Sage Journals: Discover world-class research

Abstract

The communication between cell phones and sensor networks involves strong user authentication protocols to ensure the data and network security. Generally, in order to obtain the relevant information, cell phones interact with sensor networks via gateways. In 2009, according to Arjan Durresi and Vamsi Paruchuri scheme, this unique ability is used to provide better authentication and security protocols that can be used to establish secure communications among cell phones and sensor networks. In this paper, we show that their scheme is vulnerable to known attacks such as man-in-the-middle attack and reply attack, and it does not provide mutual authentication between gateway node and cell phone. In addition, it does not establish session key after the authentication phase. To fill this security gap, we proposed security patches and improvements, which overcome the weak features in the scheme of Arjan Durresi and Vamsi Paruchuri. Finally, we came out with results which show that our improved security patch establishes trust between the cell phone and gateway in the form of mutual authentication and provides the session key establishment after the authentication phase.

1. Introduction

With the recent advances in information and communication technology, the wireless sensor networks (WSNs) have attracted an increasing interest from researchers due to its ubiquitous nature. Wireless sensor networks (WSNs) are normally deployed in an unattended environment to collect the data which are transmitted to the base-station traversing some nodes via RF signals and routing schemes. In general, most of the queries in WSN applications are issued at the points of base stations or gateway (GW) nodes of the network. However, due to the wireless nature of sensor node it may be possible that a user can access sensor data directly without involving the gateway. Thus, user authentication is a primary concern in this resource-constrained environment before accessing data from the sensor/gateway nodes. WSNs are widely used in areas such as military, battlefield, homeland security, healthcare monitoring, agriculture and cropping, manufacturing, and measurement of seismic activity, and so forth. Every sensor node has some level of computing power, limited storage, and a small communication module to communicate with the outside world over an ad hoc wireless network [1]. Thus far authentication protocols schemes have been proposed on the link layer [2–5] and the network layer [6], and they provide sufficient security in the wireless sensor networks. Meanwhile, protocols based on user authentication on the application layer in [7–10] have been proposed where the secrets are stored into the gateway node or base station. In that case, when a user wants to access data through the gateway node or base station, he is authenticated those protocols. Through cellular network, user can access gateway of wireless sensor networks and get the data he wants to access. Cell phones are ubiquitous and have a low power transceiver that communicates with the base stations that are typically located on a distance of a few miles. There are many applications which would greatly benefit from using cell phones in the ad hoc mode. Collecting data from a gateway by a cell phone, needs an authentication protocols are needed to prevent a malicious cell phone user from misguiding other users [11].

In 2009, Durresi and Paruchuri [12] proposed architecture among the cellular network and wireless sensor networks with protocols to establish secure communication. According to their scheme, the gateways are connected to an authentication server (AS), and each sensor network has its own AS in charge of their security. A central server (CS) that interacts with all ASs and cell phones is required. The CSs communicate with cell phones through the existing cellular network only to exchange control and security information. The data communication between cell phones and sensor networks (gateways) is done through ad hoc channels. The control of the security across all the sensor networks is done by the CS, and it could be distributed. To utilize the advantages of both cell phones and sensor nodes, the use of gateways nodes was proposed. These nodes act as sinks for sensor networks to obtain and aggregate the relevant information sensed by the sensor network. Gateways act also as intermediates through which the cell phones get information from sensor networks. Cell phones can communicate with cellular network and sensor networks at the same time. They claimed that this unique ability is used to provide better authentication and security.

Unfortunately, this paper finds that Arjan et al.'s scheme is susceptible to information leakage attack, to man-in-the-middle attack, reply attack, and no mutual authentication between the cell phone and the gateway, and no session key is established between the cell phone and the gateway node at the end of the authentication phase.

The rest of the paper is structured as follows. Section 2 briefly reviews Arjan et al.'s schemes. Section 3 elaborates on the weaknesses and security pitfalls of his scheme. Section 4, presents our improved security patch over Arjan et al.'s scheme. Section 5 reveals the performance analysis of the presented scheme and Section 6 concludes this paper.

2. Review of Arjan et al.'s Scheme

In this section, we review Arjan et al.'s schemes. The first scheme uses asymmetric key cryptography, whereas the other scheme use symmetric key cryptography between cell phones and gateways.

2.1. Review on Using Secure Infrastructure and Asymmetric Cryptography Scheme

The first scheme of Arjan et al. is using the identity-based cryptography (IBC) to provide a secure connectivity. According to their architecture, each sensor node has a private key generator (PKG) which is part of the authentication server. The notations used throughout this paper are given in Table 1.

Table 1

Notations and descriptions.

Notations	Descriptions
$S_{ID}$	Session identity
${ID}_{G}$	ID of the gateway
${ID}_{N}$	ID of the sensor network
$K_{S}$	Session key
EK (M)	Encryption of message M with key K
SK	Secret key
PK	Public key
SK_PKG	Secret key of the PKG
PK_PKG	Public key of the PKG

The system model of Arjan et al.'s architecture is defined by different components as follows: (i)

cell phones (CP)

(ii)

cellular base station (CBS)

(iii)

central server (CS)

(iv)

authentication server (AS)

(v)

sensor networks

(vi)

gateways (G).

The proposed architecture by Arjan et al. is shown in Figure 1, and they claimed that it supports secure communication among cell phones and sensor networks.

Figure 1

Arjan et al. network architecture.

In Figure 1, the CP does not communicate directly with the sensor network. It has first to be requested from the CS a PK_PKG of that particular sensor network. The CS generates the $S_{ID}$ for the CP and also requests to the AS of the sensor network a SK_PKG corresponding to that $S_{ID}$ of the CP. The CS then transmits the $S_{ID}$ , PK_PKG and the SK_PKG to the CP through the cellular network. The CP will use this triplet to communicate with the sensor network via the gateway.

Initially the CP interacts with the CBS, and after the CP is authenticated by the BCS, a session key $K_{S}$ is established to secure their communication [13, 14]. Once the CP wants to communicate with sensor network through the gateway, it sends a request to the CS via the cellular network. CP sends the $I D_{N}$ of the sensor network and the $I D_{G}$ of the gateway encrypted with $K_{S}$ as follows:

\begin{matrix} CP ⟶ CBS : 〈 E_{K_{S}} [{ID}_{N} ∥ {ID}_{G}] 〉 . \end{matrix}

(1)

The CS interacts with the AS of the given sensor network in the aim to obtain the

S K_{SID}

corresponding to the

S_{ID}

of the CP. The message is sent to the CP via the cellular network as follows:

\begin{matrix} CBS ⟶ CP : 〈 E_{K_{S}} [{ID}_{N} ∥ {ID}_{G} ∥ S_{ID} ∥ {SK}_{SID} ∥ {PK}_{PKG}] 〉 . \end{matrix}

(2)

The communication between the cell phone and the gateway is done through ad hoc channels. To communicate with the given sensor network the CP sends a query to the gateway G using his

S_{ID}

and sign with its own private key. The CP encrypts the query with the public key of G generated using the

{ID}_{G}

and PK_PKG.

\begin{matrix} CP ⟶ G : S_{ID} ∥ E_{{SK}_{SID}} [E_{PKG} [Query ∥ I D_{N}]] . \end{matrix}

(3)

Finally, the gateway responds to the message of the CP; the gateway encrypts the message with public key of CP and signs with its secret key as follows:

\begin{matrix} G ⟶ CP : I D_{G} ∥ E_{S K_{G}} [E_{PKSID} [Query ∥ Reply ∥ I D_{N}]] . \end{matrix}

(4)

2.2. Review on Using Secure Infrastructure and Symmetric Cryptography Scheme

This scheme uses symmetric cryptography to provide secure links between CP and gateways. The CP shares keys with gateways. If the cell phone wants to communicate with a sensor network, it sends the $I D_{N}$ of that sensor network through the cellular network to the CS.

The CS interacts with AS of that sensor network to obtain a set of secrets key for the CP. The AS also distributes each key of the set to some gateways. The CP broadcasts its $S_{ID}$ when wants to communicate with the gateways. Only the gateways with shared keys interact with the CP. When a CP wants to communicate with the sensor network, it sends the $I D_{N}$ encrypted with the key shared with the CBS as follows:

\begin{matrix} CP ⟶ CBS : 〈 E_{K_{S}} [{ID}_{N}] 〉 . \end{matrix}

(5)

The message is sent through the CBS to the CS which interacts with the appropriate AS, and then the AS provides a set of privates keys (S) to the CP as follows:

\begin{matrix} CBS ⟶ CP : 〈 E_{K_{S}} [{ID}_{N} ∥ S_{ID} ∥ S] 〉 . \end{matrix}

(6)

Now, the CP has the $S_{ID}$ and secrets keys to be authenticated to the gateways. The CP broadcasts its $S_{ID}$ to the sensor network in (7). Thus, only the gateways with the shared pairwise key interact with CP after authentication procedure as follows:

\begin{matrix} CP ⟶ ALL : 〈 S_{ID} 〉, \end{matrix}

(7)

\begin{matrix} G ⟶ CP : 〈 S_{ID}, I D_{G}, E_{K_{c}} [{ID}_{G} ∥ RAND] 〉, \end{matrix}

(8)

\begin{matrix} CP ⟶ G : 〈 S_{ID}, {ID}_{G}, E_{K_{c}} [{ID}_{G} ∥ f (RAND)] 〉 . \end{matrix}

(9)

The gateway with the shared pairwise key sends a random challenge with its ID encrypted with the key $K_{c}$ shared with the gateway to the CP in (8), and the CP responds to the challenge in (9) for the authentication purpose by the gateway.

3. Cryptanalysis and Weakness of Arjan et al.'s Schemes

Initially the cell phone interacts with the cellular base station. The cell phone is authenticated by the cellular base station and a session key $K_{S}$ is established to secure the communication between the cell phone and the cellular base station. Arjan et al. claimed that the fact that the $S_{ID}$ and SK_SID are obtained via the cellular network benefits, the scheme strong and secure authentication.

However, their scheme presents a gap of weakness security as follows. (i)

Information leakage attack: as an alternative, the attacker can perform a man-in-the-middle attack [15] (enter between the cell phone and the cellular base station by using a malicious cell phone and fake cellular base station), such that all the messages pass through the attacker. During the authentication phase between the cell phone and the cellular base station, only the cell phone is authenticated to the cellular base station while there is no mechanism to authenticate the cellular base station to the cell phone. Then, any adversary can perform the man-in-the-middle attack.

(ii)

Replay attack: the attack occurs when an adversary intercepts the message (3) and (7) (i.e., if the attacker accesses the SIM card of the legitimate user) and replays it, he might impersonate the gateway to be a real cell phone using an authenticated session key unless the gateway remembers indefinitely all previous sessions keys used with the cell phone. Here, Arjan et al.'s scheme, does not provide any mechanism to prevent the re-use of olds sessions keys. The gateway responds to the adversary's query, and CP-adversary, who is an adversary and not a legitimate user of the sensor network system, finally, he enjoys the resources as an authorized user without being a member of the system.

(iii)

Session-key establishment: Arjan et al.'s scheme does not establish the session key between the cell phone and the gateway after authentication phase. After successful user authentication, the involved parties should establish a session key, so that subsequent messages could transmit securely. Thus, Arjan et al.'s scheme fails to establish the session key after user authentication phase.

4. Proposed Security Improvements

4.1. Protection against Man-in-the-Middle-Attack

To resist to the man-in-the-middle attack, we propose to use 3G instead of 2–2.5G networks. In GSM authentication only user authentication to the network is provided. To come out this weakness we propose to use 3G network where [16] both network and cell phone can authenticate each other. Thus the mutual authentication is well performed and can avoid against a man-in-the-middle attack.

4.2. Protection against Reply Attack with Mutual Authentication between Cell Phone and Gateway

It was identified in Section 3(ii) that there is a possibility of a replay attack in Arjan et al.'s scheme. The reason of the possibility of the replay attack is due to the absence of mechanism to prevent the re-use of olds sessions keys. In the case of an adversary can capture the messages (3) and (7), can replay them and access to the resources of the sensor networks. To overcome to this security flaw, we propose to use nonce and timestamp for mutual authentication between cell phone and gateway. Arjan et al.'s scheme can be amended by Table 2.

Table 2

Notations and descriptions.

Notations	Descriptions
$N_{cp}$	Nonce generated by cell phone
$T_{cp}$	Timestamp for cell phone
$X_{cp}$	Cell phone's secret number
$V_{cp}$	Value of Diffie-Hellman function for cell phone
$V_{g}$	Value of Diffie-Hellman function for gateway
$T_{g}$	Timestamp of gateway
$N_{g}$	Nonce generated by the gateway
$L_{g}$	Gateway's secret number
$S_{ESK}$	Session key
$h (\cdot)$	Cryptographic hash function, for example, SHA1 and SHA2
$∥$	Denotes concatenation operation
p	A large prime number
g	Primitive element in the Galois field GF (p)

Before detailed discussion of the proposed scheme, some assumptions are made and are not supposed to be violated while executing the scheme. The assumptions are mentioned below. (1)

The CP is registered to the AS via CBS using 3G technology. The AS assigns the $S_{ID}$ and the corresponding secret key to the CP via the same CBS. We assume that all the clients and service providers are supposed to be honest in the registration phase.

(2)

Using a secure communication channel, the AS assigns $ID$ and private key to each gateway.

The authentication phase (AP) is invoked when the cell phone wants to login the WSN and access data from the gateway with the followings steps.

4.2.1. Using Secure Infrastructure and Asymmetric Cryptography Scheme

AP-1. The cell phone generates a secret number $X_{cp}$ and calculates $V_{cp}$ as follows: $V_{cp} = g^{h (X_{cp} ∣ ∣ N_{cp})}$ mod p and sends to G. Here $N_{cp}$ is the nonce of the cell phone. To send the query Q to the gateway, the cell phone encrypts it with the public key of the gateway and signs it with its own private key: $Q = E_{S K_{SID}} [S_{ID} ∥ T_{cp} ∥ [E_{PKG} (Query ∥ I D_{N})]]$ . $T_{cp}$ is the timestamp of the cell phone. The $CP$ sends $V_{cp}$ and Q in the message (3) to the gateway.

AP-2. Upon receiving message (3) from the cell phone, the gateway decrypts it and performs the followings actions. (1)

The gateway G validates the time $T_{cp}$ and check if $(T_{g} – T_{cp}) \geq Δ T$ . If yes, then abort if not continues with the next step. Here, $T_{g}$ is the current timestamp of the gateway and $Δ T$ is the defined time interval for the transmission delay.

(2)

The gateway verify if $S_{ID} = S_{ID}^{'}$ if yes, then the gateway node considers that, this is a legitimate user and proceeds to the next step; otherwise, it terminates the operations.

(3)

The gateway generates a secret number $L_{g}$ and with $V_{cp}$ , G calculates the session key $S_{ESK} = V_{cp}^{L_{g}}$ mod p. Subsequently, the gateway generates the nonce $N_{g}$ then calculates $V_{g}$ as follows: $V_{g} = g^{h (L_{g} ∣ ∣ N_{g})}$ mod p and sends to cell phone B. Here, $B = E_{SESK} (V_{g} ∥ N_{cp})$ . To respond to the query, the G encrypts it with the public key of the CP and signs it with its private key. $R = E_{SKG} [{ID}_{G} ∥ S_{ID} ∥ T_{g} ∥ E_{PKSID} [Query ∥ Reply ∥ {ID}_{N}]]$ . The G sends B and R in message (4) to the cell phone.

AP-3. After receiving the reply message (4) from the G, the CP performs the following actions. (1)

checks if $(T_{cp} – T_{g}) \leq Δ T$ , then CP proceeds to the next step; otherwise, the step is terminated. Here $Δ T$ shows the expected time interval for the transmission delay.

(2)

The CP decrypts the message with its private key and check if $N_{cp}^{'} = N_{cp}$ , ${ID}_{G}^{'} = {ID}_{G}$ if yes, then continues to the next step if not abort it.

(3)

The CP obtains $V_{g}$ and calculates the session key $S_{ESK}$ using the followings: $S_{ESK} = V_{g}^{X_{cp}} \mod p$ .

(4)

Now, the CP sends the last message $M_{5}$ , to acknowledge the session key from the gateway: $M_{5} =$ $E_{SESK}$ $(I ∥ V_{cp})$ . Here, $I = h (({ID}_{G}) ∥ N_{g})$ .

AP-4. While receiving the message $M_{5}$ , the gateway performs the following. (1)

It computes the session key and decrypts the sub message, obtains $N_{g}^{'}$ and $V_{cp}^{'}$ . The gateway checks if $N_{g}^{'} = N_{g}$ , $V_{cp}^{'} = V_{cp}$ , if the conditions are true the gateway believes that the $CP$ is a legitimate one otherwise not.

(2)

Furthermore, the cell phone and the gateway node share the session key $S_{ESK}$ to perform subsequent operation during a session and the establishment of the session key terminates the authentication phase.

4.2.2. Using Secure Infrastructure and Symmetric Cryptography Scheme

To enhance to security in Arjan et al.'s scheme using symmetric cryptography, the same assumptions are taken in considerations. The authentication phase (AP) is invoked when the cell phone wants to login the WSN and access data from the gateway with the followings steps.

AP-1. CP generates a secret number $X_{cp}$ calculates I and as follows: $I = g^{h (N_{cp} ∣ ∣ X_{cp})}$ mod $p . N_{cp}$ is the nonce of the cell phone. From the message (10), the cell phone broadcasts its $S_{ID}$ with the value of B to all the gateways. Here, $B = h (I ∥ T_{cp})$ , and $T_{cp}$ is the timestamp of cell phone.

\begin{matrix} CP ⟶ ALL : 〈 E_{K_{c}} [S_{ID}, B] 〉 . \end{matrix}

(10)

AP-2. The gateway which shares the pairwise key will interact with the cell phone with the actions below. (1)

The gateway G checks if $(T_{g} – T_{cp}) \geq Δ T$ ; if yes, then aborts it if not continues with the next step.

(2)

The gateway generates a secret number $L_{g}$ and calculates D using the following: $D = g^{h (L_{g} ∣ ∣ N_{g})} \mod p$ . G sends in message (11) a random challenge to the cell phone encryption with the value of J. Here, $J = h (D ∥ T_{g})$

\begin{matrix} G ⟶ CP : 〈 S_{ID}, {ID}_{G}, E_{K_{c}} [J ∥ N_{cp} ∥ {ID}_{G} ∥ f (RAND)] 〉 . \end{matrix}

(11)

AP-3. While receiving the message (11), the CP decrypts the message and performs the followings. (1)

The CP validates the time $T_{g}$ and check if $(T_{cp} – T_{g}) \geq Δ T$ ; if yes, then abort it, if not continues with the next step.

(2)

The CP verifies if $N_{cp}^{'} = N_{cp}$ if yes, then, continues to the next step if not abort.

(3)

Then, the cell phone calculates the session key to respond to the challenge $S_{ESK} = h (h (SID) ∥ N_{cp} ∥ {ID}_{G} ∥ N_{g})$ . Now, the CP sends through message (12) the response,

\begin{matrix} CP ⟶ G : E_{K_{c}} (S_{ESK} ∥ f (RAND)) . \end{matrix}

(12)

AP-4. Upon receiving message (12) from the cell phone, the gateway computes the message and decrypts the sub message to retrieve the session key and check if ${ID}_{G} = {ID}_{G}$ , $N_{g}^{'} = N_{g}$ , if yes the gateway believes that the CP is a legitimate one otherwise not.

Finally, the cell phone and the gateway shares the session key $S_{ESK}$ to perform subsequent operation during a session and the establishment of the session key terminates the authentication phase.

5. Performance Analysis of Proposed Scheme

In this section, we summarize security features and performance analysis of our proposed scheme and compare its security features and robustness with the scheme of Arjan et al. The performance analysis demonstrates that our scheme is more secure and robust than the scheme of [12], and achieves more security features, which were not considered in the aforementioned scheme. In addition a comparison with recent secure communication in WSN with our proposed protocol is done for the sufficient qualities.

5.1. Security Analysis

(1)

Mutual authentication between the CP and the CBS: our scheme proposes to use 3G instead of 2–2.5G networks. The GSM authentication mechanism is only one way; therefore, the user is not given the assurance that he has established a connection with an authentic serving network. With 3G technology, there is the assurance that authentication information and keys are not being re-used (key freshness).

(2)

Mutual authentication between the CP and the G: in message (3) AP-2, the gateway verifies if the ID of the CP is the real one got from the AS, also the cell phone checks if $N_{cp}^{'} = N_{cp}$ in AP-3 of message (4). By the end, the gateway verifies if $N_{g}^{'} = N_{g}$ , $V_{cp}^{'} = V_{cp}$ and both of them are mutually authenticated. In the case of symmetric cryptographic scheme, the same analyses are applied in message, (11) and (12).

(3)

Man-in-the middle attack: in message (3), if an attacker intercepts $V_{cp}$ , he cannot calculate the session key without knowing the secret number $L_{g}$ stored in the gateway. Even if the attacker could calculate a session key, the cell phone should reject the request because in AP-3 of message (4), the cell phone will check if $N_{cp}^{'} = N_{cp}$ , ${ID}_{G}^{'} = I D_{G}$ . The same analyses are applied in message (12) in the case of symmetric cryptographic scheme.

(4)

Reply attack: in this case, an attacker can steal the SIM card of the user of the cell phone and puts it in its cell phone. In this case, the attacker can use the $S_{ID}$ from the AS and try to access the WSN. Our scheme is timestamp based and nonce based. In the timestamp-based scheme, if an adversary wants to replay the mutual authentication message to the gateway or cell phone, then G or $CP$ would reject it, because they validate the timestamp ( $T_{cp}$ or $T_{g}$ ) and if it is expired, they terminates further operations. On the other hand, in the nonce-based authentication scheme, if an intruder replays the mutual authentication message to the G or $CP$ would reject it because the nonce ( $N_{cp}$ or $N_{g}$ ) is randomly generated and expires after the session is terminated or expired.

(5)

Session key establishment: a session key, $S_{ESK}$ is established between the cell phone and the gateway after authentication process. This key is different in each session and cannot be replayed after the session expires.

As illustrated in Table 3, it is obvious that the proposed scheme is a secure user authentication protocol and provides more security services than Arjan et al.'s scheme.

Table 3

Functionality comparison.

	Arjan et al.'s scheme [12]	Our scheme
(A) Security features
Mutual authentication between CP and CBS	No	Yes
Mutual authentication between CP and G	No	Yes
Secure session key agreement	No	Yes
Avoid replay attack	No	Yes
Avoid man-in-the middle attack	No	Yes
(B) Computation type
Symmetric en/decryption	Yes	Yes
Asymmetric en/decryption	Yes	Yes
Authenticator function	No	Yes

5.2. Performance Comparison among Existing Protocols

Recent researches have been conducted in WSN communication, and results show that they are efficiently secured in terms of computation cost and communication cost. Different existing schemes [17–23] have been analyzed in their communication protocols for the whole communication and confirmation of all entities (i.e., user, gateway, and sensor). In some cases all entities exchange messages or some of them only can exchange messages. In all cases, we carefully took in consideration the behavior of each protocol so that we can see how our protocol is efficient. Let us set $T_{h}$ as the computation time, and let us set $T_{s}$ as time for symmetric cryptosystem (the private/public key computation time), as referred in [17–23]. The comparison result is given in Table 4. The purpose of the performance analysis is to minimize the power consumption of the sensor node as it is a primary concern in this resource-constrained environment. In the Arjan et al.'s scheme, they did not deal with communication between sensor node and user, and we have kept this architecture because we found that it is the best one in term of sensor node with less power consumption. Thus, there is no computation activity among cell phone user, and sensor nodes. The performance comparison results of our proposed protocol and related ones are illustrated in details in Table 4.

Table 4

Performance comparison with related protocols.

Related protocols	Protocol: authentication (verification and mutual authentication)			Comm cost
Related protocols	User	G-node	S-node	Comm cost
Chen and Shih [17]	1 $T_{H}$	5 $T_{H}$	1 $T_{H}$	4 ME
Kumar et al. [18]	4 $T_{H}$ + 2 $T_{S}$	4 $T_{H}$ + 2 $T_{S}$ + 1MAC	1 $T_{H}$ + 2 $T_{S}$ + 1MAC	4 ME
Bruce and Lee [19]	4 $T_{H}$ + 4 $T_{S}$	2 $T_{H}$ + 4 $T_{S}$	N/A	3 ME
Watro et al. [20]	1 $T_{H}$ + 2 $T_{S}$	N/A	1 $T_{H}$ + 2 $T_{S}$	2 ME
Proposed	4 $T_{H}$ + 2 $T_{S}$	2 $T_{H}$ + 1 $T_{S}$	N/A	3 ME

N/A: not applicable; ME: messages exchanges.

The results from Table 4 show that the proposed protocol in the authentication phase (with authentication verification and mutual authentication) requires $6 T_{H}$ hush function and ${3 T}_{S}$ for symmetric cryptosystem, whereas in others protocols [17–19] and [20] need $9 T_{H} + 6 T_{S} + 2 MAC, 7 T_{H}, 6 T_{H} + 8 T_{S}$ and $2 T_{H} + 4 T_{S}$ ; respectively, for whole authentication phase. From this analysis, we can see that for time complexity, our protocol needs $3 T_{S}$ to achieve the calculation of public/private key, whereas others needs more for that operation. The good reason behind that is the less power consumption of the devices. Regarding the time complexity, our protocol requires $6 T_{H}$ for hush function calculation ( $9 T_{H}, 7 T_{H} + 6 T_{S}$ ) and $2 T_{H}$ for others. Analyzing the performance of the proposed protocol in term of communication cost, the result from Table 4 reveres that our protocol requires 3 messages exchange for the whole communication and confirmation of all entities. Watro et al.'s protocol needs only 2 messages exchange because their protocol does not deal with gateway node communication. The user communicates straight with the sensor node. Even if our protocol has one more message of message exchanges as that of Watro et al.'s and same number of message exchanges in [19], the message size (the content of the messages exchanges) of ours is smaller than them. Hence, the proposed protocol has a valuable computation cost among the compared protocols.

Figures 2 and 3 show the total time complexity of hash function and computation cost of cryptosystem respectively, while Figure 4 describes the total messages exchanges for the whole communication and confirmation of all entities used in the protocols aforementioned.

Figure 2

Total time complexity (hash function).

Figure 3

Total computation cost (symmetric cryptosystem).

Figure 4

Total messages exchanges for whole communication.

6. Conclusion

In real time, as a cell phone user can access data from gateway trough wireless sensor network; it is imperative to control data accessibility with strong user authentication protocols. In this regard, we have proposed enhancements to the scheme of Arjan et al. which suffers from Information leakage attack, does not provide mutual authentication between gateway node and cell phone, not able to establish session key after the authentication phase and it is susceptible to reply attack. To remedy the aforementioned flaws, we have proposed security patches and improvements, that overcome the weak features of Arjan et al.'s scheme and can be incorporated in their scheme for a more secure and robust authentication protocol in WSNs. Hence, through analysis, we came out with the conclusion that in our enhanced proposed improvement, the cell phone authenticates the gateway and both parties can trust on the authenticity of each other.

Footnotes

Acknowledgments

This work was supported by Dongseo University, “Dongseo Frontier Project” Research Fund of 2009. It was also supported by the National Research Foundation (NRF) 2012 Project (Grant no. 2012-0008447).

References

Callaway

E. H.

Wireless Sensor Networks, Architectures and Protocols 2003

Boca Raton, Fla, USA

Auerbach Publications, Taylor & Francis Group

Perrig

Szewczyk

Wen

Culler

Tygar

J. D.

SPINS: security protocols for sensor networks

Proceedings of the 7th Annual International Conference on Mobile Computing and Networking (MOBBICOM '01)

July 2001

Rome, Italy

189 199

2-s2.0-0034771605

Karlof

Sastry

Wagner

TinySec: a link layer security architecture for wireless sensor networks

Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems (SenSys '04)

November 2004

Baltimore, Md, USA

162 175

2-s2.0-26444574670

Luk

Mezzour

Perrig

Gligor

MiniSec: a secure sensor network communication architecture

Proceedings of the 6th International Symposium on Information Processing in Sensor Networks (IPSN '07)

April 2007

Cambridge, Mass, USA

479 488

2-s2.0-35348897342

10.1145/1236360.1236421

Kumar

Cho

Lee

D. S.

Lee

Y. D.

Lee

H. J.

TriSec: a secure data framework for wireless sensor networks using authenticated encryption

International Journal of Maritime Information and Communication Sciences 2010 8 129 135

Karlof

Wagner

Secure routing in wireless sensor networks: attacks and countermeasures

Ad Hoc Networks 2003 1 2-3 293 315

2-s2.0-2942656255

10.1016/S1570-8705(03)00008-8

Benenson

Gartner

Kesdogan

User authentication in sensor network (extended abstract)

Proceedings of the Workshop on Sensor Networks Informatik

September 2004

Ulm, Germany

Jahrestagung der Gesellschaft fur Informatik

Benenson

Gedicke

Raivio

Realizing robust user authentication in sensor networks

Proceedings of the Workshop on Real-World Wireless Sensor Network (REALWSN '05)

June 2005

Stockholm, Sweden

Wong

K. H. M.

Zheng

Cao

Wang

A dynamic user authentication scheme for wireless sensor networks

Proceedings of IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC '06)

June 2006

Taichung, Taiwan

244 251

2-s2.0-33845458336

10.1109/SUTC.2006.1636182

10.

Tseng

H. R.

Jan

R. H.

Yang

An improved dynamic user authentication scheme for wireless sensor networks

Proceedings of the IEEE Global Communications Conference (GLOBECOM '07)

November 2007

Washington, DC, USA

986 990

11.

Buttyán

Hubaux

J. P.

Stimulating cooperation in self-organizing mobile ad hoc networks

Mobile Networks and Applications 2003 8 5 579 592

2-s2.0-0042660545

10.1023/A:1025146013151

12.

Durresi

Paruchuri

Secure communication among cell phones and sensor networks

Proceedings of IEEE Global Telecommunications Conference (GLOBECOM '09)

December 2009

2-s2.0-77951561120

10.1109/GLOCOM.2009.5426002

13.

Deng

Han

Y. S.

Chen

Varshney

P. K.

A key management scheme for wireless sensor networks using deployment knowledge

Proceedings of the 23rd Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM '04)

March 2004

586 597

2-s2.0-8344262333

14.

Durresi

Bulusu

Paruchuri

Durresi

Jain

Key distribution in mobile heterogeneous sensor networks

Proceedings of IEEE Global Telecommunications Conference (GLOBECOM '06)

November-December 2006

2-s2.0-50949117721

10.1109/GLOCOM.2006.943

15.

Barkan

Biham

Keller

Instant ciphertext-only cryptanalysis of GSM encrypted communication

Journal of Cryptology 2008 21 3 392 429

2-s2.0-43449099742

10.1007/s00145-007-9001-y

16.

Mojtaba

A. M.

Mostafa

A. M.

Shahbahrami

Evaluation of security attacks on UMTS, authentication mechanism

International Journal of Network Security & Its Applications (IJNSA) 2012 4 4

17.

Chen

T. H.

Shih

W. K.

A robust mutual authentication protocol for wireless sensor networks

ETRI Journal 2010 32 5 704 712

2-s2.0-78049334450

10.4218/etrij.10.1510.0134

18.

Kumar

Choudhury

A. J.

Sain

Lee

S. G.

Lee

H. J.

RUASN: a robust user authentication framework for wireless sensor networks

Sensors 2011 11 5 5020 5046

2-s2.0-79957718973

10.3390/s110505020

19.

Bruce

Lee

H. J.

A secure authentication protocol among mobile phone and wireless sensor networks

Proceedings of the 15th International Conference on Advanced Computing Technologies (ICACT '13)

January 2013

Phoenix Park, Republic of Korea

52 59

20.

Watro

Kong

Cuti

S. F.

Gardiner

Lynn

Kruus

TinyPK: securing sensor networks with public key technology

Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '04)

October 2004

Washington, DC, USA

59 64

2-s2.0-14844304757

21.

Tseng

H. R.

Jan

R. H.

Yang

An improved dynamic user authentication scheme for wireless sensor networks

Proceedings of the 50th Annual IEEE Global Telecommunications Conference (GLOBECOM '07)

November 2007

986 990

2-s2.0-39349093196

10.1109/GLOCOM.2007.190

22.

Chien

H. Y.

Jan

J. K.

Tseng

Y. M.

An efficient and practical solution to remote authentication: smart card

Computers & Security 2002 21 4 372 375

2-s2.0-0036302680

10.1016/S0167-4048(02)00415-7

23.

Chen

T. H.

Hsiang

H. C.

Shih

W. K.

Security enhancement on an improvement on two remote user authentication schemes using smart cards

Future Generation Computer Systems 2011 27 4 377 380

10.1016/j.future.2010.08.007

Improved Security Patch on Secure Communication among Cell Phones and Sensor Networks

Abstract

1. Introduction

2. Review of Arjan et al.'s Scheme

2.1. Review on Using Secure Infrastructure and Asymmetric Cryptography Scheme

2.2. Review on Using Secure Infrastructure and Symmetric Cryptography Scheme

3. Cryptanalysis and Weakness of Arjan et al.'s Schemes

4. Proposed Security Improvements

4.1. Protection against Man-in-the-Middle-Attack

4.2. Protection against Reply Attack with Mutual Authentication between Cell Phone and Gateway

4.2.1. Using Secure Infrastructure and Asymmetric Cryptography Scheme

4.2.2. Using Secure Infrastructure and Symmetric Cryptography Scheme

5. Performance Analysis of Proposed Scheme

5.1. Security Analysis

5.2. Performance Comparison among Existing Protocols

6. Conclusion

Footnotes

Acknowledgments

References