Sage Journals: Discover world-class research

Abstract

The user authentication scheme in ubiquitous wireless sensor networks (WSNs) is an important security mechanism that allows users to access sensors through wireless networks. Therefore, many user authentication schemes in ubiquitous WSNs have been proposed. However, many user authentication schemes are vulnerable to impersonation attacks, parallel session attacks, password guessing attacks, stolen smart card attacks, and so forth. In this paper, we propose a secure and efficient user authentication scheme for use in ubiquitous WSNs. Our proposed scheme is secure against various attacks and provides mutual authentication and session key establishment. Furthermore, our proposed scheme is efficient at using the hash function and exclusive-OR operation.

1. Introduction

In a ubiquitous wireless sensor network (WSN), a sensor is configured as a network. WSN technology has been actively researched globally and has expanded into a ubiquitous paradigm that can access a computing environment anytime and anywhere [1–3]. The main characteristics of a WSN include the following: power consumption constraints for nodes using batteries or energy harvesting, ability to cope with node failures, mobility of nodes, communication failures, heterogeneity of nodes, scalability to large-scale deployment, ability to withstand harsh environmental conditions, and ease of use [4].

WSN-related software platforms such as TinyOS [5], Nano-Qplus [6], Contiki [7], and LiteOS [8] support a variety of standards and protocols. WSN-related standards include 6LoWPAN [9] by the Internet Engineering Task Force (IETF), ROLL [10] by the IETF, CoRE [11] by the IETF, ZigBee [12], Wireless HART [13], and ISA 100 [14].

Some applications of ubiquitous WSN technology include area monitoring, environmental/earth monitoring, industrial monitoring, agriculture, passive localization and tracking, and smart home monitoring [15, 16]. In these applications, the ubiquitous WSN must have a user authentication scheme in which the user has secure access to the sensor nodes. As a result, many user authentication schemes have been proposed for ubiquitous WSNs. However, the existing proposed schemes are vulnerable to various attacks and are not efficient. Therefore, in this paper, we propose a secure and efficient user authentication and key-establishment scheme for use in ubiquitous WSNs.

This study is organized as follows. Section 2 describes related work, and Section 3 proposes a secure and efficient user authentication scheme for ubiquitous WSNs. In Section 4, we analyze and compare related work. Section 5 presents our conclusion.

2. Related Work

In 2004, Watro et al. [17] proposed TinyPK, a user authentication scheme that uses RSA and the Diffie-Hellman algorithm. However, Das [18] proposed that TinyPK is vulnerable to “masquerade as sensor node to an unknowing user” attack. In 2006, Wong et al. [19] proposed a dynamic strong-password-based scheme to address this access control problem and adapted it into the WSN environment. Their scheme imposes a very light computational load and requires simple operations, such as a one-way hash function and exclusive-OR. Unfortunately, Das also proposed that in Wong et al.'s scheme, many logged-in users are vulnerable to the same login-id attack and stolen-verifier attack.

Das [18] proposed a user authentication scheme that eliminates the weaknesses of Wong et al.'s scheme and provides better security and efficiency. Later, Nyang and Lee [20] found that Das's scheme is vulnerable to an offline password guessing attack by insiders and showed a security-enhanced user authentication scheme to overcome this vulnerability without sacrificing efficiency and usability.

In 2010, He et al. [21] demonstrated that Das's scheme suffers from insider attacks and impersonation attacks, and users cannot change their passwords. As a solution to these weaknesses in Das's scheme, He et al. [21] proposed an enhanced two-factor user authentication scheme. In the same year, Khan and Alghathbar [22] found that Das's scheme is vulnerable to gateway ( $G W$ )-node bypassing attacks, does not provide mutual authentication between the $G W$ node and sensor nodes, is vulnerable to insider attacks, and does not have provisions for changing or updating registered users’ passwords. To overcome these security weaknesses of Das's scheme, they proposed improvements and security patches. Unfortunately, Kumar and Lee [23] pointed out the vulnerabilities of He et al.'s and Khan and Alghathbar's schemes. First, Kumar and Lee found that He et al.'s scheme is susceptible to information-leakage attacks and cannot preserve user anonymity, does not provide mutual authentication between the sensor and the user, and does not establish a session key between the user and the sensor node. Second, they found that Khan and Alghathbar's scheme does not provide mutual authentication between the sensor and the user, does not establish a session key between the user and the sensor node, and does not provide confidentiality for their air message.

Further, Huang et al. [24] found that Das's scheme is still vulnerable to masquerade attacks and cannot provide user anonymity, so they proposed an improvement to remedy these weakness. In addition, Vaidya et al. [25] showed that both Das's scheme and Khan and Alghathbar's scheme have flaws and remain vulnerable to various attacks including stolen smart card attacks. Thus, they proposed an improved two-factor user authentication that is resilient to stolen smart card attacks as well as other common types of attacks. Chen and Shih [26] found that Das's scheme cannot provide mutual authentication. To address this problem, they proposed a robust mutual authentication scheme for WSN. Recently, Xue et al. [27] proposed a temporal credential-based mutual authentication and key agreement scheme for WSNs.

3. The Proposed Scheme

In this section, we propose a secure and efficient user authentication scheme for use in ubiquitous WSNs. The $G W$ node selects a master secret key x and a secret number y, computes $h (S I D_{j} ∥ h (y) ∥ N_{j})$ , and shares them with sensor node $S_{j}$ through a secure channel, where $S I D_{j}$ is the identity of jth sensor node, and $N_{j}$ is a random nonce of each jth sensor node generated by the $G W$ node. This scheme consists of four phases: registration, login, authentication and key establishment, and password change.

3.1. Notation

Table 1 summarizes the notation used to describe our proposed scheme.

Table 1

Notation of our proposed scheme.

$U_{i}$ : ith user
$G W$ : Gateway node
$S_{j}$ : jth sensor node
$I D_{i}$ : Identity of ith user
$P W_{i}$ : Password of ith user
$S I D_{j}$ : Identity of jth sensor node
$D I D_{i}$ : Dynamic identity of ith user
x: Master secret key for gateway node
y: Secret number of gateway node
$N_{j}$ : Random nonce of each jth sensor node generated by gateway node
T: Timestamp
$h (\cdot)$ : A one-way hash function
⊕: Exclusive-OR operation
$∥$ : Concatenation operation
$A \to B : X$ : X is transmitted from A to B

3.2. Registration Phase

Figure 1 illustrates the procedure of the registration phase. When a new user $U_{i}$ wants to register with the $G W$ node, he/she performs the following steps.

Figure 1

Registration phase of our proposed scheme.

Step R1 $(U_{i} \to G W : {I D_{i}, h (I D_{i} ∥ P W_{i}), h (b \oplus P W_{i})})$ . The user $U_{i}$ selects a random number b, an identity $I D_{i}$ , and a password $P W_{i}$ , computes $h (I D_{i} ∥ P W_{i})$ and $h (b \oplus P W_{i})$ , and sends $I D_{i}$ , $h (I D_{i} ∥ P W_{i})$ , $h (b \oplus P W_{i})$ to the $G W$ node for registration via a secure channel.

Step R2 $(G W \to U_{i} : {smart card [A_{i}, D_{i}, E_{i}, h (y), h (\cdot)]})$ . The $G W$ node computes the following:

\begin{matrix} A_{i} = h (h (I D_{i} ∥ P W_{i}) ∥ h (b \oplus P W_{i})) \\ B_{i} = h (x ∥ I D_{i}) \\ D_{i} = B_{i} \oplus h (x ∥ y) \\ E_{i} = h (I D_{i} ∥ P W_{i}) \oplus h (B_{i} ∥ h (x ∥ y)) . \end{matrix}

(3.2)

Then the

G W

node issues a smart card containing

[A_{i}, D_{i}, E_{i}, h (y), h (\cdot)]

and delivers it to

U_{i}

via a secure channel.

Step R3. $U_{i}$ enters b into his/her smart card, and the smart card contains $[A_{i}, D_{i}, E_{i}, b, h (y), h (\cdot)]$ .

3.3. Login Phase

If the user $U_{i}$ wants to access jth sensor node $S_{j}$ , he/she performs the following steps.

Step L1. $U_{i}$ inserts his/her smart card into the device and inputs the identity $I D_{i}$ and the password $P W_{i}$ .

Step L2. The smart card computes $h (I D_{i} ∥ P W_{i})$ , $h (b \oplus P W_{i})$ , $A_{i}^{'} = h (h (I D_{i} ∥ P W_{i}) ∥ h (b \oplus P W_{i}))$ and checks whether $A_{i}^{'}$ is equal to $A_{i}$ . If they are not equal, the procedure is terminated. Otherwise, the following steps are performed.

Step L3. The smart card computes the following:

\begin{matrix} D I D_{i} = h (b \oplus P W_{i}) \oplus h (h (I D_{i} ∥ P W_{i}) ∥ S I D_{j} ∥ T_{1}) \\ C_{1} = h (h (b \oplus P W_{i}) ∥ h (I D_{i} ∥ P W_{i}) ∥ S I D_{j} ∥ T_{1}), \end{matrix}

(2)

where

T_{1}

is the current timestamp of

U_{i}

's system.

Step L4 $(U_{i} \to G W : {D I D_{i}, S I D_{j}, D_{i}, E_{i}, C_{1}, T_{1}})$ . $U_{i}$ sends $D I D_{i}$ , $S I D_{j}$ , $D_{i}$ , $E_{i}$ , $C_{1}$ , and $T_{1}$ to the $G W$ node.

3.4. Authentication and Key Establishment Phase

The procedure that is followed in the authentication and key establishment phase is illustrated in Figure 2. After receiving the login request message ${D I D_{i}, S I D_{j}, D_{i}, E_{i}, C_{1}, T_{1}}$ from user $U_{i}$ , the $G W$ node performs the following steps.

Figure 2

Step A1 (the $G W$ node validates timestamp $T_{1}$ ). If $| T^{*} - T_{1} | \leq Δ T$ , then the $G W$ node proceeds to the next step, where $Δ T$ is the expected time interval for the transmission delay and $T^{*}$ is the current timestamp of the $G W$ node. Otherwise, the procedure is terminated. The $G W$ node computes the following:

\begin{matrix} B_{i} = D_{i} \oplus h (x ∥ y) \\ h (I D_{i} ∥ P W_{i}) = E_{i} \oplus h (B_{i} ∥ h (x ∥ y)) \\ h (b \oplus P W_{i}) = D I D_{i} \oplus h (h (I D_{i} ∥ P W_{i}) ∥ S I D_{j} ∥ T_{1}) \\ C_{1}^{'} = h (h (b \oplus P W_{i}) ∥ h (I D_{i} ∥ P W_{i}) ∥ S I D_{j} ∥ T_{1}) . \end{matrix}

(3)

Then the $G W$ node checks whether $C_{1}^{'}$ is equal to $C_{1}$ . If they are equal, the $G W$ node accepts the login request and computes the following:

\begin{array}{l} D I D_{i}^{'} = h (b \oplus P W_{i}) \\ \oplus h (h (I D_{i} ∥ P W_{i}) ∥ h (S I D_{j} ∥ h (y) ∥ N_{j}) ∥ T_{2}) \\ C_{2} = h (I D_{i} ∥ P W_{i}) \oplus h (S I D_{j} ∥ h (y) ∥ N_{j}) \\ C_{3} = h (h (b \oplus P W) ∥ h (I D_{i} ∥ P W_{i}) \\ \times ∥ h (S I D_{j} ∥ h (y) ∥ N_{j}) ∥ T_{2}), \end{array}

(4)

where

T_{2}

is the current timestamp of

G W

node's system.

Step A2 ( $G W \to S_{j} : {D I D_{i}^{'}, C_{2}, C_{3}, T_{2}}$ ). The $G W$ node sends $D I D_{i}^{'}$ , $C_{2}$ , $C_{3}$ , and $T_{2}$ to sensor node $S_{j}$ .

Step A3 ( $S_{j}$ validates timestamp $T_{2}$ ). If $| T^{*} - T_{2} | \leq Δ T$ , then $S_{j}$ proceeds to the next step, where $Δ T$ is the expected time interval for the transmission delay and $T^{*}$ is the current timestamp of $S_{j}$ . Otherwise, the procedure is terminated. $S_{j}$ computes the following:

\begin{array}{l} h (I D_{i} ∥ P W_{i}) = C_{2} \oplus h (S I D_{j} ∥ h (y) ∥ N_{j}) \\ h (b \oplus P W_{i}) \\ = D I D_{i}^{'} \\ \oplus h (h (I D_{i} ∥ P W_{i}) ∥ h (S I D_{j} ∥ h (y) ∥ N_{j}) ∥ T_{2}) \\ C_{3}^{'} = h (h (b \oplus P W) ∥ h (I D_{i} ∥ P W_{i}) \\ \times ∥ h (S I D_{j} ∥ h (y) ∥ N_{j}) ∥ T_{2}) . \end{array}

(5)

Then $S_{j}$ checks whether $C_{3}^{'}$ is equal to $C_{3}$ . If they are equal, $S_{j}$ authenticates $G W$ and $U_{i}$ , generates K, and computes the following:

\begin{matrix} C_{4} = K \oplus h (h (b \oplus P W_{i}) ∥ h (S I D_{j} ∥ h (y) ∥ N_{j}) ∥ T_{3}) \\ C_{5} = h (K ∥ h (b \oplus P W_{i}) ∥ h (S I D_{j} ∥ h (y) ∥ N_{j}) ∥ T_{3}), \end{matrix}

(6)

where

T_{3}

is the current timestamp of

S_{j}

sensor node's system.

Step A4 ( $S_{j} \to G W : {C_{4}, C_{5}, T_{3}}$ ). $S_{j}$ sends $C_{4}$ , $C_{5}$ , and $T_{3}$ to the $G W$ node.

Step A5 (the $G W$ node validates timestamp $T_{3}$ ). If $| T^{*} - T_{3} | \leq Δ T$ , then the $G W$ node proceeds to the next step, where $Δ T$ is the expected time interval for the transmission delay, and $T^{*}$ is the current timestamp of the $G W$ node. Otherwise, the procedure is terminated. The $G W$ node computes the following:

\begin{matrix} K = C_{4} \oplus h (h (b \oplus P W_{i}) ∥ h (S I D_{j} ∥ h (y) ∥ N_{j}) ∥ T_{3}) \\ C_{5}^{'} = h (K ∥ h (b \oplus P W_{i}) ∥ h (S I D_{j} ∥ h (y) ∥ N_{j}) ∥ T_{3}) . \end{matrix}

(7)

Then the $G W$ node checks whether $C_{5}^{'}$ is equal to $C_{5}$ . If they are not equal, the procedure is terminated. Otherwise, $G W$ authenticates $S_{j}$ and computes the following:

\begin{matrix} C_{6} = K \oplus h (h (b \oplus P W_{i}) ∥ h (S I D_{j} ∥ h (y)) ∥ T_{4}) \\ C_{7} = h (K ∥ h (b \oplus P W_{i}) ∥ h (S I D_{j} ∥ h (y)) ∥ T_{4}), \end{matrix}

(8)

where

T_{4}

is the current timestamp of the

G W

node's system.

Step A6 ( $G W \to U_{i} : {C_{6}, C_{7}, T_{4}}$ ). The $G W$ node sends $C_{6}$ , $C_{7}$ , and $T_{4}$ to $U_{i}$ .

Step A7 ( $U_{i}$ validates timestamp $T_{4}$ ). If $| T^{*} - T_{4} | \leq Δ T$ , then the $G W$ node proceeds to the next step, where $Δ T$ is the expected time interval for the transmission delay and $T^{*}$ is the current timestamp of $U_{i}$ . Otherwise, the procedure is terminated. $U_{i}$ computes the following:

\begin{matrix} K = C_{6} \oplus h (h (b \oplus P W_{i}) ∥ h (S I D_{j} ∥ h (y)) ∥ T_{4}) \\ C_{7}^{'} = h (K ∥ h (b \oplus P W_{i}) ∥ h (S I D_{j} ∥ h (y)) ∥ T_{4}) . \end{matrix}

(9)

Then

U_{i}

checks whether

C_{7}^{'}

is equal to

C_{7}

. If they are equal,

U_{i}

authenticates

G W

and

S_{j}

, and the mutual authentication process is completed. After the mutual authentication process,

U_{i}

and

S_{j}

compute

S K = h (K ∥ h (b \oplus P W_{i}) ∥ h (I D_{i} ∥ P W_{i}) ∥ S I D_{j})

for future secure communication.

3.5. Password Change Phase

The procedure that is followed in the password change phase is depicted in Figure 3. If user $U_{i}$ wants to change his/her password, he/she performs the following steps.

Figure 3

Password change phase of our proposed scheme.

Step P1. $U_{i}$ inserts his/her smart card into the device and inputs the identity $I D_{i}$ and the password $P W_{i}$ .

Step P2. The smart card computes $h (I D_{i} ∥ P W_{i})$ , $h (b \oplus P W_{i})$ , and $A_{i}^{'} = h (h (I D_{i} ∥ P W_{i}) ∥ h (b \oplus P W_{i}))$ and checks whether $A_{i}^{'}$ is equal to $A_{i}$ . If they are not equal, the procedure is terminated. Otherwise, the smart card requests a new password for $U_{i}$ .

Step P3. $U_{i}$ inputs the new password $P W_{i}^{n e w}$ and a new random number $b^{n e w}$ .

Step P4. The smart card computes the following:

\begin{array}{l} h (I D_{i} ∥ P W_{i}^{n e w}), h (b \oplus P W_{i}^{n e w}) \\ A_{i}^{n e w} = h (h (I D_{i} ∥ P W_{i}^{n e w}) ∥ h (b^{n e w} \oplus P W_{i}^{n e w})) \\ E_{i}^{n e w} = E_{i} \oplus h (I D_{i} ∥ P W_{i}) \oplus h (I D_{i} ∥ P W_{i}^{n e w}) \\ = h (I D_{i} ∥ P W_{i}^{n e w}) \oplus h (B_{i} ∥ h (x ∥ y)) . \end{array}

(10)

Then the smart card replaces

A_{i}

with

A_{i}^{n e w}

and

E_{i}

with

E_{i}^{n e w}

4. Security and Efficiency Analysis of the Proposed Scheme

4.1. Security Analysis

Table 2 compares the security of existing schemes with that of our proposed scheme. Our scheme uses the security properties described in the following subsections.

Table 2

Security analysis of the compared schemes.

Scheme	Section 4.1.1	Section 4.1.2	Section 4.1.3	Section 4.1.4	Section 4.1.5	Section 4.1.6	Section 4.1.7	Section 4.1.8
Das [18]	No	No	No	No	Yes	No	Yes	No
Nyang and Lee [20]	No	Yes	Yes	No	Yes	No	Yes	Yes
He et al. [21]	No	No	Yes	Yes	Yes	No	Yes	No
Khan and Alghathbar [22]	No	Yes	No	No	Yes	No	Yes	No
Huang et al. [24]	No	No	No	No	Yes	No	Yes	No
Vaidya et al. [25]	No	No	No	Yes	Yes	Yes	Yes	Yes
Chen and Shih [26]	No	No	Yes	No	Yes	No	Yes	Yes
Xue et al. [27]	No	Yes	Yes	No	Yes	Yes	Yes	Yes
Proposed scheme	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes

4.1.1. User Anonymity

Even if an attacker eavesdrops on $U_{i}$ 's login request message ${D I D_{i}, S I D_{j}, D_{i}, E_{i}, C_{1}, T_{1}}$ in the login phase, the attacker cannot obtain $U_{i}$ 's identity $I D_{i}$ from $D I D_{i}$ , $D_{i}$ , $E_{i}$ , and $C_{1}$ , because x, y, b, and $P W_{i}$ are not known. Furthermore, even if the attacker obtains $U_{i}$ 's smart card, he/she cannot obtain $U_{i}$ 's $I D_{i}$ . Therefore, the proposed scheme achieves user anonymity.

4.1.2. Impersonation Attack

Because an attacker cannot know x, y, b, $I D_{i}$ , and $P W_{i}$ , he/she cannot compute the login request message ${D I D_{i}, S I D_{j}, D_{i}, E_{i}, C_{1}, T_{1}}$ . Although the attacker is a legitimate user of the system, he/she cannot compute the login request message without knowing x, y, b, $I D_{i}$ , and $P W_{i}$ . If the attacker also eavesdrops on $U_{i}$ 's login request message ${D I D_{i}, S I D_{j}, D_{i}, E_{i}, C_{1}, T_{1}}$ , he/she cannot compute $D I D_{i}$ and $C_{1}$ without knowing b, $I D_{i}$ , and $P W_{i}$ . Even though the attacker obtains $U_{i}$ 's smart card, he/she cannot compute $D I D_{i}$ and $C_{1}$ , because $I D_{i}$ and $P W_{i}$ are not known.

4.1.3. Parallel Session Attack

Suppose an attacker eavesdrops on a login request message ${D I D_{i}, S I D_{j}, D_{i}, E_{i}, C_{1}, T_{1}}$ and the mutual authentication message ${C_{6}, C_{7}, T_{4}}$ ; then the attacker masquerades as a legitimate user to start a new session with the $G W$ node by sending ${D I D_{i}^{'}, S I D_{j}, D_{i}, E_{i}, C_{1}^{'}, T_{4}}$ back to the $G W$ node, where $D I D_{i}^{'} = C_{6}$ and $C_{1}^{'} = C_{7}$ . The $G W$ node computes $M_{1} = D I D_{i}^{'} \oplus h (h (I D_{i} ∥ P W_{i}) ∥ S I D_{j} ∥ T_{4})$ and $M_{2} = h (M_{1} ∥ h (I D_{i} ∥ P W_{i}) ∥ S I D_{j} ∥ T_{4})$ and checks whether $M_{2}$ is equal to $C_{1}^{'}$ . If they are not equal, the attacker cannot authenticate from the $G W$ node.

4.1.4. Password Guessing Attack

Even when an attacker eavesdrops on $U_{i}$ 's login request message ${D I D_{i}, S I D_{j}, D_{i}, E_{i}, C_{1}, T_{1}}$ , the attacker cannot guess $U_{i}$ 's password $P W_{i}$ from login request message ${D I D_{i}, S I D_{j}, D_{i}, E_{i}, C_{1}, T_{1}}$ . This is because the attacker cannot determine the x, y, b, and $I D_{i}$ from login request message ${D I D_{i}, S I D_{j}, D_{i}, E_{i}, C_{1}, T_{1}}$ due to the nature of the one-way hash function.

4.1.5. Replay Attack

We assume that an attacker intercepts $U_{i}$ 's login request message ${D I D_{i}, S I D_{j}, D_{i}, E_{i}, C_{1}, T_{1}}$ in the login phase. The attacker is replaying the intercepted message to authenticate but cannot authenticate from the server, because the timestamp $T_{1}$ fails to validate. Although the attacker generates the correct timestamp T, he/she cannot compute the correct login request message, because b, $I D_{i}$ , and $P W_{i}$ are not known.

4.1.6. Stolen Smart Card Attack

We assume that an attacker steals $U_{i}$ 's smart card or extracts information from $U_{i}$ 's smart card. However, the attacker cannot compute the login request message without knowing $I D_{i}$ and $P W_{i}$ . In addition, the attacker cannot obtain $I D_{i}$ and $P W_{i}$ through the extracted information because of the nature of the one-way hash function. Therefore, the proposed scheme is resilient against stolen smart card attacks because the $I D_{i}$ and $P W_{i}$ cannot be obtained from $U_{i}$ 's stolen smart card.

4.1.7. Stolen-Verifier Attack

The proposed scheme can resist stolen-verifier attacks. In other words, in the proposed scheme, the $G W$ node does not store the verifier/password table for verification, so the attacker cannot obtain verification.

4.1.8. Mutual Authentication

The $G W$ node can authenticate the user by checking $C_{1}$ in Step A1 of the authentication and key establishment phase, and the sensor node can authenticate the user and the $G W$ node by checking $C_{3}$ in Step A3 of the authentication and key establishment phase. Likewise, the $G W$ node can authenticate the sensor node by checking $C_{5}$ in Step A5 of the authentication and key establishment phase, and the user can authenticate the $G W$ node and sensor node by checking $C_{7}$ in Step A7 of the authentication and key establishment phase.

4.2. Efficiency Analysis

Table 3 compares the performance of existing schemes with that of our proposed scheme. Our proposed scheme incurs less computational overhead than Nyang and Lee's [20] or Xue et al.'s [27] schemes. Although our proposed scheme incurs slightly more computational overhead than conventional schemes, it is more secure against various attacks than conventional schemes [18, 21, 22, 24, 25, 27].

Table 3

Performance analysis of the compared schemes.

Scheme	Registration phase			Login and authentication phase			Total
Scheme	User	GW	Sensor	User	GW	Sensor	Total
Das [18]	∙	3T(h) + 1T(⊕)	∙	4T(h) + 1T(⊕)	3T(h) + 2T(⊕)	1T(h)	11T(h) + 4T(⊕)
Nyang and Lee [20]	∙	3T(h) + 1T(⊕)	∙	4T(h) + 1T(⊕) + 2T(K) + 1T(M) + 1T(D)	2T(h) + 2T(⊕) + 4T(K) + 1T(M) + 1T(E)	2T(K) + 2T(M) + 1T(E) + 1T(D)	9T(h) + 4T(⊕) + 8T(K) + 4T(M) + 2T(E) + 2T(D)
He et al. [21]	1T(h) + 1T(⊕)	5T(h) + 2T(⊕)	∙	5T(h) + 2T(⊕)	4T(h) + 2T(⊕)	1T(h)	16T(h) + 7T(⊕)
Khan and Alghathbar [22]	1T(h)	2T(h) + 1T(⊕)	∙	4T(h) + 1T(⊕)	4T(h) + 2T(⊕)	2T(h)	13T(h) + 4T(⊕)
Huang et al. [24]	∙	4T(h) + 1T(⊕)	∙	4T(h) + 1T(⊕)	4T(h) + 2T(⊕)	2T(h)	14T(h) + 3T(⊕)
Vaidya et al. [25]	1T(h)	4T(h) + 3T(⊕)	∙	6T(h) + 3T(⊕)	4T(h) + 3T(⊕)	2T(h) + 1T(⊕)	17T(h) + 10T(⊕)
Chen and Shih [26]	∙	3T(h) + 1T(⊕)	∙	5T(h) + 1T(⊕)	4T(h) + 2T(⊕)	1T(h)	13T(h) + 4T(⊕)
Xue et al. [27]	2T(h)	7T(h) + 2T(⊕)	3T(h)+ 1T(⊕)	9T(h) + 6T(⊕)	13T(h) + 7T(⊕)	6T(h) + 4T(⊕)	40T(h) + 20T(⊕)
Proposed scheme	2T(h) + 1T(⊕)	4T(h) + 2T(⊕)	∙	9T(h) + 3T(⊕)	12T(h) + 7T(⊕)	5T(h) + 3T(⊕)	33T(h) + 16T(⊕)

h: hash function operation; ⊕: XOR operation; K: key derivation function operation; M: message authentication code; E: symmetric encryption; D: symmetric decryption.

5. Results

5.1. Simulation Environments

In Section 4.2, we compared the performance of existing schemes with that of our proposed scheme. As a result, we implemented a simulation for various schemes. The simulation was performed and evaluated in a standard PC environment. The algorithm for the schemes was implemented using JAVA, and the simulation environment was evaluated with an Intel Core i5-2537 M (1.40 MHz) with 4 GB of RAM.

5.2. Simulation Results

Our simulation calculated the average time to perform the 10 simulation tests because the measured results were slightly different each time. Figure 4 shows the measured results for users performing the login and authentication phase. As shown in Figure 4, our proposed scheme incurs a little more computational time than existing schemes [18, 21, 22, 24–26]. However, our proposed scheme is more secure against various attacks than existing schemes and provides mutual authentication between the user and the $G W$ node, between the user and the sensor nodes, and between the $G W$ node and the sensor nodes. If our proposed scheme performs authentication to the $G W$ node and the sensor nodes only in the authentication phase, it will show measured results similar to the existing schemes [18, 21, 22, 24–26].

Figure 4

Analysis of time according to number of users.

6. Conclusion

In this paper, we proposed a secure and efficient mutual user authentication and key establishment scheme that can be used in ubiquitous WSNs. The proposed scheme provides mutual authentication between the user and the $G W$ node, between the user and the sensor node, and between the $G W$ node and the sensor node. Compared with existing schemes, the proposed scheme has been proven to be secure against various attacks. In addition, the proposed scheme is computationally efficient compared with existing schemes.

Footnotes

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

This work was supported by the National Research Foundation of Korea (NRF) Grant funded by the Korean government (MSIP) (no. NRF-2012R1A2A2A01010886). This work was supported by the Soonchunhyang University Research Fund.

References

Yoon

Kim

Y. K.

Chang

J. W.

An energy-efficient routing protocol using message success rate in wireless sensor networks

Journal of Convergence 2013 4 1 15 22

Huang

Cheng

R. H.

Chen

S. R.

C. I.

Enhancing network availability by tolerance control in multi-sink wireless sensor networks

Journal of Convergence 2010 1 1 15 22

Ponomarchuk

Seo

D. W.

Intrusion detection based on traffic analysis and fuzzy inference system in wireless sensor networks

Journal of Convergence 2010 1 1 35 42

Wikipedia, http://www.wikipedia.org/

TinyOS, http://www.tinyos.net/

NanoQplus, https://sites.google.com/site/nanoqplusos/

Contiki, http://www.contiki.com/

LiteOS http://code.google.com/p/liteos/

6LoWPAN, http://tools.ietf.org/wg/6lowpan/

10.

ROLL, http://tools.ietf.org/wg/roll/

11.

Core, http://tools.ietf.org/wg/core/

12.

ZigBee, http://www.zigbee.org/

13.

Wireless HART, http://www.hartcomm.org/

14.

ISA 100, http://www.isa.org/isa100/

15.

Shiha

Lobiyal

D. K.

Performance evaluation of data aggregation for cluster-based wireless sensor network

Human-Centric Computing and Information Sciences 2013 3, article 13 1 17

16.

Lee

H. R.

Chung

K. Y.

Jhang

K. S.

A study of wireless sensor network routing protocols for maintenance access hatch condition surveillance

Journal of Information Processing Systems 2013 9 2 237 246

17.

Watro

Kong

Cuti

S.-F.

Gardiner

Lynn

Kruus

TinyPK: securing sensor networks with public key technology

Proceedings of the 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '04)

October 2004

Washington, DC, USA

59 64

2-s2.0-14844304757

18.

Das

M. L.

Two-factor user authentication in wireless sensor networks

IEEE Transactions on Wireless Communications 2009 8 3 1086 1090

2-s2.0-62949130774

10.1109/TWC.2008.080128

19.

Wong

K. H. M.

Zheng

Cao

Wang

A dynamic user authentication scheme for wireless sensor networks

Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC ′06)

June 2006

Taichung, Taiwan

244 251

2-s2.0-33845458336

10.1109/SUTC.2006.1636182

20.

Nyang

Lee

M. K.

Improvement of das's two-factor authentication protocol in wireless sensor networks

Cryptology EPrint Archive. Report 2009 2009/631

21.

Gao

Chan

Chen

An enhanced two-factor user authentication scheme in wireless sensor networks

Ad-Hoc and Sensor Wireless Networks 2010 10 4 361 371

2-s2.0-78650459565

22.

Khan

M. K.

Alghathbar

Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’

Sensors 2010 10 3 2450 2459

2-s2.0-77955495427

10.3390/s100302450

23.

Kumar

Lee

H.-J.

Cryptanalysis on two user authentication protocols using smart card for wireless sensor networks

Proceedings of the Wireless Advanced (WiAd ′11)

June 2011

London, UK

241 245

2-s2.0-80052427734

10.1109/WiAd.2011.5983262

24.

Huang

H.-F.

Chang

Y.-F.

Liu

C.-H.

Enhancement of two-factor user authentication in wireless sensor networks

Proceedings of the 6th International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIHMSP ′10)

October 2010

Darmstadt, Germany

27 30

2-s2.0-78650442232

10.1109/IIHMSP.2010.14

25.

Vaidya

Makrakis

Mouftah

H. T.

Improved two-factor user authentication in wireless sensor networks

Proceedings of the 6th Annual IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob '10)

October 2010

Niagara Falls, Canada

600 606

2-s2.0-78650750082

10.1109/WIMOB.2010.5645004

26.

Chen

T.-H.

Shih

W.-K.

A robust mutual authentication protocol for wireless sensor networks

ETRI Journal 2010 32 5 704 712

2-s2.0-78049334450

10.4218/etrij.10.1510.0134

27.

Xue

Hong

Ding

A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks

Journal of Networks and Computer Applications 2013 36 1 316 323

Secure and Efficient User Authentication Scheme in Ubiquitous Wireless Sensor Networks

Abstract

1. Introduction

2. Related Work

3. The Proposed Scheme

3.1. Notation

3.2. Registration Phase

3.3. Login Phase

3.4. Authentication and Key Establishment Phase

3.5. Password Change Phase

4. Security and Efficiency Analysis of the Proposed Scheme

4.1. Security Analysis

4.1.1. User Anonymity

4.1.2. Impersonation Attack

4.1.3. Parallel Session Attack

4.1.4. Password Guessing Attack

4.1.5. Replay Attack

4.1.6. Stolen Smart Card Attack

4.1.7. Stolen-Verifier Attack

4.1.8. Mutual Authentication

4.2. Efficiency Analysis

5. Results

5.1. Simulation Environments

5.2. Simulation Results

6. Conclusion

Footnotes

Conflict of Interests

Acknowledgments

References