Kui Ren,Kai Zeng,Wenjing Lou,Patrick J. Moran

DOI: https://doi.org/10.1109/twc.2007.060255

IF: 10.4

2007-01-01

IEEE Transactions on Wireless Communications

Abstract:Broadcast authentication is a critical security service in wireless sensor networks (WSNs), since it enables users to broadcast the WSN in an authenticated way. Symmetric key based schemes such as muTESLA and multilevel muTESLA have been proposed to provide such services for WSNs; however, these schemes all suffer from serious DoS attacks due to the delay in message authentication. This paper presents several effective public key based schemes to achieve immediate broadcast authentication and thus overcome the vulnerability presented in the muTESLA-like schemes. Several cryptographic techniques, including Merkle hash tree and identity-based signature scheme, are adopted to minimize the scheme overhead regarding the costs on both computation and communication. A quantitative energy consumption analysis of the proposed schemes is given in detail. We believe that this paper can serve as the start point towards fully solving the important multisender broadcast authentication problem in WSNs.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Rong Fan,Dao-jing He,Xue-zeng Pan,Ling-di Ping

DOI: https://doi.org/10.1631/jzus.c1000377

2011-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints. Considering that most large-scale WSNs follow a two-tiered architecture, we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs. The proposed approach reduces the computational load, since it performs only simple operations, such as exclusive-OR and a one-way hash function. This feature is more suitable for the resource-limited sensor nodes and mobile devices. And it is unnecessary for master nodes to forward login request messages to the base station, or maintain a long user list. In addition, pseudonym identity is introduced to preserve user anonymity. Through clever design, our proposed scheme can prevent smart card breaches. Finally, security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.

Fan Rong,Ping Lingdi,Fu Jianqing,Pan Xuezeng

DOI: https://doi.org/10.3969/j.issn.1000-0801.2010.10.015

2010-01-01

Abstract:In the applications of unattended wireless sensor networks(UWSN),sensor nodes always are deployed in hostile area and are difficult to communicate with each other.Besides,the network user need abstract sensed data not real time data in some scene.Thus the sensor nodes need to store the sensed data until receiving the request of data.However,the distributed architecture makes it challenging to build a secure and efficient data storage system due to the resource-constrained nature of sensor node.Besides,due to the lack of physical protection,WBAN are vulnerable to attacks when deployed in hostile environments.In order to address the challenges,we propose a novel secure and efficient data storage scheme with dynamic integrity checking in this paper.Based on the policies of multiple secret sharing,we first propose secure and efficient patient-related data storage and access scheme for UWSN.Furthermore,to dynamically check the integrity of the distributed data shares,we then propose an efficient data integrity verification scheme based on orthonormal vectors.Finally,the security and performance analysis shows that the proposed scheme is secure and practical for UWSN.

Miao Xu,Wenyuan Xu,Jason O'Kane

DOI: https://doi.org/10.1109/MASS.2011.43

2011-01-01

Abstract:Wireless sensor networks are vulnerable to various attacks and network dynamics that can breach data privacy and harm data availability. Since those threats cannot be addressed purely by cryptography-based methods, this paper presents a data dissemination scheme that can enhance two goals: data privacy and data availability, leveraging the node location diversity presented in typical wireless sensor networks rather than relying on cryptographic techniques. We demonstrate that the message content is important to quantify the uncertainty associated with data privacy and data availability, and provide content-based definitions utilizing information states. Further, to strike the balance between two conflicting goals in an energy efficient way, we construct a spatial privacy graph based on the locations of network nodes, and use a distributed coloring scheme to ensure that any pairs of nodes whose combined data provide too much information should not send their sensed data to the same storage node. Additionally, sensor nodes selectively send data to multiple storage nodes to achieve higher availability. Our experimental results show that our scheme can achieve better data privacy and a higher level of data availability at smaller energy cost than other baseline data dissemination schemes.

Hao Kong,Li Lu,Jiadi Yu,Yingying Chen,Xiangyu Xu,Feilong Tang,Yi-Chao Chen

DOI: https://doi.org/10.1145/3466772.3467032

2021-01-01

Abstract:ABSTRACTWith the increasing integration of humans and the cyber world, user authentication becomes critical to support various emerging application scenarios requiring security guarantees. Existing works utilize Channel State Information (CSI) of WiFi signals to capture single human activities for non-intrusive and device-free user authentication, but multi-user authentication remains a challenging task. In this paper, we present a multi-user authentication system, MultiAuth, which can authenticate multiple users with a single commodity WiFi device. The key idea is to profile multipath components of WiFi signals induced by multiple users, and construct individual CSI from the multipath components to solely characterize each user for user authentication. Specifically, we propose a MUltipath Time-of-Arrival measurement algorithm (MUTA) to profile multipath components of WiFi signals in high resolution. Then, after aggregating and separating the multipath components related to users, MultiAuth constructs individual CSI based on the multipath components to solely characterize each user. To identify users, MultiAuth further extracts user behavior profiles based on the individual CSI of each user through time-frequency analysis, and leverages a dual-task neural network for robust user authentication. Extensive experiments involving 3 simultaneously present users demonstrate that MultiAuth is accurate and reliable for multi-user authentication with 87.6% average accuracy and 8.8% average false accept rate.

Wenting Li,Bin Li,Yiming Zhao,Ping Wang,Fushan Wei

DOI: https://doi.org/10.1155/2018/8539674

2018-01-01

Abstract:Nowadays wireless sensor networks (WSNs) have drawn great attention from both industrial world and academic community. To facilitate real-time data access for external users from the sensor nodes directly, password-based authentication has become the prevalent authentication mechanism in the past decades. In this work, we investigate three foremost protocols in the area of password-based user authentication scheme for WSNs. Firstly, we analyze an efficient and anonymous protocol and demonstrate that though this protocol is equipped with a formal proof, it actually has several security loopholes been overlooked, such that it cannot resist against smart card loss attack and violate forward secrecy. Secondly, we scrutinize a lightweight protocol and point out that it cannot achieve the claimed security goal of forward secrecy, as well as suffering from user anonymity violation attack and offline password guessing attack. Thirdly, we find that an anonymous scheme fails to preserve two critical properties of forward secrecy and user friendliness. In addition, by adopting the "perfect forward secrecy (PFS)" principle, we provide several effective countermeasures to remedy the identified weaknesses. To test the necessity and effectiveness of our suggestions, we conduct a comparison of 10 representative schemes in terms of the underlying cryptographic primitives used for realizing forward secrecy.

Xiang Li,Na Ruan,Fan Wu,Jie Li,Mengyuan Li

DOI: https://doi.org/10.1109/PCCC.2014.7017109

2014-01-01

Abstract:Providing lightweight authentication and resisting Denial of Service (DoS) attacks are challenging problems in wireless ad hoc networks, such as wireless sensor networks (WSNs). We introduce two improved protocols based on fault-tolerant protocol and DoS-resistant protocol in Multilevel μTESLA to overcome these difficulties. The proposed Efficient Fault-Tolerant Protocol contributes in shortening the recovery time when highlevel packets are lost, and hence reduces the risk of memory-based DoS attacks. The proposed Enhanced DoS-Resistant Protocol enhances the resistance to DoS attacks by offering packet-loss recovery of authentication message.

Kui Ren,Wenjing Lou,Bo Zhu,Sushil Jajodia

DOI: https://doi.org/10.1109/TVT.2008.2003961

2009-01-01

Abstract:Multicast security is one of the most important security services in wireless sensor networks (WSNs) since it enables a sink to multicast messages to sensors in a secure manner. While multicast authentication has widely been addressed in the literature, the problem of multicast encryption still remains open in WSNs. In this paper, we propose a multicast encryption scheme called global-partition, local-diffusion (GPLD) that focuses on scheme efficiency and supports various multicast group semantics. GPLD partitions sensors into a series of elementary groups using their location and class information and accordingly builds a location-class-aware symmetric key management framework. Furthermore, the scheme leverages the fact that sensors are both end receivers and routers, which effectively minimizes global (sink-to-sensor) group key distribution and rekeying traffic while supporting various multicast group semantics. The efficiency and security properties of GPLD are justified through both analysis and simulations.

Daojing He,Yi Gao,Sammy Chan,Chun Chen,Jiajun Bu

2010-01-01

Abstract:Designing a user authentication protocol for wireless sensor networks is a difficult task because wireless networks are susceptible to attacks and sensor node has limited energy, processing and storage resources. Recently, several authentication schemes have been proposed. This short paper shows some security problems and design weaknesses in those schemes. Furthermore, an enhanced two-factor user authentication protocol is presented. The proposed scheme only uses hash function, and a successful user authentication just requires three message exchanges. Security and performance analyses demonstrate that compared to the well-known authentication schemes, our proposal is more secure and efficient.

Jiaqing Mo,Hang Chen

DOI: https://doi.org/10.1155/2019/2136506

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:Wireless sensor networks (WSNs) have great potential for numerous domains of application because of their ability to sense and understand unattended environments. However, a WSN is subject to various attacks due to the openness of the public wireless channel. Therefore, a secure authentication mechanism is vital to enable secure communication within WSNs, and many studies on authentication techniques have been presented to build robust WSNs. Recently, Lu et al. analyzed the security defects of the previous ones and proposed an anonymous three-factor authenticated key agreement protocol for WSNs. However, we found that their protocol is vulnerable to some security weaknesses, such as the offline password guessing attack, known session-specific temporary information attack, and no session key backward secrecy. We propose a lightweight security-improved three-factor authentication scheme for WSNs to overcome the previously stated weaknesses. In addition, the improved scheme is proven to be secure under the random oracle model, and a formal verification is conducted by ProVerif to reveal that the proposal achieves the required security features. Moreover, the theoretical analysis indicates that the proposal can resist known attacks. A comparison with related works demonstrates that the proposed scheme is superior due to its reasonable performance and additional security features.

Tong Zhou,Krishnendu Chakrabarty

DOI: https://doi.org/10.1109/WCNC.2006.1683548

2006-01-01

Abstract:Flooding-based information dissemination is an important communication activity in sensor networks. Security is a major concern in sensor network flooding; in particular, the authentication of sensor nodes is important because once a node is compromised, it can send fake message to the network. One solution to this problem is to set up a base station that manages the authentication of all the sensor nodes. We propose a new authentication method that is intended for use in the absence of a trusted base station. The proposed method, referred to as Predistribution-and-Local-Collaboration-Based Merkle Tree Authentication (PCMA), combines Merkle tree authentication with neighborhood collaboration. We analyze the effectiveness of PCMA in term of the probabilities of nodes being compromised and disabled by an attacker. We also estimate the additional computation and energy required for this scheme. Finally, we present simulation results to validate our analysis.

Ding Wang,Ping Wang,Chenyu Wang

DOI: https://doi.org/10.1145/3325130

2020-01-01

ACM Transactions on Cyber-Physical Systems

Abstract:It is challenging to design a secure and efficient multi-factor authentication scheme for real-time data access in wireless sensor networks. On the one hand, such real-time applications are generally security critical, and various security goals need to be met. On the other hand, sensor nodes and users’ mobile devices are typically of a resource-constrained nature, and expensive cryptographic primitives cannot be used. In this work, we first revisit four foremost multi-factor authentication schemes (i.e., those of Amin et al. (JNCA’18), Srinivas et al. (IEEE TDSC’18), Li et al. (JNCA’18), and Li et al. (IEEE TII’18)) and use them as case studies to reveal the difficulties and challenges in designing a multi-factor authentication scheme for wireless sensor networks correctly. We identify the root causes for their failures in achieving truly multi-factor security and forward secrecy. We further propose a robust multi-factor authentication scheme that makes use of the imbalanced computational nature of the RSA cryptosystem, particularly suitable for scenarios where sensor nodes (but not the user’s device) are the main energy bottleneck. Comparison results demonstrate the superiority of our scheme. As far as we know, it is the first two-factor authentication scheme for real-time data access in WSNs that can satisfy all 12 criteria of the state-of-the-art evaluation metric under the harshest adversary model so far.

jing ying zhao,hai guo,wei wei

DOI: https://doi.org/10.4028/www.scientific.net/AMM.147.320

2012-01-01

Applied Mechanics and Materials

Abstract:Nowadays, Wireless sensor networks (WSNs) are appeared to be new and promising solutions for next generation real-time wireless monitoring applications. These WSNs could become a threat if suitable security is not considered before the deployment. However, if there is any loophole in security, that might opens the door to attackers and hence, endanger for the applications. So, user authentication is one of the core requirements to protect WSNs data access from the unauthorized users. In this regard, we propose an efficient two-factor user authentication for WSNs, which is based on password and smart card (two-factors). Our scheme provides mutual authentication, enables the user to choose and change their password frequently. Moreover, they provides strong protection against different kind of attacks at reasonable computation cost.

Shih-Ying Chang,Yue-Hsun Lin,Hung-Min Sun,Mu-En Wu

DOI: https://doi.org/10.1145/2140522.2140526

2012-01-01

ACM Transactions on Sensor Networks

Abstract:Broadcast is an efficient communication channel on wireless sensor networks. Through authentic broadcast, deployed sensors can perform legitimate actions issued by a base station. According to previous literature, a complete solution for authentic broadcast is digital signature based on asymmetric cryptography. However, asymmetric cryptography utilizes expensive operations, which result in computational bottlenecks. Among these cryptosystems, Elliptic Curve Cryptography (ECC) seems to be the most efficient and the most popular choice. Unfortunately, signature verification in ECC is not efficient enough. In this article, we propose an authentic broadcast scheme based on RSA. Unlike conventional approaches, the proposed scheme adopts short moduli to enhance performance. Meanwhile, the weakness of short moduli can be fixed with rekeying strategies. To minimize the rekeying overhead, a Multi-Modulus RSA generation algorithm, which can reduce communication overhead by 50%, is proposed. We implemented the proposed scheme on MICAz. On 512-bit moduli, each verification spends at most 0.077 seconds, which is highly competitive with other public-key cryptosystems.

Kaiping Xue,Changsha Ma,Peilin Hong,Rong Ding

DOI: https://doi.org/10.1016/j.jnca.2012.05.010

IF: 7.574

2012-01-01

Journal of Network and Computer Applications

Abstract:Wireless sensor network (WSN) can be deployed in any unattended environment. With the new developed IoT (Internet of Things) technology, remote authorized users are allowed to access reliable sensor nodes to obtain data and even are allowed to send commands to the nodes in the WSN. Because of the resource constrained nature of sensor nodes, it is important to design a secure, effective and lightweight authentication and key agreement scheme. The gateway node (GWN) plays a crucial role in the WSN as all data transmitted to the outside network must pass through it. We propose a temporal-credential-based mutual authentication scheme among the user, GWN and the sensor node. With the help of the password-based authentication, GWN can issue a temporal credential to each user and sensor node. For a user, his/her temporal credential can be securely protected and stored openly in a smart card. For a sensor node, its temporal credential is related to its identity and must privately stored in its storage medium. Furthermore, with the help of GWN, a lightweight key agreement scheme is proposed to embed into our protocol. The protocol only needs hash and XOR computations. The results of security and performance analysis demonstrate that the proposed scheme provides relatively more security features and high security level without increasing too much overhead of communication, computation and storage. It is realistic and well adapted for resource-constrained wireless sensor networks.

Muhammad Bilal,Shin-Gak Kang

DOI: https://doi.org/10.3390/s17050979

2017-05-02

Abstract:Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis and simulated the SMSN and previously proposed schemes in an automated protocol verifier tool. Finally, we compared the computational complexity and communication cost against well-known authentication protocols.

Cryptography and Security,Networking and Internet Architecture

Yi Li,Yuling Tian

DOI: https://doi.org/10.1109/jsyst.2022.3152561

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In recent years, wireless sensor networks (WSNs) have been extensively used in many fields, which provide great convenience for peoples daily work and life. With the popularity of WSNs, peoples demands for related authentication protocols are developing in a comprehensive and perfect direction, and relevant designs are focusing more on two aspects: security and performance. However, current research cannot avoid the problem that security and efficiency are not compatible. Some studies use time-consuming cryptographic structures for security, while most lightweight schemes are designed without considering certain security properties, such as perfect forward secrecy, the resistance to known session-specific temporary information attack, etc. In our view, this conflict can be resolved by using lightweight cryptography primitives with special attention to protocol vulnerabilities and ever-evolving security requirements of people. By abandoning all unnecessary cryptographic structures, we propose a comprehensive lightweight three-factor authentication protocol with various security requirements, including adaptive privacy preservation, which is suitable for the user-friendly scenario in the WSN. Through security analysis, real-or-random (ROR) model proof, Automated Validation of Internet Security Protocols and Applications experimental verification, and security aspect comparison, it is proved that our protocol is superior in the security aspect. The performance experiment under MIRACL library shows that this study has advantages in performance compared with other recent research.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Hao Kong,Li Lu,Jiadi Yu,Yingying Chen,Xiangyu Xu,Feng Lyu

DOI: https://doi.org/10.1109/tnet.2023.3237686

2023-01-01

Abstract:User authentication nowadays has become an important support for not only security guarantees but also emerging novel applications. Although WiFi signal-based user authentication has achieved initial success, it works in single-user scenarios while multi-user authentication remains a challenging task. In this paper, we present MultiAuth, a multi-user authentication system that can authenticate multiple users with a single pair of commodity WiFi devices. The basic idea is to profile multipath components of WiFi signals, and leverage the multipath components to characterize each user individually for multi-user authentication. MultiAuth first profiles multipath components of WiFi signals through a proposed MUltipath Time-of-Arrival estimation algorithm (MUTA). Then, after matching corresponding multipath components to each user in complex multi-user scenarios, MultiAuth constructs individual CSI based on the multipath components to characterize each user individually. An AoA-based approach is exploited to further separate individual CSI constructed by the users with same ToA. To identify users through their activities, MultiAuth extracts user behavior profiles based on the individual CSI, and leverages a dual-task neural network for robust user authentication. Extensive experiments involving 3 simultaneously present users demonstrate that MultiAuth is effective in multi-user authentication with 86.2% average accuracy and 9.5% average false accept rate.

Yixin Jiang,Minghui Shi,Xuemin (Sherman) Shen,Chuang Lin,Xiaowen Chu

DOI: https://doi.org/10.1201/9781420068405.ch21

2009-01-01

Abstract:In this chapter, a novel authentication protocol is proposed, which satisfies both security and reliability requirements for group communications in ad hoc networks. The security features include identity anonymity and intracability, one-way session key/identity refreshment, and data privacy. The reliability features include efficient denial-of-service (DoS) tolerance for forged refreshment messages and fault tolerance for lost messages recovery. The theoretical and the simulative results demonstrate that the proposed protocol is robust and efficient under severe DoS attack and poor wireless channel quality.