WangDing,WangPing

IF: 5.493

2014-01-01

Computer Networks

Abstract:Display Omitted We demonstrate privacy breaches into two password authentication schemes for WSNs.Public-key techniques are indispensible to achieve user untraceability.Our principle is applicable ...

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Rong Fan,Dao-jing He,Xue-zeng Pan,Ling-di Ping

DOI: https://doi.org/10.1631/jzus.c1000377

2011-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints. Considering that most large-scale WSNs follow a two-tiered architecture, we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs. The proposed approach reduces the computational load, since it performs only simple operations, such as exclusive-OR and a one-way hash function. This feature is more suitable for the resource-limited sensor nodes and mobile devices. And it is unnecessary for master nodes to forward login request messages to the base station, or maintain a long user list. In addition, pseudonym identity is introduced to preserve user anonymity. Through clever design, our proposed scheme can prevent smart card breaches. Finally, security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.

Ding Wang,Ping Wang

DOI: https://doi.org/10.1016/j.adhoc.2014.03.003

IF: 4.816

2014-01-01

Ad Hoc Networks

Abstract:•We show various security flaws in two password authentication schemes for HWSN.•We put forward three general principles to explicate repeated security failures.•Public-key techniques are indispensible to achieve truly two-factor security.•We take the first step toward investigating into the rationales of design choices.

Wenting Li,Bin Li,Yiming Zhao,Ping Wang,Fushan Wei

DOI: https://doi.org/10.1155/2018/8539674

2018-01-01

Abstract:Nowadays wireless sensor networks (WSNs) have drawn great attention from both industrial world and academic community. To facilitate real-time data access for external users from the sensor nodes directly, password-based authentication has become the prevalent authentication mechanism in the past decades. In this work, we investigate three foremost protocols in the area of password-based user authentication scheme for WSNs. Firstly, we analyze an efficient and anonymous protocol and demonstrate that though this protocol is equipped with a formal proof, it actually has several security loopholes been overlooked, such that it cannot resist against smart card loss attack and violate forward secrecy. Secondly, we scrutinize a lightweight protocol and point out that it cannot achieve the claimed security goal of forward secrecy, as well as suffering from user anonymity violation attack and offline password guessing attack. Thirdly, we find that an anonymous scheme fails to preserve two critical properties of forward secrecy and user friendliness. In addition, by adopting the "perfect forward secrecy (PFS)" principle, we provide several effective countermeasures to remedy the identified weaknesses. To test the necessity and effectiveness of our suggestions, we conduct a comparison of 10 representative schemes in terms of the underlying cryptographic primitives used for realizing forward secrecy.

jing ying zhao,hai guo,wei wei

DOI: https://doi.org/10.4028/www.scientific.net/AMM.147.320

2012-01-01

Applied Mechanics and Materials

Abstract:Nowadays, Wireless sensor networks (WSNs) are appeared to be new and promising solutions for next generation real-time wireless monitoring applications. These WSNs could become a threat if suitable security is not considered before the deployment. However, if there is any loophole in security, that might opens the door to attackers and hence, endanger for the applications. So, user authentication is one of the core requirements to protect WSNs data access from the unauthorized users. In this regard, we propose an efficient two-factor user authentication for WSNs, which is based on password and smart card (two-factors). Our scheme provides mutual authentication, enables the user to choose and change their password frequently. Moreover, they provides strong protection against different kind of attacks at reasonable computation cost.

Qi Xie,Zixuan Ding,Bin Hu

DOI: https://doi.org/10.1155/2021/4799223

IF: 1.968

2021-09-29

Security and Communication Networks

Abstract:The Internet of things is playing more and more important role in smart healthcare, smart grids, and smart transportation, and using wireless sensor network (WSN), we can easily obtain and transmit information. However, the data security and users’ privacy are the biggest challenges for WSN because sensor nodes have low computing power and low storage capacity and are easy to be captured, and wireless networks are vulnerable. In 2021, Shuai et al. proposed a lightweight three-factor anonymous authentication scheme for WSN. However, we found that their protocol is vulnerable to stolen-verifier attack, modification of messages’ attack, and no perfect forward secrecy. Then, a new three-factor anonymous authentication scheme using elliptic curve cryptography (ECC) is proposed. Through informal and formal security analyses, our scheme can resist various known attacks and maintains low computational complexity.

computer science, information systems,telecommunications

Qing Fan,Jianhua Chen,Feng Xu,Li,Min Luo

DOI: https://doi.org/10.1002/cpe.6178

2022-01-01

Abstract:SummaryWireless sensor networks (WSNs) are widespreadly applicable for information acquisition and processing in various fields such as military, healthcare, envrionment monitoring, and so on. WSNs have three main components: sensors, gateways, and users. The sensing information from sensors is transmitted to users through gateways. However, the public wireless networks are vulnerable to malicious active and passive attacks, which could bring security and privacy issues. Numerous two‐factor based authentication and key agreement (AKA) protocols have been proposed to solve these issues, whereas these schemes still have some deficiencies. Three‐factor based authentication method can make up for the drawbacks of two‐factor based schemes. Kumari and Renuka put forward a biometrics‐based AKA for WSNs with elliptic curve cryptography (ECC). But their scheme cannot maintain anonymity and resist to impersonality attack, replay attack, and DoS attack. In this article, we propose a biometrics‐based anonymous AKA scheme, which is equipped with the covered security requirements of WSNs. Meanwhile, the proposed scheme are provably secure in the three‐party AKA security model. Performance analysis demonstrates that our scheme has better security properties, communication cost, and computational cost compared with five recent and related schemes.

Ding Wang,Nan Wang,Ping Wang,Sihan Qing

DOI: https://doi.org/10.1016/j.ins.2015.03.070

IF: 8.1

2015-01-01

Information Sciences

Abstract:•We show a number of latest privacy-preserving two-factor schemes are problematic.•De-synchronization attack is a serious threat to anonymous schemes and deserves attention.•We present a new scheme to overcome the identified flaws with nearly no additional cost.•Security and privacy provisions of our scheme can be proved in a widely accepted model.

Junghyun Nam,Kim-Kwang Raymond Choo,Sangchul Han,Moonseong Kim,Juryon Paik,Dongho Won

DOI: https://doi.org/10.1371/journal.pone.0116709

2015-09-23

Abstract:A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper, we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks).

Cryptography and Security

Jiaqing Mo,Hang Chen

DOI: https://doi.org/10.1155/2019/2136506

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:Wireless sensor networks (WSNs) have great potential for numerous domains of application because of their ability to sense and understand unattended environments. However, a WSN is subject to various attacks due to the openness of the public wireless channel. Therefore, a secure authentication mechanism is vital to enable secure communication within WSNs, and many studies on authentication techniques have been presented to build robust WSNs. Recently, Lu et al. analyzed the security defects of the previous ones and proposed an anonymous three-factor authenticated key agreement protocol for WSNs. However, we found that their protocol is vulnerable to some security weaknesses, such as the offline password guessing attack, known session-specific temporary information attack, and no session key backward secrecy. We propose a lightweight security-improved three-factor authentication scheme for WSNs to overcome the previously stated weaknesses. In addition, the improved scheme is proven to be secure under the random oracle model, and a formal verification is conducted by ProVerif to reveal that the proposal achieves the required security features. Moreover, the theoretical analysis indicates that the proposal can resist known attacks. A comparison with related works demonstrates that the proposed scheme is superior due to its reasonable performance and additional security features.

Daojing He,Yi Gao,Sammy Chan,Chun Chen,Jiajun Bu

2010-01-01

Abstract:Designing a user authentication protocol for wireless sensor networks is a difficult task because wireless networks are susceptible to attacks and sensor node has limited energy, processing and storage resources. Recently, several authentication schemes have been proposed. This short paper shows some security problems and design weaknesses in those schemes. Furthermore, an enhanced two-factor user authentication protocol is presented. The proposed scheme only uses hash function, and a successful user authentication just requires three message exchanges. Security and performance analyses demonstrate that compared to the well-known authentication schemes, our proposal is more secure and efficient.

Xiong Li,Jianwei Niu,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1007/978-3-319-62024-4_3

2017-01-01

Abstract:As a typical application of Internet of Things (IoT), wireless sensor networks (WSNs) have been widely used in many fields, such as remote healthcare, to gather data of monitoring area. However, due to open nature of wireless channel and limited computing and storage resource of sensor node, how to guarantee the sensitive sensed data are only be accessed by valid user becomes an important issue. Many user authentication protocols for WSNs have been proposed to address this issue, however, previous work more or less have their own weaknesses. Recently, Gope and Hwang proposed a lightweight anonymity authentication for WSNs, and they claimed that their protocol is secure against most attacks. However, our analysis indicates that their protocol still has some design and security flaws. To address the security issue for WSNs, a user authentication protocol with privacy protection for WSNs has been proposed. The analysis and comparisons results show that the proposed protocol is a robust and security one for WSNs.

Xiong Li,Jianwei Niu,Saru Kumari,Fan Wu,Arun Kumar Sangaiah,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1016/j.jnca.2017.07.001

IF: 7.574

2017-01-01

Journal of Network and Computer Applications

Abstract:Internet of Things (IoT) is an emerging technology, which makes the remote sensing and control across heterogeneous network a reality, and has good prospects in industrial applications. As an important infrastructure, Wireless Sensor Networks (WSNs) play a crucial role in industrial IoT. Due to the resource constrained feature of sensor nodes, the design of security and efficiency balanced authentication scheme for WSNs becomes a big challenge in IoT applications. First, a two-factor authentication scheme for WSNs proposed by Jiang et al. is reviewed, and the functional and security flaws of their scheme are analyzed. Then, we proposed a three-factor anonymous authentication scheme for WSNs in Internet of Things environments, where fuzzy commitment scheme is adopted to handle the user's biometric information. Analysis and comparison results show that the proposed scheme keeps computational efficiency, and also achieves more security and functional features. Compared with other related work, the proposed scheme is more suitable for Internet of Things environments.

Chen Yulei,Chen Jianhua

DOI: https://doi.org/10.1007/s11227-021-03820-6

IF: 3.3

2021-01-01

The Journal of Supercomputing

Abstract:Wireless sensor networks (WSNs) are usually deployed in hostile or unattended areas, and users need to obtain real-time data from WSNs. The data collected by sensor nodes are usually relatively private and sensitive, so users must pass the identity authentication before obtaining the information perceived by sensor nodes. In order to enhance the security of wireless sensor networks and prevent illegal users from accessing sensor nodes, this paper designs an efficient and secure identity authentication protocol for wireless sensor networks. The proposed protocol makes full use of the advantages of lightweight cryptographic primitives such as physical unclonable function, one-way hash function and bitwise exclusive operation. Moreover, users only need to use biometrics (such as fingerprints, iris) to access the remote systems and do not need to rely on any password, which avoids the trouble of memorizing and losing password. To prove the scheme's security, the well-known formal security proof with random oracle model and traditional heuristic discussion are given. Additionally, the performance comparison results show that our scheme has less communication overhead and computation complexity, and is effective for the resource constrained sensor devices in WSNs.

Ding Wang,Ping Wang

DOI: https://doi.org/10.1007/978-3-319-23829-6_11

2015-01-01

Abstract:Smart-card-based password authentication, known as two-factor authentication, is one of the most widely used security mechanisms to validate the legitimacy of a remote client, who must hold a valid smart card and the correct password in order to successfully login the server. So far the research on this domain has mainly focused on developing more secure, privacy-preserving and efficient protocols, which has led to numerous efficient proposals with a diversity of security provisions, yet little attention has been directed towards another important aspect, i.e. the usability of a scheme. This paper focuses on the study of two specific security threats on usability in two-factor authentication. Using two representative protocols as case studies, we demonstrate two types of security threats on usability: (1) Password change attack, which may easily render the smart card completely unusable by changing the password to a random value; and (2) De-synchronization attack, which breaks the consistence of the pseudo-identities between the user and the server. These threats, though realistic in practice, have been paid little attention in the literature. In addition to revealing the vulnerabilities, we discuss how to thwart these security threats and secure the protocols.

Fan Wu,Lili Xu,Saru Kumari,Xiong Li

DOI: https://doi.org/10.1007/s12083-016-0485-9

IF: 3.488

2016-01-01

Peer-to-Peer Networking and Applications

Abstract:In wireless sensor networks(WSNs), the process that a legal user retrieving the information in real-time from the sensor nodes should be based on mutual authentication among the user, the sensors and the gateway. So security issues have attracted researchers. In 2014, A. K. Das proposed a new three-factor user authentication scheme for WSNs to overcome the disadvantages in Jiang et al.'s two-factor user authentication scheme. However, we find that the scheme has several weaknesses including susceptibility to the off-line guessing attack and the de-synchronization attack and destitution of strong forward security. We also find weaknesses in two three-factor user authentication schemes for WSNs presented by A. K. Das in 2015, containing under the off-line password guessing attack and the user forgery attack. Also, the two schemes lack user anonymity and strong forward security. Then we give an improved three-factor remote authentication scheme for WSNs to eliminate the above weaknesses. To illustrate the security of our scheme, we give a standard formal proof in the random oracle model, a formal verification with ProVerif and the informal analysis of security properties. The results demonstrate that our scheme is robust enough to keep away from various security vulnerabilities. Through the comparison with some other recent schemes, ours is suitable for the application.

Ding Wang,Ping Wang,Chenyu Wang

DOI: https://doi.org/10.1145/3325130

2020-01-01

ACM Transactions on Cyber-Physical Systems

Abstract:It is challenging to design a secure and efficient multi-factor authentication scheme for real-time data access in wireless sensor networks. On the one hand, such real-time applications are generally security critical, and various security goals need to be met. On the other hand, sensor nodes and users’ mobile devices are typically of a resource-constrained nature, and expensive cryptographic primitives cannot be used. In this work, we first revisit four foremost multi-factor authentication schemes (i.e., those of Amin et al. (JNCA’18), Srinivas et al. (IEEE TDSC’18), Li et al. (JNCA’18), and Li et al. (IEEE TII’18)) and use them as case studies to reveal the difficulties and challenges in designing a multi-factor authentication scheme for wireless sensor networks correctly. We identify the root causes for their failures in achieving truly multi-factor security and forward secrecy. We further propose a robust multi-factor authentication scheme that makes use of the imbalanced computational nature of the RSA cryptosystem, particularly suitable for scenarios where sensor nodes (but not the user’s device) are the main energy bottleneck. Comparison results demonstrate the superiority of our scheme. As far as we know, it is the first two-factor authentication scheme for real-time data access in WSNs that can satisfy all 12 criteria of the state-of-the-art evaluation metric under the harshest adversary model so far.

Ding Wang,Ping Wang,Jing Liu

DOI: https://doi.org/10.1109/WCNC.2014.6953015

2014-01-01

Abstract:User authentication is an important security mechanism that allows mobile users to be granted access to roaming service offered by the foreign agent with assistance of the home agent in mobile networks. While security-related issues have been well studied, how to preserve user privacy in this type of protocols still remains an open problem. In this paper, we revisit the privacy-preserving two-factor authentication scheme presented by Li et al. at WCNC 2013. We show that, despite being armed with a formal security proof, this scheme actually cannot achieve the claimed feature of user anonymity and is insecure against offline password guessing attacks, and thus, it is not recommended for practical applications. Then, we figure out how to fix these identified drawbacks, and suggest an enhanced scheme with better security and reasonable efficiency. Further, we conjecture that under the non-tamper-resistant assumption of the smart cards, only symmetric-key techniques are intrinsically insufficient to attain user anonymity.

Hu Xiong,Xiaofeng Wang,Fagen Li

DOI: https://doi.org/10.1587/transfun.e95.a.256

2012-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:Recently, Kang et al. discussed some security flaws of Wu et al's and Wei et al.'s authentication schemes that guarantee user anonymity in wireless communications and showed how to overcome the problems regarding anonymity and the forged login messages. However, we will show that Kang et al.'s improved scheme still did not provide user anonymity as they claimed.