Journals & Magazines >IEEE Access >Volume: 8

An Authentication Information Exchange Scheme in WSN for IoT Applications

The main operation of authentication information exchange scheme in which the GWN assigns new secret authentication set to the target sensor and old one is stored in the ...

Abstract:

Recently, in IoT, wireless sensor network has become a critical technology with which many applications in industries and human life can achieve smart IoT control. Howeve...Show More

Topic: Data Mining for Internet of Things

Metadata

Abstract:

Recently, in IoT, wireless sensor network has become a critical technology with which many applications in industries and human life can achieve smart IoT control. However, for those daily applications using WSN technology, malicious users can capture the sensor nodes much easily since these wireless sensor nodes are usually deployed in easily touched places. Once this node captured attack occurs, wireless sensor network soon faces various security risks. In this paper, in order to resist node captured attack, we propose a novel authentication information exchange scheme in WSN, which is very different from the previous authentication researches. Our idea is to add an authentication information exchange scheme in previous authentication scheme but not propose new one. We develop this scheme based on the idea of the association scheme of Home GWN and local sensor nodes. In this study, HGWN should contact all local sensor nodes and meanwhile is responsible for performing an authentication information exchange scheme for resisting security risk. In order to prevent the attacker from guessing communication period between HGWN and the sensor, we also design a dynamic contacting mechanism. We give a detail discussion of this scheme and validate it by three ways, security evaluation, BAN logic and performance evaluation, which proves that our authentication information exchange scheme can achieve security features and goals.

Topic: Data Mining for Internet of Things

The main operation of authentication information exchange scheme in which the GWN assigns new secret authentication set to the target sensor and old one is stored in the ...

Published in: IEEE Access ( Volume: 8)

Page(s): 9728 - 9738

Date of Publication: 08 January 2020

Electronic ISSN: 2169-3536

DOI: 10.1109/ACCESS.2020.2964815

Funding Agency:

Contents

CCBY - IEEE is not the copyright holder of this material. Please follow the instructions via https://creativecommons.org/licenses/by/4.0/ to obtain full-text articles and stipulations in the API documentation.

SECTION I.

Introduction

Recently, IoT trend [1] leads to the popularity of sensor network technology. Wireless sensor network also spreads IoT notion in various fields of network control. The wide use of wireless sensor networks [25] in human life has created many popular IoT applications, which also brings many conveniences to human life and is so-called Smart Life. However, information disclosure of personal privacy also possibly occurs due to unsafe privacy protection in such wireless sensor network while people enjoy such convenience. Therefore, security issues in WSN are getting important and catch much attention. Among the researches related with secure wireless sensor networks, access control in WSN is one of many security issues and also catches much attention. Many studies also proposed their schemes to ensure that the user accesses WSN securely and legitimately. One of them is the user authentication and key agreement algorithm. Basically, this research topic has been studied for many years and many authentication schemes are proposed based on several security considerations which include key agreement, mutual authentication, and anonymity. These authentication protocols also can resist many famous network attacks, including replay attack, eavesdropping attack and password guessing attack and etc. Mutual authentication and anonymity are usually necessary for a user authentication and key agreement protocol. Through literature review, the two-factor authentication and key agreement protocol is getting popular recently. The users need to own two private authentication inputs, usually password and smart card, to perform two-factor authentication and key agreement protocol for accessing WSN securely. We will review related literatures in Section 2.

The authors in previous study [2] categorized user authentication model in WSN into five different types, which provides a very good design guide for the proposal of a new user authentication and key agreement protocol. The authors in [9] employ fifth authentication model in which the sensor node can acts like forwarding node or end sensor node. In the case that the sensor node locates between the user and the gateway, it is responsible for forwarding authentication messages to GWN. If the sensor node plays end node, GWN forwards the authentication protocol message to the sensor nodes. This concept totally corresponds to the conception of IoT, in WSN. In such authentication and key agreement protocol, the sensor nodes should be responsible for a lot of computation and forwarding works but it may be a problem due to the constricted battery power of sensor nodes. The authors in [15] observe the issues of this authentication model and consider the authentication model in [9] not suitable for WSN. Hence, they also propose a new user authentication and key agreement protocol in which the gateway node (GWN) still should support most part of authentication computation works during user authentication process. Their protocol can resolve security flaws of previous research, including resisting attacks, supporting mutual authentication and anonymity. In a foreseeable future, WSN must extend its scale and it must contain multiple gateways for providing a large scale IoT services. In such a large scale WSN, GWNs should cooperate together to forward communication messages and authentication data between the user and target sensors. Their proposed new authentication model is adequate to work in multi-gateway WSN.

Usually, in a multi-gateway WSN, the user can access local sensors via HGWN and remote sensor nodes through foreign gateways. Fig. 1 shows user accessing sensor nodes in a multi-gateway WSN. In IoT environment in which all things, including end devices, sensor nodes, are connected together, several IoT manufacturers around the world usually produce various IoT devices with the lack of a full security consideration. Thereby, several security attacks in IoT have arisen. For example, the hacker can initiate DDoS attack by manipulating many small IoT devises which usually lack the security validation scheme for the legitimate user. Furthermore, in IoT, the sensors in WSN also face a serious security challenge. Those sensor nodes in IoT applications are usually deployed in some easily touched places. Hence, one possible critical security attack, easily happening nowadays, is node captured attack in which authentication information inside the sensor node is disclosed by physical crack. In other words, even a completely new user authentication is still very possible to be vulnerable to this attack because the attacker possibly gets all necessary authentication information via this attack. Hence, we resist this attack from a new defence aspect very different to previous researches and propose an authentication information exchange scheme. With our proposed scheme, the sensors do not own fixed authentication information in an authentication protocol because they exchange new secret authentication information with WSN gateway according to our heuristic protection mechanism. In order to avoid too many exchange events, our proposed heuristic protection mechanism provides the rules to determine when GWN launches authentication information exchange scheme between itself and the sensors. Only when the conditions in heuristic protection mechanism are met, the gateway initiates our proposed authentication information exchange scheme to replace old key authentication information in sensor nodes with new one. Hence, in this paper, we add an authentication information exchange scheme in previous authentication scheme but not propose new one.

FIGURE 1.

User accessing sensor nodes in a multi-gateway WSN.

Show All

The organization of this paper is as follows. In Section 2, we review several literatures about authentication algorithms in WSN and discusses their security issues. In Section 3, we review the scheme of Amin and Biswas and analyse the possible security problem under sensor node captured attack in multi-gateway wireless sensor networks. Then, we introduce our authentication information exchange scheme between the WSN gateway and the sensors, preventing WSN from security damages caused by node captured attack in Section 4. We also analyse our proposed authentication information exchange scheme and explain heuristic protection mechanism. We verify our authentication scheme based on our proposed authentication exchange scheme in Section 5. Then, we also give a conclusion of this paper in Section 6.

SECTION II.

Related Works

The user authentication and key agreement protocol has been an important research in WSN to ensure the user can access WSN securely. In 2004, the authors in [3] proposed public key technology in WSN, named TinyPK, which is developed based on RSA and Diffie-Hellman protocol. The proposed user authentication schemes using RSA cryptosystem, which are based on Dife-Hellman key exchange protocol, usually have memory overhead issue. A secured authentication protocol [24] was developed with elliptic curves cryptography in 2011, which also belonged to public-key cryptography based. However, the sensor nodes with the constricted computation capacity cannot support complex computation of their schemes. In 2006, Wong et al. utilized hash function in their dynamic user authentication scheme in WSN to avoid the secret authentication information leakage during authentication process and furthermore save much computation cost. Hence, the following researches usually employ hash function in their authentication and key agreement protocols. Tseng et al. [23] improved the design flaw of [22] and proposed a new improved version of [22]. Das ML. proposed a two-factor user authentication protocol in 2009, and this protocol can enhance and improve the authentication in WSN very much. Only those users owning two authentication factors can access WSN. Since then, many researches [4]–[8], [10], [11], [14], [17], [19] involve the study of the two-factor user authentication scheme in WSN. In 2013, Khan and Alghathbar [18] try to explore the security flaws of two-factor user authentication and improve it. And Wang and Wang [4] reviewed the security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. It provides a useful investigation of design a two-factor authentication scheme in WSN. In order to prevent authentication factors from stealing or offline guessing attacks, researchers in [5] tried to utilize biometric-based factors to develop their authentication scheme for wireless sensor networks in 2010. Then, in 2013, Xue et al. [2] proposed an temporal-credential-based mutual authentication and key agreement protocol, and the authors in [12], [13] found the flaws of Xue’s scheme. They say Xue’s scheme cannot resist stolen credential table attack. They later on proposed advanced temporal credential based security scheme with mutual authentication and key agreement. Biometric-based factors are associated with the personal characteristic and It is hard to forge these authentication factors. However, these biometric-based schemes need corresponding designated equipments which are costly to use widely in human life.

In 2014, the first research base on IoT notion is proposed by Turkanovic et al. [9] and they think the authentication communication model in WSN should still obey IoT notion. Hence, their authentication model adopts fifth access model in WSN, which is defined in [2]. This access model corresponds to access model in IoT environment and is first used in the development of user authentication protocol for IoT environment. This authentication scheme seems actually reasonable and adequate in IoT. However, in 2016, Farasha et al. [16] discovered the study in [9] is vulnerable to offline password guessing and also cannot achieve anonymity. Hence, they also proposed an improved authentication scheme tailed for the Internet of Things environment to resolve the security flaws in [9]. In their schemes, the sensor noes should be responsible for forwarding authentication messages to GWN, which is not practice in WSN because the battery of the sensor nodes is limited. Hence, the authors in [15] still consider the gateway in WSN should play main role in an authentication and key agreement protocol. As the scale of WSN is getting bigger, a multi-gateway wireless sensor networks become main network architecture in WSN and a user authentication and agreement protocol in such networks is urgently needed. Hence, they propose a new authentication and key agreement scheme for multi-gateway WSN, in which the user sends the authentication requirement to the target sensor through several WSN gateways. In 2017, Wu et al. [21] discover that the work in [15] is vulnerable to sensor captured, de-synchronization and off-line guessing attacks. They also develop a new improved authentication scheme for multi-gateway WSNs.

Recently, authentication protocols are used in various wireless applications and are developed from the various authentication factors, such as various biometric factor authentication schemes. Especially, physiological biometrics based authentication schemes have implemented successful to perform user authentication, such as fingerprints, iris, and facial information [26]–[28]. However, they usually require additional and costly equipments. And hence the two-factor authentication and key agreement protocols with smart card are still the most popular and widely used until now. Now, we focus on the recent famous research [15] and investigate it deeply. In this paper, we revisit a famous and representative authentication protocol in multi-gateway WSN, the study of Amin and Biswas [15], under node captured attack in order to find vulnerable of authentication protocol in such WSN. Our paper proposes authentication information exchange scheme rather than designs a completely new one to improve the security flaws in the user authentication algorithms of WSN. Our scheme is one part of an authentication protocol and hence other researches can add our scheme to enhance the security capacity easily against the node captured attack in WSN.

SECTION III.

Problem Formilation

In this Section, we revisit the recent scheme, the scheme of Amin and Biswas, proposed in 2016. This scheme has seven phases and we focus on the main body of their authentication scheme, including System setup, Sensor and user registration, Login, and Authentication and key agreement. Then we show the security problem in their authentication scheme under node captured attack.

A. Research Review: The Scheme of Amin and Biswas

1) System Setup

In this phase, the system administrator (SA) assigns $SID_{j}$ to the senor node, $S_{j}$ , and computes $x_{j}=\text {h}({\textit{SID}}_{j}\vert \vert r_{sr})$ where $r_{sr}$ is random number and known by all GWNs. Then ( $SID_{j}{\it, x}_{j}{\it, r}_{sr}$ ) is stored in $S_{j}$ .

2) Sensor and User Registration

For the sensor registration, the sensor, $S_{j}$ computes $A_{j}=x_{j}\oplus r_{sr}$ and sends { $SID_{j}, {A}_{j}$ } to its HGWN in an open channel. After receiving above messages, HGWN computes $x_{j}=A_{j}\oplus r_{sr}$ and stores ( $SID_{j}, {x}_{j}$ ). $S_{j}$ then deletes $r_{sr}$ .

For the user registration, the user ( $U_{i}$ ) firstly chooses $ID_{i}, {PW}_{i}$ and a nonce, $r_{0}$ , and then computes $DID_{i} =\text {h}({\textit{ID}}_{i}\vert \vert r_{0})$ and $HPW_{i}=\text {h}({\textit{PW}}_{i}\vert \vert r_{0})$ . Then, the $U_{i}$ sends { $DID_{i}$ ,PW_i} to HGWN via a secure way. On receipt of the registration message from $U_{i}$ , HGWN generates a $TID_{i}$ for $U_{i}$ and calculates $B_{1}=\text {h}({\textit{DID}}_{i}\vert \vert$ $HPW_{i}$ ) and $B_{2}=\text {h}({\textit{DID}}_{i}\vert \vert$ $TID_{i}\vert \vert x_{hg})\oplus \text{h}$ ( $DID_{i}\oplus$ $HPW_{i}$ ). Then HGWN issues a smart card containing ( $B_{1}$ , B₂, ID $_{hg}, {TID}_{i}$ ) to the user via a secure channel and stores ( $TID_{i}$ ,DID_i) in its database for $U_{i}$ .

3) Login

$U_{i}$ login the terminal by inputting ID and password into his/her smart card. The smart card checks the validity of $B_{1}=\text {h}({\textit{DID}}_{i}\vert \vert$ $HPW_{i}$ ) where $DID_{i} = \text {h}({\textit{ID}}_{i}\vert \vert r_{0})$ and $HPW_{i}=\text {h}({\textit{PW}}_{i}\vert \vert r_{0})$ . If it holds, the smart card chooses $SID_{j}$ , a nonce $r_{u}$ , and the current timestamp $T_{1}$ to compute $D_{0}=B_{2}\oplus \text{h}$ ( $DID_{i}\oplus$ $HPW_{i}$ ), $D_{1}=\text {h}({\textit{ID}}_{hg}\vert \vert D_{0}\vert \vert r_{u}\vert \vert T_{1})$ and $D_{2}=D_{0}\oplus r_{u}$ . Finally, the smart card issues the message $M_{1}=({\textit{ID}}_{hg}$ ,TID $_{i}, {SID}_{j}$ ,D₁,D₂,T₁) to HGWN.

4) Authentication and Key Agreement

In this phase, there are two cases. One is that $S_{j}$ locates in the sensing range of HGWN and the other one is that $S_{j}$ locates in the range of FGWN. Now, we describe the authentication steps for the case 1. In the authentication process, the authentication and key protocol session will be terminated immediately once validation check in the ongoing process is unsuccessful.

Step1:
On receipt of $M_{1}$ from the user, in order to avoid replay attack, HGWN checks $\vert \text{T}_{2} - \text{T}_{1}\vert \le \Delta \text{T}$ where $T_{2}$ is receiving timestamp. If it holds, the HGWN continues authentication process. Next, HGWN gets $DID_{i}$ from the database according to received $TID_{i}$ . Then, it can obtain $D_{0}=\text {h}({\textit{DID}}_{i}\vert \vert$ $TID_{i}\vert \vert x_{hg}$ ) and $r_{u}=D_{2}\oplus D_{0}$ and checks the validity of $D_{1}=\text {h}({\textit{ID}}_{hg}\vert \vert D_{0}\vert \vert r_{u}\vert \vert T_{1})$ . If above check is not successful, the session will be terminated.
Step2:
After validation check of the message, $D_{1}$ , HGWN computes $D_{3}=\text {h}({\textit{ID}}_{hg}\vert \vert$ $DID_{i}\vert \vert x_{j}\vert \vert r_{hg}\vert \vert T_{2}$ ), $D_{4}=x_{j}\oplus r_{hg}$ , $D_{5} = r_{u}\oplus \text{h}$ ( $r_{hg}$ ) and $D_{6}= {\textit{DID}}_{i}\oplus \text{h}$ ( $ID_{hg}\vert \vert r_{hg}$ ). Then it sends the messages { $D_{3}$ , D₄, D₅, D₆, T₂} to the target sensor, $S_{j}$ .
Step3:
On receipt of $M_{1}$ from the HGWN, $S_{j}$ also checks $\vert T_{3} - T_{2}\vert \le \Delta \text{T}$ where T₃ is receiving timestamp. Based on the messages in $M_{1}$ , $S_{j}$ can obtain $r_{hg} = D_{4}\oplus x_{j}$ , $r_{u} =D_{5}\oplus \text{h}$ ( $r_{hg}$ ) and $DID_{i} = D_{6}\oplus \text{h}$ ( $ID_{hg}\vert \vert r_{hg}$ ). Then, the target sensor can check the validity of $D_{3}= \text {h}({\textit{ID}}_{hg}\vert \vert$ $DID_{i}\vert \vert x_{j}\vert \vert r_{hg}\vert \vert T_{2}$ ).
Step4:
If validity check of $D_{3}$ is correct, $S_{j}$ computes $D_{7}= \text {h}(D_{3}\vert \vert$ $DID_{i}\vert \vert r_{s}\vert \vert T_{3}$ ) in which the nonce, $r_{s}$ , is randomly generated by $S_{j}$ and $D_{8}=r_{hg}\oplus r_{s}$ . Then it sends $M_{3}=\{D_{7}{\it, D}_{8}{\it, T}_{3}\}$ back to HGWN.
Step5:
On receipt of $M_{3}$ from the target sensor, HGWN checks $\vert T_{4} - T_{3}\vert \le \Delta T$ where $T_{4}$ is current timestamp. Then HGWN can obtain $r_{s} = D_{8}\oplus r_{hg}$ and checks the validity of $D_{7}= \text {h}(D_{3}\vert \vert$ $DID_{i}\vert \vert r_{s}\vert \vert T_{3}$ ). After checking $D_{7}$ , HGWN computes $D_{9}=\text {h}(D_{3}\vert \vert$ $DID_{i}\vert \vert r_{s}\vert \vert T_{4}$ ) and $D_{10}=r_{s}\oplus r_{u}$ .. Then it sends $M_{4}=\{D_{3}$ ,D₈,D₉,D₁₀, T₄} back to the user.
Step6:
On receipt of $M_{4}$ from the HGWN, the user checks $\vert T_{5} - T_{4}\vert \le \Delta T$ where $T_{5}$ is receiving timestamp. According to $M_{4}$ , the user can obtain $r_{s} = D_{10}\oplus r_{u}$ and $r_{hg} = D_{8}\oplus r_{s.}$ Then it also checks the validity of $D_{9} = \text {h}(D_{3}\vert \vert$ $DID_{i}\vert \vert r_{s}\vert \vert T_{4}$ ). If the validation check of $D_{9}$ is successful, the user, HGWN and $S_{j}$ communicate together with the shared session key SK $=\text {h}({\textit{DID}}_{i}\vert \vert r_{u}\vert \vert r_{s}\vert r_{hg})$ securely.

For case 2, the following steps show the authentication and key agreement protocol.

Step 1:
In this case, while HGWN receives the $M_{1}$ and find that $SID_{j}$ of the target sensor is not in its database. Hence, it broadcasts { $SID_{j}, {TID}_{i}, {ID}_{hg}$ } to other Foreign GWNs (FGWNs). Finally, one FGWN finds out $SID_{j}$ in its database and hereby it can find $x_{j}$ . FGWN computes $Z_{2}=Z_{1}\oplus r_{sr}$ and $Z_{1}=\text {h}({\textit{TID}}_{i}\vert {\it \vert x}_{fg})$ and then sends { $Z_{2}$ ,ID_fg} to HGWN.
Step 2:
After receiving message from the FGWN, HGWN computes $Z_{1}=Z_{2}\oplus r_{sr}$ and $Z_{3}=D_{0}\oplus Z_{1}$ . Then, it sends { $Z_{3}$ ,ID_fg} to $U_{i}$ .
Step 3:
On receipt of { $Z_{3}$ ,ID_fg} from the HGWN, the user gets $Z_{1}=Z_{3}\oplus D_{0}$ and selects a nonce $r_{u2}$ and $T_{6}$ . Then the user computes $D_{11}=\text {h}\{{\textit{TID}}_{i}\vert \vert Z_{1}\vert \vert r_{u2}\vert \vert T_{6}$ and $D_{12}=Z_{1}\oplus r_{u2}$ . Then, the user sends $M_{5} =\{{\textit{TID}}_{i}$ ,D₁₁,D₁₂,T₆} to the FGWN.
Step 4:
On receipt of $M_{5}$ from the user, FGWN checks $\vert T_{7} - T_{6}\vert \le \Delta T$ where $T_{7}$ is receiving timestamp. Then FGWN can obtain $Z_{1}=\text {h}({\textit{TID}}_{i}\vert \vert x_{fg})$ and $r_{u2}=D_{12}\oplus Z_{1}$ . It checks the validity of $D_{11}=\text {h}({\textit{TID}}_{i}\vert \vert Z_{1}\vert \vert r_{u2}\vert \vert T_{6})$ . After validation check of $D_{11}$ , FGWN computes $D_{13}=\text {h}({\textit{TID}}_{i}\vert \vert Z_{1}\vert \vert r_{fg}\vert \vert x_{j}\vert \vert T_{7}\vert \vert r_{u2})$ , $D_{14}=r_{fg}\oplus x_{j}$ and $D_{15}=\text {h}(x_{j}) \oplus Z_{1}$ . It sends $M_{6}= \{{\textit{TID}}_{i}$ , D₁₂, D₁₃, D₁₄,D₁₅,T₇} to the target sensor, $S_{j}$ .
Step 5:
On receipt of $M_{5}$ from FGWN, $S_{j}$ also checks $\vert T_{8} - T_{7}\vert \le \Delta T$ where $T_{8}$ is receiving timestamp. Then, $S_{j}$ also obtains $r_{fg} = D_{14}\oplus x_{j}$ , $Z_{1} =\text {h}(x_{j})\oplus D_{15}$ and $r_{u2}= D_{12}\oplus Z_{1}$ . Thereby, the target sensor can confirm the validity of the received message, $D_{13}= \text {h}({\textit{TID}}_{i}\vert \vert Z_{1}\vert \vert r_{fg} \vert \vert x_{j}\,\,\vert \vert T_{7}\vert \vert r_{u2})$ .
Step 6:
After validation check of $D_{13}$ , $S_{j}$ computes $D_{16}=\text {h}({\textit{TID}}_{i}\vert \vert r_{s2}\vert \vert W_{1}\vert \vert T_{8})$ where $r_{s2}$ is generated by $S_{j}$ , $W_{1}=\text {h}({\textit{SID}}_{j}\vert \vert x_{j})$ , $D_{17}=r_{s2}\oplus W_{1}$ and $D_{18}=Z_{1}\oplus W_{1}$ . Thereby, it also sends $M_{7}=\{{\textit{TID}}_{i}$ ,D₁₆,D₁₇,D₁₈,T₈}, back to FGWN. $D_{17}$ is added according to the proposal of Wu et al. [21].
Step 7:
On receipt of $M_{7}$ from the target sensor, FGWN checks if $\vert T_{9} - T_{8}\vert \le \Delta T$ where $T_{9}$ is current timestamp. FGWN obtains $W_{1}=\text {h}({\textit{SID}}_{j}\vert \vert x_{j})$ , $r_{s2}=D_{17}\oplus W_{1}$ and $D_{19}=r_{s2}\oplus r_{fg}$ . Then it sends $M_{8}=\{{\textit{TID}}_{i}$ ,D₁₆,D₁₈,D₁₉,T₈,T₉} back to $U_{i}$ .
Step 8:
Upon receiving $M_{8}$ from FGWN, $U_{i}$ checks if $\vert T_{10} - T_{9}\vert \le \Delta T$ where $T_{10}$ is receiving timestamp. Then $U_{i}$ can obtain $W_{1}=D_{18}\oplus Z_{1}$ , $r_{s2}=D_{17}\oplus W_{1}$ and $r_{fg}=D_{19}\oplus r_{s2}$ . Thereby, it can check the validity of received message, $D_{16}= \text {h}({\textit{TID}}_{i}\vert \vert r_{s2}\vert \vert W_{1}\vert \vert T_{8})$ . Finally, $U_{i}, {S}_{j}$ and FGWN share the session key, ${\textit{SK}}=\text {h}({\textit{TID}}_{i}\vert \vert$ $SID_{j}\vert \vert r_{u2}\vert \vert r_{s2}\vert \vert r_{fg}$ ) securely.

Now, we describe the capacities of an adversary in this model.

Physical access: According to previous research, the adversary can access data in smart card by side-channel attacks [33].
Channel access: Based on above description of the study of Amin and Biswas, we can find the adversary only can gain information transferred in the open channel.
Sensor security: The adversary can compromise sensor nodes and gets its secret data.
Insider attacks: the malicious user in this authentication system can easily obtain private data in registration phase, such as plaintext of password and ID.

Next, we explain how the node captured attack compromises the complete authentication and key agreement protocol in [15].

B. The Security Problem in a Node Captured Attack

In this paper, we find node captured attack can comprise the proposed study of Amin and Biswas. The attack procedure is composed of two attack process. Next we explain them in the following paragraphs.

1) Capturing Target Sensor and Channel Monitoring

In this attack process, the attacker usually should select possible target user, GWN and the target sensor node in advance and then initiates node captured attack. Then, the attacker tries to get the internal security information in this target sensor node, which includes authentication data ( $x_{j}, {SID}_{j}$ ) and further computation operations. Via the power analysis [20], the attacker can possibly obtain that secret information. Hence, the hanker must try his best capturing the sensor node firstly. After stealing ( $x_{j}, {SID}_{j}$ ) and computation operations in a sensor node, the attacker puts this target sensor node back to original place. Next, the attacker should collect all authentication data in the public channel for a while. Basically, the attacker just focuses on the channels among $U_{i}$ , GWN and sensors.

2) Corresponding Information Check

After the first attack process, the attacker obtains secret authentication information inside target sensor and collect possible authentication data among the user, GWN and the target sensor node for a given period. Then the attacker has all possible ( $D_{3}$ , D₄, D₅, D₆, T₂) messages sent from HGWN to the target sensor. Next, we describe the detail comprising processes are as follows.

After comprising a target sensor node, the hacker can make use of secret information and computation inside the captured sensor node. The hacker firstly can gain $r_{hg} = D_{4} \oplus x_{j}$ from retrieved authentication messages between HGWN and the target sensor. With those messages, he can compute $r_{u}=D_{5} \oplus \text{h}$ ( $r_{hg}$ ) and then also get the masked ID, $DID_{i} = D_{6} \oplus \text{h}$ ( $ID_{hg}\vert \vert r_{hg}$ ).
Then the hacker builds the set, $S_{M1}= (M_{1\_{}1}$ , $M_{1\_{}2}$ , $M_{1\_{}3}, \ldots, M_{1\_{}i}$ ), where $M_{1\_{}i}{\it =(ID}_{hg\_{}t}{\it, TID}_{i\_{}t}{\it, SID}_{j\_{}t}{\it, D}_{1\_{}t},\,\,{D}_{2\_{}t}{\it, T}_{1\_{}i})$ which is sent from the user $U_{i}$ to HGWN.
In order to find the corresponding $M_{1}$ , the hacker selects one $M_{1}$ in $S_{M1}$ and computes $D_{0}=D_{2}\oplus r_{u}$ . Then he also obtains $D_{1}= \text {h}({\textit{ID}}_{hg}\vert \vert D_{0}\vert \vert r_{u}\vert \vert T_{1})$ .
Then, the attacker tries to check if the computed $D_{1}$ matches $D_{1}$ in his selected $M_{1}$ . If yes, the hacker can know ID pair ( $TID_{i}, {DID}_{i}$ ) in HGWN.

Based on above attacker procedure, the attacker can impersonate legitimate user and then products a new $M_{1}$ by conducting a new nonce $r_{u}$ , $T_{1}$ , and computed $D_{0}$ . In other words, the attacker can access the private data sensed by the sensor nodes just as the legitimate users. Our goal of this paper is to resolve this attack in original authentication protocol and then we explain our proposed scheme in Section IV.

SECTION IV.

The Authentication Information Exchange Scheme

Our proposed scheme is the first research in the user authentications of WSN to propose authentication information exchange scheme among WSN and sensors. The goal of this scheme is to ensure the attackers cannot comprise WSN even they capture the sensor nodes. Next, we first describe internal joint defence mechanism between the sensors and GWN, with which the reader can verify the sensors are still available and reliable. Then we explain this scheme in detail.

A. Internal Joint Defence Mechanism

In this mechanism, the sensor and GWN should communicate with each other periodically. In order to track the health of one sensor node, the mechanism in this paper gives it one of three statuses, normal, possibly compromised and compromised. Then, we explain the definition of three statuses as follows.

“Normal(N)”: At this status, the sensor node can respond its state to local GWN normally. Hence, if GWN can receive the response from the sensor node periodically, GWN thinks this sensor node still works well and records its status as “Normal” in the sensor status database.

“Possible Comprised (PC)”: At this state, the sensor node responds its state to GWN beyond one communication period. And GWN immediately set this sensor node’s status as “Possible Comprised”.

“Comprised(C)”: In our internal joint defence mechanism, GWN contacts with all sensor nodes in its sensed range periodically and receives responses from the sensor nodes. If GWN cannot receive state message from the sensor nodes over consecutive three communication rounds, GWN records this status of this sensor node as “Comprised”.

According to the status of the sensor node, GWN can tell if it is trustable or not. If it finds the sensor node is possibly comprised or captured, it intends to launch the protection mechanism to prevent WSN from further attack.

Basically, at state “PC”, the attacker is possibly capturing the sensor node and then try to get internal secret authentication data. If the attacker put it back in a short while, HGWN may consider this sensor still alive. In order to avoid the occurrence of this attack event, to reduce status check communication interval ( $T_{cc}$ ) is possible solution but it needs too much computation resource, which most sensor nodes cannot support this requirement. However, large $T_{cc}$ leads the sensor to expose in the risk of the node captured attack easily. Hence, in this paper, we discuss this problem in Section 4.3 and propose a more robust status check mechanism. In addition to internal joint defence mechanism, our authentication scheme adds a heuristic protection (HP) scheme to resist the node captured attack. This scheme is to determine when HGWN initiates our authentication information exchange scheme. In our design, only when the following two situations are met at the same time, our exchange scheme starts up.

HGWN receives a new authentication request from a user.
During the time duration between two continuous receiving authentication requests, the status of the target sensor node has even been “PC”.

Based on above two conditions, our scheme can avoid that GWN may carelessly ignore the event that the attacker has even stolen the sensor node. Because the status of sensor node changes frequently, GWN cannot tell whether the sensor node is even comprised or not by just depend on tracking the current statuses of sensor nodes. Hence, this HP scheme can avoid this phenomenon in our scheme. Fig. 2 shows cooperation between Joint defence mechanism and authentication information exchange scheme. First, the user sends an authentication request to HGWN and HGWN checks if this sensor node is in its range. If yes, HGWN checks the status log history to observe if the status of this sensor node has been “PC”. If yes, HGWN starts authentication information exchange scheme. After above process, HGWN performs the following authentication and key agreement protocol. Next subsection describes our proposed scheme.

FIGURE 2.

Cooperation between Joint defence mechanism and authentication information exchange scheme.

Show All

B. Authentication Information Exchange Scheme

In our proposed scheme, HGWN should store secret authentication information data sets of all sensor nodes in its database. There are three steps in this scheme.

In “System setup” phase, GWN stores $N_{s}$ secret authentication information into its secret authentication database in which it includes those of all local sensor nodes and unused ones. This secret authentication database is so-called secret authentication information pool. (SID, x) denotes one data in secret authentication information pool.
On receipt of the requirement of accessing sensor node from the user, GWN sends a new secret authentication information, which is selected from the secret authentication information pool, to a given sensor node. Basically, in order to follow up the track of sensor node’s secret authentication data, GWN stores two secret authentication data, new and old ones, into its used secret authentication database for each sensor node as shown in Fig. 3. Only those unused secret authentication data in secret authentication information pool can be assigned. Here are two selection methods explained as follows.
1. Random selection: Like literally, GWN selects one authentication data randomly from the secret authentication information pool.
2. Sequential selection: By this selection method, GWN picks up one data in the secret authentication information pool sequentially. However, it is obvious that the attacker can predict the order of the assignment of secret authentication data for a given sensor node if he/she observes this assignment process for a sufficient time. In our scheme, we do not adopt this method.
On receipt of the new secret authentication information, the sensor node firstly uses its authentication information inside to check the correction of new receiving message. Then, the user abandons old secret authentication information if this check is correct. In the following authentication, the sensor node makes use of new authentication data.

FIGURE 3.

The operation of the assignment and recycling of the secret authentication data sets.

Show All

As described above, the attacker cannot use secret information in the sensor node to crack WSN because our scheme makes the sensor node use new one in the following authentication and key agreement protocol.

Next, we describe our authentication information exchange scheme in details as follows. As our above description, our scheme is the additional part of an authentication and key agreement protocol and this part only relates with the authentication communication between HGWN and the sensor nodes. Other authentication processes follow the previous scheme [15]. Hence, we also just explain the authentication process between HGWN and the sensor. In [15], there are two cases, one is User-HGWN-Target sensor (UHT case) and the other one is User-FGWN-Target sensor (UFT case). However, our scheme just occurs in local sensed area of a GWN. Hence, for our scheme, our scheme performs similar for UHT and UFT cases. Next, we explain the process of our scheme as follows.

Step 1:
First, GWN receives the authentication message, $M_{1}=({\textit{ID}}_{hg}$ ,TID_i,SID_j,D₁,D₂,T₁), from the user. HGWN checks $\vert T_{2} - T_{1}\vert \le \Delta T$ . Next, HGWN gets $DID_{i}$ from the database according to $TID_{i}$ . Then, it should compute $D_{0}=\text {h}({\textit{DID}}_{i}\vert \vert$ $TID_{i}\vert \vert x_{hg}$ ) and $r_{u}=D_{2} \oplus D_{0}$ and do the check of validity of $D_{1}$ , $D_{1}=\text {h}({\textit{ID}}_{hg}\vert \vert D_{0}\vert \vert r_{u}\vert \vert T_{1})$ . If checking result is not successful, GWN terminates this session.
Step2:
After passing message validity check, in the previous research [15], HGWN immediately computes $D_{3}$ , $D_{4}$ and sends the messages { $D_{3}$ ,D₄,D₅,D₆,T₂} to the target sensor, $S_{j}$ . However, in our authentication information exchange scheme, if HP scheme starts up, HGWN first selects one new set of authentication secret information, (SID $_{j\_{}w}, {x}_{j\_{}w}$ ), in our authentication secret information pool and sends it to the target sensor node. This is the beginning step in our authentication information exchange scheme. In order to help the target sensor node verify the validity of this message, HGWN computes $u_{1}=({\textit{SID}}_{j\_{}w}\vert \vert x_{hg}\vert \vert T_{c})$ , $E_{1}=u_{1} \oplus x_{j}$ and $E_{2}=x_{j} \oplus x_{hg}$ , where $x_{j}$ is old authentication secret information stored in target sensor node. Then, HGWN also computes $D_{c}=\text {h}(E_{1}\vert \vert u_{1})\oplus$ $SID_{j\_{}w}$ and sends $M_{E}=\{E_{1}{\it, E}_{2}{\it, D}_{c}{\it,T}_{c}\}$ to the target sensor node via the secure channel.
Step3:
The target sensor node receives this new authentication message and it verifies the legitimacy of timestamp difference, $\vert T_{3} - T_{c}\vert \le \Delta T$ where $T_{3}$ is current timestamp. If this timestamp verification is correct, it continues the following authentication scheme.
Step 4:
The target sensor node computes $u_{1}=E_{1} \oplus x_{j}$ where $x_{j}$ is old authentication secret information. Then, the target sensor node computes $SID_{j\_{}w}=D_{c} \oplus \text{h}$ ( $E_{1}\vert \vert u_{1}$ ) and $x_{hg} = E_{2} \oplus x_{j}$ .Then, it can accordingly get $x_{j\_{}w}=\text {h}({\textit{SID}}_{j\_{}w}\vert \vert x_{hg})$ . So far, the sensor node and HGWN have completed the authentication information exchange scheme together. The target sensor abandons old secret information, ( $SID_{j}, {x}_{j}$ ) and HGWN restores this secret data into its authentication secret information pool.
Step 5:
In order to help HGWN verify that this authentication information exchange is successful at sensor node side, the target sensor node generates the confirmation message and sends it to HGWN. This confirmation message contains $E_{3}=\text {h}(T_{c}\vert \vert x_{j\_{}w}\vert \vert x_{hg}$ ) $\oplus SID_{j\_{}w}$ and $E_{4}= \text {h}(E_{3}\vert \vert SID_{j}\vert \vert SID_{j\_{}w}$ ). Finally, it sends $M_{EG}=\{E_{3}$ , $E_{4}$ , and $T_{cr}$ } to the HGWN.
Step 6:
Next, HGWN receives confirmation message and checks if $\vert T_{4}$ -T $_{cr}\vert \le \Delta T$ where $T_{4}$ is current timestamp. HGWN computes $SID_{j\_{}w}=E_{3} \oplus \text{h}$ ( $T_{c}\vert \vert x_{j\_{}w}\vert \vert x_{hg}$ ) with the use of its internal secret information ( $x_{j\_{}w}$ , $x_{hg}$ ). Then HGWN use computed $SID_{j\_{}w}$ to find old sensor ID, $SID_{j}$ , in its database. Then GWN computes $E_{4}=\text {h}(E_{3}\vert \vert SID_{j}\vert \vert SID_{j\_{}w}$ ) with computed $SID_{j\_{}w}$ . Then GWN compares computed $E_{4}$ with received $E_{4.}$ If they are the same, HGWN verifies that the user has completed secret authentication information exchange. After confirmation, the whole process of our authentication information exchange scheme has finished. HGWN can continue the normal user authentication process.

Through above secret authentication information exchange, WSN can provide all sensor nodes more secure protection. In Fig. 3, it shows the operation of the assignment and recycling of one secret authentication data set. It shows that HGWN selects one data set and sends it to the target node and restored old one to the secret authentication pool. In the next subsection, we give a performance discussion on our proposed authentication information exchange scheme and propose some improvements over our scheme.

C. Performance Discussion

Based on described above, we know the detail operations of our authentication information exchange scheme but some performance issues are needed to analyse and discuss. This section also gives improvements over our scheme. Firstly we analyse the impact of performance of communication period for our joint defence mechanism. Second, we discuss heuristic protection (HP) mechanism.

We now investigate the impact of communication period for internal joint defence mechanism. This study has been discussed in [32] previously and some are improper. Now we renew and correct that discussion. Before beginning to discuss this topic, we define the parameters used in this section.

$T_{at}$ : This denotes the time duration of a node captured node attack in which attacker steals and put the sensor back after getting private information inside the sensor node.

TC_i: The $i$ th contacting time which GWN contacts with the sensor node.

$T_{co}$ : The communication time interval between two contacting time.

Next we give three cases to describe the circumstances when the attacker tries to launch a node captured attack under different relationships among three parameters

Case 1 ( $2T_{co} >T_{at}> T_{co}$ ):
In this case, the attacker can launch a node captured attack and complete it in $1\sim 2~T_{co}$ duration. Hence, during this attack process, GWN sets the state of a given sensor node as “PC” and then “N” at $TC_{i}$ and $TC_{i+1}$ , respectively. If an authentication requirement for this sensor node comes from the user after $TC_{i+1}$ , GWN initiates our proposed authentication information exchange scheme firstly before performing user authentication and key agreement protocol.
Case 2 ( $T_{at}> 2T_{co}$ ):
The attack launches the node captured attack and finishes this attack beyond two communication rounds. In this case, GWN consider this sensor node is comprised and set its status as “P” after 2 $TC_{i+2}$ . Naturally, GWN must execute our proposed authentication information exchange scheme once it receives an authentication requirement from the user.
Case 3 ( $T_{co} >T_{at}$ ):
This case also means the worst case because GWN cannot be aware of the attacker having capturing the sensor node and stealing the secret information inside the sensor successfully. After this attack, the malicious user can impersonate legitimate user to access private sensed data.

In summary, we can find the shorter $T_{co}$ is, the less risk WSN faces. In order to resolve the issue of Case 3, periodic communication monitoring is not enough and hence the sensor node should have self-destroyed mechanism. However, we do not rashly adopt self-destroyed mechanism in sensor nodes because sensor nodes in IoT is easily touched careless or accidentally. Hence, we assume the sensor node executes self-destroyed mechanism if it cannot contact GWN after $3 T_{co}$ . In practice, the system administrator (SA) actually can simulate this attack in advance and obtain the average time finishing node captured attack. Then SA in WSN sets $T_{co}$ small sufficiently. However, a fixed $T_{co}$ is easily guessed by the attackers and we design a dynamic setting method. In both cases, $T_{at}$ is larger than $T_{s}$ . We next give the joint defence mechanism with Dynamic Communication Frequency scheme(DCF).

We first give some definitions.

$P_{total}$ : The total capacity of the battery of the sensor node.

$P_{co}$ : The power capacity required by one communication period between HGWN and the sensor node.

$T_{g}$ : The expected lifetime of the sensor node in WSN.

$T_{s}$ : The expected time interval of $T_{co}$ .

We can have the equation as follows.

$\begin{equation*} T_{g}=T_{s}\cdot \frac {P_{total}}{P_{co}}\tag{1}\end{equation*}$ View Source

Hence, we can obtain expected

$T_{co}$

$T_{s}$

, which can satisfy the assumption. In order to avoid fixed

$T_{co}$

, we set

$T_{co}$

dynamically, not equal to a constant. We develop our dynamic communication frequency scheme for joint defence mechanism as follows:

At the beginning, $T_{co}$ is set as $T_{s}$ . Then, the setting of $T_{co}$ is set according to the following Dynamic Rule.

Dynamic Rule: If the status of the sensor node is still “N” after two continuous $TC_{i}$ , $T_{co}$ is set as $\sigma T_{s}$ , where $1>\sigma >\sigma _{\mathrm {u}}$ . $\sigma _{\mathrm {u}}$ value is the lower bound of lifetime of the sensor node. Hence, system administrator can adjust this parameter to control the expected lifetime of the sensor nodes.

Hence, DCF can set $T_{co}$ dynamically and it can save power of the sensor node to achieve the security and power efficiency meanwhile.

SECTION V.

Evaluation Plan

In this section, we evaluate our scheme with the use of three ways, security evaluation, BAN Logic validation and computation evaluation of our scheme. Through above three evaluation methods, we can verify the security of our sensor secret authentication information exchange scheme in a rigorous analysis way.

A. Security Evaluation

In this subsection, we verify that our scheme can avoid the damage caused by sensor node captured attack. We firstly describe the process of sensor node captured attack. First, the attacker listens to the communication channels and the attacker captures the target sensor node. Then, via the power analysis, the attacker can obtain the secret authentication information of the target sensor node,( $SID_{j}$ ,x_j). Furthermore, we also assume that the attacker also can know the computation procedure and the detail computation formulas inside the target sensor node. Next, the attacker continues eavesdropping all authentication messages transferring among the user, HGWN and the target sensor node. Once the attacker gains necessary authentication information, the attacker can crack WSN and impersonate a valid user to access WSN easily. Our scheme provides an enhanced way to improve the security flaw of previous authentication and key agreement protocol. In our authentication scheme, for each time the conditions of HP scheme are met, the sensor node replaces old authentication data with new one and the previous authentication information stole by the attacker is useless immediately. The attacker cannot cause any damage to anything in the user authentication process even if he listens and resolves all authentication messages among the user, HGWN and the target sensor. Our scheme is very different to other authentication scheme because we just add a new our proposed scheme in a WSN authentication scheme instead of replacing it with a completely new one. Next, we describe our authentication information exchange scheme still can achieve the following security goal without affecting the security features of the original authentication and key agreement algorithms.

Mutual authentication: in our scheme, the GWN transmits new secret authentication information to the sensor node via secure channel. Then the sensor node returns authentication information to the GWN. GWN should use new and old security information of the target sensor in its authentication pool to verify the messages sent from the sensor node. Hence, even if the attacker has captured the sensor node before, the attacker cannot gain any information from fetching { $E_{3}$ , $E_{4}$ , $T_{cr}$ }.

Anonymity: Because our scheme does not disclose any information about the target and the user ID, the attacker cannot determine who authenticates with the which target sensor. Hence our scheme still ensures the whole authentication privacy in an authentication and key agreement protocol.

Sensor impersonate attack: The attacker cannot impersonate a sensor node because he/she is not able to get new secret authentication information. All that the attacker can get is { $E_{3}$ , $E_{4}$ , $T_{cr}$ }. However, without $SID_{j\_{}w}$ and $x_{j\_{}w}$ , he/she does not know what it is at all. Therefore,the attacker hardly impersonates a valid sensor node to send a fake message to GWN because GWN can identify immediately with its internal security information only known by real sensor node and GWN.

Replay attacks: In our proposed algorithm, at each time receiving authentication messages, the sensor nodes and GWN, check if the timestamp carried by messages is within validate time limit. This can efficiently avoid that the adversary sends the same user authentication message constantly in order to impersonate a validate user. Furthermore, we conceal all critical messages, which can block the malicious faked attacks and impersonation attacks.

Next, we prove the result of BAN logic validation of Amin and Biswas’s scheme with our authentication information exchange scheme still holds as in [15].

B. BAN Logic Validation

BAN logic validation [29] is usually used to verify that a user authentication and key agreement algorithm [30], [31] is valid and secure. The authors in [15] has proved their algorithm secure based on BAN logic validation. Hence, in this subsection, we just need to prove our scheme does not affect the validation result of authentication algorithm in [15]. Basically, our scheme does not use any parts of Session key, ( $r_{u}, {r}_{gh}, {r}_{s}$ ) and our scheme do not involve the original user authentication scheme. Our scheme also ensures mutual authentication, which proves our secret authentication process is secure. The goal of our scheme just replaces old $SID_{j}$ and $x_{j}$ with new ones, $SID_{j\_{}w}$ and $x_{j\_{}w}$ . Hence, we just need to prove that the assumptions in [15] related with our scheme still hold. Observing the assumptions in [15], only the following one is related with our scheme and our goal is to validate it with BAN logic.

Goal: $\mathrm {HGWN\vert \equiv HGWN}\stackrel { x_{j} } \longleftrightarrow S_{j}$ .

We need to introduce some statements [24] in BAN logic validation and these statements are important in the following security analysis.

$\mathrm {P\vert \equiv X}:$ It denotes that P trusts X.

$\mathrm {P < X:}$ It denotes that P receives the message, X, and can reproduce it. This is also called as seeing rule.

$\mathrm {P\vert \sim X}:$ It denotes that P said X at some time.

$\mathrm {P}\Longrightarrow \mathrm {X}:$ It denoted that P has access right on X, eq. P is an authority on X.

#(X): X is a fresh message.

$\langle X\rangle \rangle _{Y}:$ it denotes that X combines with Y.

$P\mathop{\Longleftrightarrow}\limits^{K} Q:$ The formula,K, is only known by P and Q and other principals trusted by them.

$\mathrm {P}\stackrel { K } \longleftrightarrow Q:$ P communicates with Q via shared key, K.

We explain some postulates in BAN logic as follows.

Message-meaning rule: $\frac {P\vert \equiv P\mathop{\Longleftrightarrow}\limits^{K} Q,P < \langle X\rangle _{K}}{P\left |{ \equiv Q }\right |\sim X}$
If P trusts that its private key, K, is shared with Q and also receives X message, P trust Q has said X.
Fresh-conjuncatenation rule : $\frac {P\vert \equiv \# (X)}{P\vert \equiv \# (X,Y)}$
If P trusts X is a new message, P trusts (X,Y) are fresh formula.
Brief rule: $\frac {P\vert \equiv X,P\vert \equiv Y}{P\vert \equiv (X,Y)}$
If P trusts X and Y, P trusts the formula (X, Y).
Nonce-verification rule: $\frac {P\vert \equiv \# \left ({X }\right),P\vert \equiv Q\vert \sim X}{P\vert \equiv Q\vert \equiv X}$
If P trusts X is a new message and Q has said X, P trusts that Q trusts X.
Jurisdiction rule: $\frac {P\vert \equiv Q\mathrel {\mathop {\kern 0pt\Longrightarrow }\limits _{\mathbf {}}} X,P\vert \equiv Q\vert \equiv X}{P\vert \equiv X}$
If P trusts Q has access right on X and P trusts Q, P trusts X.
Session key rule: $\frac {P\vert \equiv \# \left ({X }\right),P\vert \equiv Q\vert \equiv X}{P\vert \equiv P\stackrel { K } \longleftrightarrow Q}$

If P trusts that X is a new message and that Q trusts X, P trusts that P communicates with Q with key, K.

We now have some assumptions as follows:

$\mathrm {HGWN\vert \equiv \# (}x_{j})$
$\mathrm {HGWN}\vert \equiv \mathrm {HGWN}\stackrel {SID_{j} } \longleftrightarrow S_{j}$
$S_{j}\vert \equiv S_{j}\stackrel {SID_{j} } \longleftrightarrow \mathrm {HGWN}$
$\mathrm {HGWN}\left |{ \equiv S_{j} }\right |\Longrightarrow x_{j}$

Then, we give our main proofs as follows:

$\begin{equation*} S_{j}\to HGWN: E_{3}:\langle x_{j}\rangle _{SID_{j}}, E_{4}, T_{cr}\end{equation*}$ View Source

According to seeing rule, we obtain

$\mathrm {HGWN < }E_{3}:\langle x_{j}\rangle _{SID_{j}}, E_{4}, T_{cr}$
According to A2, A3, S1, and message meaning rule, we get
$\mathrm {HGWN}\left |{ \equiv S_{j} }\right |\sim x_{j}$
According to A1, S2, and freshness conjuncatenation rule, we get
$\mathrm {HGWN}\left |{ \equiv S_{j} }\right |\equiv x_{j}$
According to S3, A1, session key rule, we get
$\mathrm {HGWN\vert \equiv HGWN}\stackrel { x_{j} } \longleftrightarrow S_{j}$ (Our goal)
Based on above validation, we can prove that our scheme does not affect original validation result in previous research and our scheme can help the original research avoid sensor node captured attack meanwhile.

C. Performance Evaluation

In this paper, we evaluate the performance of our secret authentication information exchange scheme. We evaluate the computation load of hash function in our scheme. Because XOR computation load is low, as previous researches, we just ignore it. Because our scheme is an additional scheme in a user authentication and key agreement algorithm in WSN, there is no other similar schemes. We just list our computation load as the following table 1. We can observe that it just needs 2 T_h for sensor node and HGWN. We believe the sensor node has more computation capacity in the future and this scheme is feasible in WSN.

TABLE 1 Computation Load Evaluation

SECTION VI.

Conclusion

In this paper, we revisit the previous research and study the possible risk arising from sensor node captured attack. We find the recent user authentication and key agreement algorithms are easily vulnerable to sensor node captured attack because of the advance on power analysis technology. Hence, just developing another one new user authentication and key agreement algorithm seems not enough to prevent this attack from occurring in the future IoT environment. We propose an authentication information exchange algorithm to aid the recent user authentication algorithms in WSN to resist sensor node captured attack. We also discuss the performance and design an enhanced mechanism to improve our scheme. This paper proposes a secret authentication information exchange scheme but not propose a completely new user authentication algorithm in WSN. We also provide detail security evaluation to explain our scheme is secure. Furthermore, we also explain our scheme does not affect the validation result of original authentication and key agreement protocol verified by BAN logic. Finally, we also provide a performance evaluation to show our scheme just adds a few computation load to the whole authentication and key agreement protocol in WSN.

In the future, we will try to find a more practical implementation for transferring the new security authentication information to the sensor. We regard it as an open study to resolve. However, our scheme still provides a worthy way to design an enhancing scheme to improve the original authentication and key agreement protocol.

References is not available for this document.

An Authentication Information Exchange Scheme in WSN for IoT Applications

Alerts

Abstract:

Metadata

Abstract:

Funding Agency:

Introduction

Related Works

Problem Formilation

A. Research Review: The Scheme of Amin and Biswas

1) System Setup

2) Sensor and User Registration

3) Login

4) Authentication and Key Agreement

Step1:

Step2:

Step3:

Step4:

Step5:

Step6:

Step 1:

Step 2:

Step 3:

Step 4:

Step 5:

Step 6:

Step 7:

Step 8:

B. The Security Problem in a Node Captured Attack

1) Capturing Target Sensor and Channel Monitoring

2) Corresponding Information Check

The Authentication Information Exchange Scheme

A. Internal Joint Defence Mechanism

B. Authentication Information Exchange Scheme

Step 1:

Step2:

Step3:

Step 4:

Step 5:

Step 6:

C. Performance Discussion

Case 1 (2T_{co} >T_{at}> T_{co}2T_{co} >T_{at}> T_{co} ):

Case 2 (T_{at}> 2T_{co}T_{at}> 2T_{co} ):

Case 3 (T_{co} >T_{at}T_{co} >T_{at} ):

Evaluation Plan

A. Security Evaluation

B. BAN Logic Validation

C. Performance Evaluation

Conclusion

Authors

Figures

References

Citations

Keywords

Metrics

References

IEEE Account

Purchase Details

Profile Information

Need Help?

Case 1 ( $2T_{co} >T_{at}> T_{co}$ ):

Case 2 ( $T_{at}> 2T_{co}$ ):

Case 3 ( $T_{co} >T_{at}$ ):