Volume 19, Issue 4 (3-2023)
JSDP 2023, 19(4): 85-94 |
Back to browse issues page
Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:
Alizadeh J, Bagheri N. Some observations on a lightweight authentication scheme with capabilities of anonymity and trust in Internet of Things (IoT). JSDP 2023; 19 (4) : 7
URL: http://jsdp.rcisp.ac.ir/article-1-1175-en.html
URL: http://jsdp.rcisp.ac.ir/article-1-1175-en.html
Abstract: (890 Views)
Over the last years, the concept of Internet of Things (IoT) leads to a revolution in the communications of humans and things. Security and efficiency could be the main challenges of that communication. On the other hand, authenticity and confidentiality are two important goals to provide desired security in an information system, including IoT-based applications. An Authentication and Key Agreement (AKA) protocol is a tool to achieve authenticity and agree on a secret key to reach confidentiality. Therefor using a secure AKA protocol, one can establish the mentioned security. In the last years, several articles have discussed AKA protocols in the WSN. For example, in 2014, Turkanovic et al. proposed a new AKA scheme for the heterogeneous ad-hoc WSN. In 2016, Sabzinejad et al. presented an improved one. In 2017, Jiang et al. introduced a secure AKA protocol. Some other AKA protocols have presented in the last three years. All the mentioned protocols are lightweight ones and need minimum resources and try to decrease the computation and communication costs in the WSN context.
In 2019, Janababaei et al. proposed an AKA scheme in the WSN for the IoT applications, in the journal of Signal and Data Processing (JSDP). In the context of efficiency, the protocol only uses a hash function, bitwise XOR, and concatenation operation. Hence, it can be considered as a lightweight protocol. The authors also discussed the security of their scheme and claimed that the proposed protocol has the capability to offer anonymity and trust and is secure against traceability, impersonation, reply and man in the middle attacks. However, despite their claims, this research highlights some vulnerabilities in that protocol, for the first time to the best of our knowledge. More precisely, we showe that a malicious sensor node can find the secret parameters of another sensor node when it establishes a session with the victimized sensor. Besides, an adversary can determine any session key of two sensor nodes, given only a known session key of them. We also show that the protocol could not satisfy the anonymity of the sensor nodes. Other attacks which influence the Janababaei et al.’s scheme, are impersonation attack on the sensor nodes and cluster heads and also the man in the middle attack.
In this paper we find that the main weaknesses of the Janababaei et al.’s protocol are related to computation of the session key,
. We also propose a simple remedy to enhance the security of the Janababaei et al.’s protocol. An initial attempt to improve the protocol is using a hash function on the calculated key, . This suggestion is presented to enhance the security of the protocol against the observed weaknesses in this paper; but it does not mean that there are no other security issues in the protocol. Therefore, modification and improvement of the Janababaei et al.’s protocol such that it provides other security features can be considered in the future research of this paper. Besides, since in this paper we focus on the security of the protocol, then the efficiency of it was not discussed. Therefore one can consider the modification of the message structure of the protocol to reduce the computational and telecommunication costs of it as another future work in the context of this paper.
In 2019, Janababaei et al. proposed an AKA scheme in the WSN for the IoT applications, in the journal of Signal and Data Processing (JSDP). In the context of efficiency, the protocol only uses a hash function, bitwise XOR, and concatenation operation. Hence, it can be considered as a lightweight protocol. The authors also discussed the security of their scheme and claimed that the proposed protocol has the capability to offer anonymity and trust and is secure against traceability, impersonation, reply and man in the middle attacks. However, despite their claims, this research highlights some vulnerabilities in that protocol, for the first time to the best of our knowledge. More precisely, we showe that a malicious sensor node can find the secret parameters of another sensor node when it establishes a session with the victimized sensor. Besides, an adversary can determine any session key of two sensor nodes, given only a known session key of them. We also show that the protocol could not satisfy the anonymity of the sensor nodes. Other attacks which influence the Janababaei et al.’s scheme, are impersonation attack on the sensor nodes and cluster heads and also the man in the middle attack.
In this paper we find that the main weaknesses of the Janababaei et al.’s protocol are related to computation of the session key,
. We also propose a simple remedy to enhance the security of the Janababaei et al.’s protocol. An initial attempt to improve the protocol is using a hash function on the calculated key, . This suggestion is presented to enhance the security of the protocol against the observed weaknesses in this paper; but it does not mean that there are no other security issues in the protocol. Therefore, modification and improvement of the Janababaei et al.’s protocol such that it provides other security features can be considered in the future research of this paper. Besides, since in this paper we focus on the security of the protocol, then the efficiency of it was not discussed. Therefore one can consider the modification of the message structure of the protocol to reduce the computational and telecommunication costs of it as another future work in the context of this paper.
Article number: 7
Type of Study: Research |
Subject:
Paper
Received: 2020/09/14 | Accepted: 2021/12/11 | Published: 2023/03/20 | ePublished: 2023/03/20
Received: 2020/09/14 | Accepted: 2021/12/11 | Published: 2023/03/20 | ePublished: 2023/03/20
References
1. [1] Sh. Janbabaei, H. Gharaee, and N. Mohammadzadeh, "The lightweight authentication scheme with capabilities of anonymity and trust in internet of things (IoT)," SIGNAL AND DATA PROCESSING, vol. 15, no. 4 (38), 2019, (In Persian). [DOI:10.29252/jsdp.15.4.111]
2. [2] M. A. Ferrag, L. A. Maglaras, H. Janicke, J. Jiang, and L. Shu, "Authentication protocols for internet of things: a comprehensive survey," Security and Communication Networks, 2017. [DOI:10.1155/2017/6562953]
3. [3] J. Andress, The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress, 2014.
4. [4] M. Turkanovi'c, B. Brumen, and M. H¨olbl, "A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion," Ad Hoc Networks, vol. 20, pp. 96-112, 2014. [DOI:10.1016/j.adhoc.2014.03.009]
5. [5] M. S. Farash, M. Turkanovi'c, S. Kumari, and M. H¨olbl, "An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment," Ad Hoc Networks, vol. 36, pp. 152-176, 2016. [DOI:10.1016/j.adhoc.2015.05.014]
6. [6] R. Amin and G. Biswas, "A secure light weight scheme for user authentication and key agreement in multigateway based wireless sensor networks," Ad Hoc Networks, vol. 36, pp. 58-80, 2016. [DOI:10.1016/j.adhoc.2015.05.020]
7. [7] R. Amin, S. H. Islam, G. Biswas, M. K. Khan, L. Leng, and N. Kumar, "Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks," Computer Networks, vol. 101, pp. 42-62, 2016. [DOI:10.1016/j.comnet.2016.01.006]
8. [8]Y. Lu, L. Li, H. Peng, and Y. Yang, "An energy efficient mutual authentication and key agreement scheme preserving anonymity for wireless sensor networks," Sensors, vol. 16, no. 6, p. 837, 2016. [DOI:10.3390/s16060837] [PMID] []
9. [9]Q. Jiang, S. Zeadally, J. Ma, and D. He, "Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks," IEEE Access, vol. 5, pp. 3376-3392, 2017. [DOI:10.1109/ACCESS.2017.2673239]
10. [10]R. Ali, A. K. Pal, S. Kumari, M. Karuppiah, and M. Conti, "A secure user authentication and keyagreement scheme using wireless sensor networks for agriculture monitoring," Future Generation Computer Systems, vol. 84, pp. 200-215, 2018. [DOI:10.1016/j.future.2017.06.018]
11. [11]Y. Lu, G. Xu, L. Li, and Y. Yang, "Anonymous threefactor authenticated key agreement for wireless sensor networks," Wireless Networks, vol. 25, no. 4, pp. 1461-1475, 2019. [DOI:10.1007/s11276-017-1604-0]
12. [12]S. Athmani, A. Bilami, and D. E. Boubiche, "Edak: An efficient dynamic authentication and key management mechanism for heterogeneous wsns," Future Generation Computer Systems, vol. 92, pp. 789-799, 2019. [DOI:10.1016/j.future.2017.10.026]
13. [13]M. Nikravan and A. Reza, "A multi-factor user authentication and key agreement protocol based on bilinear pairing for the internet of things," Wireless Personal Communications, vol. 111, no. 1, pp. 463-494, 2020. [DOI:10.1007/s11277-019-06869-y]
14. [14]Y. Yu, L. Hu, and J. Chu, "A secure authentication and key agreement scheme for iot-based cloud computing environment," Symmetry, vol. 12, no. 1, p. 150, 2020. [DOI:10.3390/sym12010150]
Send email to the article author
| Rights and permissions | |
 |
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. |
