Abstract
The Internet of Thing (IoT) is useful for connecting and collecting variable data of objects through the Internet, which makes to generate useful data for humanity. An indispensable enabler of IoT is the wireless sensor networks (WSNs). Many environments, such as smart healthcare, smart transportation and smart grid, have adopted WSN. Nonetheless, WSNs remain vulnerable to variety of attacks because they send and receive data over public channels. Moreover, the performance of IoT enabled sensor devices has limitations since the sensors are lightweight devices and are resource constrained. To overcome these problems, many security authentication protocols for WSNs have been proposed. However, many researchers have pointed out that preventing smartcard stolen and off-line guessing attacks is an important security issue, and guessing identity and password at the same time is still possible. To address these weaknesses, this paper presents a secure and efficient authentication protocol based on three-factor authentication by taking advantage of biometrics. Meanwhile, the proposed protocol uses a honey_list technique to protect against brute force and stolen smartcard attacks. By using the honey_list technique and three factors, the proposed protocol can provide security even if two of the three factors are compromised. Considering the limited performance of the sensors, we propose an efficient protocol using only hash functions excluding the public key based elliptic curve cryptography. For security evaluation of the proposed authentication protocol, we perform informal security analysis, and Real-Or-Random (ROR) model-based and Burrows Abadi Needham (BAN) logic based formal security analysis. We also perform the formal verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation software. Besides, compared to previous researches, we demonstrate that our proposed authentication protocol for WSNs systems is more suitable and secure than others.
Highlights
As the Internet of Thing (IoT) notions has spread in recent years, vast quantities of sensors have been deployed for collecting and exchanging data in various fields related to IoT
SECURITY ANALYSIS USING Burrows Abadi Needham (BAN) LOGIC This paper provides the proof which shows that the proposed protocol can provide mutual authentication by performing the BAN logic [41]
It is necessary to provide a secure service of IoT-enabled wireless sensor networks (WSNs) that connects sensors of objects
Summary
As the IoT notions has spread in recent years, vast quantities of sensors have been deployed for collecting and exchanging data in various fields related to IoT. J. Lee et al.: On the Design of Secure and Efficient Three-Factor Authentication Protocol Using Honey List for WSNs. a series of sensor nodes collect information data of human, device or environment and they transmit data to the gateway node through open wireless channels. This paper proposes authentication protocol based three-factor utilizing biometrics and honey_list technique for WSNs. A. This paper discovers that proposed protocol of Chen et al [5] cannot provide security and is vulnerable to smartcard stolen, identity guessing, password guessing, and replay attacks. This paper designs an authentication protocol based on three-factor for WSNs excluding elliptic curve cryptography (ECC), owing to the limited performance capability of sensor nodes. We propose authentication protocol using honey_list technique to overcome malicious attacks including smartcard stolen attack and simultaneous guessing attack of identity and password.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.