A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes.
A smart-card-based user authentication scheme for wireless sensor networks
(hereafter referred to as a SCA-WSN scheme) is designed to ensure that only
users who possess both a smart card and the corresponding password are allowed
to gain access to sensor data and their transmissions. Despite many research
efforts in recent years, it remains a challenging task to design an efficient
SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN
schemes use only lightweight cryptographic techniques (rather than public-key
cryptographic techniques) for the sake of efficiency, and have been demonstrated
to suffer from the inability to provide user anonymity. Some schemes employ
elliptic curve cryptography for better security but require sensors with strict
resource constraints to perform computationally expensive scalar-point
multiplications; despite the increased computational requirements, these schemes
do not provide user anonymity. In this paper, we present a new SCA-WSN scheme
that not only achieves user anonymity but also is efficient in terms of the
computation loads for sensors. Our scheme employs elliptic curve cryptography
but restricts its use only to anonymous user-to-gateway authentication, thereby
allowing sensors to perform only lightweight cryptographic operations. Our
scheme also enjoys provable security in a formal model extended from the widely
accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity
property and various SCA-WSN specific attacks (e.g., stolen smart card attacks,
node capture attacks, privileged insider attacks, and stolen verifier
attacks).
Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.