Abstract
Due to the open environment in which hierarchical wireless sensor networks (HWSNs) are typically deployed, it is important to authenticate transmitted data. In recent years, a number of user authentication schemes with smart card for HWSNs have been proposed. In 2014, Turkanović et al. proposed a novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks (HADWSNs). Their scheme is a lightweight, which requires the computation of only hash functions. In this paper, we first analyze Turkanović et al.’s scheme and then demonstrate that their scheme cannot really protect against user masquerade, off-line password guessing, and node capture attacks. To overcome these security weaknesses, we further propose an advanced smart card based user authentication while inherits the original merits of their scheme. Through the informal and formal security analysis, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Turkanović et al.’s scheme. In addition, we compare the proposed scheme with related ones to prove that the computation cost of the proposed scheme are well suitable for practical applications in HADWSNs.
Similar content being viewed by others
References
Vivek, K., Narottam, C., & Naveen, C. (2010). Recent advances and future trends in wireless sensor networks. Internatioal Journal of Applied Engineering Research, 1(3), 330–342.
Cheng, Y., & Agrawal, D. (2007). An improved key distribution mechanism for large-scale hierarchical wireless sensor networks. Ad Hoc Networks, 5(1), 35–48.
Asadi, M., Zimmerman, C., & Agah, A. (2013). A game-theoretic approach to security and power conservation in wireless sensor networks. International Journal of Network Security, 15(1), 50–58.
Das, A. K. (2012). Improving identity-based random key establishment scheme for large-scale hierarchical wireless sensor networks. International Journal of Network Security, 14(1), 1–21.
Li, C. T. (2011). Secure smart card based password authentication scheme with user anonymity. Information Technology and Control, 40(2), 157–162.
Mi, Q., Stankovic, J. A., & Stoleru, R. (2012). Practical and secure localization and key distribution for wireless sensor networks. Ad Hoc Networks, 10(6), 946–961.
Watro, R., Kong, D., Cuti, S., Gardiner, C., Lynn, C., Kruus, P., & Tiny, P. K. (2004). Securing sensor networks with publickey technology. In Proceedings of the 2nd ACM workshop on security of ad hoc and sensor networks, SASN 2004, Washington, DC, USA, October (pp. 59–64).
Das, M. L. (2009). Two-factor user authentication in wireless sensor networks. IEEE Transactions on Wireless Communications, 8(3), 1086–1090.
Yuan, J., Jiang, C., & Jiang, Z. (2010). A biometric-based user authentication for wireless sensor networks. Wuhan University Journal of Natural Sciences, 15(3), 272–276.
Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards and Interfaces, 32(5), 321–325.
Xu, J., Zhu, W. T., & Feng, D. G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4), 723–728.
Yeh, H. L., Chen, T. H., Liu, P. C., Kim, T. H., & Wei, H. W. (2011). A secured authentication protocol for wireless sensor networks using ellipticcurves cryptography. Sensors, 11(5), 4767–4779.
Ghosal, A., Halder, S., & DasBit, S. (2012). A dynamic TDMA based scheme for securing query processing in WSN. Wireless Networks, 8(2), 165–184.
Wong, K. H. M., Zheng, Y., Cao, J., & Wang, S. (2006). A dynamic user authentication scheme for wireless sensor networks. In Proceedings of the IEEE international conference on sensor networks, ubiquitous, and trustworthy computing, Taichung (pp. 244–251).
Huang, H. F., Chang, Y. F., & Liu, C. H. (2010). Enhancement of two-factor user authentication in wireless sensor networks. In Proceedings of the 2010 sixth international conference on intelligent information hiding and multimedia signal processing (pp. 27–30). IEEE Computer Society.
He, D., Gao, Y., Chan, S., Chen, C., & Bu, J. (2010). An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc and Sensor Wireless Networks, 10(4), 361–371.
Nyang, D., & Lee, M. K. (2009). Improvement of Das’s two-factor authentication protocol in wireless sensor networks. In CORD conference proceedings.
Khan, M. K., & Alghathbar, K. (2010). Cryptanalysis and security improvements of “two-factor user authentication in wireless sensor networks”. Sensors, 10(3), 2450–2459.
Vaidya, B., Makrakis, D., & Mouftah, H. T. (2010). Improved two-factor user authentication in wireless sensor networks. In IEEE 6th international conference on wireless and mobile computing, networking and communications (pp. 600–606).
Xue, K., Ma, C., Hong, P., & Ding, R. (2012). A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. Journal of Network and Computer Applications, 36, 316–323.
Li, C. T., Weng, C. Y., & Lee, C. C. (2013). An advanced temporal credentialbased security scheme with mutual authentication and key agreement for wireless sensor networks. Sensors, 13, 9589–9603.
Turkanović, M., & Hölbl, M. (2014). Notes on “a temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks”. Wireless Personal Communication, 77, 907–922.
Fan, R., He, D., Pan, X., & Ping, L. (2011). An efficient and dos-resistant user authentication scheme for two-tiered wireless sensor networks. Journal of Zhejiang University SCIENCE, 12(7), 550–560.
Das, A. K., Sharma, P., Chatterjee, S., & Sing, J. K. (2012). A dynamic passwordbased user authentication scheme for hierarchical wireless sensor networks. Journal of Network and Computer Applications, 35(52), 1646–1656.
Wang, D., & Wang, P. (2014). Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Networks, 20, 1–15.
Turkanović, M., Brumen, B., & Hölbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion. Ad Hoc Networks, 20, 96–112.
Burrow, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer System, 8, 18–36.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptology-CRYPTO’99, LNCS 1666 (pp. 388–397).
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002b). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Boyd, C., & Mathuria, A. (2003). Protocols for authentication and key establishment. Berlin: Springer.
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., & Shalmani, M. T. M. (2008). On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. Advances in cryptology-CRYPTO (pp. 203–220). Berlin: Springer.
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Yang, W. H., & Shieh, S. P. (1999). Password authentication schemes with smart cards. Computer and Security, 18(8), 727–733.
Stallings, W. (2004). Cryptography and network security: Principles and practices (3rd ed., pp. 328–345). London: Pearson Education.
Stinson, D. R. (2006). Some observations on the theory of cryptographic hash functions. Designs Codes and Cryptography, 38(2), 259–277.
Chatterjee, S., Das, A. K., & Sing, J. K. (2014). An enhanced access control scheme in wireless sensor networks. Ad Hoc and Sensor Wireless Networks, 21(1–2), 121–149.
Odelu, V., Das, A. K., & Goswami, A. (2014). A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Information Sciences, 269(10), 270–285.
Acknowledgements
The authors would like to thank all the anonymous reviewers for their helpful advice. This paper is supported by the National Key Research and Development Program (Grant Nos. 2016YFB0800602), the National Natural Science Foundation of China (Grant Nos. 61472045, 61573067, 61373020, U1536102 and U1536116).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lu, Y., Li, L., Peng, H. et al. A Novel Smart Card Based User Authentication and Key Agreement Scheme for Heterogeneous Wireless Sensor Networks. Wireless Pers Commun 96, 813–832 (2017). https://doi.org/10.1007/s11277-017-4203-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-017-4203-6