Cryptanalysis of ecc-based key agreement scheme for generic IoT network model

Enhancement in Wireless sensing technology had widened its application scope and deployment possibilities. Since 2004, Wireless Sensor Network(WSN) became one of the top interesting topics for the researchers due to its advantages and futuristic aspects. After the emergence of the Internet of Things(IoT), WSN became an integral part of IoT. IoT is the technology which aims to provide any service to anyone at any time with the improved quality of service. IoT invites many entities to communicate in its large scale application and allow entities to share collected information in either wired or wireless manner. After studying most of the literature, we found out that most communication in IoT scenario occurred over public channel rather than secured channels and this aspect approached many researchers to focus on the security part of IoT communication. Billions of devices/humans do the communication with each other as well as provide the critical data to each other on public channels so it becomes important for the communicating parties to validate each other as well as generate a communication secret for sharing a secret or critical information. Since 2009, many authors had focused on Remote User Authentication(RUA) for Wireless Sensor Network. In this paper, we have reviewed the RUA scheme provided by Chen et al. [1] and listed out some shortcoming of their scheme. Authors have made use of famous light weight and secured cryptographic approach called as Elliptic Curve Cryptography(ECC) for their protocol design but due to adversary capabilities, we have found their there scheme is not secured against node capturing attack and gateway node bypassing attack. We have also discussed the network model followed by authors in their paper which may help other researchers to study and apply in their RUA protocol design. This activity would help other protocol designers to improve their approaches in the field of RUA protocol designing for IoT environment.

[1]  Ralf Steinmetz,et al.  Wireless Sensor Networks and the Internet of Things: Selected Challenges , 2009 .

[2]  Parvez Faruki,et al.  Network Intrusion Detection for IoT Security Based on Learning Techniques , 2019, IEEE Communications Surveys & Tutorials.

[3]  Eui-nam Huh,et al.  Fog Computing and Smart Gateway Based Communication for Cloud of Things , 2014, 2014 International Conference on Future Internet of Things and Cloud.

[4]  Athanasios V. Vasilakos,et al.  On the design of secure user authenticated key management scheme for multigateway‐based wireless sensor networks using ECC , 2018, Int. J. Commun. Syst..

[5]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[6]  Raja Lavanya,et al.  Fog Computing and Its Role in the Internet of Things , 2019, Advances in Computer and Electrical Engineering.

[7]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[8]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[9]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[10]  George C. Hadjichristofi,et al.  Internet of Things: Security vulnerabilities and challenges , 2015, 2015 IEEE Symposium on Computers and Communication (ISCC).

[11]  1 Elliptic Curve Cryptography 3 . 1 Elliptic Curve Cryptography , 2014 .

[12]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[13]  Danilo De Donno,et al.  An IoT-Aware Architecture for Smart Healthcare Systems , 2015, IEEE Internet of Things Journal.

[14]  Lee-Chun Ko,et al.  A novel dynamic user authentication scheme for wireless sensor networks , 2008, 2008 IEEE International Symposium on Wireless Communication Systems.

[15]  Wang Shiuh-Jeng,et al.  Refereed paper: Smart card based secure password authentication scheme , 1996 .

[16]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[17]  Sherali Zeadally,et al.  Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks , 2017, IEEE Access.

[18]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[19]  Yuval Elovici,et al.  ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis , 2017, SAC.

[20]  V. Milutinovic,et al.  A survey of military applications of wireless sensor networks , 2012, 2012 Mediterranean Conference on Embedded Computing (MECO).

[21]  Jian Shen,et al.  An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks , 2016, J. Netw. Comput. Appl..

[22]  Nikesh Gondchawar,et al.  IOT BASED SMART AGRICULTURE , 2021, Journal of Manufacturing Engineering.

[23]  Jiang Zhu,et al.  Fog Computing: A Platform for Internet of Things and Analytics , 2014, Big Data and Internet of Things.

[24]  Mazliza Othman,et al.  Internet of Things security: A survey , 2017, J. Netw. Comput. Appl..

[25]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[26]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[27]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[28]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[29]  Jian Shen,et al.  Efficient RFID Authentication Using Elliptic Curve Cryptography for the Internet of Things , 2017, Wirel. Pers. Commun..

[30]  Kire Trivodaliev,et al.  A review of Internet of Things for smart home: Challenges and solutions , 2017 .

[31]  Ping Wang,et al.  Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks , 2018, IEEE Transactions on Industrial Informatics.

[32]  Munagala Manoj Venkata Sai,et al.  Iot Based Smart Agriculture , 2018 .

[33]  Dong Ryeol Shin,et al.  A Survey of Intelligent Transportation Systems , 2011, 2011 Third International Conference on Computational Intelligence, Communication Systems and Networks.

[34]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[35]  H. Farhangi,et al.  The path of the smart grid , 2010, IEEE Power and Energy Magazine.

[36]  Nishant Doshi,et al.  Internet of Things Security: Challenges, Advances, and Analytics , 2018 .

[37]  Anurag Agarwal,et al.  The Internet of Things—A survey of topics and trends , 2014, Information Systems Frontiers.

[38]  Tsern-Huei Lee,et al.  Simple Dynamic User Authentication Protocols for Wireless Sensor Networks , 2008, 2008 Second International Conference on Sensor Technologies and Applications (sensorcomm 2008).

[39]  Ian F. Akyildiz,et al.  Wireless sensor networks: a survey , 2002, Comput. Networks.

[40]  Kevin Ashton,et al.  That ‘Internet of Things’ Thing , 1999 .

[41]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[42]  Yuwen Chen,et al.  A Privacy Protection User Authentication and Key Agreement Scheme Tailored for the Internet of Things Environment: PriAuth , 2017, Wirel. Commun. Mob. Comput..

[43]  Muhammad Khurram Khan,et al.  Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’ , 2010, Sensors.

[44]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[45]  Jin-Fu Chang,et al.  Smart card based secure password authentication scheme , 1996, Computers & security.

[46]  Nicky Mouha,et al.  Report on Lightweight Cryptography , 2017 .

[47]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[48]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[49]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[50]  Jaydip Sen,et al.  Internet of Things - Applications and Challenges in Technology and Standardization , 2011 .

[51]  Ping Wang,et al.  The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes , 2016, AsiaCCS.

[52]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[53]  H. Vincent Poor,et al.  Machine Learning Methods for Attack Detection in the Smart Grid , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[54]  Xiaomin Wang,et al.  Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices , 2008 .

[55]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[56]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[57]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..