Rong Fan,Dao-jing He,Xue-zeng Pan,Ling-di Ping

DOI: https://doi.org/10.1631/jzus.c1000377

2011-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints. Considering that most large-scale WSNs follow a two-tiered architecture, we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs. The proposed approach reduces the computational load, since it performs only simple operations, such as exclusive-OR and a one-way hash function. This feature is more suitable for the resource-limited sensor nodes and mobile devices. And it is unnecessary for master nodes to forward login request messages to the base station, or maintain a long user list. In addition, pseudonym identity is introduced to preserve user anonymity. Through clever design, our proposed scheme can prevent smart card breaches. Finally, security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.

Binod N. Vaidya,Min Chen,Joel José Puga Coelho Rodrigues

DOI: https://doi.org/10.1109/WCSN.2009.5434810

2009-01-01

Abstract:Wireless sensor networks (WSNs) have been widely used in a wide variety of applications. Deploying WSNs in unattended environments can cause various security threats. In these scenarios, provisioning user authentication is a critical issue. In this paper, we propose improved robust user authentication scheme for WSNs, which is a variation of strong-password based solution. We have analyzed security properties of the proposed scheme and compared with the previous schemes in terms of overhead cost. We have also conducted formal verification of the proposed scheme. ©2009 IEEE.

Xiong Li,Jieyao Peng,Mohammad S. Obaidat,Fan Wu,Muhammad Khurram Khan,Chaoyang Chen

DOI: https://doi.org/10.1109/jsyst.2019.2899580

IF: 4.802

2020-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) enables all objects to connect to the Internet and exchange data via different emerging technologies, which makes the intelligent identification and management a reality. Wireless sensor networks (WSNs), as a crucial basis of IoT, have been applied in many fields like smart health care and smart transportation. With the development of WSNs, data security has attracted more and more attention, and user authentication is a popular mechanism to ensure the information security of WSNs. Recently, many authentication mechanisms for wireless medical sensor networks (WMSNs) have been proposed, but most of the protocols cannot achieve the features of local password change and forward secrecy while resisting stolen smart card attack. To enhance the security based on previous work, an ECC-based secure three-factor authentication protocol with forward secrecy for WMSN is proposed in this paper. It utilizes a fuzzy commitment scheme to handle the biometric information. Meanwhile, fuzzy verifier and honey_list techniques are used to solve the contradiction of local password verification and mobile device lost attack. The security of our protocol is evaluated by provable security, Proverif tool, and information analysis. Besides, the comparisons with the relevant protocols are given, and the results indicate that our protocol is robust and secure for WMSN systems.

Ntebatseng Mahlake,Topside E. Mathonsi,Tonderai Muchenje,Deon Du Plessis

2023-03-25

Abstract:The Internet of Things (IoT) is a futuristic technology that promises to connect tons of devices via the internet. As more individuals connect to the internet, it is believed that communication will generate mountains of data. IoT is currently leveraging Wireless Sensor Networks (WSNs) to collect, monitor, and transmit data and sensitive data across wireless networks using sensor nodes. WSNs encounter a variety of threats posed by attackers, including unauthorized access and data security. Especially in the context of the Internet of Things, where small embedded devices with limited computational capabilities, such as sensor nodes, are expected to connect to a larger network. As a result, WSNs are vulnerable to a variety of attacks. Furthermore, implementing security is time-consuming and selective, as traditional security algorithms degrade network performance due to their computational complexity and inherent delays. This paper describes an encryption algorithm that combines the Secure IoT (SIT) algorithm with the Security Protocols for Sensor Networks (SPINS) security protocol to create the Lightweight Security Algorithm (LSA), which addresses data security concerns while reducing power consumption in WSNs without sacrificing performance.

Cryptography and Security

Daojing He,Sammy Chan,Shaohua Tang

DOI: https://doi.org/10.1109/jbhi.2013.2268897

IF: 7.7

2014-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:Wireless medical sensor networks (MSNs) are a key enabling technology in e-healthcare that allows the data of a patient's vital body parameters to be collected by the wearable or implantable biosensors. However, the security and privacy protection of the collected data is a major unsolved issue, with challenges coming from the stringent resource constraints of MSN devices, and the high demand for both security/privacy and practicality. In this paper, we propose a lightweight and secure system for MSNs. The system employs hash-chain based key updating mechanism and proxy-protected signature technique to achieve efficient secure transmission and fine-grained data access control. Furthermore, we extend the system to provide backward secrecy and privacy preservation. Our system only requires symmetric-key encryption/decryption and hash operations and is thus suitable for the low-power sensor nodes. This paper also reports the experimental results of the proposed system in a network of resource-limited motes and laptop PCs, which show its efficiency in practice. To the best of our knowledge, this is the first secure data transmission and access control system for MSNs until now.

Daojing He,Chun Chen,Sammy Chan,Jiajun Bu,Laurence T. Yang

DOI: https://doi.org/10.1109/tie.2012.2218562

IF: 7.7

2012-01-01

IEEE Transactions on Industrial Electronics

Abstract:Wireless reprogramming in a wireless sensor network (WSN) is the process of propagating a new code image or relevant commands to sensor nodes. As a WSN is usually deployed in hostile environments, secure reprogramming is and will continue to be a major concern. While all existing insecure/secure reprogramming protocols are based on the centralized approach, it is important to support distributed reprogramming in which multiple authorized network users can simultaneously and directly reprogram sensor nodes without involving the base station. Very recently, a novel secure and distributed reprogramming protocol named SDRP has been proposed, which is the first work of its kind. However, in this paper, we identify an inherent design weakness in the user preprocessing phase of SDRP and demonstrate that it is vulnerable to an impersonation attack by which an adversary can easily impersonate any authorized user to carry out reprogramming. Subsequently, we propose a simple modification to fix the identified security problem without losing any features of SDRP. Our experimental results demonstrate that it is possible to eliminate the design weakness by adding 1-B redundant data and that the execution time of the suggested solution in a 1.6-GHz laptop PC is no more than 1 ms. Therefore, our solution is feasible and secure for real-world applications. Moreover, we show that, in order to further improve the security and efficiency of SDRP, any better established identity-based signature algorithm can be directly employed in SDRP. Based on implementation results, we demonstrate efficiency improvement over the original SDRP.

Wenting Li,Bin Li,Yiming Zhao,Ping Wang,Fushan Wei

DOI: https://doi.org/10.1155/2018/8539674

2018-01-01

Abstract:Nowadays wireless sensor networks (WSNs) have drawn great attention from both industrial world and academic community. To facilitate real-time data access for external users from the sensor nodes directly, password-based authentication has become the prevalent authentication mechanism in the past decades. In this work, we investigate three foremost protocols in the area of password-based user authentication scheme for WSNs. Firstly, we analyze an efficient and anonymous protocol and demonstrate that though this protocol is equipped with a formal proof, it actually has several security loopholes been overlooked, such that it cannot resist against smart card loss attack and violate forward secrecy. Secondly, we scrutinize a lightweight protocol and point out that it cannot achieve the claimed security goal of forward secrecy, as well as suffering from user anonymity violation attack and offline password guessing attack. Thirdly, we find that an anonymous scheme fails to preserve two critical properties of forward secrecy and user friendliness. In addition, by adopting the "perfect forward secrecy (PFS)" principle, we provide several effective countermeasures to remedy the identified weaknesses. To test the necessity and effectiveness of our suggestions, we conduct a comparison of 10 representative schemes in terms of the underlying cryptographic primitives used for realizing forward secrecy.

Nombulelo Zulu,Deon P. Du Plessis,Topside E. Mathonsi,Tshimangadzo M. Tshilongamulenzhe

2023-03-25

Abstract:Wireless Body Sensor Networks (WBSNs) is one of the greatest growing technology for sensing and performing various tasks. The information transmitted in the WBSNs is vulnerable to cyber-attacks, therefore security is very important. Denial of Service (DoS) attacks are considered one of the major threats against WBSNs security. In DoS attacks, an adversary targets to degrade and shut down the efficient use of the network and disrupt the services in the network causing them inaccessible to its intended users. If sensitive information of patients in WBSNs, such as the medical history is accessed by unauthorized users, the patient may suffer much more than the disease itself, it may result in loss of life. This paper proposes a User-Based authentication scheme to mitigate DoS attacks in WBSNs. A five-phase User-Based authentication DoS mitigation scheme for WBSNs is designed by integrating Elliptic Curve Cryptography (ECC) with Rivest Cipher 4 (RC4) to ensure a strong authentication process that will only allow authorized users to access nodes on WBSNs.

Cryptography and Security

Albandari Alsumayt,Majid Alshammari,Zeyad M. Alfawaer,Fahd N. Al-Wesabi,Nahla El-Haggar,Sumayh S. Aljameel,Sarah Albassam,Shahad AlGhareeb,Nouf Mohammed Alghamdi,Nawir Aldossary

DOI: https://doi.org/10.7717/peerj-cs.2091

2024-06-28

PeerJ Computer Science

Abstract:With the increasing demand for the use of technology in all matters of daily life and business, the demand has increased dramatically to transform business electronically especially regards COVID-19. The Internet of Things (IoT) has greatly helped in accomplishing tasks. For example, at a high temperature, it would be possible to switch on the air conditioner using a personal mobile device while the person is in the car. The Internet of Things (IoT) eases lots of tasks. A wireless sensor network is an example of IoT. Wireless sensor network (WSN) is an infrastructure less self-configured that can monitor environmental conditions such as vibration, temperature, wind speed, sound, pressure, and vital signs. Thus, WSNs can occur in many fields. Smart homes give a good example of that. The security concern is important, and it is an essential requirement to ensure secure data. Different attacks and privacy concerns can affect the data. Authentication is the first defence line against threats and attacks. This study proposed a new protocol based on using four factors of authentication to improve the security level in WSN to secure communications. The simulation results prove the strength of the proposed method which reflects the importance of the usage of such protocol in authentication areas.

computer science, information systems, artificial intelligence, theory & methods

Meiad Jrad Hamood Aljrad,Kawther Al-Dhlan

DOI: https://doi.org/10.20428/jst.v27i2.2055

2023-02-28

Journal of Science and Technology

Abstract:Although the Internet of Things (IoT) developers view human users as the weakest cybersecurity link and potentially a deciding factor in IoT security, IoT devices are exposed to a variety of security flaws and vulnerabilities, which most social engineers take advantage of to launch several data-collection attacks. For various purposes, this study looked at improving data security on MySQL databases and web pages by using TSL encryption protocols and the two algorithms (RSA & AES) that correlate with the Internet of Things environment and enable user authentication. The implementation was done on the proposed models and encryption methods used. This study aimed to protect the information that is shared on the Internet and connect IoT devices in a secure environment. The results revealed that the proposed study increased the level of protection with the help of complex conditions specified when registering the user and protecting it against attacks. As a result, one of the most important events that came true is the existence of cybersecurity. It is expected that this research will enhance the understanding of the IoT environment and exploit social engineering attacks to impose security on the IoT environment and preserve the rights of human users.

Gaël Loubet,Eric Alata,Alexandru Takacs,Daniela Dragomirescu

DOI: https://doi.org/10.3390/s23041849

2023-02-07

Abstract:With the increase in low-power wireless communication solutions, the deployment of Wireless Sensor Networks is becoming usual, especially to implement Cyber-Physical Systems. These latter can be used for Structural Health Monitoring applications in critical environments. To ensure a long-term deployment, battery-free and energy-autonomous wireless sensors are designed and can be powered by ambient energy harvesting or Wireless Power Transfer. Because of the criticality of the applications and the limited resources of the nodes, the security is generally relegated to the background, which leads to vulnerabilities in the entire system. In this paper, a security analysis based on an example: the implementation of a communicating reinforced concrete using a network of battery-free nodes; is presented. First, the employed wireless communication protocols are presented in regard of their native security features, main vulnerabilities, and most usual attacks. Then, the security analysis is carried out for the targeted implementation, especially by defining the main hypothesis of the attack and its consequences. Finally, solutions to secure the data and the network are compared. From a global point-of-view, this security analysis must be initiated from the project definition and must be continued throughout the deployment to allow the use of adapted, updatable and upgradable solutions.

Al Amin Islam,Kazi Abu Taher

DOI: https://doi.org/10.1109/iceeict53905.2021.9667810

2021-11-18

Abstract:Underwater Wireless Sensor Networks (UWSN) has vast application areas. Due to the unprotected nature, underwater security is a prime concern. UWSN becomes vulnerable to different attacks due to malicious nodes. Sybil attack is one of the major attacks in UWSN. Most of the proposed security methods are based on encryption and decryption which consumes resources of the sensor nodes. In this paper, a simple authentication mechanism is proposed for securing the UWSN from the Sybil attack. As the nodes have very less computation power and energy resources so this work is not followed any kind of encryption and decryption technique. An authentication process is designed in such a way that node engaged in communication authenticate neighboring nodes by node ID and the data stored in the cluster head. This work is also addressed sensor node compromisation issue through Hierarchical Fuzzy System (HFS) based trust management model. The trust management model has been simulated in Xfuzzy-3.5. After the simulation conducted, the proposed trust management mechanism depicts significant performance on detecting compromised nodes.

Hanguang Luo,Guangjun Wen,Jian Su

DOI: https://doi.org/10.1007/978-3-030-00021-9_4

2018-01-01

Abstract:Wireless Sensor Networks (WSNs) have rapidly increased to be applicable in many different areas due to their wireless mobile connectivity, large scale deployment and ad hoc network. However, these characteristics make WSNs usually deployed in unattended and hostile field, which may bring some new threats such as information tampering and eavesdropping attacks, etc. User authentication is one of the most important security services that allowed the legitimate user to query and collect the real-time data from a sensor node in WSN. Since the sensor nodes are resource-constrained devices which have limited storage, power and computing resource, the proposed authentication scheme must be low cost and lightweight. Recently, Gope et al. proposed a realistic lightweight authentication for real-time data access in WSN. Unfortunately, through our analysis we identified several flaws exist in their scheme as well as exist in other two-factor schemes. In order to withstand these threats, in this paper, we proposed some solutions to withstand the problems in Gope et al.' s and other schemes. Our solutions provide an important reference for security data access in WSN.

Fan Wu,Lili Xu,Saru Kumari,Xiong Li,Jian Shen,Kim-Kwang Raymond Choo,Mohammad Wazid,Ashok Kumar Das

DOI: https://doi.org/10.1016/j.jnca.2016.12.008

IF: 7.574

2016-01-01

Journal of Network and Computer Applications

Abstract:Wireless sensor networks (WSNs) for Internet of Things (IoT) can be deployed in a wide range of industries such as agriculture and military. However, designing a secure and reliable authentication scheme for WSNs that can be deployed in IoT remains a research and operational challenge. For example, recently in 2016, Amin and Biswas showed that the Turcanovic et al.'s scheme is vulnerable to smart card loss attack, user impersonation attack, etc. They then proposed a new authentication scheme for WSNs with multi-gateway. In this paper, we revisit the scheme of Amin and Biswas and reveal previously unknown vulnerabilities in the scheme (i.e. sensor capture attack, user forgery attack, gateway forgery attack, sensor forgery attack and off-line guessing attack). In addition, we demonstrate that the user in the scheme can be tracked due to the use of a constant pseudo-identity and previously established session keys can be calculated by the attacker. Rather than attempting to fix a broken scheme, we present a novel authentication scheme for multi-gateway based WSNs. We then demonstrate the security of the proposed scheme using Proverif, as well as evaluating the good performance of the scheme using NS-2 simulation.

W. M. A. B. Wijesundara,Joong-Sun Lee,Dara Tith,Eleni Aloupogianni,Hiroyuki Suzuki,Takashi Obi

DOI: https://doi.org/10.1007/s10207-024-00827-x

2024-03-08

International Journal of Information Security

Abstract:With the increase of IoT devices generating large amounts of user-sensitive data, improper firmware harms users' security and privacy. Latest home appliances are integrated with features to assure compatibility with smart home IoT. However, applying complex security mechanisms to IoT is limited by device hardware capabilities, making them vulnerable to attacks. Such attacks have recently become frequent. To address this issue, we developed a secure verification mechanism for firmware released by the device's manufacturer. We proposed an IoT gateway for secure firmware verification and updating for smart home IoT devices utilizing the IOTA MAM (Masked Authenticated Messaging) protocol and a distributed file system with IPFS (Inter-Planetary File System) protocol. These two communication protocols ensure decentralized communication and firmware file distribution between the IoT device vendor and the IoT end device. The proposed scheme securely shares latest firmware content over IOTA and IPFS networks, performs a secure firmware update on IoT end devices and ensures authenticity and integrity of the firmware. Two types of validation methods were proposed for firmware updating and validation. We implemented the proposed scheme using three entities, Vendor, IoT gateway, and IoT end device. Our system yielded promising results in performing secure automated firmware updates on IoT end devices with very low computational power. The system's functionality was implemented using IOTA's MAM run on Raspberry Pi as an IoT gateway along with an ESP8266 Wi-Fi microcontroller, demonstrating the effectiveness of our approach. Our proposed methodology can be used for secure firmware distribution on home IoT applications.

computer science, information systems, theory & methods, software engineering

Wei Wang,Lin Yang,Qian Zhang,Tao Jiang

DOI: https://doi.org/10.48550/arXiv.1801.09224

2018-01-28

Abstract:On-body devices are an intrinsic part of the Internet-of-Things (IoT) vision to provide human-centric services. These on-body IoT devices are largely embedded devices that lack a sophisticated user interface to facilitate traditional Pre-Shared Key based security protocols. Motivated by this real-world security vulnerability, this paper proposes SecureTag, a system designed to add defense in depth against active attacks by integrating physical layer (PHY) information with upper-layer protocols. The underpinning of SecureTag is a signal processing technique that extracts the peculiar propagation characteristics of creeping waves to discern on-body devices. Upon overhearing a suspicious transmission, SecureTag initiates a PHY-based challenge-response protocol to mitigate attacks. We implement our system on different commercial off-the-shelf (COTS) wearables and a smartphone. Extensive experiments are conducted in a lab, apartments, malls, and outdoor areas, involving 12 volunteer subjects of different age groups, to demonstrate the robustness of our system. Results show that our system can mitigate 96.13% of active attack attempts while triggering false alarms on merely 5.64% of legitimate traffic.

Networking and Internet Architecture

Wang Yuanbing,Liu Wanrong,Li Bin

DOI: https://doi.org/10.1109/access.2021.3099299

IF: 3.9

2021-01-01

IEEE Access

Abstract:With the rapid development and evolution of wireless network technology, electronic health has shown great potential in continuously monitoring the health of patients. The wireless medical sensor network (WMSN) has played an important role in this field. In WMSN, medical sensors are placed on patients to collect relevant health data and transmitted to medical professionals in hospitals or at home through insecure channels. These health data need to be highly protected because they contain patient-related private information. Once the information is leaked or maliciously modified, it will cause the wrong diagnosis and endanger the health of patients. To protect information privacy and security from being stolen by illegal users, this article reviews the solutions of Farash et al. and further points out the existing vulnerabilities, such as privileged insider attack, user anonymity invalidation, and offline password guessing attack. In order to overcome these drawbacks, we use the Elliptic Curve Cryptography to propose an improved anonymous authentication protocol for a smart healthcare system. The security of our protocol is verified by Burrows-Abadi-Needham logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) tools, and security features and efficiency analysis are performed with other related schemes. The results show that the improved protocol provides better security protection while ensuring computational and communication efficiency.

Saru Kumari,Ashok Kumar Das,Mohammad Wazid,Xiong Li,Fan Wu,Kim-Kwang Raymond Choo,Muhammad Khurram Khan

DOI: https://doi.org/10.1002/cpe.3930

2017-01-01

Abstract:A wireless sensor network (WSN) typically consists of a large number of resource-constrained sensor nodes and several control or gateway nodes. Ensuring the security of the asymmetric nature of WSN is challenging, and designing secure and efficient user authentication and key agreement schemes for WSNs is an active research area. For example, in 2016, Farash et al. proposed a user authentication and key agreement scheme for WSNs. However, we reveal previously unpublished vulnerabilities in their scheme, which allow an attacker to carry out sensor node spoofing, password guessing, user/sensor node anonymity, and user impersonation attacks. We then present a scheme, which does not suffer from the identified vulnerabilities. To demonstrate the practicality of the scheme, we evaluate the scheme using NS-2 simulator. We then prove the scheme secure using Burrows-Abadi-Needham logic. Copyright (c) 2016 John Wiley & Sons, Ltd.

Xin Liu,Zhenbin Guo,Jun Ma,Yuchen Song

DOI: https://doi.org/10.1109/jiot.2021.3097996

IF: 10.6

2022-03-01

IEEE Internet of Things Journal

Abstract:Wireless sensor networks (WSNs) are widely implemented in military, intelligent medical, intelligent transportation, space exploration, and other fields. However, the authentication and communication of WSNs are carried out in the harsh external environment via a public channel, which is more vulnerable to various attacks than the traditional networks. Authentication is the key technology of security measures, but a common authentication scheme is not suitable for WSNs due to limitations of memory, computing, and energy consumption. Therefore, designing a secure and efficient authentication scheme is essential in WSNs. In recent years, several studies proved that the dynamic authentication credential (DAC) is efficient for enhancing the security of the authentication scheme. This article designs a secure authentication scheme for WSNs based on DAC and Intel software guard extensions (SGX). Compared with other DAC authentication schemes, our scheme provides the confirmation action of DAC rotation, which can effectively prevent the asynchronous update problem caused by packet loss. In order to resist the privileged user attack and the authentication table leakage attack, we choose the SGX, which can protect the data in use, as the trusted execution environment in the gateway node, and we adopt SGX to store the master key for protecting the authentication table. Finally, the security of our authentication scheme is verified by BAN logic, the simulation tool AVISPA, and informal security analysis. Through the consumption overhead analysis, the NS3 simulation result, and detailed comparison with other recent schemes, we conclude that our scheme is practical and achieves better security with less overhead.

computer science, information systems,telecommunications,engineering, electrical & electronic

Tallat Jabeen,Ishrat Jabeen,Humaira Ashraf,N. Z. Jhanjhi,Abdulsalam Yassine,M. Shamim Hossain

DOI: https://doi.org/10.3390/s23115055

IF: 3.9

2023-05-25

Sensors

Abstract:The Internet of Things (IoT) uses wireless networks without infrastructure to install a huge number of wireless sensors that track system, physical, and environmental factors. There are a variety of WSN uses, and some well-known application factors include energy consumption and lifespan duration for routing purposes. The sensors have detecting, processing, and communication capabilities. In this paper, an intelligent healthcare system is proposed which consists of nano sensors that collect real-time health status and transfer it to the doctor’s server. Time consumption and various attacks are major concerns, and some existing techniques contain stumbling blocks. Therefore, in this research, a genetic-based encryption method is advocated to protect data transmitted over a wireless channel using sensors to avoid an uncomfortable data transmission environment. An authentication procedure is also proposed for legitimate users to access the data channel. Results show that the proposed algorithm is lightweight and energy efficient, and time consumption is 90% lower with a higher security ratio.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation