstract:Nowadays, Wireless sensor networks (WSNs) are appeared to be new and promising solutions for next generation real-time wireless monitoring applications. These WSNs could become a threat if suitable security is not considered before the deployment. However, if there is any loophole in security, that might opens the door to attackers and hence, endanger for the applications. So, user authentication is one of the core requirements to protect WSNs data access from the unauthorized users. In this regard, we propose an efficient two-factor user authentication for WSNs, which is based on password and smart card (two-factors). Our scheme provides mutual authentication, enables the user to choose and change their password frequently. Moreover, they provides strong protection against different kind of attacks at reasonable computation cost.

Wenting Li,Bin Li,Yiming Zhao,Ping Wang,Fushan Wei

DOI: https://doi.org/10.1155/2018/8539674

2018-01-01

Abstract:Nowadays wireless sensor networks (WSNs) have drawn great attention from both industrial world and academic community. To facilitate real-time data access for external users from the sensor nodes directly, password-based authentication has become the prevalent authentication mechanism in the past decades. In this work, we investigate three foremost protocols in the area of password-based user authentication scheme for WSNs. Firstly, we analyze an efficient and anonymous protocol and demonstrate that though this protocol is equipped with a formal proof, it actually has several security loopholes been overlooked, such that it cannot resist against smart card loss attack and violate forward secrecy. Secondly, we scrutinize a lightweight protocol and point out that it cannot achieve the claimed security goal of forward secrecy, as well as suffering from user anonymity violation attack and offline password guessing attack. Thirdly, we find that an anonymous scheme fails to preserve two critical properties of forward secrecy and user friendliness. In addition, by adopting the "perfect forward secrecy (PFS)" principle, we provide several effective countermeasures to remedy the identified weaknesses. To test the necessity and effectiveness of our suggestions, we conduct a comparison of 10 representative schemes in terms of the underlying cryptographic primitives used for realizing forward secrecy.

Daojing He,Yi Gao,Sammy Chan,Chun Chen,Jiajun Bu

2010-01-01

Abstract:Designing a user authentication protocol for wireless sensor networks is a difficult task because wireless networks are susceptible to attacks and sensor node has limited energy, processing and storage resources. Recently, several authentication schemes have been proposed. This short paper shows some security problems and design weaknesses in those schemes. Furthermore, an enhanced two-factor user authentication protocol is presented. The proposed scheme only uses hash function, and a successful user authentication just requires three message exchanges. Security and performance analyses demonstrate that compared to the well-known authentication schemes, our proposal is more secure and efficient.

Hanguang Luo,Guangjun Wen,Jian Su

DOI: https://doi.org/10.1007/978-3-030-00021-9_4

2018-01-01

Abstract:Wireless Sensor Networks (WSNs) have rapidly increased to be applicable in many different areas due to their wireless mobile connectivity, large scale deployment and ad hoc network. However, these characteristics make WSNs usually deployed in unattended and hostile field, which may bring some new threats such as information tampering and eavesdropping attacks, etc. User authentication is one of the most important security services that allowed the legitimate user to query and collect the real-time data from a sensor node in WSN. Since the sensor nodes are resource-constrained devices which have limited storage, power and computing resource, the proposed authentication scheme must be low cost and lightweight. Recently, Gope et al. proposed a realistic lightweight authentication for real-time data access in WSN. Unfortunately, through our analysis we identified several flaws exist in their scheme as well as exist in other two-factor schemes. In order to withstand these threats, in this paper, we proposed some solutions to withstand the problems in Gope et al.' s and other schemes. Our solutions provide an important reference for security data access in WSN.

Ding Wang,Xizhe Zhang,Zijian Zhang,Ping Wang

DOI: https://doi.org/10.1016/j.cose.2019.101619

IF: 5.105

2020-01-01

Computers & Security

Abstract:Revealing the security flaws of existing cryptographic protocols is the key to understanding how to achieve better security. Dozens of multi-factor authentication schemes for multi-server environments were successively proposed, yet most of them have been shortly found problematic. The research pattern of this area has fallen into the undesirable "break-fix-break-fix" cycle, in which lots of efforts have been devoted but little real progress has been made. In this paper, we revisit five leading two-factor authentication schemes for multi-server environments (i.e., Xu et al. scheme at ICICS'17, Wu et al. scheme at FC'17, Leu-Hsieh's scheme at IET IS'14, Zhou et al. scheme at WINET'18 and Roy et al. scheme at IEEE TII'19), and demonstrate that all of them suffer from critical security defects (e.g., no truly multi-factor security and temporary information leakage attack) or are short of important properties (e.g., no user anonymity). Our results invalidate any use of these five schemes for practical applications without further improvement, and underscore some new challenges (e.g., attacks arising from the leakage of session-specific parameters and from malicious insiders) in designing sound multi-factor schemes for multi-server environments. We also draw some useful lessons from the cryptanalysis results. (C) 2019 Elsevier Ltd. All rights reserved.

Ding Wang,Ping Wang,Chenyu Wang

DOI: https://doi.org/10.1145/3325130

2020-01-01

ACM Transactions on Cyber-Physical Systems

Abstract:It is challenging to design a secure and efficient multi-factor authentication scheme for real-time data access in wireless sensor networks. On the one hand, such real-time applications are generally security critical, and various security goals need to be met. On the other hand, sensor nodes and users’ mobile devices are typically of a resource-constrained nature, and expensive cryptographic primitives cannot be used. In this work, we first revisit four foremost multi-factor authentication schemes (i.e., those of Amin et al. (JNCA’18), Srinivas et al. (IEEE TDSC’18), Li et al. (JNCA’18), and Li et al. (IEEE TII’18)) and use them as case studies to reveal the difficulties and challenges in designing a multi-factor authentication scheme for wireless sensor networks correctly. We identify the root causes for their failures in achieving truly multi-factor security and forward secrecy. We further propose a robust multi-factor authentication scheme that makes use of the imbalanced computational nature of the RSA cryptosystem, particularly suitable for scenarios where sensor nodes (but not the user’s device) are the main energy bottleneck. Comparison results demonstrate the superiority of our scheme. As far as we know, it is the first two-factor authentication scheme for real-time data access in WSNs that can satisfy all 12 criteria of the state-of-the-art evaluation metric under the harshest adversary model so far.

Ding Wang,Wenting Li,Ping Wang

DOI: https://doi.org/10.1109/tii.2018.2834351

IF: 12.3

2018-01-01

IEEE Transactions on Industrial Informatics

Abstract:Dozens of two-factor authentication schemes have been proposed to secure real-time data access in industrial wireless sensor networks (WSNs). However, more often than not, the protocol designers advocate the merits of their scheme, but do not reveal (or unconsciously ignoring) the facets on which their scheme performs poorly. Such lack of an objective, comprehensive measurement leads to the unsatisfactory "break-fix-break-fix" cycle in this research area. In this paper, we make an attempt toward breaking this undesirable cycle by proposing a systematical evaluation framework for schemes to be assessed objectively, revisiting two foremost schemes proposed by Wu et al. (2017) and Srinivas et al. (2017) to reveal the challenges and difficulties in designing a sound scheme, and conducting a measurement of 44 representative schemes under our evaluation framework, thereby providing the missing evaluation for two-factor schemes in industrial WSNs. This work would help increase awareness of current measurement issues and improve the scientific process in our field.

Ding Wang,Ping Wang

DOI: https://doi.org/10.1007/978-3-319-23829-6_11

2015-01-01

Abstract:Smart-card-based password authentication, known as two-factor authentication, is one of the most widely used security mechanisms to validate the legitimacy of a remote client, who must hold a valid smart card and the correct password in order to successfully login the server. So far the research on this domain has mainly focused on developing more secure, privacy-preserving and efficient protocols, which has led to numerous efficient proposals with a diversity of security provisions, yet little attention has been directed towards another important aspect, i.e. the usability of a scheme. This paper focuses on the study of two specific security threats on usability in two-factor authentication. Using two representative protocols as case studies, we demonstrate two types of security threats on usability: (1) Password change attack, which may easily render the smart card completely unusable by changing the password to a random value; and (2) De-synchronization attack, which breaks the consistence of the pseudo-identities between the user and the server. These threats, though realistic in practice, have been paid little attention in the literature. In addition to revealing the vulnerabilities, we discuss how to thwart these security threats and secure the protocols.

Hanguang Luo,Guangjun Wen,Jian Su

DOI: https://doi.org/10.1007/s11276-018-1841-x

IF: 2.701

2018-01-01

Wireless Networks

Abstract:Wireless sensor networks (WSNs) have rapidly increased to be applicable in many different areas due to their wireless mobile connectivity, large scale deployment and ad hoc network. However, these characteristics make WSNs usually deployed in unattended and hostile field, which may bring some new threats such as information tampering and eavesdropping attacks, etc. User authentication is one of the most important security services that allowed the legitimate user to query and collect the real-time data from a sensor node in WSN. Since the sensor nodes are resource-constrained devices which have limited storage, power and computing resource, the proposed authentication scheme should be low cost and lightweight. Recently, Gope et al. proposed a two-factor lightweight authentication scheme for real-time data access in WSN. However, according to the analysis, there still exist several drawbacks in their scheme as well as in other two-factor schemes. In this paper, we propose a novel lightweight three-factor authentication scheme for WSN to withstand such threats as well as providing higher operational efficiency than most of the recently presented schemes. Both analysis and simulation show that our scheme is more suitable for the security real-time data access in WSN.

Fan Wu,Lili Xu,Saru Kumari,Xiong Li

DOI: https://doi.org/10.1007/s12083-016-0485-9

IF: 3.488

2016-01-01

Peer-to-Peer Networking and Applications

Abstract:In wireless sensor networks(WSNs), the process that a legal user retrieving the information in real-time from the sensor nodes should be based on mutual authentication among the user, the sensors and the gateway. So security issues have attracted researchers. In 2014, A. K. Das proposed a new three-factor user authentication scheme for WSNs to overcome the disadvantages in Jiang et al.'s two-factor user authentication scheme. However, we find that the scheme has several weaknesses including susceptibility to the off-line guessing attack and the de-synchronization attack and destitution of strong forward security. We also find weaknesses in two three-factor user authentication schemes for WSNs presented by A. K. Das in 2015, containing under the off-line password guessing attack and the user forgery attack. Also, the two schemes lack user anonymity and strong forward security. Then we give an improved three-factor remote authentication scheme for WSNs to eliminate the above weaknesses. To illustrate the security of our scheme, we give a standard formal proof in the random oracle model, a formal verification with ProVerif and the informal analysis of security properties. The results demonstrate that our scheme is robust enough to keep away from various security vulnerabilities. Through the comparison with some other recent schemes, ours is suitable for the application.

Ping Wang,Bin Li,Hongjin Shi,Yaosheng Shen,Ding Wang

DOI: https://doi.org/10.1155/2019/2516963

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:Investigating the security pitfalls of cryptographic protocols is crucial to understand how to improve security. At ICCCS'17, Wu and Xu proposed an efficient smart-card-based password authentication scheme for cloud computing environments to cope with the vulnerabilities in Jiang et al.'s scheme. However, we reveal that Wu-Xu's scheme actually is subject to various security flaws, such as offline password guessing attack and replay attack. Besides security, user friendly is also another great concern. In 2017, Roy et al. found that in most previous two-factor schemes a user has to manage different credentials for different services and further suggested a user-friendly scheme which is claimed to be suitable for multiserver architecture and robust against various attacks. In this work, we show that Roy et al.'s scheme fails to achieve truly two-factor security and shows poor scalability. At FGCS'18, Amin et al. pointed out that most of existing two-factor schemes are either insecure or inefficient for mobile devices due to the use of public-key techniques and thus suggested an improved protocol by using only light-weight symmetric key techniques. Almost at the same time, Wei et al. also observed this issue and proposed a new scheme based on symmetric key techniques with formal security proofs in the random oracle model. Nevertheless, we point out that both Amin et al.'s and Wei et al.'s schemes cannot achieve the claimed security goals (including the most crucial goal of truly two-factor security). Our results invalidate any use of the scrutinized schemes for cloud computing environments.

Xiancun Zhou,Yan Xiong

DOI: https://doi.org/10.1007/978-3-642-25255-6_34

2011-01-01

Abstract:As wireless sensor networks(WSNs) are susceptible to attacks and sensor nodes have limited resources, it is necessary to design a secure and lightweight user authentication protocol for WSNs. Over the past few years, a few user authentication schemes for WSNs were proposed, in which the concept of timestamps were employed without exception. Analysis shows that it brings new security flaws. An efficient and lightweight user authentication scheme for WSNs is proposed in this paper. In proposed scheme, we employ one-way hash function with a secret key. With the help of smart card, mutual authentication is performed using a challenge-response handshake between user and gateway node in both directions, and it avoids the problem of time synchronization between smart card and the gateway node. An analysis of the scheme is presented and it shows its resilience against classical types of attacks, and it adds less computational overhead than other schemes.

Hao Feng,Bowen Cai

DOI: https://doi.org/10.3390/electronics13214289

IF: 2.9

2024-11-01

Electronics

Abstract:Wireless Sensor Networks (WSNs) are rapidly being integrated into various fields, significantly impacting and facilitating many aspects of human life. However, the increasingly prominent security issues associated with WSNs have become a significant challenge. This paper provides an in-depth analysis of the security challenges faced by WSNs in resource constrained and open communication environments. As a key component of the Internet of Things (IoT), a WSN can perceive, collect and transmit physical environmental data in real-time, and is widely used in military, medical, agricultural and other fields. However, the insecurity of communication channels and unauthorized user access pose severe threats to network security and data integrity. To address these challenges, this paper proposes a provably secure two-factor authentication protocol. This protocol utilizes a Chebyshev chaotic map and a two-factor authentication mechanism, which not only enhances security in WSNs but also improves authentication efficiency. The protocol is validated through security proof and performance experiments, demonstrating excellent security, functionality and efficiency. This provides strong support for secure and efficient communication in WSNs across various application scenarios.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jiaqing Mo,Hang Chen

DOI: https://doi.org/10.1155/2019/2136506

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:Wireless sensor networks (WSNs) have great potential for numerous domains of application because of their ability to sense and understand unattended environments. However, a WSN is subject to various attacks due to the openness of the public wireless channel. Therefore, a secure authentication mechanism is vital to enable secure communication within WSNs, and many studies on authentication techniques have been presented to build robust WSNs. Recently, Lu et al. analyzed the security defects of the previous ones and proposed an anonymous three-factor authenticated key agreement protocol for WSNs. However, we found that their protocol is vulnerable to some security weaknesses, such as the offline password guessing attack, known session-specific temporary information attack, and no session key backward secrecy. We propose a lightweight security-improved three-factor authentication scheme for WSNs to overcome the previously stated weaknesses. In addition, the improved scheme is proven to be secure under the random oracle model, and a formal verification is conducted by ProVerif to reveal that the proposal achieves the required security features. Moreover, the theoretical analysis indicates that the proposal can resist known attacks. A comparison with related works demonstrates that the proposed scheme is superior due to its reasonable performance and additional security features.

Ding Wang,Ping Wang

DOI: https://doi.org/10.1109/tdsc.2016.2605087

2016-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:As the most prevailing two-factor authentication mechanism, smart-card-based password authentication has been a subject of intensive research in the past two decades, and hundreds of this type of schemes have wave upon wave been proposed. In most of these studies, there is no comprehensive and systematical metric available for schemes to be assessed objectively, and the authors present new schemes with assertions of the superior aspects over previous ones, while overlooking dimensions on which their schemes fare poorly. Unsurprisingly, most of them are far from satisfactory—either are found short of important security goals or lack of critical properties, especially being stuck with the security-usability tension. To overcome this issue, in this work we first explicitly define a security model that can accurately capture the practical capabilities of an adversary and then suggest a broad set of twelve properties framed as a systematic methodology for comparative evaluation, allowing schemes to be rated across a common spectrum. As our main contribution, a new scheme is advanced to resolve the various issues arising from user corruption and server compromise, and it is formally proved secure under the harshest adversary model so far. In particular, by integrating “honeywords”, traditionally the purview of system security, with a “fuzzy-verifier”, our scheme hits “two birds”: it not only eliminates the long-standing security-usability conflict that is considered intractable in the literature, but also achieves security guarantees beyond the conventional optimal security bound.

Liufu Zhu,Ding Wang

DOI: https://doi.org/10.1109/tifs.2024.3451364

IF: 7.231

2024-09-27

IEEE Transactions on Information Forensics and Security

Abstract:Multi-factor authentication (MFA) is crucial for Wireless Sensor Networks (WSNs) to ensure secure communication in security-critical applications such as smart homes, industrial control, and military defense due to the open nature of WSNs. Considerable efforts have been made to propose various MFA schemes with varied security goals and desirable properties. However, little attention has been given to the property of dynamic password recovery, and it still remains a question of how to construct a robust MFA scheme with the desirable property of dynamic password recovery for WSNs. In this paper, we first review two representative multi-factor authentication schemes proposed by Li-Tian (at IEEE Syst J'22) and Fatima et al. (at ACM TOSN'23) as case studies, and reveal that these two schemes fail to resist some known attacks and pay little attention to password forgetting and leakage issues. Accordingly, we employ the techniques of the honeywords method, fuzzy-verifier technique, and public key cryptosystem to construct a novel MFA scheme. Particularly, we propose the first dynamic password recovery method for MFA to address password forgetting and leakage issues. Key rotation is implemented to ensure the security of the long-term secret key. Our scheme is provably secure under the Random Oracle Model. Comparison results show the superiority of our new scheme.

computer science, theory & methods,engineering, electrical & electronic