WSN-SLAP: Secure and Lightweight Mutual Authentication Protocol for Wireless Sensor Networks

Wireless sensor networks (WSN) are widely used to provide users with convenient services such as health-care, and smart home. To provide convenient services, sensor nodes in WSN environments collect and send the sensing data to the gateway. However, it can suffer from serious security issues because susceptible messages are exchanged through an insecure channel. Therefore, secure authentication protocols are necessary to prevent security flaws in WSN. In 2020, Moghadam et al. suggested an efficient authentication and key agreement scheme in WSN. Unfortunately, we discover that Moghadam et al.’s scheme cannot prevent insider and session-specific random number leakage attacks. We also prove that Moghadam et al.’s scheme does not ensure perfect forward secrecy. To prevent security vulnerabilities of Moghadam et al.’s scheme, we propose a secure and lightweight mutual authentication protocol for WSNs (WSN-SLAP). WSN-SLAP has the resistance from various security drawbacks, and provides perfect forward secrecy and mutual authentication. We prove the security of WSN-SLAP by using Burrows-Abadi-Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. In addition, we evaluate the performance of WSN-SLAP compared with existing related protocols. We demonstrate that WSN-SLAP is more secure and suitable than previous protocols for WSN environments.

[1]  Mohammad Alishahi,et al.  An Efficient Authentication and Key Agreement Scheme Based on ECDH for Wireless Sensor Network , 2020, IEEE Access.

[2]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[3]  Ashok Kumar Das,et al.  IoV-SMAP: Secure and Efficient Message Authentication Protocol for IoV in Smart City Environment , 2020, IEEE Access.

[4]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[5]  Moonseong Kim,et al.  A Provably-Secure ECC-Based Authentication Scheme for Wireless Sensor Networks , 2014, Sensors.

[6]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[7]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[8]  Giancarlo Fortino,et al.  Topology optimization against cascading failures on wireless sensor networks using a memetic algorithm , 2020, Comput. Networks.

[9]  YoungHo Park,et al.  SLUA-WSN: Secure and Lightweight Three-Factor-Based User Authentication Protocol for Wireless Sensor Networks , 2020, Sensors.

[10]  Muhammad Khurram Khan,et al.  Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’ , 2010, Sensors.

[11]  Cheng-Chi Lee,et al.  Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices , 2013, IET Comput. Digit. Tech..

[12]  Jian Shen,et al.  An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks , 2016, J. Netw. Comput. Appl..

[13]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[14]  YoungHo Park,et al.  Secure Authentication Protocol for Wireless Sensor Networks in Vehicular Communications , 2018, Sensors.

[15]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[16]  Xiong Li,et al.  A new and secure authentication scheme for wireless sensor networks with formal proof , 2017, Peer-to-Peer Netw. Appl..

[17]  Ashok Kumar Das,et al.  Certificateless-Signcryption-Based Three-Factor User Access Control Scheme for IoT Environment , 2020, IEEE Internet of Things Journal.

[18]  Donghoon Lee,et al.  Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2014, Sensors.

[19]  Young-Ho Park,et al.  A Secure and Efficient Three-Factor Authentication Protocol in Global Mobility Networks , 2020, Applied Sciences.

[20]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[21]  Rahim Tafazolli,et al.  RSS: An Energy-Efficient Approach for Securing IoT Service Protocols Against the DoS Attack , 2020, IEEE Internet of Things Journal.

[22]  Joel J. P. C. Rodrigues,et al.  AKM-IoV: Authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment , 2019, IEEE Internet of Things Journal.

[23]  Xiong Li,et al.  A privacy-preserving and provable user authentication scheme for wireless sensor networks based on Internet of Things security , 2017, J. Ambient Intell. Humaniz. Comput..

[24]  Ashok Kumar Das,et al.  On the Design of Secure and Efficient Three-Factor Authentication Protocol Using Honey List for Wireless Sensor Networks , 2020, IEEE Access.

[25]  YoHan Park,et al.  Secure Three-Factor Authentication Protocol for Multi-Gateway IoT Environments , 2019, Sensors.

[26]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[27]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[28]  Wuu Yang,et al.  An Improved Dynamic User Authentication Scheme for Wireless Sensor Networks , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[29]  Giancarlo Fortino,et al.  Environment-fusion multipath routing protocol for wireless sensor networks , 2020, Inf. Fusion.

[30]  Chun Chen,et al.  An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks , 2010, Ad Hoc Sens. Wirel. Networks.

[31]  Ashok Kumar Das,et al.  LAKS-NVT: Provably Secure and Lightweight Authentication and Key Agreement Scheme Without Verification Table in Medical Internet of Things , 2020, IEEE Access.

[32]  Giancarlo Fortino,et al.  WSNs-assisted opportunistic network for low-latency message forwarding in sparse settings , 2019, Future Gener. Comput. Syst..

[33]  Mohammad Shojafar,et al.  A secure biometric-based authentication protocol for global mobility networks in smart cities , 2020, The Journal of Supercomputing.

[34]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[35]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[36]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.