nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

01.01.2016

A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks

verfasst von: Ashok Kumar Das

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 1/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

User authentication is one of the most important security services required for the resource-constrained wireless sensor networks (WSNs). In user authentication, for critical applications of WSNs, a legitimate user is allowed to query and collect the real-time data at any time from a sensor node of the network as and when he/she demands for it. In order to get the real-time information from the nodes, the user needs to be first authenticated by the nodes as well as the gateway node (GWN) of WSN so that illegal access to nodes do not happen in the network. Recently, Jiang et al. proposed an efficient two-factor user authentication scheme with unlinkability property in WSNs Jiang (2014). In this paper, we analyze Jiang et al.’s scheme. Unfortunately, we point out that Jiang et al.’s scheme has still several drawbacks such as (1) it fails to protect privileged insider attack, (2) inefficient registration phase for the sensor nodes, (3) it fails to provide proper authentication in login and authentication phase, (4) it fails to update properly the new changed password of a user in the password update phase, (5) it lacks of supporting dynamic sensor node addition after initial deployment of nodes in the network, and (6) it lacks the formal security verification. In order to withstand these pitfalls found in Jiang et al.’s scheme, we aim to propose a three-factor user authentication scheme for WSNs. Our scheme preserves the original merits of Jiang et al.’s scheme. Our scheme is efficient as compared to Jiang et al.’s scheme and other schemes. Furthermore, our scheme provides better security features and higher security level than other schemes. In addition, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. The simulation results clearly demonstrate that our scheme is also secure.

Vorheriger Artikel An IP-TV P2P streaming system that improves the viewing quality and confines the startup delay of regular audience

Nächster Artikel Chance-constraint optimization of power control in cognitive radio networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Armando A (2005) The AVISPA tool for the automated validation of internet security protocols and applications. In: 17th International conference on computer aided verification (CAV’05). (Lecture Notes in Computer Science), vol 3576. Springer, Berlin, pp 281–285

AVISPA Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed on January 2013.

AVISPA AVISPA web tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed on July 2014

Basin D, Modersheim S, Vigano L (2005) OFMC: A symbolic model checker for security protocols. Int J Inf Secur 4(3):181–208CrossRef

Burnett A, Byrne F, Dowling T, Duffy A (2007) A Biometric Identity Based Signature Scheme. Int J Inf Secur 5(3):317–326

Chen TH, Shih WK (2010) A robust mutual authentication protocol for wireless sensor networks. ETRI J 32(5):704–712CrossRef

Chuang YH, Tseng YM (2010) An efficient dynamic group key agreement protocol for imbalanced wireless networks. Int J Netw Manag 20(4):167–180

Das AK (2011) Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf Secur 5(3):145–151CrossRef

Das AK, Chatterjee S, Sing JK (2014) Formal security analysis and verification of a password-based user authentication scheme for hierarchical wireless sensor networks. Int J Trust Manag Comput Commun (Inderscience) 2(1):78–102CrossRef

10.

Das AK, Goswami A (2013) A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J Med Syst 37(3):1–16CrossRef

11.

Das AK, Paul NR, Tripathy L (2012) Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf Sci 209(C):80–92MATHMathSciNetCrossRef

12.

Das AK, Sharma P, Chatterjee S, Sing JK (2012) A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. J Netw Comput Appl 35(5):1646–1656CrossRef

13.

Das ML (2009) Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun 8(3):1086–1090CrossRef

14.

Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654MATHMathSciNetCrossRef

15.

Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Proceedings of the advances in cryptology (Eurocrypt’04), LNCS vol 3027. pp 523–540

16.

Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MATHMathSciNetCrossRef

17.

Fan R, Ping LD, Fu JQ, Pan XZ (2010) A secure and efficient user authentication protocol for two-tieres wireless sensor networks. In: 2nd pacific-asia conference on circuits, communications and system (PACCS 2010). pp 425–428

18.

He D, Gao Y, Chan S, Chen C, Bu J (2010) An enhanced two-factor user authentication scheme in wireless sensor networks. Ad hoc & sensor wireless networks 10(4)

19.

He D, Kumar N, Lee JH, Sherratt RS (2014) Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans Consum Electron 60(1):30–37CrossRef

20.

Huang HF, Chang YF, Liu CH (2010) Enhancement of two-factor user authentication in wireless sensor networks. In: 6th international conference on intelligent information hiding and multimedia signal processing. pp 27–30

21.

Jiang Q, Ma J, Lu X, Tian Y (2014) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks

22.

Khan MK, Alghathbar K (2010) Cryptanalysis and security improvements of two-factor user authentication in wireless sensor networks. Sensors 10(3):2450–2459CrossRef

23.

Khan MK, Zhang J, Wang X (2008) Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons Fractals 35(3):519–524CrossRef

24.

Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Proceedings of advances in cryptology - CRYPTO’99, LNCS, vol. 1666. pp 388–397

25.

Li CT, Hwang MS (2010) An efficient biometric-based remote authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5CrossRef

26.

Li X, Niu JW, Ma J, Wang WD, Liu CL (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 34(1):73–79MATHCrossRef

27.

Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552MathSciNetCrossRef

28.

Nyang D, Lee MK (2009) Improvement of Das’s two-factor authentication. protocol in wireless sensor networks. http://eprint.iacr.org/2009. Report 2009/631

29.

Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inf Sci 269(C):270–285MathSciNetCrossRef

30.

von Oheimb D (2005) The high-level protocol specification language hlpsl developed in the eu project avispa. In: Proceedings of APPSEM 2005 workshop

31.

Rivest R, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126MATHMathSciNetCrossRef

32.

Sarkar P (2010) A simple and generic construction of authenticated encryption with associated data. ACM Trans Inf Syst Secur 13(4):33CrossRef

33.

Secure Hash Standard FIPS PUB 180-1, National institute of standards and technology (nist), u.s. department of commerce, April 1995

34.

Stinson DR (2006) Some observations on the theory of cryptographic hash functions. Des Codes Crypt 38(2):259–277MATHMathSciNetCrossRef

35.

Sun DZ, Li JX, Feng ZY, Cao ZF, Xu GQ (2013) On the security and improvement of a two-factor user authentication scheme in wireless sensor networks. Pers Ubiquit Comput 17(5):895–905CrossRef

36.

Tan Z (2014) A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J Med Syst 38(3):1–9CrossRef

37.

Vaidya B, Makrakis D, Mouftah HT (2010) Improved two-factor user authentication in wireless sensor networks. In: 2nd international workshop on network assurance and security services in ubiquitous environments. pp 600–606

38.

Watro R, Kong D, Cuti S, Gardiner C, Lynn C, Kruus P (2004) TinyPK: Securing sensor networks with public key technology. In: Proceedings of the 2nd ACM workshop on security of ad hoc and sensor networks, SASN 2004. USA, Washington, DC, pp 59–64

39.

Wong K, Zheng Y, Cao J, Wang S (2006) A dynamic user authentication scheme for wireless sensor networks. In: Proceedings of IEEE international conference sensor networks, ubiquitous, trustworthy computing, IEEE Computer Society, pp 244–251

40.

Xue K, Ma C, Hong P, Ding R (2013) A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl 36(1):316–323CrossRef

41.

Yoo SG, Park KY, Kim J (2012) A security-performance-balanced user authentication scheme for wireless sensor networks. In: International journal of distributed sensor networks 2012 (2012). Article ID 382810, 11 pages. doi:10.1155/2012/382810

42.

Yuan J, Jiang C, Jiang Z (2010) A biometric-based user authentication for wireless sensor networks. Wuhan Univ J Nat Sci 15(3):272–276CrossRef

Titel: A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks
verfasst von: Ashok Kumar Das
Publikationsdatum: 01.01.2016
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 1/2016
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-014-0324-9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2016

An IP-TV P2P streaming system that improves the viewing quality and confines the startup delay of regular audience

A lightweight privacy preserving authenticated key agreement protocol for SIP-based VoIP

Security analysis and enhancements of an improved authentication for session initiation protocol with provable security

Characterizing peers communities and dynamics in a P2P live streaming system

Chance-constraint optimization of power control in cognitive radio networks

Tree-based data retrieval algorithm for multi-item request with deadline in wireless networks