scholarly journals A Secure and Lightweight Three-Factor Remote User Authentication Protocol for Future IoT Applications

2021 ◽  
Vol 2021 ◽  
pp. 1-18
Author(s):  
Bahaa Hussein Taher ◽  
Huiyu Liu ◽  
Firas Abedi ◽  
Hongwei Lu ◽  
Ali A. Yassin ◽  
...  
Keyword(s):  
Sensor Networks ◽  
Private Information ◽  
User Authentication ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Security And Privacy ◽  
Smart Device ◽  
Iot Applications ◽  
Three Factor

With the booming integration of IoT technology in our daily life applications such as smart industrial, smart city, smart home, smart grid, and healthcare, it is essential to ensure the security and privacy challenges of these systems. Furthermore, time-critical IoT applications in healthcare require access from external parties (users) to their real-time private information via wireless communication devices. Therefore, challenges such as user authentication must be addressed in IoT wireless sensor networks (WSNs). In this paper, we propose a secure and lightweight three-factor (3FA) user authentication protocol based on feature extraction of user biometrics for future IoT WSN applications. The proposed protocol is based on the hash and XOR operations, including (i) a 3-factor authentication (i.e., smart device, biometrics, and user password); (ii) shared session key; (iii) mutual authentication; and (iv) key freshness. We demonstrate the proposed protocol’s security using the widely accepted Burrows–Abadi–Needham (BAN) logic, Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool, and the informal security analysis that demonstrates its other features. In addition, our simulations prove that the proposed protocol is superior to the existing related authentication protocols, in terms of security and functionality features, along with communication and computation overheads. Moreover, the proposed protocol can be utilized efficiently in most of IoT’s WSN applications, such as wireless healthcare sensor networks.

scholarly journals SLUA-WSN: Secure and Lightweight Three-Factor-Based User Authentication Protocol for Wireless Sensor Networks

Sensors ◽  
2020 ◽  
Vol 20 (15) ◽  
pp. 4143 ◽  
Author(s):  
SungJin Yu ◽  
YoungHo Park
Keyword(s):  
Wireless Sensor Networks ◽  
Sensor Networks ◽  
User Authentication ◽  
Formal Analysis ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Sensor Nodes ◽  
Wireless Sensor ◽  
Security Threats ◽  
Three Factor

Wireless sensor networks (WSN) are composed of multiple sensor nodes with limited storage, computation, power, and communication capabilities and are widely used in various fields such as banks, hospitals, institutes to national defense, research, and so on. However, useful services are susceptible to security threats because sensitive data in various fields are exchanged via a public channel. Thus, secure authentication protocols are indispensable to provide various services in WSN. In 2019, Mo and Chen presented a lightweight secure user authentication scheme in WSN. We discover that Mo and Chen’s scheme suffers from various security flaws, such as session key exposure and masquerade attacks, and does not provide anonymity, untraceability, and mutual authentication. To resolve the security weaknesses of Mo and Chen’s scheme, we propose a secure and lightweight three-factor-based user authentication protocol for WSN, called SLUA-WSN. The proposed SLUA-WSN can prevent security threats and ensure anonymity, untraceability, and mutual authentication. We analyze the security of SLUA-WSN through the informal and formal analysis, including Burrows–Abadi–Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. Moreover, we compare the performance of SLUA-WSN with some existing schemes. The proposed SLUA-WSN better ensures the security and efficiency than previous proposed scheme and is suitable for practical WSN applications.

scholarly journals Provably Secure Three-Factor-Based Mutual Authentication Scheme with PUF for Wireless Medical Sensor Networks

Sensors ◽  
2021 ◽  
Vol 21 (18) ◽  
pp. 6039
Author(s):  
DeokKyu Kwon ◽  
YoHan Park ◽  
YoungHo Park
Keyword(s):  
Sensor Networks ◽  
Health Information ◽  
User Authentication ◽  
Mutual Authentication ◽  
Healthcare Services ◽  
Internet Security ◽  
Authentication Scheme ◽  
Security Attacks ◽  
Medical Sensor Networks ◽  
Three Factor

Wireless medical sensor networks (WMSNs) are used in remote medical service environments to provide patients with convenient healthcare services. In a WMSN environment, patients wear a device that collects their health information and transmits the information via a gateway. Then, doctors make a diagnosis regarding the patient, utilizing the health information. However, this information can be vulnerable to various security attacks because the information is exchanged via an insecure channel. Therefore, a secure authentication scheme is necessary for WMSNs. In 2021, Masud et al. proposed a lightweight and anonymity-preserving user authentication scheme for healthcare environments. We discover that Masud et al.’s scheme is insecure against offline password guessing, user impersonation, and privileged insider attacks. Furthermore, we find that Masud et al.’s scheme cannot ensure user anonymity. To address the security vulnerabilities of Masud et al.’s scheme, we propose a three-factor-based mutual authentication scheme with a physical unclonable function (PUF). The proposed scheme is secure against various security attacks and provides anonymity, perfect forward secrecy, and mutual authentication utilizing biometrics and PUF. To prove the security features of our scheme, we analyze the scheme using informal analysis, Burrows–Abadi–Needham (BAN) logic, the Real-or-Random (RoR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. Furthermore, we estimate our scheme’s security features, computation costs, communication costs, and energy consumption compared with the other related schemes. Consequently, we demonstrate that our scheme is suitable for WMSNs.

scholarly journals A Secure and Efficient Three-Factor Authentication Protocol in Global Mobility Networks

2020 ◽  
Vol 10 (10) ◽  
pp. 3565 ◽  
Author(s):  
SungJin Yu ◽  
JoonYoung Lee ◽  
YoHan Park ◽  
YoungHo Park ◽  
SangWoo Lee ◽  
...  
Keyword(s):  
Mutual Authentication ◽  
Security Analysis ◽  
Authentication Protocol ◽  
Internet Security ◽  
Mobile Technologies ◽  
Security Requirements ◽  
Replay Attacks ◽  
Global Mobility ◽  
Global Mobility Networks ◽  
Three Factor

With the developments in communication and mobile technologies, mobile users can access roaming services by utilizing a mobile device at any time and any place in the global mobility networks. However, these require several security requirements, such as authentication and anonymity, because the information is transmitted over an open channel. Thus, secure and efficient authentication protocols are essential to provide secure roaming services for legitimate users. In 2018, Madhusudhan et al. presented a secure authentication protocol for global mobile networks. However, we demonstrated that their protocol could not prevent potential attacks, including masquerade, session key disclosure, and replay attacks. Thus, we proposed a secure and efficient three-factor authentication protocol to overcome the security weaknesses of Madhusudhan et al.’s scheme. The proposed scheme was demonstrated to prevent various attacks and provided a secure mutual authentication by utilizing biometrics and secret parameters. We evaluated the security of the proposed protocol using informal security analysis and formal security analysis, such as the real-or-random (ROR) model and Burrows–Abadi–Needham (BAN) logic. In addition, we showed that our scheme withstands man-in-the-middle (MITM) and replay attacks utilizing formal security validation automated validation of internet security protocols and applications (AVISPA) simulation. Finally, we compared the performance of our protocol with existing schemes. Consequently, our scheme ensured better security and efficiency features than existing schemes and can be suitable for resource-constrained mobile environments.

scholarly journals Secure Three-Factor Authentication Protocol for Multi-Gateway IoT Environments

Sensors ◽  
2019 ◽  
Vol 19 (10) ◽  
pp. 2358 ◽  
Author(s):  
JoonYoung Lee ◽  
SungJin Yu ◽  
KiSung Park ◽  
YoHan Park ◽  
YoungHo Park
Keyword(s):  
Open Channel ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Authentication Protocols ◽  
Session Key ◽  
Security Issues ◽  
Smart Factories ◽  
Mutual Authentication Protocol ◽  
Three Factor

Internet of Things (IoT) environments such as smart homes, smart factories, and smart buildings have become a part of our lives. The services of IoT environments are provided through wireless networks to legal users. However, the wireless network is an open channel, which is insecure to attacks from adversaries such as replay attacks, impersonation attacks, and invasions of privacy. To provide secure IoT services to users, mutual authentication protocols have attracted much attention as consequential security issues, and numerous protocols have been studied. In 2017, Bae et al. presented a smartcard-based two-factor authentication protocol for multi-gateway IoT environments. However, we point out that Bae et al.’s protocol is vulnerable to user impersonation attacks, gateway spoofing attacks, and session key disclosure, and cannot provide a mutual authentication. In addition, we propose a three-factor mutual authentication protocol for multi-gateway IoT environments to resolve these security weaknesses. Then, we use Burrows–Abadi–Needham (BAN) logic to prove that the proposed protocol achieves secure mutual authentication, and we use the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to analyze a formal security verification. In conclusion, our proposed protocol is secure and applicable in multi-gateway IoT environments.

scholarly journals Cryptanalysis on Privacy-aware two-factor Authentication Protocol for Wireless Sensor Networks

2017 ◽  
Vol 8 (2) ◽  
pp. 296
Author(s):  
Younsung Choi
Keyword(s):  
Wireless Sensor Networks ◽  
Sensor Networks ◽  
Elliptic Curve Cryptography ◽  
User Authentication ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Wireless Sensor ◽  
Dos Attacks ◽  
Authentication Protocols ◽  
Symmetric Key

<span>Das first proposed two-factor authentication combining the smart card and password to resolve the security problems of wireless sensor networks (WSNs). After that, various researchers studied two-factor authentication suitable for WSNs. In user authentication protocols based on the symmetric key approach, a number of elliptic curve cryptography (ECC)-based authentication protocols have been proposed. To resolve the security and efficiency problems of ECC-based two-factor authentication protocols, Jiang <em>et al</em>. proposed a privacy-aware two-factor authentication protocol based on ECC for WSNs. However, this paper performs a vulnerability analysis on Jiang <em>et al</em>.’s authentication protocol and shows that it has security problems, such as a lack of mutual authentication, a risk of SID modification and DoS attacks, a lack of sensor anonymity, and weak ID anonymity.</span>

A Secure Remote User Authentication Protocol for Healthcare Monitoring Using Wireless Medical Sensor Networks

2019 ◽  
Vol 10 (1) ◽  
pp. 96-116 ◽  
Author(s):  
Preeti Chandrakar
Keyword(s):  
Sensor Networks ◽  
User Authentication ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Sensor Nodes ◽  
Physiological Data ◽  
Remote User Authentication ◽  
Medical Sensor Networks ◽  
Healthcare Monitoring ◽  
Remote User

The wireless medical sensor networks WMSN play a crucial role in healthcare monitoring remotely. In remote healthcare monitoring, the sensor nodes are deployed in patient's body for collecting physiological data and transmit these data over an insecure channel. The patient's health information is highly sensitive and important. Any malicious modification in physiological data will make wrong diagnoses and harm the patient health. Therefore, privacy, data security, and user authentication are extremely important for accessing patient's real-time heath information over an insecure channel. In this regard, this article proposes a secure and robust two-factor based remote user authentication protocol for healthcare monitoring. The authentication proof has done with the help of BAN logic, which ensures that the proposed scheme provides mutual authentication and session key agreement securely. The informal security verification proves that the developed protocol is secure from various security attacks. The simulation of the proposed scheme has been done using AVISPA tool, whose simulation results confirm that the proposed scheme is secure from active and passive attacks. Performance evaluation shows that the proposed protocol is efficient in terms of security features, computation cost, communication cost, and execution time.

scholarly journals WSN-SLAP: Secure and Lightweight Mutual Authentication Protocol for Wireless Sensor Networks

Sensors ◽  
2021 ◽  
Vol 21 (3) ◽  
pp. 936
Author(s):  
Deok Kyu Kwon ◽  
Sung Jin Yu ◽  
Joon Young Lee ◽  
Seung Hwan Son ◽  
Young Ho Park
Keyword(s):  
Wireless Sensor Networks ◽  
Sensor Networks ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Sensor Nodes ◽  
Wireless Sensor ◽  
Forward Secrecy ◽  
Perfect Forward Secrecy ◽  
Mutual Authentication Protocol

Wireless sensor networks (WSN) are widely used to provide users with convenient services such as health-care, and smart home. To provide convenient services, sensor nodes in WSN environments collect and send the sensing data to the gateway. However, it can suffer from serious security issues because susceptible messages are exchanged through an insecure channel. Therefore, secure authentication protocols are necessary to prevent security flaws in WSN. In 2020, Moghadam et al. suggested an efficient authentication and key agreement scheme in WSN. Unfortunately, we discover that Moghadam et al.’s scheme cannot prevent insider and session-specific random number leakage attacks. We also prove that Moghadam et al.’s scheme does not ensure perfect forward secrecy. To prevent security vulnerabilities of Moghadam et al.’s scheme, we propose a secure and lightweight mutual authentication protocol for WSNs (WSN-SLAP). WSN-SLAP has the resistance from various security drawbacks, and provides perfect forward secrecy and mutual authentication. We prove the security of WSN-SLAP by using Burrows-Abadi-Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. In addition, we evaluate the performance of WSN-SLAP compared with existing related protocols. We demonstrate that WSN-SLAP is more secure and suitable than previous protocols for WSN environments.

scholarly journals A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

2017 ◽  
Vol 2017 ◽  
pp. 1-15 ◽  
Author(s):  
Ruhul Amin ◽  
SK Hafizul Islam ◽  
Muhammad Khurram Khan ◽  
Arijit Karati ◽  
Debasis Giri ◽  
...  
Keyword(s):  
User Authentication ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Security Attacks ◽  
Authentication Protocols ◽  
Session Key ◽  
Authorized User ◽  
Proof Of Correctness ◽  
And Storage

The concept of two-factor multiserver authentication protocol was developed to avoid multiple number of registrations using multiple smart-cards and passwords. Recently, a variety of two-factor multiserver authentication protocols have been developed. It is observed that the existing RSA-based multiserver authentication protocols are not suitable in terms of computation complexities and security attacks. To provide lower complexities and security resilience against known attacks, this article proposes a two-factor (password and smart-card) user authentication protocol with the RSA cryptosystem for multiserver environments. The comprehensive security discussion proved that the known security attacks are eliminated in our protocol. Besides, our protocol supports session key agreement and mutual authentication between the application server and the user. We analyze the proof of correctness of the mutual authentication and freshness of session key using the BAN logic model. The experimental outcomes obtained through simulation of the Automated Validation of Internet Security Protocols and Applications (AVISPA) S/W show that our protocol is secured. We consider the computation, communication, and storage costs and the comparative explanations show that our protocol is flexible and efficient compared with protocols. In addition, our protocol offers security resilience against known attacks and provides lower computation complexities than existing protocols. Additionally, the protocol offers password change facility to the authorized user.

scholarly journals Secure Authentication Protocol for Wireless Sensor Networks in Vehicular Communications

Sensors ◽  
2018 ◽  
Vol 18 (10) ◽  
pp. 3191 ◽  
Author(s):  
SungJin Yu ◽  
JoonYoung Lee ◽  
KyungKeun Lee ◽  
KiSung Park ◽  
YoungHo Park
Keyword(s):  
Wireless Sensor Networks ◽  
Sensor Networks ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Wireless Sensor ◽  
Vehicular Communications ◽  
Security Issue ◽  
Session Key ◽  
Secure Authentication

With wireless sensor networks (WSNs), a driver can access various useful information for convenient driving, such as traffic congestion, emergence, vehicle accidents, and speed. However, a driver and traffic manager can be vulnerable to various attacks because such information is transmitted through a public channel. Therefore, secure mutual authentication has become an important security issue, and many authentication schemes have been proposed. In 2017, Mohit et al. proposed an authentication protocol for WSNs in vehicular communications to ensure secure mutual authentication. However, their scheme cannot resist various attacks such as impersonation and trace attacks, and their scheme cannot provide secure mutual authentication, session key security, and anonymity. In this paper, we propose a secure authentication protocol for WSNs in vehicular communications to resolve the security weaknesses of Mohit et al.’s scheme. Our authentication protocol prevents various attacks and achieves secure mutual authentication and anonymity by using dynamic parameters that are changed every session. We prove that our protocol provides secure mutual authentication by using the Burrows–Abadi–Needham logic, which is a widely accepted formal security analysis. We perform a formal security verification by using the well-known Automated Validation of Internet Security Protocols and Applications tool, which shows that the proposed protocol is safe against replay and man-in-the-middle attacks. We compare the performance and security properties of our protocol with other related schemes. Overall, the proposed protocol provides better security features and a comparable computation cost. Therefore, the proposed protocol can be applied to practical WSNs-based vehicular communications.

Sign in / Sign up

Export Citation Format

Share Document