Cryptanalysis and improvement of mutual authentication protocol for real-time data access in industrial wireless sensor networks

Abstract

Wireless Sensor Networks (WSNs) have a very large number of applications in different domains of the industry. One of those applications is the industrial use of WSN. Industrial Wireless Sensor Networks (IWSNs) are generally used in places which are isolated from human involvement. Thus their security and privacy are a major concern. Recently, Gope et al. have discussed a lightweight mutual user authentication protocol for IWSN. In this paper, we perform the security analysis of their scheme and find that their scheme is vulnerable to the following attacks: user device loss attack, stolen verifier attack, and denial of service attack. We also propose an improved scheme that overcomes these vulnerabilities. The proposed scheme uses the Physically Unclonable Function (PUF), Exclusive OR (XOR), and one-way cryptographic hash function operations, which are all lightweight cryptographic functions. The analysis of formal security in our scheme uses random oracle model to prove the safety of the user identity, password, and session key. Through the informal security, we show that our scheme resists many known attacks. The formal verification of security is done using ProVerif tool. In the performance analysis, we present that our scheme provides better security features than the other related schemes.