Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography

Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.

[1]  Jianhua Chen,et al.  An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security , 2012, Inf. Fusion.

[2]  Mukesh Singhal,et al.  A distributed multi-party key agreement protocol for dynamic collaborative groups using ECC , 2006, J. Parallel Distributed Comput..

[3]  Saswati Sarkar,et al.  Maximum Damage Battery Depletion Attack in Mobile Sensor Networks , 2011, IEEE Transactions on Automatic Control.

[4]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[5]  W. Han Weakness of a Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, IACR Cryptol. ePrint Arch..

[6]  Muhammad Khurram Khan,et al.  Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’ , 2010, Sensors.

[7]  Cheng-Chi Lee,et al.  Security Enhancement on a New Authentication Scheme With Anonymity for Wireless Environments , 2006, IEEE Transactions on Industrial Electronics.

[8]  Manik Lal Das,et al.  Towards a Formal Verification of an Authentication Protocol Using Non-Monotonic Logic , 2008, Fifth International Conference on Information Technology: New Generations (itng 2008).

[9]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[10]  Hu Jin,et al.  An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security , 2012 .

[11]  Chun Chen,et al.  An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks , 2010, Ad Hoc Sens. Wirel. Networks.

[12]  Wuu Yang,et al.  An Improved Dynamic User Authentication Scheme for Wireless Sensor Networks , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[13]  Dongho Won,et al.  Weaknesses and Improvement of Secure Hash-Based Strong-Password Authentication Protocol , 2010, J. Inf. Sci. Eng..

[14]  H. T. Mouftah,et al.  Two-factor mutual authentication with key agreement in wireless sensor networks , 2016, Secur. Commun. Networks.

[15]  Liqun Chen,et al.  Identity-based key agreement protocols from pairings , 2017, International Journal of Information Security.

[16]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[17]  Eitan Altman,et al.  Maximum Damage Malware Attack in Mobile Wireless Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[18]  Levente Buttyán,et al.  Security analysis of reliable transport layer protocols for wireless sensor networks , 2010, 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[19]  Xiaohui Liang,et al.  A Simple User Authentication Scheme for Grid Computing , 2008, Int. J. Netw. Secur..

[20]  Reena S. Satpute,et al.  Survey on Security in Wireless Sensor Networks Using Elliptical Curves Cryptography , 2013 .

[21]  Peter Honeyman,et al.  Nonmonotonic cryptographic protocols , 1994, Proceedings The Computer Security Foundations Workshop VII.

[22]  Wei-Kuan Shih,et al.  A Robust Mutual Authentication Protocol for Wireless Sensor Networks , 2010 .

[23]  Jayaprakash Kar,et al.  An Efficient Password Security of Multi-Party Key Exchange Protocol based on ECDLP , 2009 .

[24]  Moonseong Kim,et al.  Dictionary Attacks against Password-Based Authenticated Three-Party Key Exchange Protocols , 2013, KSII Trans. Internet Inf. Syst..

[25]  M. Brownfield,et al.  Wireless sensor network denial of sleep attack , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[26]  Dongho Won,et al.  Enhancement of two-factor authenticated key exchange protocols in public wireless LANs , 2010, Comput. Electr. Eng..

[27]  Yang Xu,et al.  Analysis of Authentication Protocols Based on Rubin Logic , 2008, 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing.

[28]  Peng Gong,et al.  A New User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2013, Int. J. Distributed Sens. Networks.

[29]  Dongho Won,et al.  An Enhanced Secure Authentication Scheme with Anonymity for Wireless Environments , 2012, IEICE Trans. Commun..

[30]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[31]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[32]  Falko Dressler Authenticated Reliable and Semi-reliable Communication in Wireless Sensor Networks , 2008, Int. J. Netw. Secur..

[33]  Weidong Kou,et al.  Identity-Based Anonymous Remote Authentication for Value-Added Services in Mobile Networks , 2009, IEEE Transactions on Vehicular Technology.

[34]  Dongho Won,et al.  Security Analysis of a Nonce-Based User Authentication Scheme Using Smart Cards , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[35]  Peter Kruus,et al.  TinyPK: securing sensor networks with public key technology , 2004, SASN '04.

[36]  Junghyun Nam,et al.  An off-line dictionary attack on a simple three-party key exchange protocol , 2009, IEEE Communications Letters.

[37]  Bachala Sathyanarayana,et al.  A Survey of Elliptic Curve Cryptography Implementation Approaches for Efficient Smart Card Processing , 2012 .