An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks

Abstract Recently, He et al. proposed an anonymous two-factor authentication scheme following the concept of temporal-credential for wireless sensor networks (WSNs), which is claimed to be secure and capable of withstanding various attacks. However, we reveal that the authentication phase of their scheme has several pitfalls. Firstly, their scheme is susceptible to malicious user impersonation attack, in which a legal but malicious user can impersonate as other registered users. In addition, their scheme is also vulnerable to stolen smart card attack. Furthermore, the scheme cannot provide untraceability and is prone to tracking attack. Then we put forward an untraceable two-factor authentication scheme based on elliptic curve cryptography (ECC) for WSNs. Our new scheme makes up for the missing security features necessary for real-life applications while maintaining the desired features of the original scheme. We prove that the scheme fulfills mutual authentication in the Burrows-Abadi-Needham (BAN) logic. Moreover, by way of informal security analysis, we show that the proposed scheme can resist a variety of attacks and provide more security features than He et al.’s scheme.

[1]  Daojing He,et al.  An efficient and DoS-resistant user authentication scheme for two-tiered wireless sensor networks , 2011, Journal of Zhejiang University SCIENCE C.

[2]  Jenq-Shiou Leu,et al.  Anonymous authentication protocol based on elliptic curve Diffie-Hellman for wireless access networks , 2014, Wirel. Commun. Mob. Comput..

[3]  Jianfeng Ma,et al.  A privacy preserving three-factor authentication protocol for e-Health clouds , 2016, The Journal of Supercomputing.

[4]  Robert Simon Sherratt,et al.  Enhanced three-factor security protocol for consumer USB mass storage devices , 2014, IEEE Transactions on Consumer Electronics.

[5]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..

[6]  Muhammad Khurram Khan,et al.  User authentication schemes for wireless sensor networks: A review , 2015, Ad Hoc Networks.

[7]  Wei-Kuan Shih,et al.  A Robust Mutual Authentication Protocol for Wireless Sensor Networks , 2010 .

[8]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[9]  Jianfeng Ma,et al.  Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy , 2016 .

[10]  Ping Wang,et al.  Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity , 2015, Inf. Sci..

[11]  Jianfeng Ma,et al.  An Efficient Ticket Based Authentication Protocol with Unlinkability for Wireless Access Networks , 2014, Wireless Personal Communications.

[12]  Andrei Gurtov,et al.  A Strong Authentication Scheme with User Privacy for Wireless Sensor Networks , 2013 .

[13]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[14]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[15]  Moonseong Kim,et al.  A Provably-Secure ECC-Based Authentication Scheme for Wireless Sensor Networks , 2014, Sensors.

[16]  Jianfeng Ma,et al.  An Enhanced Authentication Scheme with Privacy Preservation for Roaming Service in Global Mobility Networks , 2012, Wireless Personal Communications.

[17]  Da-Zhi Sun,et al.  On the security and improvement of a two-factor user authentication scheme in wireless sensor networks , 2012, Personal and Ubiquitous Computing.

[18]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[19]  Jian Shen,et al.  A Novel Routing Protocol Providing Good Transmission Reliability in Underwater Sensor Networks , 2015 .

[20]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[21]  Yi Yang,et al.  Enabling Fine-Grained Multi-Keyword Search Supporting Classified Sub-Dictionaries over Encrypted Cloud Data , 2016, IEEE Transactions on Dependable and Secure Computing.

[22]  Pardeep Kumar,et al.  RUASN: A Robust User Authentication Framework for Wireless Sensor Networks , 2011, Sensors.

[23]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[24]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[25]  Jin Wang,et al.  A Variable Threshold-Value Authentication Architecture for Wireless Mesh Networks , 2014 .

[26]  Sherali Zeadally,et al.  Certificateless Public Auditing Scheme for Cloud-Assisted Wireless Body Area Networks , 2018, IEEE Systems Journal.

[27]  Ping Wang,et al.  On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions , 2014, Comput. Networks.

[28]  Jian Shen,et al.  Efficient data integrity auditing for storage security in mobile health cloud , 2015, Peer-to-Peer Networking and Applications.

[29]  Juho Kim,et al.  A Security-Performance-Balanced User Authentication Scheme for Wireless Sensor Networks , 2012, Int. J. Distributed Sens. Networks.

[30]  Peilin Hong,et al.  A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks , 2013, J. Netw. Comput. Appl..

[31]  Jin Wang,et al.  Mutual Verifiable Provable Data Auditing in Public Cloud Storage , 2015 .

[32]  Ma,et al.  Security Enhancement of Robust User Authentication Framework for Wireless Sensor Networks , 2012 .

[33]  Jianfeng Ma,et al.  An Improved Password-Based Remote User Authentication Protocol without Smart Cards , 2013, Inf. Technol. Control..

[34]  Zhihua Xia,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[35]  Donghoon Lee,et al.  Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2014, Sensors.

[36]  Peng Gong,et al.  A New User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2013, Int. J. Distributed Sens. Networks.

[37]  Sherali Zeadally,et al.  Authentication protocol for an ambient assisted living system , 2015, IEEE Communications Magazine.

[38]  Xiaohui Liang,et al.  EPPDR: An Efficient Privacy-Preserving Demand Response Scheme with Adaptive Key Evolution in Smart Grid , 2014, IEEE Transactions on Parallel and Distributed Systems.

[39]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[40]  Ashok Kumar Das,et al.  A dynamic password-based user authentication scheme for hierarchical wireless sensor networks , 2012, J. Netw. Comput. Appl..

[41]  Jianfeng Ma,et al.  On the Security of a Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services , 2018, IEEE Systems Journal.

[42]  Muhammad Khurram Khan,et al.  Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’ , 2010, Sensors.

[43]  Sakshi Jain,et al.  Who Are You? A Statistical Approach to Measuring User Authenticity , 2016, NDSS.

[44]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[45]  P. V. Oorschot,et al.  Revisiting Defenses against Large-Scale Online Password Guessing Attacks , 2012, IEEE Transactions on Dependable and Secure Computing.

[46]  Chun Chen,et al.  An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks , 2010, Ad Hoc Sens. Wirel. Networks.

[47]  Yuxiang Wang,et al.  Construction of Tree Network with Limited Delivery Latency in Homogeneous Wireless Sensor Networks , 2014, Wirel. Pers. Commun..

[48]  H. T. Mouftah,et al.  Two-factor mutual authentication with key agreement in wireless sensor networks , 2016, Secur. Commun. Networks.

[49]  Ping Wang,et al.  Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks , 2014, Ad Hoc Networks.

[50]  Jianfeng Ma,et al.  Improvement of robust smart‐card‐based password authentication scheme , 2015, Int. J. Commun. Syst..