Fuzzy Extractor and Elliptic Curve Based Efficient User Authentication Protocol for Wireless Sensor Networks and Internet of Things

To improve the quality of service and reduce the possibility of security attacks, a secure and efficient user authentication mechanism is required for Wireless Sensor Networks (WSNs) and the Internet of Things (IoT). Session key establishment between the sensor node and the user is also required for secure communication. In this paper, we perform the security analysis of A.K.Das’s user authentication scheme (given in 2015), Choi et al.’s scheme (given in 2016), and Park et al.’s scheme (given in 2016). The security analysis shows that their schemes are vulnerable to various attacks like user impersonation attack, sensor node impersonation attack and attacks based on legitimate users. Based on the cryptanalysis of these existing protocols, we propose a secure and efficient authenticated session key establishment protocol which ensures various security features and overcomes the drawbacks of existing protocols. The formal and informal security analysis indicates that the proposed protocol withstands the various security vulnerabilities involved in WSNs. The automated validation using AVISPA and Scyther tool ensures the absence of security attacks in our scheme. The logical verification using the Burrows-Abadi-Needham (BAN) logic confirms the correctness of the proposed protocol. Finally, the comparative analysis based on computational overhead and security features of other existing protocol indicate that the proposed user authentication system is secure and efficient. In future, we intend to implement the proposed protocol in real-world applications of WSNs and IoT.

[1]  Mznah Al-Rodhaan,et al.  An Efficient Biometric Authentication Protocol for Wireless Sensor Networks , 2013, Int. J. Distributed Sens. Networks.

[2]  Muhammad Khurram Khan,et al.  A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System , 2017, Journal of Medical Systems.

[3]  Walid Saad,et al.  On the authentication of devices in the Internet of things , 2016, 2016 IEEE 17th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[4]  Ashok Kumar Das,et al.  A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor , 2017, Int. J. Commun. Syst..

[5]  Philip Levis,et al.  The nesC language: a holistic approach to networked embedded systems , 2003, SIGP.

[6]  Juho Kim,et al.  A Security-Performance-Balanced User Authentication Scheme for Wireless Sensor Networks , 2012, Int. J. Distributed Sens. Networks.

[7]  Tsern-Huei Lee,et al.  Simple Dynamic User Authentication Protocols for Wireless Sensor Networks , 2008, 2008 Second International Conference on Sensor Technologies and Applications (sensorcomm 2008).

[8]  Wuu Yang,et al.  An Improved Dynamic User Authentication Scheme for Wireless Sensor Networks , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[9]  Douglas R. Stinson,et al.  Some Observations on the Theory of Cryptographic Hash Functions , 2006, Des. Codes Cryptogr..

[10]  Cjf Cas Cremers Scyther : semantics and verification of security protocols , 2006 .

[11]  Peilin Hong,et al.  A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks , 2013, J. Netw. Comput. Appl..

[12]  Zinaida Benenson,et al.  Realizing Robust User Authentication in Sensor Networks , 2005 .

[13]  Dongho Won,et al.  Security Improvement on Biometric Based Authentication Scheme for Wireless Sensor Networks Using Fuzzy Extraction , 2016, Int. J. Distributed Sens. Networks.

[14]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[15]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..

[16]  Ian F. Akyildiz,et al.  Wireless sensor networks: a survey , 2002, Comput. Networks.

[17]  Junqiang Liu,et al.  Improvement of a Privacy Authentication Scheme Based on Cloud for Medical Environment , 2016, Journal of Medical Systems.

[18]  Chuan-Ming Liu,et al.  Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks , 2015, Sensors.

[19]  Jorge Sá Silva,et al.  Robust dynamic user authentication scheme for wireless sensor networks , 2009, Q2SWinet '09.

[20]  Kevin Ashton,et al.  That ‘Internet of Things’ Thing , 1999 .

[21]  Felix C. Freiling,et al.  User Authentication in Sensor Networks , 2004, GI Jahrestagung.

[22]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[23]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[24]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[25]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[26]  Lee-Chun Ko,et al.  A novel dynamic user authentication scheme for wireless sensor networks , 2008, 2008 IEEE International Symposium on Wireless Communication Systems.

[27]  Peter Kruus,et al.  TinyPK: securing sensor networks with public key technology , 2004, SASN '04.

[28]  YoHan Park,et al.  Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks , 2016, Sensors.

[29]  Zhe Liu,et al.  MoTE-ECC: Energy-Scalable Elliptic Curve Cryptography for Wireless Sensor Networks , 2014, ACNS.

[30]  Muhammad Khurram Khan,et al.  Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’ , 2010, Sensors.

[31]  Jongho Moon,et al.  Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks , 2017, Sensors.

[32]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[33]  Mojtaba Alizadeh,et al.  Authentication in mobile cloud computing: A survey , 2016, J. Netw. Comput. Appl..

[34]  Changjun Jiang,et al.  A biometric-based user authentication for wireless sensor networks , 2010, Wuhan University Journal of Natural Sciences.

[35]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[36]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[37]  Eun-Jun Yoon,et al.  Advanced Biometric-Based User Authentication Scheme for Wireless Sensor Networks , 2013 .

[38]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[39]  Sang Hyuk Son,et al.  The price of security in wireless sensor networks , 2010, Comput. Networks.