Cryptanalysis and Security Enhancement of Three Authentication Schemes in Wireless Sensor Networks

Li, Wenting; Li, Bin; Zhao, Yiming; Wang, Ping; Wei, Fushan

doi:10.1155/2018/8539674

Cited by 28 publications

(6 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Amin et al [47] presented a user authentication protocol for distributed cloud computing environment composed of IoT devices. However, Challa et al [48] and Li et al [49] demonstrated several security pitfalls in the scheme [47], such as privileged-insider and impersonation attacks. Apart from these, Amin et al's scheme [47] fails to guarantee some important requirements like user anonymity and forward secrecy properties.…”

Section: Literature Surveymentioning

confidence: 99%

Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things Using Physically Unclonable Functions

et al. 2019

View full text Add to dashboard Cite

The Internet of Things (IoT) acts as an umbrella for the Internet-enabled devices for various applications, such as smart home, smart city, smart grid, and smart healthcare. The emergence of the immense economic potential necessitates a robust authentication mechanism that needs to be lightweight and suitable for real-time applications. Moreover, the physical integrity of these devices cannot be assumed as these are designed to be deployed in an unattended environment with minimum human supervision. A user authentication mechanism for the IoT, in addition to guaranteeing user anonymity and un-traceability functionality requirements, must also be resistant to device physical capture and related misuses. In this paper, we present a novel lightweight anonymous user authentication protocol for the IoT environment by utilizing ''cryptographic one-way hash function'', ''physically unclonable function (PUF)'' and ''bitwise exclusive-OR (XOR)'' operations. The broadly accepted Real-Or-Random (ROR) model-based formal security analysis, formal security verification using the automated software verification tool, namely ''automated validation of internet security protocols and applications (AVISPA)'' and also non-mathematical (informal) security analysis have been carried out on the proposed scheme. It is shown that the proposed scheme has the ability to resist various well-known attacks that are crucial for securing the IoT environment. Through a detailed comparative study, we show that the proposed scheme outperforms other existing related schemes in terms of computation and communication costs, and also security & functionality features. Finally, a practical demonstration of the proposed scheme using the NS3 simulation has been provided for measuring various network performance parameters. INDEX TERMS Internet of Things (IoT), mutual authentication, key agreement, physically unclonable function, security, AVISPA.

show abstract

Section: Literature Surveymentioning

confidence: 99%

Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things Using Physically Unclonable Functions

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Privileged insider attack is a security threat that has been ignored for a long time, and even protocol designers are not aware of the serious consequences of such attack [52], which has been mentioned in [52,53]. When scrutinizing scheme [42], we find that neither Jung et al's scheme can resist the security risk of privileged insider attack, nor can Shin and Kwon's scheme, which is an improved version of Jung et al's scheme, defend against privileged insider attack.…”

Section: ) Privileged Insider Attackmentioning

confidence: 99%

A Provably Secure Three-Factor Authentication Protocol Based on Chebyshev Chaotic Mapping for Wireless Sensor Network

Shen

2022

IEEE Access

View full text Add to dashboard Cite

Wireless sensor network has been widely used and plays a vital role in the Internet of Things, smart cities, military, and other fields, and its security has also attracted the attention of many researchers. In view of the security defects in Shin and Kwon's scheme such as failure to provide three-factor security, lack of anonymity and untraceability, user impersonation attack, desynchronization attack and privileged insider attack, we suggest an improved provably secure three-factor user authentication scheme based on Chebyshev chaotic mapping for wireless sensor network, which employs fuzzy verifier technique to prevent attacker from offline guessing attack on user identity and password when the stolen/lost smartcard is acquired by the attacker. During the authentication phase, a dynamic identity mechanism is used to ensure the anonymity of the user and sensor to prevent desynchronization attack, and the Chebyshev chaotic mapping is introduced to improve security and reduce computation overhead. The rigorous security proof under the random oracle model and the formal verification via ProVerif show that our protocol overcomes the weaknesses in Shin and Kwon's scheme. In addition, by comparing the performance of our proposed scheme with that of others, we demonstrate that our proposal not only solves the security risks of Shin and Kwon.'s protocol, but also achieves a better tradeoff between security and efficiency, therefore, it is more suitable for user authentication in wireless sensor network environments.

show abstract

“…The operations mainly include exclusive-or, symmetric keys and hash functions and thus the communication overhead is low even for the resourceconstrained IoTs devices. However, Li, Wenting, et al [16] pointed out that the method cannot specifically solve the problem about user anonymity and forward secrecy since some private information is preserved by the smart card. In addition, Aman, Muhammad Naveed, et al [17] and Guin, Ujjwal, et al [18] proposed mutual authentication schemes with physically unclonable function (PUF) in the environment of IoTs.…”

Section: A Internet Of Things (Iots) Architecturementioning

confidence: 99%

Provable Secure Group Key Establishment Scheme for Fog Computing

Chen¹,

Huang

Wang³

2021

IEEE Access

View full text Add to dashboard Cite

Cryptanalysis and Security Enhancement of Three Authentication Schemes in Wireless Sensor Networks

Cited by 28 publications

References 57 publications

Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things Using Physically Unclonable Functions

Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things Using Physically Unclonable Functions

A Provably Secure Three-Factor Authentication Protocol Based on Chebyshev Chaotic Mapping for Wireless Sensor Network

Provable Secure Group Key Establishment Scheme for Fog Computing

Contact Info

Product

Resources

About