Sage Journals: Discover world-class research

Abstract

Wireless sensor networks (WSNs) contain a large number of resource-constrained and energy-limited sensor nodes that are generally deployed in an open environment. Those sensor nodes communicate with each other or with a base station via wireless channels. Therefore, secure access control is an important issue in WSNs because sensor nodes are susceptible to various malicious attacks during the authentication and key establishment phase and the new node addition phase. In this study, we propose a new access control method based on elliptic curve cryptography and the chameleon hash function. This method addresses the security problems in the existing research. It also has additional advantages since it does not require time synchronization between communication nodes, nor does it require node verification tables. In addition to our proposal, the correctness, security, resistance to possible attacks, and the performance of the proposed method are analyzed and evaluated. The results of our study demonstrate that the proposed method has an outstanding performance and fulfills all the requirements for secure communication in WSNs.

1. Introduction

Wireless sensor networks (WSNs) consist of base stations and a large number of resource-constrained and energy-limited sensor nodes that are typically deployed in various environments. Since the base stations and sensor nodes communicate with each other via wireless channels [1], the WSN system is threatened by malicious security attacks.

In WSNs, after a prolonged period of operation, the power of some of the sensor nodes gets exhausted. This occurs due to uneven distribution of radio transmission load or damage caused by unpredictable events. The base station must dynamically add new nodes to the WSN to ensure the coverage and connectivity of sensor nodes. Following the addition of a node, the new node is authenticated by the neighboring nodes, and it establishes shared session keys with them for secure communication.

In order to attack or access communication information, malicious nodes may modify received messages, eavesdrop on transmission messages, insert false messages, or provide misleading information to legitimate sensor nodes. Therefore, access control security is a major concern in WSNs.

Zhou et al. [2] proposed an access control protocol to improve the performance of traditional public-key-based encryption protocols. This protocol was based on the elliptic curve. Each sensor node could sustain for a tolerable time interval before it was compromised, rendering the scheme unsuitable for certain practical applications. Huang [3] proposed an efficient access control protocol based on the elliptic curve and hash chains. This scheme could easily add new nodes and resist various attacks. Kim and Lee [4] proposed an enhanced access control protocol based on the scheme proposed by Huang. Their research indicated that the method proposed by Huang could not resist replay as well as active attacks. Further, it lacked hash chain renewability after the authentication and key establishment phase. In 2010, Shen et al. [5] and Zeng et al. [6] demonstrated that the scheme presented by Kim and Lee was vulnerable to masquerade attacks executed by new as well as legal nodes because it lacked hash chain renewability. In 2012, Lee et al. [7] proposed a practical access control scheme, still based on elliptic curve and hash chain. However, such a large number of key distribution schemes [2–7] are vulnerable to various adversary attacks and had huge storage overhead at the sensors node.

In 2013, Molavi et al. [8] use ECDLP method to solve security problem but still need time synchronization and had more compute time.

Our goal is to solve the problems mentioned above, and we propose a secure and flexible access control protocol. The idea of proposed scheme based on the chameleon hash function [9–12] and Diffie-Hellman key agreement. This proposed method can dynamically and securely add new nodes to the existing networks. Moreover, it overcomes the existing security problems and had a fewer number of transmissions and does not require time synchronization or the verification table.

The remainder of this paper is organized as follows. Section 2 describes the preliminary information relevant to our scheme, that is, the chameleon hash function based on the elliptic curve. In Section 3, the proposed scheme is introduced, followed by the correctness and performance analysis in Section 4. Finally, we draw our conclusions in Section 5.

2. Preliminaries

This section introduces the properties of chameleon hash functions based on elliptic curves [7, 8]. The base station initially chooses a large prime number q, an elliptic curve $E_{q}$ , a point P of order n over $E_{q}$ , a subgroup G with order P, and a cryptographically secure hash function f: $Z_{q} \times G \to Z_{q}$ . Here, M is a message space, and R is a finite space. Two random elements are chosen $k, x \in_{R} Z_{q}^{*}$ , and then $K = k P$ and $Y = x P$ are computed. The public hash key is $H K = (K, Y)$ , and the private trapdoor key is $T K = (k, x)$ .

The proposed chameleon hash function is as follows.

Given the hash key $H K$ , $C H (m, r)$ : $Z_{q} \times Z_{q} \to G$ is defind as

\begin{matrix} C H (m, r) = f (m, k P) k P + r Y . \end{matrix}

(1)

According to [10], the chameleon hash function has the following properties. (1)

Anyone that knows the public key $H K = (K, Y)$ can compute the associated hash function $C H (m, r)$ in polynomial time.

(2)

If the private trapdoor key is not known, it is not possible to find two inputs ( $m_{1}, m_{2}$ ) that are mapped to the same output, such that $C H (m_{1}, r_{1}) = C H (m_{2}, r_{2})$ .

(3)

The holder of the secret key information can easily find collisions for a given input, that is, two messages $m_{1}$ and $m_{2}$ , where $C H (m_{1}, r_{1}) = C H (m_{2}, r_{2})$ .

Note that in signature schemes that use the chameleon hash function, there is a signer and a recipient, and two phases of execution. In the off-line phase, the signer precomputes the chameleon hash values

C H

and the corresponding signatures σ on the hash values. In the online phase, the signer computes a random number r of the chameleon hash function for the given message m such that

C H (m, r) = C H

. The signature for the message m is r, σ. When the recipient receives m, r, σ, it decrypts σ and verifies

C H (m, r) = C H

3. The Proposed Scheme

This section presents the proposed access control method based on the chameleon hash function [9–12] and used twice Diffie-Hellman key exchange. This study used signature parameter to archive robust authentication and key exchange. This method consists of two phases: the initialization phase and the node authentication and key establishment phase. The basic concepts and operations are as follows: (1)

initialization phase: the base station sets the necessary values of the sensor nodes before they are deployed;

(2)

node authentication and key establishment phase: a deployed node engages in mutual authentication with one of its neighboring nodes and then establishes a common session key with the neighboring node for secure communication.

In order to depict the proposed method more clearly, the notations used in this paper are listed in Notations Section.

3.1. Initialization Phase

To set up the network system parameters, the base station initially chooses a large prime number q, an elliptic curve $E_{q}$ , a point P of order n over $E_{q}$ , a subgroup G with order P, and a cryptographically secure hash function f: $Z_{q} \times G \to Z_{q}$ . It then completes the initialization phase by carrying out the following steps.

Step 1.

Choose random elements $x, α \in_{R} Z_{q}^{*}$ as the secret key and then compute the public key $Y = x P$ as well as the chameleon hash value of the base station $C H_{B S} = α Y$ .

Step 2.

Select random numbers $k_{i} \in_{R} Z_{q}^{*}$ as the secret key, where $i = 1,2, 3, \dots, n$ , compute the trapdoor/hash key pair ( $k_{i} x^{- 1}, k_{i} P$ ), and load $k_{i} P$ to node $N_{i}$ .

Step 3.

Compute a security key $r_{i}$ of $C H_{B S}$ for the given m, where $m = N_{i} ∥ k_{i} P^{X}$ of node $N_{i}$ , such that $C H_{B S} = f (m, k_{i} P) \cdot k_{i} P + r_{i} Y$ . Here, $r_{i} = α - f (m, k_{i} P) k_{i} x^{- 1} m o d q$ . Load ( $N_{i}, k_{i} P, r_{i}, C H_{B S}$ ) to node $N_{i}$ and publish $E_{q}, q, n, P, Y$ to all the sensor nodes.

These three steps of the initialization phase are shown in Algorithm 1.

Algorithm 1: Steps of the initialization phase.

The node $N_{i}$ The base station

Preloads Choose secret key $x, α \in_{R} Z_{q}^{*}$

$N_{i}, k_{i} P, r_{i}, C H_{BS}$ Computes public key $Y = x P$

and chameleon hash value

$C H_{BS} = α P$

Generates $k_{i} \in_{R} Z_{q}^{*}$

Computes $k_{i} x^{- 1}, k_{i} P$

and $r_{i} = α - f (m, k_{i} P) k_{i} x^{- 1} \mod q$

$m = N_{i} ∥ k_{i} P^{X}$

3.2. Authentication and Key Establishment Phase

After all the sensor nodes have been deployed, if node $N_{i}$ wants to communicate with another node $N_{j}$ , they must implement the following steps to authenticate each other. Subsequently, they must establish a shared session key for securing their communication.

Step 1.

Node $N_{i}$ chooses a random integer $a \in_{R} Z_{q}^{*}$ to compute the public key $a P$ and $r_{i} Y$ and then sends ( $N_{i}, a P, r_{i} Y, k_{i} P$ ) to the node $N_{j}$ .

Step 2.

Node $N_{j}$ computes the chameleon hash value ${C H}_{B S}^{'}$ of node $N_{i}$ based on the received message ( $N_{i}, a P, r_{i_{i}} Y, k_{i} P$ ). $m = N_{i} ∥ k_{i} P^{X}$ , according to (1), where

\begin{matrix} C H_{B S}^{'} = f (m, k_{i} P) k_{i} P + r_{i} Y . \end{matrix}

(2)

Then, $N_{j}$ compares ${C H}_{B S}^{'}$ with the chameleon hash value of the base station $C H_{B S}$ .

If $C H_{B S}^{'} = C H_{B S}$ , then node $N_{j}$ chooses a random number $b \in_{R} Z_{q}^{*}$ to compute the public key $b P$ and the shared session key $b a P (a b P)$ between $N_{i}$ and $N_{j}$ .

Then, $N_{j}$ uses $r_{j}$ to compute the mutual authentication value $M a v_{N_{j}}$ for the given values of $r_{j}$ and $a b P^{X}$ , where $M a v_{N_{j}} = f ((a b P^{X} ∥ r_{j} r_{i} Y^{X}), k_{j} P)$ . It subsequently delivers the message ( $N_{j}, b P, r_{j} Y, k_{j} P, M a v_{N_{j}}$ ) to node $N_{i}$ .

Step 3.

When node $N_{i}$ receives the message from $N_{j}$ , it also computes the chameleon hash value $m = N_{j} ∥ k_{j} P^{X}$ and ${C H}_{B S}^{'} = f (m, k_{j} P) k_{j} P + r_{j} Y$ of node $N_{j}$ , according to the received message ( $N_{j}, b P, r_{j} Y, k_{j} P, M a v_{N_{j}}$ ) from $N_{j}$ . It then compares $C H_{B S}^{'}$ with the chameleon hash value of the base station $C H_{B S}$ . If $C H_{B S}^{'} = C H_{B S}$ , then node $N_{i}$ computes the shared session key $a b P$ , the mutual authentication value ${M a v}_{N_{j}}^{'}$ for the given $r_{i}$ , and $a b P^{X}$ , where

\begin{matrix} {M a v}_{N_{j}}^{'} = f ((a b P^{X} ∥ r_{i} r_{j} Y^{X}), k_{j} P) . \end{matrix}

(3)

If ${M a v}_{N_{j}}^{'} = M a v_{N_{j}}$ , then the node $N_{j}$ is legitimized, and node $N_{i}$ sends back a mutual authentication value $M a v_{N_{i}}$ for the given $r_{i}$ and $a b P^{X}$ , where

\begin{matrix} M a v_{N_{i}} = f ((a b P^{X} ∥ r_{i} r_{j} Y^{X}), k_{i} P) . \end{matrix}

(4)

Step 4.

When $N_{j}$ receives $M a v_{N_{i}}$ , it also computes the value for ${M a v}_{N_{i}}^{'} = f ((a b P^{X} ∥ r_{j} r_{i} Y^{X}), k_{i} P)$ . If ${M a v}_{N_{i}}^{'} = M a v_{N_{i}}$ , then node $N_{i}$ is authenticated. Otherwise, the value $M a v_{N_{i}}$ is discarded.

The steps of the authentication and the key establishment phase are shown in Algorithm 2.

Algorithm 2: Authentication and key establishment phase.

The Node $N_{i}$ The Node $N_{j}$

Generates $a \overset{N_{i}, a P, r_{i} Y, k_{i} P}{\to}$ Check CH_BS ?= ${C H_{BS}}^{'}$

Compute $a P, r_{i} Y$ Generates b

Compute $b P, b a P, r_{j} Y$

Check $Ma v_{N_{j}} = f ((a b P^{X} ∥ r_{j} r_{i} Y^{X}), k_{j} P)$

CH_BS ?= ${C H_{BS}}^{'}$ $\overset{N_{j}, b P, r_{j} Y, k_{j} P, Ma v_{N_{j}}}{\leftarrow}$

Compute $a b P$

${Ma v^{'}}_{N_{j}} ? = f ((a b P^{X} ∥ r_{i} r_{j} Y^{X}), k_{j} P)$

${Mav}_{N_{i}} = f ((a b P^{X} ∥ r_{i} r_{j} Y^{X}), k_{i} P)$

$\overset{{Mav}_{N_{i}}}{\to}$ Check

${Ma v^{'}}_{N_{i}} ? = f ((a b P^{X} ∥ r_{j} r_{i} Y^{X}), k_{i} P)$

Note that after the sensor network has operated for a certain period of time, new nodes must be deployed in the network to extend its life. For example, for the deployment of a new node $N_{i + 1}$ , the base station adds the new node by following Steps 2 and 3 of the initialization phase outlined in Section 3.1.

4. Analysis of the Proposed Scheme

In this section, we analyze the correctness, the security, and the performance of the proposed access control protocol. The security analysis also shows how the proposed method can resist known security attacks.

4.1. Correctness

In the authentication and key establishment phase, node $N_{j}$ authenticates node $N_{i}$ based on the chameleon hash value of the node $N_{i}$ ; that is, the computed result of $C H_{B S}^{'} = f (m, k_{i} P) \cdot k_{i} P + r_{i} Y$ .

Based on the received message ( $N_{i}, a P, r_{i} Y, k_{i} P$ ) from node $N_{i}$ and the published message of the base station $〈P, Y〉$ , (2) can be rewritten as

\begin{array}{l} C H_{B S}^{'} = f ((N_{i} ∥ k_{i} P^{X}), k_{i} P) \cdot k_{i} P \\ + (α - f ((N_{i} ∥ k_{i} P^{X}), k_{i} P) k_{i} x^{- 1}) \cdot x P \\ = f ((N_{i} ∥ k_{i} P^{X}), k_{i} P) \cdot k_{i} P \\ - f ((N_{i} ∥ k_{i} P^{X}), k_{i} P) k_{i} P + α x P \\ = α Y . \end{array}

(5)

All nodes of the WSN have the same chameleon hash value as the base station; that is,

C H_{B S} = α Y

. This is preloaded by the base station. Therefore, node

N_{j}

can verify the received identification and the hash key

k_{i} P

of node

N_{i}

based on the result of comparison of

C H_{B S}^{'}

with

C H_{B S}

. Moreover, node

N_{i}

also can ensure whether node

N_{j}

is valid by applying the same method that is used by node

N_{j}

. In this case, the received message is from node

N_{j}

If node $N_{i}$ confirms that node $N_{j}$ is valid, a shared session key $a b P$ can be established by using the mutual authentication value ( $M a v_{N_{j}}$ ) of the received message from node $N_{j}$ . Subsequently, $M a v_{N_{j}}^{'}$ can be computed, where

\begin{matrix} {M a v}_{N_{j}}^{'} = f ((a b P^{X} ∥ r_{i} r_{j} Y^{X}), k_{j} P) . \end{matrix}

(6)

Equation (3) can be rewritten as

\begin{array}{l} {M a v}_{N_{j}}^{'} = f ((a b P^{X} ∥ r_{i} r_{j} Y^{X}), k_{j} P) \\ = f ((b a P^{X} ∥ r_{j} r_{i} Y^{X}), k_{j} P) \\ = M a v_{N_{j}} . \end{array}

(7)

On the other hand, the random values a and b are chosen by nodes

N_{i}

and

N_{j}

, respectively. The point P of the Elliptic curve and the public key Y are initially published by the base station. Therefore, node

N_{i}

can obtain the value of

a b P^{X}

using the aforementioned parameters.

r_{i}

N_{i}

's security key. Node

N_{i}

then compares

{M a v}_{N_{j}}^{'}

with

M a v_{N_{j}}

, which are obtained by Diffie-Hellman key exchange. If they are equal, the shared session key has been established. In a similar manner, node

N_{j}

can apply the method used by node

N_{i}

to confirm the mutual authentication value.

4.2. Security Analysis

The proposed scheme utilizes the chameleon hash function and twice Diffie-Hellman key exchange produces the mutual authentication value to establish mutual authentication between communication nodes. This study is constructed of security chameleon hash function, and further proof is in [10, 11]. For example, if nodes $N_{i}$ and $N_{j}$ require mutual authentication, $N_{j}$ will first compare the preloaded chameleon hash value of the base station, $C H_{B S}$ , with the chameleon hash value of node $N_{i}, C H_{B S}^{'}$ , obtained by using (1). However, the calculation of $C H_{B S}^{'}$ requires the ID, the hash key $k_{i} P$ , and the value $r_{i} Y$ of node $N_{i}$ . Thus, the process can authenticate the ID and hash key because computing $C H_{B S}^{'}$ is an elliptic curve discrete logarithm problem (ECDLP) if the attacker does not have any information about the ID and hash key. Furthermore, $r_{i}$ is protected by the secret keys α and $k_{i} x^{- 1}$ .

After node $N_{i}$ has been authenticated, node $N_{j}$ applies (1) and (2) to compute the $M a v_{N_{j}}$ . Then, $M a v_{N_{j}}$ is compared with $M a v_{N_{i}}$ . $M a v_{N_{i}}$ is obtained by using the shared session key $a b P$ and security key $r_{i}$ . However, only the communication nodes recognize the session key $a b P$ , and only node $N_{i}$ and the base station can have the secret key $r_{i}$ .

In addition to security analysis, the following paragraphs explain how the proposed method can resist attacks such as legal node masquerading attacks, forgery attacks, new node masquerading attacks, replay attacks, and man-in-the-middle attacks.

(A) Legal Node Masquerading Attack. In this study, the authentication of node $N_{j}$ depends on the comparison of chameleon hash values in the authentication and key establishment phase.

First, the node to be authentication node $N_{j}$ checks $C H_{B S}$ . $N_{j}$ can provide a legitimate value of $r_{j} Y$ only if it is legitimate, and only the base station knows the secret keys α and $k_{j} x^{- 1}$ can provide corresponding $r_{j}$ for given message.

Secondly, only a legitimate node $N_{j}$ can use $r_{j}$ to compute the mutual authentication value and get authenticated successfully.

An attacker may obtain the commutation values by eavesdropping on the communication between nodes $N_{i}$ and $N_{j}$ . However, even if the attacker obtains the values of $a P$ and $b P$ from the authentication and key establishment phase, deriving the legalized session key $a b P$ is extremely difficult because of the ECDLP. Therefore, the proposed scheme can prevent a legal node masquerading attack.

(B) Forgery Attack. Consider the case where an adversary has obtained the commutation values by eavesdropping on the communication channel.

The adversary may attempt to create a legitimate authentication message using the following equation:

\begin{matrix} r_{i}^{'} = r_{i} + k_{i} x^{- 1} (f (m^{'}, k_{i} P) - f (m, k_{i} P)) m o d q . \end{matrix}

(8)

However, it is not possible for the adversary to create a forged message because the value of $r_{i}^{'}$ cannot be computed without secret key $k_{i} x^{- 1}$ .

(C) New Node Masquerading Attack. When some of the sensor nodes in the wireless sensor network are damaged or have exhausted their power, new sensor nodes must be added to the network to extend its life. In the new node addition phase, the base station preloads the $k_{i + 1} P$ , $C H_{B S}$ , $N_{i + 1}$ , and $r_{i + 1}$ values to a new node. Owing to the nonavailability of the secret keys x and α, the attacker cannot compute the value of $r_{i + 1}$ ; hence, it cannot use $r_{i + 1}$ to verify the ID and the hash key of the new node. Therefore, the proposed scheme can prevent new node masquerading attacks.

(D) Replay Attack. A replay attack is the one in which an attacker captures the transmitted messages of a legitimate node and later replays them on the network in an attempt to imitate legitimate authentication messages. For example, if an attacker transmits the captured message ( $N_{i}, a P, r_{i} Y, k_{i} P$ ) to another node $N_{j}$ , the attacker must then provide $r_{i}$ for establishing a mutual authentication value Mav. The Mav is required for a shared session key with the node to be connected. However, it is not possible for the attacker to obtain $r_{i}$ without the secret key $k_{i} x^{- 1}$ .

In addition, if the attacker sends the value $M a v_{}$ to connect node $N_{j}$ , node $N_{j}$ can use the shared session key to authenticate whether the connecting node is legitimate or not. Another point that must be noted is that every connection between the two nodes uses the up-to-date session key values a and b. By means of these different strategies, the proposed method can resist replay attacks.

(E) The Man-in-the-Middle Attack. In the proposed scheme, the communication nodes can mutually authenticate and establish session keys between users and servers. Although an attacker may launch a man-in-the-middle attack, the attacker can only know the values of $a P$ and $b P$ . It still has to resolve the ECDLP. Moreover, even if the attacker obtains user information (such as $N_{i}, k_{i} P, r_{i} Y$ ), the attacker still cannot pass the authentication and key establishment phase because it cannot compute the mutual authentication value $M a v$ of the session key. Therefore, the proposed scheme can resist man-in-middle attacks.

4.2.1. Session Key Security

The proposed scheme uses a session key. Only the communicating parties know the session key $a b P$ when the user verifies the message from receiving party. The session key $S K = a b P$ is not known by anyone other than the communicating parties because the random values $a P$ and $b P$ are protected by the ECDLP. Therefore, the proposed scheme provides session key security.

4.3. Performance Analysis

Table 1 shows the proposed scheme compared with related works Huang [3], Kim and Lee [4], Zeng et al. [6], and Molavi et al. [8] in terms of the function of access control method. The computation cost and the transmission cost are two popular benchmarks for evaluation of the efficiency of the WSNs. Table 2 shows the computation costs of the proposed method during different phases. When compared to the computation cost of the hash chain and the elliptic curve-based schemes, the computation cost of the proposed method is slightly higher. However, our proposed method does not require time synchronization or the verification table for authentication. Hence, it is more efficient than the hash chain and elliptic curve-based methods.

Table 1

Compared function of access control method.

Function	Method
Function	[3]	[4]	[7]	[8]	Proposed method
Resist various attacks	No	No	Yes	Yes	Yes
Easily add new node	Yes	Yes	Yes	Yes	Yes
Do not need time synchronization	No	No	No	No	Yes
After authentication, no need for broadcast	No	No	No	Yes	Yes
Do not have to verify table	No	No	No	Yes	Yes
After adding new node, no need for broadcast	No	No	No	Yes	Yes

Table 2

The computation costs of the proposed method during different phases.

Phase	Computation cost
Phase	Base station	Node $N_{i}$
Initialization	$2 T e_{m} + n (2 T e_{m} + 1 T_{mul})$	N/A
Authentication and key establishment	N/A	$5 T e_{m} + 1 T_{h}$
New node adding	$2 T e_{m} + 1 T_{mul}$	N/A

$T e_{m}$ : time cost for one multiplication computation over an elliptic curve.

$T_{h}$ : time for cryptographic secure hash function.

$T_{mul}$ : time cost of performing the modulus multiplication operation.

The energy cost of communication and cryptography in wireless sensor networks is an important consideration. In [13] indicated, the energy cost of cryptographic protocols, both from a communication energy cost and computation energy cost. According to [13] measure practical costs of computation and communication in WSN, it used TelosB sensors run Elliptic Curve Diffie-Hellman key exchange with authentication energy costs total is 130 (mJ), communication costs is 58.3 (mJ), and computation cost is 77 (mJ). As a result, we can realize that communication cost is an important consideration same as the computation cost. Table 3 presents the computation and the transmission costs incurred by using the methods put forward by Zhou et al. [2], Huang [3], Kim and Lee [4], and Lee et al. [7]. It also displays the costs incurred by using our proposed method. The protocol proposed by Huang requires seven transmissions and updates the broadcast hash chain after each authentication, key establishment, and new node addition phase. Our method requires only five transmissions. Consequently, it needs less bandwidth than the schemes proposed by Zhou et al. and Huang.

Table 3

The comparison of computation costs and number of transmissions.

Scheme	Each node achieves authentication and establishes shared session key	Total number of transmissions to establish shared session key
Zhou et al. [2]	$3 T e_{m} + T_{mul} + T_{h}$	21
Kim and Lee [4]	$2 T e_{m} + 8 T_{h}$	14
Huang [3]	$2 T e_{m} + 5 T_{h}$	10
Lee et al. [7]	$2 T e_{m} + 5 T_{h}$	8
Our proposed scheme	$5 T e_{m} + 1 T_{h}$	5

$T e_{m}$ : point multiplication computation over an elliptic curve.

$T_{h}$ : time for cryptographic secure hash function.

$T_{mul}$ : time cost of performing the modulus multiplication operation.

Therefore, the proposed scheme can be applied to applications from the WSNs criteria that had less number of transmissions and had lower data rate of communication. However, every broadcast has resulted in poor throughput of WSNs. Our proposed method does not need broadcast to update node list and verify table. Furthermore, it can be implemented by using any elliptic curve and cryptographic secure hash function.

5. Conclusion

This study demonstrated a new access control scheme for WSNs that has three characteristics. First, the proposed scheme can establish mutual authentication between two communication nodes and resist possible attacks when the base station adds a new node to the WSN. Second, the proposed scheme can establish a common session key between two nodes in an efficient manner. Moreover, it does not require time synchronization or the verification table. Third, the proposed scheme requires fewer transmissions and less bandwidth than existing schemes.

Footnotes

Notations

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

This paper is the partial result of Project MOST103-2632-E-366-001. The authors would like to thank the support of the Ministry of Science and Technology, R.O.C.

References

Akyildiz

I. F.

Sankarasubramaniam

Cayirci

A survey on sensor networks

IEEE Communications Magazine 2002 40 8 102 114

10.1109/MCOM.2002.1024422

2-s2.0-0036688074

Zhou

Zhang

Fang

Access control in wireless sensor networks

Ad Hoc Networks 2007 5 1 3 13

10.1016/j.adhoc.2006.05.014

2-s2.0-33750012404

Huang

H.-F.

A novel access control protocol for secure sensor networks

Computer Standards & Interfaces 2009 31 2 272 276

10.1016/j.csi.2008.05.014

2-s2.0-55849115257

Kim

H.-S.

Lee

S.-W.

Enhanced novel access control protocol over wireless sensor networks

IEEE Transactions on Consumer Electronics 2009 55 2 492 498

10.1109/TCE.2009.5174412

2-s2.0-68949177260

Shen

Moh

Chung

COMMENT: ‘Enhanced novel access control protocol over wireless sensor networks’

IEEE Transactions on Consumer Electronics 2010 56 3 2019 2021

10.1109/TCE.2010.5606360

2-s2.0-78149245511

Zeng

Choo

K.-K. R.

Sun

D.-Z.

On the security of an enhanced novel access control protocol for wireless sensor networks

IEEE Transactions on Consumer Electronics 2010 56 2 566 569

10.1109/TCE.2010.5505971

2-s2.0-77954732460

Lee

Shin

Lee

D. H.

PACPs: practical access control protocols for wireless sensor networks

IEEE Transactions on Consumer Electronics 2012 58 2 491 499

10.1109/TCE.2012.6227452

2-s2.0-84863699447

Molavi

Bashirpour

Nikooghadam

An efficient access control model for wireless sensor network

International Journal of Computer Science and Business Informatics 2013 4 1

Chen

Zhang

Susilo

Efficient generic on-line/off-line signatures without key exposure

Applied Cryptography and Network Security: Proceedings of the 5th International Conference, ACNS 2007, Zhuhai, China, June 5–8, 2007 2007 4521

Berlin, Germany

Springer

18 30 Lecture Notes in Computer Science

10.1007/978-3-540-72738-5_2

10.

Chen

Zhang

Tian

Wei

Susilo

Lee

Kim

Efficient generic on-line/off-line (threshold) signatures without key exposure

Information Sciences 2008 178 21 4192 4203

10.1016/j.ins.2008.06.022

MR2454648

2-s2.0-49849102704

11.

Lin

D.-R.

Wang

C.-I.

Guan

D. J.

Efficient vehicle ownership identification scheme based on triple-trapdoor chameleon hash function

Journal of Network and Computer Applications 2011 34 1 12 19

10.1016/j.jnca.2010.07.001

2-s2.0-78649323940

12.

Krawczyk

Rabin

Chameleon signatures

Proceedings of the Internet Society Symposium on Network and Distributed System Security (NDSS ′00) 2000 143 154

13.

de Meulenaer

Gosset

Standaert

O.-X.

Pereira

On the energy cost of communication and cryptography in wireless sensor networks

Proceedings of the IEEE International Conference on Wireless and Mobile Computing, Networking and Communication (WiMob ′08)

October 2008

Avignon, France

580 585

10.1109/WiMob.2008.16

2-s2.0-56749174919

Secure Access Control Method for Wireless Sensor Networks

Abstract

1. Introduction

2. Preliminaries

3. The Proposed Scheme

3.1. Initialization Phase

Step 1.

Step 2.

Step 3.

Algorithm 1: Steps of the initialization phase.

3.2. Authentication and Key Establishment Phase

Step 1.

Step 2.

Step 3.

Step 4.

Algorithm 2: Authentication and key establishment phase.

4. Analysis of the Proposed Scheme

4.1. Correctness

4.2. Security Analysis

4.2.1. Session Key Security

4.3. Performance Analysis

5. Conclusion

Footnotes

Notations

Conflict of Interests

Acknowledgments

References