Abstract
A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes.
Highlights
As various sensors emerge and the related technologies advance, there has been a dramatic increase in the interest in wireless sensor networks (WSNs)
(2) We propose the first SUA - WSN scheme whose authenticated key exchange (AKE) security, as well as user anonymity are formally proven in a widely-accepted model
A message authentication code (MAC) scheme ∆ is a pair of efficient algorithms (Mac, Ver) where: (1) the MAC generation algorithm Mac takes as input an-bit key k and a message m and outputs a MAC δ; and (2) the MAC verification algorithm Ver takes as input a key k, a message m and a MAC δ and outputs one if δ is valid for m under k or outputs zero if δ is invalid
Summary
As various sensors emerge and the related technologies advance, there has been a dramatic increase in the interest in wireless sensor networks (WSNs). Most of the published schemes either provide no formal analysis of security [3,12,13,14,16,20,21,22,24,25,26] or fail to achieve important security properties, such as mutual authentication, session-key security, user anonymity, two-factor security and resistance against various attacks [3,13,14,15,16,19,21,22,23,24,25,26,27,30,31].
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.