Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks

Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks

•We observed that Farash et al.’s authentication protocol for WSN is susceptible to many security attacks.•The protocol is also unable to preserve user anonymity.•We designed an anonymity preserving authentication scheme for WSN.•We analyze the security of the proposed protocol using AVISPA S/W.•The...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2016-06, Vol.101, p.42-62
Hauptverfasser: Amin, Ruhul, Islam, SK Hafizul, Biswas, G.P., Khan, Muhammad Khurram, Leng, Lu, Kumar, Neeraj
Format: Artikel
Sprache:eng
Schlagworte:
Anonymity preserving
Authentication
Authentication protocols
Computer information security
Cybersecurity
Exchange
Gateway node
Internet
Internet of Things
Key exchange protocol
Passwords
Phases
Preserves
Protocol
Protocol (computers)
Protocols
Remote sensors
Security management
Sensor node
Sensors
Studies
Wireless networks
Wireless sensor network
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 62
container_issue
container_start_page 42
container_title Computer networks (Amsterdam, Netherlands : 1999)
container_volume 101
creator Amin, Ruhul
Islam, SK Hafizul
Biswas, G.P.
Khan, Muhammad Khurram
Leng, Lu
Kumar, Neeraj
description •We observed that Farash et al.’s authentication protocol for WSN is susceptible to many security attacks.•The protocol is also unable to preserve user anonymity.•We designed an anonymity preserving authentication scheme for WSN.•We analyze the security of the proposed protocol using AVISPA S/W.•The proposed protocol is secure against active and passive attacks and more efficient than other protocols. Recently, Farash et al. pointed out some security weaknesses of Turkanović et al.’s protocol, which they extended to enhance its security. However, we found some problems with Farash et al.’s protocol, such as a known session-specific temporary information attack, an off-line password-guessing attack using a stolen-smartcard, a new-smartcard-issue attack, and a user-impersonation attack. Additionally, their protocol cannot preserve user-anonymity, and the secret key of the gateway node is insecure. The main intention of this paper is to design an efficient and robust smartcard-based user authentication and session key agreement protocol for wireless sensor networks that use the Internet of Things. We analyze its security, proving that our protocol not only overcomes the weaknesses of Farash et al.’s protocol, but also preserves additional security attributes, such as the identity change and smartcard revocation phases. Moreover, the results of a simulation using AVISPA show that our protocol is secure against active and passive attacks. The security and performance of our work are also compared with a number of related protocols.
doi_str_mv 10.1016/j.comnet.2016.01.006
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1816049600</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1389128616000207</els_id><sourcerecordid>4064694331</sourcerecordid><originalsourceid>FETCH-LOGICAL-c488t-4a9315b56d7dd468843b43c30d603d5ec7b1ac1487c6b4d1a0c6aed0066dc23d3</originalsourceid><addsrcrecordid>eNp9kU1rGzEQhpfSQtM0_6AHQS-57Ga0K2u1l0BwP1II9JKchTyatWWvJUeSnfjfV8Y59RAYmBl4Znhn3qr6xqHhwOXNusGw9ZSbtnQN8AZAfqguuOrbugc5fCx1p4aat0p-rr6ktAYAIVp1UYUflNzSszAy40sEf9y6fKx3kRLFg_NLlleRqB4N5hCZ2ecV-ezQZLJsQ0dGr7gyfklsF0MOGCY2Fu7FRZooJZbIp9IXdS8hbtLX6tNopkRXb_myevr183F-Xz_8_f1nfvdQo1Aq18IMHZ8tZtL21gqplOgWosMOrITOzgj7BTfIhepRLoTlBlAasuVuabHtbHdZXZ_3FlXPe0pZb11CmibjKeyT5opLEIMEKOj3_9B12Edf1GneDwVSYsYLJc4UxpBSpFHvotuaeNQc9MkFvdZnF_TJBQ1cFzVl7PY8RuXYg6OoEzrySLY8CLO2wb2_4B-XqZSC</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1790498451</pqid></control><display><type>article</type><title>Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks</title><source>ScienceDirect Journals (5 years ago - present)</source><creator>Amin, Ruhul ; Islam, SK Hafizul ; Biswas, G.P. ; Khan, Muhammad Khurram ; Leng, Lu ; Kumar, Neeraj</creator><creatorcontrib>Amin, Ruhul ; Islam, SK Hafizul ; Biswas, G.P. ; Khan, Muhammad Khurram ; Leng, Lu ; Kumar, Neeraj</creatorcontrib><description>•We observed that Farash et al.’s authentication protocol for WSN is susceptible to many security attacks.•The protocol is also unable to preserve user anonymity.•We designed an anonymity preserving authentication scheme for WSN.•We analyze the security of the proposed protocol using AVISPA S/W.•The proposed protocol is secure against active and passive attacks and more efficient than other protocols. Recently, Farash et al. pointed out some security weaknesses of Turkanović et al.’s protocol, which they extended to enhance its security. However, we found some problems with Farash et al.’s protocol, such as a known session-specific temporary information attack, an off-line password-guessing attack using a stolen-smartcard, a new-smartcard-issue attack, and a user-impersonation attack. Additionally, their protocol cannot preserve user-anonymity, and the secret key of the gateway node is insecure. The main intention of this paper is to design an efficient and robust smartcard-based user authentication and session key agreement protocol for wireless sensor networks that use the Internet of Things. We analyze its security, proving that our protocol not only overcomes the weaknesses of Farash et al.’s protocol, but also preserves additional security attributes, such as the identity change and smartcard revocation phases. Moreover, the results of a simulation using AVISPA show that our protocol is secure against active and passive attacks. The security and performance of our work are also compared with a number of related protocols.</description><identifier>ISSN: 1389-1286</identifier><identifier>EISSN: 1872-7069</identifier><identifier>DOI: 10.1016/j.comnet.2016.01.006</identifier><language>eng</language><publisher>Amsterdam: Elsevier B.V</publisher><subject>Anonymity preserving ; Authentication ; Authentication protocols ; Computer information security ; Cybersecurity ; Exchange ; Gateway node ; Internet ; Internet of Things ; Key exchange protocol ; Passwords ; Phases ; Preserves ; Protocol ; Protocol (computers) ; Protocols ; Remote sensors ; Security management ; Sensor node ; Sensors ; Studies ; Wireless networks ; Wireless sensor network</subject><ispartof>Computer networks (Amsterdam, Netherlands : 1999), 2016-06, Vol.101, p.42-62</ispartof><rights>2016 Elsevier B.V.</rights><rights>Copyright Elsevier Sequoia S.A. Jun 4, 2016</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c488t-4a9315b56d7dd468843b43c30d603d5ec7b1ac1487c6b4d1a0c6aed0066dc23d3</citedby><cites>FETCH-LOGICAL-c488t-4a9315b56d7dd468843b43c30d603d5ec7b1ac1487c6b4d1a0c6aed0066dc23d3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.comnet.2016.01.006$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,780,784,3550,27924,27925,45995</link.rule.ids></links><search><creatorcontrib>Amin, Ruhul</creatorcontrib><creatorcontrib>Islam, SK Hafizul</creatorcontrib><creatorcontrib>Biswas, G.P.</creatorcontrib><creatorcontrib>Khan, Muhammad Khurram</creatorcontrib><creatorcontrib>Leng, Lu</creatorcontrib><creatorcontrib>Kumar, Neeraj</creatorcontrib><title>Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks</title><title>Computer networks (Amsterdam, Netherlands : 1999)</title><description>•We observed that Farash et al.’s authentication protocol for WSN is susceptible to many security attacks.•The protocol is also unable to preserve user anonymity.•We designed an anonymity preserving authentication scheme for WSN.•We analyze the security of the proposed protocol using AVISPA S/W.•The proposed protocol is secure against active and passive attacks and more efficient than other protocols. Recently, Farash et al. pointed out some security weaknesses of Turkanović et al.’s protocol, which they extended to enhance its security. However, we found some problems with Farash et al.’s protocol, such as a known session-specific temporary information attack, an off-line password-guessing attack using a stolen-smartcard, a new-smartcard-issue attack, and a user-impersonation attack. Additionally, their protocol cannot preserve user-anonymity, and the secret key of the gateway node is insecure. The main intention of this paper is to design an efficient and robust smartcard-based user authentication and session key agreement protocol for wireless sensor networks that use the Internet of Things. We analyze its security, proving that our protocol not only overcomes the weaknesses of Farash et al.’s protocol, but also preserves additional security attributes, such as the identity change and smartcard revocation phases. Moreover, the results of a simulation using AVISPA show that our protocol is secure against active and passive attacks. The security and performance of our work are also compared with a number of related protocols.</description><subject>Anonymity preserving</subject><subject>Authentication</subject><subject>Authentication protocols</subject><subject>Computer information security</subject><subject>Cybersecurity</subject><subject>Exchange</subject><subject>Gateway node</subject><subject>Internet</subject><subject>Internet of Things</subject><subject>Key exchange protocol</subject><subject>Passwords</subject><subject>Phases</subject><subject>Preserves</subject><subject>Protocol</subject><subject>Protocol (computers)</subject><subject>Protocols</subject><subject>Remote sensors</subject><subject>Security management</subject><subject>Sensor node</subject><subject>Sensors</subject><subject>Studies</subject><subject>Wireless networks</subject><subject>Wireless sensor network</subject><issn>1389-1286</issn><issn>1872-7069</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><recordid>eNp9kU1rGzEQhpfSQtM0_6AHQS-57Ga0K2u1l0BwP1II9JKchTyatWWvJUeSnfjfV8Y59RAYmBl4Znhn3qr6xqHhwOXNusGw9ZSbtnQN8AZAfqguuOrbugc5fCx1p4aat0p-rr6ktAYAIVp1UYUflNzSszAy40sEf9y6fKx3kRLFg_NLlleRqB4N5hCZ2ecV-ezQZLJsQ0dGr7gyfklsF0MOGCY2Fu7FRZooJZbIp9IXdS8hbtLX6tNopkRXb_myevr183F-Xz_8_f1nfvdQo1Aq18IMHZ8tZtL21gqplOgWosMOrITOzgj7BTfIhepRLoTlBlAasuVuabHtbHdZXZ_3FlXPe0pZb11CmibjKeyT5opLEIMEKOj3_9B12Edf1GneDwVSYsYLJc4UxpBSpFHvotuaeNQc9MkFvdZnF_TJBQ1cFzVl7PY8RuXYg6OoEzrySLY8CLO2wb2_4B-XqZSC</recordid><startdate>20160604</startdate><enddate>20160604</enddate><creator>Amin, Ruhul</creator><creator>Islam, SK Hafizul</creator><creator>Biswas, G.P.</creator><creator>Khan, Muhammad Khurram</creator><creator>Leng, Lu</creator><creator>Kumar, Neeraj</creator><general>Elsevier B.V</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>E3H</scope><scope>F2A</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20160604</creationdate><title>Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks</title><author>Amin, Ruhul ; Islam, SK Hafizul ; Biswas, G.P. ; Khan, Muhammad Khurram ; Leng, Lu ; Kumar, Neeraj</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c488t-4a9315b56d7dd468843b43c30d603d5ec7b1ac1487c6b4d1a0c6aed0066dc23d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Anonymity preserving</topic><topic>Authentication</topic><topic>Authentication protocols</topic><topic>Computer information security</topic><topic>Cybersecurity</topic><topic>Exchange</topic><topic>Gateway node</topic><topic>Internet</topic><topic>Internet of Things</topic><topic>Key exchange protocol</topic><topic>Passwords</topic><topic>Phases</topic><topic>Preserves</topic><topic>Protocol</topic><topic>Protocol (computers)</topic><topic>Protocols</topic><topic>Remote sensors</topic><topic>Security management</topic><topic>Sensor node</topic><topic>Sensors</topic><topic>Studies</topic><topic>Wireless networks</topic><topic>Wireless sensor network</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Amin, Ruhul</creatorcontrib><creatorcontrib>Islam, SK Hafizul</creatorcontrib><creatorcontrib>Biswas, G.P.</creatorcontrib><creatorcontrib>Khan, Muhammad Khurram</creatorcontrib><creatorcontrib>Leng, Lu</creatorcontrib><creatorcontrib>Kumar, Neeraj</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Library &amp; Information Sciences Abstracts (LISA)</collection><collection>Library &amp; Information Science Abstracts (LISA)</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Amin, Ruhul</au><au>Islam, SK Hafizul</au><au>Biswas, G.P.</au><au>Khan, Muhammad Khurram</au><au>Leng, Lu</au><au>Kumar, Neeraj</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks</atitle><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle><date>2016-06-04</date><risdate>2016</risdate><volume>101</volume><spage>42</spage><epage>62</epage><pages>42-62</pages><issn>1389-1286</issn><eissn>1872-7069</eissn><abstract>•We observed that Farash et al.’s authentication protocol for WSN is susceptible to many security attacks.•The protocol is also unable to preserve user anonymity.•We designed an anonymity preserving authentication scheme for WSN.•We analyze the security of the proposed protocol using AVISPA S/W.•The proposed protocol is secure against active and passive attacks and more efficient than other protocols. Recently, Farash et al. pointed out some security weaknesses of Turkanović et al.’s protocol, which they extended to enhance its security. However, we found some problems with Farash et al.’s protocol, such as a known session-specific temporary information attack, an off-line password-guessing attack using a stolen-smartcard, a new-smartcard-issue attack, and a user-impersonation attack. Additionally, their protocol cannot preserve user-anonymity, and the secret key of the gateway node is insecure. The main intention of this paper is to design an efficient and robust smartcard-based user authentication and session key agreement protocol for wireless sensor networks that use the Internet of Things. We analyze its security, proving that our protocol not only overcomes the weaknesses of Farash et al.’s protocol, but also preserves additional security attributes, such as the identity change and smartcard revocation phases. Moreover, the results of a simulation using AVISPA show that our protocol is secure against active and passive attacks. The security and performance of our work are also compared with a number of related protocols.</abstract><cop>Amsterdam</cop><pub>Elsevier B.V</pub><doi>10.1016/j.comnet.2016.01.006</doi><tpages>21</tpages></addata></record>
fulltext fulltext
identifier ISSN: 1389-1286
ispartof Computer networks (Amsterdam, Netherlands : 1999), 2016-06, Vol.101, p.42-62
issn 1389-1286
1872-7069
language eng
recordid cdi_proquest_miscellaneous_1816049600
source ScienceDirect Journals (5 years ago - present)
subjects Anonymity preserving
Authentication
Authentication protocols
Computer information security
Cybersecurity
Exchange
Gateway node
Internet
Internet of Things
Key exchange protocol
Passwords
Phases
Preserves
Protocol
Protocol (computers)
Protocols
Remote sensors
Security management
Sensor node
Sensors
Studies
Wireless networks
Wireless sensor network
title Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-22T19%3A04%3A12IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Design%20of%20an%20anonymity-preserving%20three-factor%20authenticated%20key%20exchange%20protocol%20for%20wireless%20sensor%20networks&rft.jtitle=Computer%20networks%20(Amsterdam,%20Netherlands%20:%201999)&rft.au=Amin,%20Ruhul&rft.date=2016-06-04&rft.volume=101&rft.spage=42&rft.epage=62&rft.pages=42-62&rft.issn=1389-1286&rft.eissn=1872-7069&rft_id=info:doi/10.1016/j.comnet.2016.01.006&rft_dat=%3Cproquest_cross%3E4064694331%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1790498451&rft_id=info:pmid/&rft_els_id=S1389128616000207&rfr_iscdi=true