Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks

Dozens of two-factor authentication schemes have been proposed to secure real-time data access in industrial wireless sensor networks (WSNs). However, more often than not, the protocol designers advocate the merits of their scheme, but do not reveal (or unconsciously ignoring) the facets on which their scheme performs poorly. Such lack of an objective, comprehensive measurement leads to the unsatisfactory “break-fix-break-fix” cycle in this research area. In this paper, we make an attempt toward breaking this undesirable cycle by proposing a systematical evaluation framework for schemes to be assessed objectively, revisiting two foremost schemes proposed by Wu et al. (2017) and Srinivas et al. (2017) to reveal the challenges and difficulties in designing a sound scheme, and conducting a measurement of 44 representative schemes under our evaluation framework, thereby providing the missing evaluation for two-factor schemes in industrial WSNs. This work would help increase awareness of current measurement issues and improve the scientific process in our field.

[1]  Ruhul Amin,et al.  A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks , 2016, Ad Hoc Networks.

[2]  Jia-Lun Tsai,et al.  Novel Anonymous Authentication Scheme Using Smart Cards , 2013, IEEE Transactions on Industrial Informatics.

[3]  Lior Rokach,et al.  Mobile security and privacy: Advances, challenges and future research directions , 2016, Pervasive Mob. Comput..

[4]  Ping Wang,et al.  Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks , 2014, Ad Hoc Networks.

[5]  Ping Wang,et al.  On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions , 2014, Comput. Networks.

[6]  R. Poovendran,et al.  Modeling node capture attacks in wireless sensor networks , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[7]  Jian Shen,et al.  A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks , 2017, Future Gener. Comput. Syst..

[8]  Yan Yu,et al.  A Real-Time Big Data Gathering Algorithm Based on Indoor Wireless Sensor Networks for Risk Analysis of Industrial Operations , 2016, IEEE Transactions on Industrial Informatics.

[9]  Xiong Li,et al.  A new and secure authentication scheme for wireless sensor networks with formal proof , 2017, Peer-to-Peer Netw. Appl..

[10]  Sheetal Kalra,et al.  Secure multi‐factor remote user authentication scheme for Internet of Things environments , 2017, Int. J. Commun. Syst..

[11]  Qi Xie,et al.  Provably Secure Dynamic ID-Based Anonymous Two-Factor Authenticated Key Exchange Protocol With Extended Security Model , 2017, IEEE Transactions on Information Forensics and Security.

[12]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[13]  Saru Kumari,et al.  An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment , 2016, Ad Hoc Networks.

[14]  Xiaotie Deng,et al.  Two-factor mutual authentication based on smart cards and passwords , 2008, J. Comput. Syst. Sci..

[15]  Pardeep Kumar,et al.  E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks , 2012, Sensors.

[16]  Da-Zhi Sun,et al.  On the security of an enhanced novel access control protocol for wireless sensor networks , 2010, IEEE Transactions on Consumer Electronics.

[17]  Xiong Li,et al.  Provably secure user authentication and key agreement scheme for wireless sensor networks , 2016, Secur. Commun. Networks.

[18]  Sherman S. M. Chow,et al.  Phoenix: Rebirth of a Cryptographic Password-Hardening Service , 2017, USENIX Security Symposium.

[19]  Jongho Moon,et al.  Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks , 2017, Sensors.

[20]  Chenyu Wang,et al.  An Enhanced Three-Factor User Authentication Scheme Using Elliptic Curve Cryptosystem for Wireless Sensor Networks , 2017, Sensors.

[21]  Sherali Zeadally,et al.  Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks , 2017, IEEE Access.

[22]  Donghoon Lee,et al.  Security Analysis and Improvements of Two-Factor Mutual Authentication with Key Agreement in Wireless Sensor Networks , 2014, Sensors.

[23]  Mznah Al-Rodhaan,et al.  An Efficient Biometric Authentication Protocol for Wireless Sensor Networks , 2013, Int. J. Distributed Sens. Networks.

[24]  Mauro Conti,et al.  Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks , 2018, IEEE Internet of Things Journal.

[25]  Abdallah Makhoul,et al.  Self-Adaptive Data Collection and Fusion for Health Monitoring Based on Body Sensor Networks , 2016, IEEE Transactions on Industrial Informatics.

[26]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[27]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.

[28]  H. T. Mouftah,et al.  Two-factor mutual authentication with key agreement in wireless sensor networks , 2016, Secur. Commun. Networks.

[29]  Changjun Jiang,et al.  A biometric-based user authentication for wireless sensor networks , 2010, Wuhan University Journal of Natural Sciences.

[30]  Jian Shen,et al.  An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks , 2016, J. Netw. Comput. Appl..

[31]  Ashok Kumar Das,et al.  A dynamic password-based user authentication scheme for hierarchical wireless sensor networks , 2012, J. Netw. Comput. Appl..

[32]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[33]  François-Xavier Standaert,et al.  Generic Side-Channel Distinguishers: Improvements and Limitations , 2011, IACR Cryptol. ePrint Arch..

[34]  SeongHan Shin,et al.  Security Analysis of Password-Authenticated Key Retrieval , 2017, IEEE Transactions on Dependable and Secure Computing.

[35]  Nasir D. Memon How Biometric Authentication Poses New Challenges to Our Security and Privacy [In the Spotlight] , 2017, IEEE Signal Process. Mag..

[36]  Peilin Hong,et al.  A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks , 2013, J. Netw. Comput. Appl..

[37]  H. T. Mouftah,et al.  Improved two-factor user authentication in wireless sensor networks , 2010, 2010 IEEE 6th International Conference on Wireless and Mobile Computing, Networking and Communications.

[38]  Benoit M. Macq,et al.  Feature-based watermarking of 3D objects: toward robustness against remeshing and desynchronization , 2005, IS&T/SPIE Electronic Imaging.

[39]  Chun Chen,et al.  An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks , 2010, Ad Hoc Sens. Wirel. Networks.

[40]  Yixin Chen,et al.  Real-Time Wireless Sensor-Actuator Networks for Industrial Cyber-Physical Systems , 2016, Proceedings of the IEEE.

[41]  Li Xu,et al.  Further Observations on Smart-Card-Based Password-Authenticated Key Agreement in Distributed Systems , 2014, IEEE Transactions on Parallel and Distributed Systems.

[42]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..

[43]  Da-Zhi Sun,et al.  On the security and improvement of a two-factor user authentication scheme in wireless sensor networks , 2012, Personal and Ubiquitous Computing.

[44]  Daiyuan Peng,et al.  A Lightweight Anonymous Authentication Protocol with Perfect Forward Secrecy for Wireless Sensor Networks , 2017, Sensors.

[45]  R. C. Mittal,et al.  Dynamic ID-based remote user password authentication schemes using smart cards: A review , 2012, J. Netw. Comput. Appl..

[46]  Ashok Kumar Das,et al.  A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor , 2017, Int. J. Commun. Syst..

[47]  Fengtong Wen A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System , 2014, Journal of Medical Systems.

[48]  Muhammad Khurram Khan,et al.  User authentication schemes for wireless sensor networks: A review , 2015, Ad Hoc Networks.

[49]  Pardeep Kumar,et al.  RUASN: A Robust User Authentication Framework for Wireless Sensor Networks , 2011, Sensors.

[50]  Muhammad Khurram Khan,et al.  A robust and anonymous patient monitoring system using wireless medical sensor networks , 2018, Future Gener. Comput. Syst..

[51]  Dheerendra Mishra,et al.  Secure and efficient user authentication scheme for multi-gateway wireless sensor networks , 2017, Ad Hoc Networks.

[52]  Jian Shen,et al.  An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment , 2017, J. Netw. Comput. Appl..

[53]  Athanasios V. Vasilakos,et al.  Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment , 2018, IEEE Transactions on Dependable and Secure Computing.

[54]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[55]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[56]  Cheng-Chi Lee,et al.  An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks , 2013, Sensors.

[57]  Mauro Conti,et al.  A secure user authentication and key-agreement scheme using wireless sensor networks for agriculture monitoring , 2017, Future Gener. Comput. Syst..

[58]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[59]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[60]  Ping Wang,et al.  Targeted Online Password Guessing: An Underestimated Threat , 2016, CCS.

[61]  Kim-Kwang Raymond Choo,et al.  Efficient and secure searchable encryption protocol for cloud-based Internet of Things , 2018, J. Parallel Distributed Comput..

[62]  Wei-Kuan Shih,et al.  A Robust Mutual Authentication Protocol for Wireless Sensor Networks , 2010 .

[63]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[64]  Prosanta Gope,et al.  A Realistic Lightweight Anonymous Authentication Protocol for Securing Real-Time Application Data Access in Wireless Sensor Networks , 2016, IEEE Transactions on Industrial Electronics.

[65]  Ning Ye,et al.  Private and Secured Medical Data Transmission and Analysis for Wireless Sensing Healthcare System , 2017, IEEE Transactions on Industrial Informatics.

[66]  Benhui Chen,et al.  Comments on "Provably Secure Dynamic Id-Based Anonymous Two-Factor Authenticated Key Exchange Protocol With Extended Security Model" , 2019, IEEE Trans. Inf. Forensics Secur..

[67]  Ping Wang,et al.  On the Usability of Two-Factor Authentication , 2014, SecureComm.

[68]  Xiong Li,et al.  A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments , 2018, J. Netw. Comput. Appl..

[69]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[70]  Ping Wang,et al.  The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes , 2016, AsiaCCS.

[71]  Ming-Hour Yang,et al.  Across-authority lightweight ownership transfer protocol , 2011, Electron. Commer. Res. Appl..

[72]  Muhammad Khurram Khan,et al.  Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks , 2016, Comput. Networks.

[73]  Xiong Li,et al.  A Robust Authentication Protocol with Privacy Protection for Wireless Sensor Networks , 2016, RFIDSec.

[74]  Gwoboa Horng,et al.  An Authentication Scheme to Healthcare Security under Wireless Sensor Networks , 2012, Journal of Medical Systems.

[75]  Wuu Yang,et al.  An Improved Dynamic User Authentication Scheme for Wireless Sensor Networks , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[76]  Lixiang Li,et al.  An Energy Efficient Mutual Authentication and Key Agreement Scheme Preserving Anonymity for Wireless Sensor Networks , 2016, Sensors.

[77]  Yongge Wang,et al.  Security analysis of a password-based authentication protocol proposed to IEEE 1363 , 2006, Theor. Comput. Sci..

[78]  Donghoon Lee,et al.  Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2014, Sensors.

[79]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[80]  Ping Wang,et al.  Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity , 2015, Inf. Sci..

[81]  Guoliang Xing,et al.  Unsupervised Residential Power Usage Monitoring Using a Wireless Sensor Network , 2017, ACM Trans. Sens. Networks.

[82]  Daojing He,et al.  An efficient and DoS-resistant user authentication scheme for two-tiered wireless sensor networks , 2011, Journal of Zhejiang University SCIENCE C.

[83]  Ping Wang,et al.  Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards , 2013, ISC.

[84]  Felix C. Freiling,et al.  Attacker Models for Wireless Sensor Networks , 2010, it Inf. Technol..