Introduction
Recently, IoT trend [1] leads to the popularity of sensor network technology. Wireless sensor network also spreads IoT notion in various fields of network control. The wide use of wireless sensor networks [25] in human life has created many popular IoT applications, which also brings many conveniences to human life and is so-called Smart Life. However, information disclosure of personal privacy also possibly occurs due to unsafe privacy protection in such wireless sensor network while people enjoy such convenience. Therefore, security issues in WSN are getting important and catch much attention. Among the researches related with secure wireless sensor networks, access control in WSN is one of many security issues and also catches much attention. Many studies also proposed their schemes to ensure that the user accesses WSN securely and legitimately. One of them is the user authentication and key agreement algorithm. Basically, this research topic has been studied for many years and many authentication schemes are proposed based on several security considerations which include key agreement, mutual authentication, and anonymity. These authentication protocols also can resist many famous network attacks, including replay attack, eavesdropping attack and password guessing attack and etc. Mutual authentication and anonymity are usually necessary for a user authentication and key agreement protocol. Through literature review, the two-factor authentication and key agreement protocol is getting popular recently. The users need to own two private authentication inputs, usually password and smart card, to perform two-factor authentication and key agreement protocol for accessing WSN securely. We will review related literatures in Section 2.
The authors in previous study [2] categorized user authentication model in WSN into five different types, which provides a very good design guide for the proposal of a new user authentication and key agreement protocol. The authors in [9] employ fifth authentication model in which the sensor node can acts like forwarding node or end sensor node. In the case that the sensor node locates between the user and the gateway, it is responsible for forwarding authentication messages to GWN. If the sensor node plays end node, GWN forwards the authentication protocol message to the sensor nodes. This concept totally corresponds to the conception of IoT, in WSN. In such authentication and key agreement protocol, the sensor nodes should be responsible for a lot of computation and forwarding works but it may be a problem due to the constricted battery power of sensor nodes. The authors in [15] observe the issues of this authentication model and consider the authentication model in [9] not suitable for WSN. Hence, they also propose a new user authentication and key agreement protocol in which the gateway node (GWN) still should support most part of authentication computation works during user authentication process. Their protocol can resolve security flaws of previous research, including resisting attacks, supporting mutual authentication and anonymity. In a foreseeable future, WSN must extend its scale and it must contain multiple gateways for providing a large scale IoT services. In such a large scale WSN, GWNs should cooperate together to forward communication messages and authentication data between the user and target sensors. Their proposed new authentication model is adequate to work in multi-gateway WSN.
Usually, in a multi-gateway WSN, the user can access local sensors via HGWN and remote sensor nodes through foreign gateways. Fig. 1 shows user accessing sensor nodes in a multi-gateway WSN. In IoT environment in which all things, including end devices, sensor nodes, are connected together, several IoT manufacturers around the world usually produce various IoT devices with the lack of a full security consideration. Thereby, several security attacks in IoT have arisen. For example, the hacker can initiate DDoS attack by manipulating many small IoT devises which usually lack the security validation scheme for the legitimate user. Furthermore, in IoT, the sensors in WSN also face a serious security challenge. Those sensor nodes in IoT applications are usually deployed in some easily touched places. Hence, one possible critical security attack, easily happening nowadays, is node captured attack in which authentication information inside the sensor node is disclosed by physical crack. In other words, even a completely new user authentication is still very possible to be vulnerable to this attack because the attacker possibly gets all necessary authentication information via this attack. Hence, we resist this attack from a new defence aspect very different to previous researches and propose an authentication information exchange scheme. With our proposed scheme, the sensors do not own fixed authentication information in an authentication protocol because they exchange new secret authentication information with WSN gateway according to our heuristic protection mechanism. In order to avoid too many exchange events, our proposed heuristic protection mechanism provides the rules to determine when GWN launches authentication information exchange scheme between itself and the sensors. Only when the conditions in heuristic protection mechanism are met, the gateway initiates our proposed authentication information exchange scheme to replace old key authentication information in sensor nodes with new one. Hence, in this paper, we add an authentication information exchange scheme in previous authentication scheme but not propose new one.
The organization of this paper is as follows. In Section 2, we review several literatures about authentication algorithms in WSN and discusses their security issues. In Section 3, we review the scheme of Amin and Biswas and analyse the possible security problem under sensor node captured attack in multi-gateway wireless sensor networks. Then, we introduce our authentication information exchange scheme between the WSN gateway and the sensors, preventing WSN from security damages caused by node captured attack in Section 4. We also analyse our proposed authentication information exchange scheme and explain heuristic protection mechanism. We verify our authentication scheme based on our proposed authentication exchange scheme in Section 5. Then, we also give a conclusion of this paper in Section 6.
Related Works
The user authentication and key agreement protocol has been an important research in WSN to ensure the user can access WSN securely. In 2004, the authors in [3] proposed public key technology in WSN, named TinyPK, which is developed based on RSA and Diffie-Hellman protocol. The proposed user authentication schemes using RSA cryptosystem, which are based on Dife-Hellman key exchange protocol, usually have memory overhead issue. A secured authentication protocol [24] was developed with elliptic curves cryptography in 2011, which also belonged to public-key cryptography based. However, the sensor nodes with the constricted computation capacity cannot support complex computation of their schemes. In 2006, Wong et al. utilized hash function in their dynamic user authentication scheme in WSN to avoid the secret authentication information leakage during authentication process and furthermore save much computation cost. Hence, the following researches usually employ hash function in their authentication and key agreement protocols. Tseng et al. [23] improved the design flaw of [22] and proposed a new improved version of [22]. Das ML. proposed a two-factor user authentication protocol in 2009, and this protocol can enhance and improve the authentication in WSN very much. Only those users owning two authentication factors can access WSN. Since then, many researches [4]–[8], [10], [11], [14], [17], [19] involve the study of the two-factor user authentication scheme in WSN. In 2013, Khan and Alghathbar [18] try to explore the security flaws of two-factor user authentication and improve it. And Wang and Wang [4] reviewed the security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. It provides a useful investigation of design a two-factor authentication scheme in WSN. In order to prevent authentication factors from stealing or offline guessing attacks, researchers in [5] tried to utilize biometric-based factors to develop their authentication scheme for wireless sensor networks in 2010. Then, in 2013, Xue et al. [2] proposed an temporal-credential-based mutual authentication and key agreement protocol, and the authors in [12], [13] found the flaws of Xue’s scheme. They say Xue’s scheme cannot resist stolen credential table attack. They later on proposed advanced temporal credential based security scheme with mutual authentication and key agreement. Biometric-based factors are associated with the personal characteristic and It is hard to forge these authentication factors. However, these biometric-based schemes need corresponding designated equipments which are costly to use widely in human life.
In 2014, the first research base on IoT notion is proposed by Turkanovic et al. [9] and they think the authentication communication model in WSN should still obey IoT notion. Hence, their authentication model adopts fifth access model in WSN, which is defined in [2]. This access model corresponds to access model in IoT environment and is first used in the development of user authentication protocol for IoT environment. This authentication scheme seems actually reasonable and adequate in IoT. However, in 2016, Farasha et al. [16] discovered the study in [9] is vulnerable to offline password guessing and also cannot achieve anonymity. Hence, they also proposed an improved authentication scheme tailed for the Internet of Things environment to resolve the security flaws in [9]. In their schemes, the sensor noes should be responsible for forwarding authentication messages to GWN, which is not practice in WSN because the battery of the sensor nodes is limited. Hence, the authors in [15] still consider the gateway in WSN should play main role in an authentication and key agreement protocol. As the scale of WSN is getting bigger, a multi-gateway wireless sensor networks become main network architecture in WSN and a user authentication and agreement protocol in such networks is urgently needed. Hence, they propose a new authentication and key agreement scheme for multi-gateway WSN, in which the user sends the authentication requirement to the target sensor through several WSN gateways. In 2017, Wu et al. [21] discover that the work in [15] is vulnerable to sensor captured, de-synchronization and off-line guessing attacks. They also develop a new improved authentication scheme for multi-gateway WSNs.
Recently, authentication protocols are used in various wireless applications and are developed from the various authentication factors, such as various biometric factor authentication schemes. Especially, physiological biometrics based authentication schemes have implemented successful to perform user authentication, such as fingerprints, iris, and facial information [26]–[28]. However, they usually require additional and costly equipments. And hence the two-factor authentication and key agreement protocols with smart card are still the most popular and widely used until now. Now, we focus on the recent famous research [15] and investigate it deeply. In this paper, we revisit a famous and representative authentication protocol in multi-gateway WSN, the study of Amin and Biswas [15], under node captured attack in order to find vulnerable of authentication protocol in such WSN. Our paper proposes authentication information exchange scheme rather than designs a completely new one to improve the security flaws in the user authentication algorithms of WSN. Our scheme is one part of an authentication protocol and hence other researches can add our scheme to enhance the security capacity easily against the node captured attack in WSN.
Problem Formilation
In this Section, we revisit the recent scheme, the scheme of Amin and Biswas, proposed in 2016. This scheme has seven phases and we focus on the main body of their authentication scheme, including System setup, Sensor and user registration, Login, and Authentication and key agreement. Then we show the security problem in their authentication scheme under node captured attack.
A. Research Review: The Scheme of Amin and Biswas
1) System Setup
In this phase, the system administrator (SA) assigns
2) Sensor and User Registration
For the sensor registration, the sensor,
For the user registration, the user (
3) Login
4) Authentication and Key Agreement
In this phase, there are two cases. One is that
Step1:
On receipt of
from the user, in order to avoid replay attack, HGWN checksM_{1} where\vert \text{T}_{2} - \text{T}_{1}\vert \le \Delta \text{T} is receiving timestamp. If it holds, the HGWN continues authentication process. Next, HGWN getsT_{2} from the database according to receivedDID_{i} . Then, it can obtainTID_{i} D_{0}=\text {h}({\textit{DID}}_{i}\vert \vert ) andTID_{i}\vert \vert x_{hg} and checks the validity ofr_{u}=D_{2}\oplus D_{0} . If above check is not successful, the session will be terminated.D_{1}=\text {h}({\textit{ID}}_{hg}\vert \vert D_{0}\vert \vert r_{u}\vert \vert T_{1}) Step2:
After validation check of the message,
, HGWN computesD_{1} D_{3}=\text {h}({\textit{ID}}_{hg}\vert \vert ),DID_{i}\vert \vert x_{j}\vert \vert r_{hg}\vert \vert T_{2} ,D_{4}=x_{j}\oplus r_{hg} (D_{5} = r_{u}\oplus \text{h} ) andr_{hg} (D_{6}= {\textit{DID}}_{i}\oplus \text{h} ). Then it sends the messages {ID_{hg}\vert \vert r_{hg} , D4, D5, D6, T2} to the target sensor,D_{3} .S_{j} Step3:
On receipt of
from the HGWN,M_{1} also checksS_{j} where T3 is receiving timestamp. Based on the messages in\vert T_{3} - T_{2}\vert \le \Delta \text{T} ,M_{1} can obtainS_{j} ,r_{hg} = D_{4}\oplus x_{j} (r_{u} =D_{5}\oplus \text{h} ) andr_{hg} (DID_{i} = D_{6}\oplus \text{h} ). Then, the target sensor can check the validity ofID_{hg}\vert \vert r_{hg} D_{3}= \text {h}({\textit{ID}}_{hg}\vert \vert ).DID_{i}\vert \vert x_{j}\vert \vert r_{hg}\vert \vert T_{2} Step4:
If validity check of
is correct,D_{3} computesS_{j} D_{7}= \text {h}(D_{3}\vert \vert ) in which the nonce,DID_{i}\vert \vert r_{s}\vert \vert T_{3} , is randomly generated byr_{s} andS_{j} . Then it sendsD_{8}=r_{hg}\oplus r_{s} back to HGWN.M_{3}=\{D_{7}{\it, D}_{8}{\it, T}_{3}\} Step5:
On receipt of
from the target sensor, HGWN checksM_{3} where\vert T_{4} - T_{3}\vert \le \Delta T is current timestamp. Then HGWN can obtainT_{4} and checks the validity ofr_{s} = D_{8}\oplus r_{hg} D_{7}= \text {h}(D_{3}\vert \vert ). After checkingDID_{i}\vert \vert r_{s}\vert \vert T_{3} , HGWN computesD_{7} D_{9}=\text {h}(D_{3}\vert \vert ) andDID_{i}\vert \vert r_{s}\vert \vert T_{4} .. Then it sendsD_{10}=r_{s}\oplus r_{u} ,D8,D9,D10, T4} back to the user.M_{4}=\{D_{3} Step6:
On receipt of
from the HGWN, the user checksM_{4} where\vert T_{5} - T_{4}\vert \le \Delta T is receiving timestamp. According toT_{5} , the user can obtainM_{4} andr_{s} = D_{10}\oplus r_{u} Then it also checks the validity ofr_{hg} = D_{8}\oplus r_{s.} D_{9} = \text {h}(D_{3}\vert \vert ). If the validation check ofDID_{i}\vert \vert r_{s}\vert \vert T_{4} is successful, the user, HGWN andD_{9} communicate together with the shared session key SKS_{j} securely.=\text {h}({\textit{DID}}_{i}\vert \vert r_{u}\vert \vert r_{s}\vert r_{hg})
For case 2, the following steps show the authentication and key agreement protocol.
Step 1:
In this case, while HGWN receives the
and find thatM_{1} of the target sensor is not in its database. Hence, it broadcasts {SID_{j} } to other Foreign GWNs (FGWNs). Finally, one FGWN finds outSID_{j}, {TID}_{i}, {ID}_{hg} in its database and hereby it can findSID_{j} . FGWN computesx_{j} andZ_{2}=Z_{1}\oplus r_{sr} and then sends {Z_{1}=\text {h}({\textit{TID}}_{i}\vert {\it \vert x}_{fg}) ,IDfg} to HGWN.Z_{2} Step 2:
After receiving message from the FGWN, HGWN computes
andZ_{1}=Z_{2}\oplus r_{sr} . Then, it sends {Z_{3}=D_{0}\oplus Z_{1} ,IDfg} toZ_{3} .U_{i} Step 3:
On receipt of {
,IDfg} from the HGWN, the user getsZ_{3} and selects a nonceZ_{1}=Z_{3}\oplus D_{0} andr_{u2} . Then the user computesT_{6} andD_{11}=\text {h}\{{\textit{TID}}_{i}\vert \vert Z_{1}\vert \vert r_{u2}\vert \vert T_{6} . Then, the user sendsD_{12}=Z_{1}\oplus r_{u2} ,D11,D12,T6} to the FGWN.M_{5} =\{{\textit{TID}}_{i} Step 4:
On receipt of
from the user, FGWN checksM_{5} where\vert T_{7} - T_{6}\vert \le \Delta T is receiving timestamp. Then FGWN can obtainT_{7} andZ_{1}=\text {h}({\textit{TID}}_{i}\vert \vert x_{fg}) . It checks the validity ofr_{u2}=D_{12}\oplus Z_{1} . After validation check ofD_{11}=\text {h}({\textit{TID}}_{i}\vert \vert Z_{1}\vert \vert r_{u2}\vert \vert T_{6}) , FGWN computesD_{11} ,D_{13}=\text {h}({\textit{TID}}_{i}\vert \vert Z_{1}\vert \vert r_{fg}\vert \vert x_{j}\vert \vert T_{7}\vert \vert r_{u2}) andD_{14}=r_{fg}\oplus x_{j} . It sendsD_{15}=\text {h}(x_{j}) \oplus Z_{1} , D12, D13, D14,D15,T7} to the target sensor,M_{6}= \{{\textit{TID}}_{i} .S_{j} Step 5:
On receipt of
from FGWN,M_{5} also checksS_{j} where\vert T_{8} - T_{7}\vert \le \Delta T is receiving timestamp. Then,T_{8} also obtainsS_{j} ,r_{fg} = D_{14}\oplus x_{j} andZ_{1} =\text {h}(x_{j})\oplus D_{15} . Thereby, the target sensor can confirm the validity of the received message,r_{u2}= D_{12}\oplus Z_{1} .D_{13}= \text {h}({\textit{TID}}_{i}\vert \vert Z_{1}\vert \vert r_{fg} \vert \vert x_{j}\,\,\vert \vert T_{7}\vert \vert r_{u2}) Step 6:
After validation check of
,D_{13} computesS_{j} whereD_{16}=\text {h}({\textit{TID}}_{i}\vert \vert r_{s2}\vert \vert W_{1}\vert \vert T_{8}) is generated byr_{s2} ,S_{j} ,W_{1}=\text {h}({\textit{SID}}_{j}\vert \vert x_{j}) andD_{17}=r_{s2}\oplus W_{1} . Thereby, it also sendsD_{18}=Z_{1}\oplus W_{1} ,D16,D17,D18,T8}, back to FGWN.M_{7}=\{{\textit{TID}}_{i} is added according to the proposal of Wu et al. [21].D_{17} Step 7:
On receipt of
from the target sensor, FGWN checks ifM_{7} where\vert T_{9} - T_{8}\vert \le \Delta T is current timestamp. FGWN obtainsT_{9} ,W_{1}=\text {h}({\textit{SID}}_{j}\vert \vert x_{j}) andr_{s2}=D_{17}\oplus W_{1} . Then it sendsD_{19}=r_{s2}\oplus r_{fg} ,D16,D18,D19,T8,T9} back toM_{8}=\{{\textit{TID}}_{i} .U_{i} Step 8:
Upon receiving
from FGWN,M_{8} checks ifU_{i} where\vert T_{10} - T_{9}\vert \le \Delta T is receiving timestamp. ThenT_{10} can obtainU_{i} ,W_{1}=D_{18}\oplus Z_{1} andr_{s2}=D_{17}\oplus W_{1} . Thereby, it can check the validity of received message,r_{fg}=D_{19}\oplus r_{s2} . Finally,D_{16}= \text {h}({\textit{TID}}_{i}\vert \vert r_{s2}\vert \vert W_{1}\vert \vert T_{8}) and FGWN share the session key,U_{i}, {S}_{j} {\textit{SK}}=\text {h}({\textit{TID}}_{i}\vert \vert ) securely.SID_{j}\vert \vert r_{u2}\vert \vert r_{s2}\vert \vert r_{fg}
Now, we describe the capacities of an adversary in this model.
Physical access: According to previous research, the adversary can access data in smart card by side-channel attacks [33].
Channel access: Based on above description of the study of Amin and Biswas, we can find the adversary only can gain information transferred in the open channel.
Sensor security: The adversary can compromise sensor nodes and gets its secret data.
Insider attacks: the malicious user in this authentication system can easily obtain private data in registration phase, such as plaintext of password and ID.
Next, we explain how the node captured attack compromises the complete authentication and key agreement protocol in [15].
B. The Security Problem in a Node Captured Attack
In this paper, we find node captured attack can comprise the proposed study of Amin and Biswas. The attack procedure is composed of two attack process. Next we explain them in the following paragraphs.
1) Capturing Target Sensor and Channel Monitoring
In this attack process, the attacker usually should select possible target user, GWN and the target sensor node in advance and then initiates node captured attack. Then, the attacker tries to get the internal security information in this target sensor node, which includes authentication data (
2) Corresponding Information Check
After the first attack process, the attacker obtains secret authentication information inside target sensor and collect possible authentication data among the user, GWN and the target sensor node for a given period. Then the attacker has all possible (
After comprising a target sensor node, the hacker can make use of secret information and computation inside the captured sensor node. The hacker firstly can gain
from retrieved authentication messages between HGWN and the target sensor. With those messages, he can computer_{hg} = D_{4} \oplus x_{j} (r_{u}=D_{5} \oplus \text{h} ) and then also get the masked ID,r_{hg} (DID_{i} = D_{6} \oplus \text{h} ).ID_{hg}\vert \vert r_{hg} Then the hacker builds the set,
,S_{M1}= (M_{1\_{}1} ,M_{1\_{}2} ), whereM_{1\_{}3}, \ldots, M_{1\_{}i} which is sent from the userM_{1\_{}i}{\it =(ID}_{hg\_{}t}{\it, TID}_{i\_{}t}{\it, SID}_{j\_{}t}{\it, D}_{1\_{}t},\,\,{D}_{2\_{}t}{\it, T}_{1\_{}i}) to HGWN.U_{i} In order to find the corresponding
, the hacker selects oneM_{1} inM_{1} and computesS_{M1} . Then he also obtainsD_{0}=D_{2}\oplus r_{u} .D_{1}= \text {h}({\textit{ID}}_{hg}\vert \vert D_{0}\vert \vert r_{u}\vert \vert T_{1}) Then, the attacker tries to check if the computed
matchesD_{1} in his selectedD_{1} . If yes, the hacker can know ID pair (M_{1} ) in HGWN.TID_{i}, {DID}_{i}
Based on above attacker procedure, the attacker can impersonate legitimate user and then products a new
The Authentication Information Exchange Scheme
Our proposed scheme is the first research in the user authentications of WSN to propose authentication information exchange scheme among WSN and sensors. The goal of this scheme is to ensure the attackers cannot comprise WSN even they capture the sensor nodes. Next, we first describe internal joint defence mechanism between the sensors and GWN, with which the reader can verify the sensors are still available and reliable. Then we explain this scheme in detail.
A. Internal Joint Defence Mechanism
In this mechanism, the sensor and GWN should communicate with each other periodically. In order to track the health of one sensor node, the mechanism in this paper gives it one of three statuses, normal, possibly compromised and compromised. Then, we explain the definition of three statuses as follows.
“Normal(N)”: At this status, the sensor node can respond its state to local GWN normally. Hence, if GWN can receive the response from the sensor node periodically, GWN thinks this sensor node still works well and records its status as “Normal” in the sensor status database.
“Possible Comprised (PC)”: At this state, the sensor node responds its state to GWN beyond one communication period. And GWN immediately set this sensor node’s status as “Possible Comprised”.
“Comprised(C)”: In our internal joint defence mechanism, GWN contacts with all sensor nodes in its sensed range periodically and receives responses from the sensor nodes. If GWN cannot receive state message from the sensor nodes over consecutive three communication rounds, GWN records this status of this sensor node as “Comprised”.
According to the status of the sensor node, GWN can tell if it is trustable or not. If it finds the sensor node is possibly comprised or captured, it intends to launch the protection mechanism to prevent WSN from further attack.
Basically, at state “PC”, the attacker is possibly capturing the sensor node and then try to get internal secret authentication data. If the attacker put it back in a short while, HGWN may consider this sensor still alive. In order to avoid the occurrence of this attack event, to reduce status check communication interval (
HGWN receives a new authentication request from a user.
During the time duration between two continuous receiving authentication requests, the status of the target sensor node has even been “PC”.
Based on above two conditions, our scheme can avoid that GWN may carelessly ignore the event that the attacker has even stolen the sensor node. Because the status of sensor node changes frequently, GWN cannot tell whether the sensor node is even comprised or not by just depend on tracking the current statuses of sensor nodes. Hence, this HP scheme can avoid this phenomenon in our scheme. Fig. 2 shows cooperation between Joint defence mechanism and authentication information exchange scheme. First, the user sends an authentication request to HGWN and HGWN checks if this sensor node is in its range. If yes, HGWN checks the status log history to observe if the status of this sensor node has been “PC”. If yes, HGWN starts authentication information exchange scheme. After above process, HGWN performs the following authentication and key agreement protocol. Next subsection describes our proposed scheme.
Cooperation between Joint defence mechanism and authentication information exchange scheme.
B. Authentication Information Exchange Scheme
In our proposed scheme, HGWN should store secret authentication information data sets of all sensor nodes in its database. There are three steps in this scheme.
In “System setup” phase, GWN stores
secret authentication information into its secret authentication database in which it includes those of all local sensor nodes and unused ones. This secret authentication database is so-called secret authentication information pool. (SID, x) denotes one data in secret authentication information pool.N_{s} On receipt of the requirement of accessing sensor node from the user, GWN sends a new secret authentication information, which is selected from the secret authentication information pool, to a given sensor node. Basically, in order to follow up the track of sensor node’s secret authentication data, GWN stores two secret authentication data, new and old ones, into its used secret authentication database for each sensor node as shown in Fig. 3. Only those unused secret authentication data in secret authentication information pool can be assigned. Here are two selection methods explained as follows.
Random selection: Like literally, GWN selects one authentication data randomly from the secret authentication information pool.
Sequential selection: By this selection method, GWN picks up one data in the secret authentication information pool sequentially. However, it is obvious that the attacker can predict the order of the assignment of secret authentication data for a given sensor node if he/she observes this assignment process for a sufficient time. In our scheme, we do not adopt this method.
On receipt of the new secret authentication information, the sensor node firstly uses its authentication information inside to check the correction of new receiving message. Then, the user abandons old secret authentication information if this check is correct. In the following authentication, the sensor node makes use of new authentication data.
The operation of the assignment and recycling of the secret authentication data sets.
As described above, the attacker cannot use secret information in the sensor node to crack WSN because our scheme makes the sensor node use new one in the following authentication and key agreement protocol.
Next, we describe our authentication information exchange scheme in details as follows. As our above description, our scheme is the additional part of an authentication and key agreement protocol and this part only relates with the authentication communication between HGWN and the sensor nodes. Other authentication processes follow the previous scheme [15]. Hence, we also just explain the authentication process between HGWN and the sensor. In [15], there are two cases, one is User-HGWN-Target sensor (UHT case) and the other one is User-FGWN-Target sensor (UFT case). However, our scheme just occurs in local sensed area of a GWN. Hence, for our scheme, our scheme performs similar for UHT and UFT cases. Next, we explain the process of our scheme as follows.
Step 1:
First, GWN receives the authentication message,
,TIDi,SIDj,D1,D2,T1), from the user. HGWN checksM_{1}=({\textit{ID}}_{hg} . Next, HGWN gets\vert T_{2} - T_{1}\vert \le \Delta T from the database according toDID_{i} . Then, it should computeTID_{i} D_{0}=\text {h}({\textit{DID}}_{i}\vert \vert ) andTID_{i}\vert \vert x_{hg} and do the check of validity ofr_{u}=D_{2} \oplus D_{0} ,D_{1} . If checking result is not successful, GWN terminates this session.D_{1}=\text {h}({\textit{ID}}_{hg}\vert \vert D_{0}\vert \vert r_{u}\vert \vert T_{1}) Step2:
After passing message validity check, in the previous research [15], HGWN immediately computes
,D_{3} and sends the messages {D_{4} ,D4,D5,D6,T2} to the target sensor,D_{3} . However, in our authentication information exchange scheme, if HP scheme starts up, HGWN first selects one new set of authentication secret information, (SIDS_{j} ), in our authentication secret information pool and sends it to the target sensor node. This is the beginning step in our authentication information exchange scheme. In order to help the target sensor node verify the validity of this message, HGWN computes_{j\_{}w}, {x}_{j\_{}w} ,u_{1}=({\textit{SID}}_{j\_{}w}\vert \vert x_{hg}\vert \vert T_{c}) andE_{1}=u_{1} \oplus x_{j} , whereE_{2}=x_{j} \oplus x_{hg} is old authentication secret information stored in target sensor node. Then, HGWN also computesx_{j} D_{c}=\text {h}(E_{1}\vert \vert u_{1})\oplus and sendsSID_{j\_{}w} to the target sensor node via the secure channel.M_{E}=\{E_{1}{\it, E}_{2}{\it, D}_{c}{\it,T}_{c}\} Step3:
The target sensor node receives this new authentication message and it verifies the legitimacy of timestamp difference,
where\vert T_{3} - T_{c}\vert \le \Delta T is current timestamp. If this timestamp verification is correct, it continues the following authentication scheme.T_{3} Step 4:
The target sensor node computes
whereu_{1}=E_{1} \oplus x_{j} is old authentication secret information. Then, the target sensor node computesx_{j} (SID_{j\_{}w}=D_{c} \oplus \text{h} ) andE_{1}\vert \vert u_{1} .Then, it can accordingly getx_{hg} = E_{2} \oplus x_{j} . So far, the sensor node and HGWN have completed the authentication information exchange scheme together. The target sensor abandons old secret information, (x_{j\_{}w}=\text {h}({\textit{SID}}_{j\_{}w}\vert \vert x_{hg}) ) and HGWN restores this secret data into its authentication secret information pool.SID_{j}, {x}_{j} Step 5:
In order to help HGWN verify that this authentication information exchange is successful at sensor node side, the target sensor node generates the confirmation message and sends it to HGWN. This confirmation message contains
)E_{3}=\text {h}(T_{c}\vert \vert x_{j\_{}w}\vert \vert x_{hg} and\oplus SID_{j\_{}w} ). Finally, it sendsE_{4}= \text {h}(E_{3}\vert \vert SID_{j}\vert \vert SID_{j\_{}w} ,M_{EG}=\{E_{3} , andE_{4} } to the HGWN.T_{cr} Step 6:
Next, HGWN receives confirmation message and checks if
-T\vert T_{4} where_{cr}\vert \le \Delta T is current timestamp. HGWN computesT_{4} (SID_{j\_{}w}=E_{3} \oplus \text{h} ) with the use of its internal secret information (T_{c}\vert \vert x_{j\_{}w}\vert \vert x_{hg} ,x_{j\_{}w} ). Then HGWN use computedx_{hg} to find old sensor ID,SID_{j\_{}w} , in its database. Then GWN computesSID_{j} ) with computedE_{4}=\text {h}(E_{3}\vert \vert SID_{j}\vert \vert SID_{j\_{}w} . Then GWN compares computedSID_{j\_{}w} with receivedE_{4} If they are the same, HGWN verifies that the user has completed secret authentication information exchange. After confirmation, the whole process of our authentication information exchange scheme has finished. HGWN can continue the normal user authentication process.E_{4.}
Through above secret authentication information exchange, WSN can provide all sensor nodes more secure protection. In Fig. 3, it shows the operation of the assignment and recycling of one secret authentication data set. It shows that HGWN selects one data set and sends it to the target node and restored old one to the secret authentication pool. In the next subsection, we give a performance discussion on our proposed authentication information exchange scheme and propose some improvements over our scheme.
C. Performance Discussion
Based on described above, we know the detail operations of our authentication information exchange scheme but some performance issues are needed to analyse and discuss. This section also gives improvements over our scheme. Firstly we analyse the impact of performance of communication period for our joint defence mechanism. Second, we discuss heuristic protection (HP) mechanism.
We now investigate the impact of communication period for internal joint defence mechanism. This study has been discussed in [32] previously and some are improper. Now we renew and correct that discussion. Before beginning to discuss this topic, we define the parameters used in this section.
TCi: The
Next we give three cases to describe the circumstances when the attacker tries to launch a node captured attack under different relationships among three parameters
Case 1 (
):2T_{co} >T_{at}> T_{co} In this case, the attacker can launch a node captured attack and complete it in
duration. Hence, during this attack process, GWN sets the state of a given sensor node as “PC” and then “N” at1\sim 2~T_{co} andTC_{i} , respectively. If an authentication requirement for this sensor node comes from the user afterTC_{i+1} , GWN initiates our proposed authentication information exchange scheme firstly before performing user authentication and key agreement protocol.TC_{i+1} Case 2 (
):T_{at}> 2T_{co} The attack launches the node captured attack and finishes this attack beyond two communication rounds. In this case, GWN consider this sensor node is comprised and set its status as “P” after 2
. Naturally, GWN must execute our proposed authentication information exchange scheme once it receives an authentication requirement from the user.TC_{i+2} Case 3 (
):T_{co} >T_{at} This case also means the worst case because GWN cannot be aware of the attacker having capturing the sensor node and stealing the secret information inside the sensor successfully. After this attack, the malicious user can impersonate legitimate user to access private sensed data.
In summary, we can find the shorter
We first give some definitions.
We can have the equation as follows.\begin{equation*} T_{g}=T_{s}\cdot \frac {P_{total}}{P_{co}}\tag{1}\end{equation*}
At the beginning,
Dynamic Rule: If the status of the sensor node is still “N” after two continuous
Hence, DCF can set
Evaluation Plan
In this section, we evaluate our scheme with the use of three ways, security evaluation, BAN Logic validation and computation evaluation of our scheme. Through above three evaluation methods, we can verify the security of our sensor secret authentication information exchange scheme in a rigorous analysis way.
A. Security Evaluation
In this subsection, we verify that our scheme can avoid the damage caused by sensor node captured attack. We firstly describe the process of sensor node captured attack. First, the attacker listens to the communication channels and the attacker captures the target sensor node. Then, via the power analysis, the attacker can obtain the secret authentication information of the target sensor node,(
Mutual authentication: in our scheme, the GWN transmits new secret authentication information to the sensor node via secure channel. Then the sensor node returns authentication information to the GWN. GWN should use new and old security information of the target sensor in its authentication pool to verify the messages sent from the sensor node. Hence, even if the attacker has captured the sensor node before, the attacker cannot gain any information from fetching {
Anonymity: Because our scheme does not disclose any information about the target and the user ID, the attacker cannot determine who authenticates with the which target sensor. Hence our scheme still ensures the whole authentication privacy in an authentication and key agreement protocol.
Sensor impersonate attack: The attacker cannot impersonate a sensor node because he/she is not able to get new secret authentication information. All that the attacker can get is {
Replay attacks: In our proposed algorithm, at each time receiving authentication messages, the sensor nodes and GWN, check if the timestamp carried by messages is within validate time limit. This can efficiently avoid that the adversary sends the same user authentication message constantly in order to impersonate a validate user. Furthermore, we conceal all critical messages, which can block the malicious faked attacks and impersonation attacks.
Next, we prove the result of BAN logic validation of Amin and Biswas’s scheme with our authentication information exchange scheme still holds as in [15].
B. BAN Logic Validation
BAN logic validation [29] is usually used to verify that a user authentication and key agreement algorithm [30], [31] is valid and secure. The authors in [15] has proved their algorithm secure based on BAN logic validation. Hence, in this subsection, we just need to prove our scheme does not affect the validation result of authentication algorithm in [15]. Basically, our scheme does not use any parts of Session key, (
Goal:
We need to introduce some statements [24] in BAN logic validation and these statements are important in the following security analysis.
#(X): X is a fresh message.
We explain some postulates in BAN logic as follows.
Message-meaning rule:
\frac {P\vert \equiv P\mathop{\Longleftrightarrow}\limits^{K} Q,P < \langle X\rangle _{K}}{P\left |{ \equiv Q }\right |\sim X} If P trusts that its private key, K, is shared with Q and also receives X message, P trust Q has said X.
Fresh-conjuncatenation rule :
\frac {P\vert \equiv \# (X)}{P\vert \equiv \# (X,Y)} If P trusts X is a new message, P trusts (X,Y) are fresh formula.
Brief rule:
\frac {P\vert \equiv X,P\vert \equiv Y}{P\vert \equiv (X,Y)} If P trusts X and Y, P trusts the formula (X, Y).
Nonce-verification rule:
\frac {P\vert \equiv \# \left ({X }\right),P\vert \equiv Q\vert \sim X}{P\vert \equiv Q\vert \equiv X} If P trusts X is a new message and Q has said X, P trusts that Q trusts X.
Jurisdiction rule:
\frac {P\vert \equiv Q\mathrel {\mathop {\kern 0pt\Longrightarrow }\limits _{\mathbf {}}} X,P\vert \equiv Q\vert \equiv X}{P\vert \equiv X} If P trusts Q has access right on X and P trusts Q, P trusts X.
Session key rule:
\frac {P\vert \equiv \# \left ({X }\right),P\vert \equiv Q\vert \equiv X}{P\vert \equiv P\stackrel { K } \longleftrightarrow Q}
If P trusts that X is a new message and that Q trusts X, P trusts that P communicates with Q with key, K.
We now have some assumptions as follows:
\mathrm {HGWN\vert \equiv \# (}x_{j}) \mathrm {HGWN}\vert \equiv \mathrm {HGWN}\stackrel {SID_{j} } \longleftrightarrow S_{j} S_{j}\vert \equiv S_{j}\stackrel {SID_{j} } \longleftrightarrow \mathrm {HGWN} \mathrm {HGWN}\left |{ \equiv S_{j} }\right |\Longrightarrow x_{j}
Then, we give our main proofs as follows:\begin{equation*} S_{j}\to HGWN: E_{3}:\langle x_{j}\rangle _{SID_{j}}, E_{4}, T_{cr}\end{equation*}
\mathrm {HGWN < }E_{3}:\langle x_{j}\rangle _{SID_{j}}, E_{4}, T_{cr} According to A2, A3, S1, and message meaning rule, we get
\mathrm {HGWN}\left |{ \equiv S_{j} }\right |\sim x_{j} According to A1, S2, and freshness conjuncatenation rule, we get
\mathrm {HGWN}\left |{ \equiv S_{j} }\right |\equiv x_{j} According to S3, A1, session key rule, we get
(Our goal)\mathrm {HGWN\vert \equiv HGWN}\stackrel { x_{j} } \longleftrightarrow S_{j} Based on above validation, we can prove that our scheme does not affect original validation result in previous research and our scheme can help the original research avoid sensor node captured attack meanwhile.
C. Performance Evaluation
In this paper, we evaluate the performance of our secret authentication information exchange scheme. We evaluate the computation load of hash function in our scheme. Because XOR computation load is low, as previous researches, we just ignore it. Because our scheme is an additional scheme in a user authentication and key agreement algorithm in WSN, there is no other similar schemes. We just list our computation load as the following table 1. We can observe that it just needs 2 Th for sensor node and HGWN. We believe the sensor node has more computation capacity in the future and this scheme is feasible in WSN.
Conclusion
In this paper, we revisit the previous research and study the possible risk arising from sensor node captured attack. We find the recent user authentication and key agreement algorithms are easily vulnerable to sensor node captured attack because of the advance on power analysis technology. Hence, just developing another one new user authentication and key agreement algorithm seems not enough to prevent this attack from occurring in the future IoT environment. We propose an authentication information exchange algorithm to aid the recent user authentication algorithms in WSN to resist sensor node captured attack. We also discuss the performance and design an enhanced mechanism to improve our scheme. This paper proposes a secret authentication information exchange scheme but not propose a completely new user authentication algorithm in WSN. We also provide detail security evaluation to explain our scheme is secure. Furthermore, we also explain our scheme does not affect the validation result of original authentication and key agreement protocol verified by BAN logic. Finally, we also provide a performance evaluation to show our scheme just adds a few computation load to the whole authentication and key agreement protocol in WSN.
In the future, we will try to find a more practical implementation for transferring the new security authentication information to the sensor. We regard it as an open study to resolve. However, our scheme still provides a worthy way to design an enhancing scheme to improve the original authentication and key agreement protocol.