Secure Access Control Method for Wireless Sensor Networks

Wireless sensor networks (WSNs) contain a large number of resource-constrained and energy-limited sensor nodes that are generally deployed in an open environment. Those sensor nodes communicate with each other or with a base station via wireless channels. Therefore, secure access control is an important issue in WSNs because sensor nodes are susceptible to various malicious attacks during the authentication and key establishment phase and the new node addition phase. In this study, we propose a new access control method based on elliptic curve cryptography and the chameleon hash function. This method addresses the security problems in the existing research. It also has additional advantages since it does not require time synchronization between communication nodes, nor does it require node verification tables. In addition to our proposal, the correctness, security, resistance to possible attacks, and the performance of the proposed method are analyzed and evaluated. The results of our study demonstrate that the proposed method has an outstanding performance and fulfills all the requirements for secure communication in WSNs.


INTRODUCTION
Wireless sensor networks (WSNs) consist of base stations and a large number of resource-constrained and energy-limited sensor nodes that are typically deployed in various environments.Since the base stations and sensor nodes communicate with each other via wireless channels [1], the WSN system is threatened by malicious security attacks.
In WSNs, after a prolonged period of operation, the power of some of the sensor nodes gets exhausted.This occurs due to uneven distribution of radio transmission load, or damage caused by unpredictable events.The base station must dynamically add new nodes to the WSN to ensure the coverage and connectivity of sensor nodes.Following the addition of a node, the new node is authenticated by the neighboring nodes, and it establishes shared session keys with them for secure communication.
In order to attack or access communication information, malicious nodes may modify received messages, eavesdrop on transmission messages, insert false messages, or provide misleading information to legitimate sensor nodes.Therefore, access control security is a major concern in WSNs.
Zhou et al. [2] proposed an access control protocol to improve the performance of traditional public-key-based encryption protocols.This protocol was based on the elliptic curve.However, it assumed that each sensor node could sustain for a tolerable time interval before it was compromised, rendering the scheme unsuitable for certain practical applications.Huang et al. [3] proposed an efficient access control protocol based on the elliptic curve and hash chains.This scheme could easily add new nodes and resist various attacks.Kim et al. [4] proposed an enhanced access control protocol based on the scheme proposed by Huang et al.Their research indicated that the method proposed by Huang et al. could not resist replay as well as active attacks.Further, it lacked hash chain renewability after the authentication and key establishment phase.In 2010, Jian et al. [5] and Peng et al. [6] demonstrated that the scheme presented by Kim et al. was vulnerable to masquerade attacks executed by new as well as legal nodes because it lacked hash chain renewability.In 2012, P. Zeng et al. [7] proposed a practical access control scheme, still based on elliptic curve and hash chain.However, such large number of key distribution scheme [2][3][4][5][6][7], is vulnerable to various adversary attacks and had huge storage overhead at the sensors node.
In 2013, Molavi et al. [8] use ECDLP method to solve security problem, but still need time synchronization and had more compute time.
Our goal to solve the problems mentioned above, we propose a secure and flexible access control protocol.The idea of proposed scheme based on the chameleon hash function [9][10][11][12] and Diffie-Hellman key exchange.This proposed method can dynamically and securely add new nodes to existing networks.Moreover, it overcomes the existing security problems, and had fewer number of transmission and does not require time synchronization or the verification table.
The remainder of this paper is organized as follows.Section 2 describes the preliminary information relevant to our scheme, i.e., the chameleon hash function based on the elliptic curve.In Section 3, the proposed scheme is introduced, followed by the correctness and performance analysis in Section 4.
Finally, we draw our conclusions in Section 5.

PRELIMINARIES
This section introduces the properties of chameleon hash functions based on elliptic curves [7,8].
The base station initially chooses a large prime number q , an elliptic curve q E , a point P of order n over q E , a subgroup G with order P , and a cryptographically secure hash function . Here, M is a message space, and R is a finite space.The proposed chameleon hash function is as follows: Given the hash key HK , .
According to [10], the chameleon hash function has the following properties: (2) If the private trapdoor key is not known, it is not possible to find two inputs ( 1 m , 2 m ) that are mapped to the same output, such that (3) The holder of the secret key information can easily find collisions for a given input, i.e., two messages 1 m and 2 m , where Note that in signature schemes that use the chameleon hash function, there is a signer and a recipient, and two phases of execution.In the off-line phase, the signer pre-computes the chameleon hash values CH and the corresponding signatures σ on the hash values.In the online phase, the signer computes a random number r of the chameleon hash function for the given message m such that

THE PROPOSED SCHEME
This section presents the proposed access control method based on the chameleon hash function [9][10][11][12] and used twice Diffie-Hellman key exchange.This study used signature parameter to archives robust authentication and key exchange.This method consists of two phases: the initialization phase, and the node authentication and key establishment phase.The basic concepts and operations are as follows: 1. Initialization phase: The base station sets the necessary values of the sensor nodes before they are deployed.
2. Node authentication and key establishment phase: A deployed node engages in mutual authentication with one of its neighboring nodes, and then establishes a common session key with the neighboring node for secure communication.
In order to depict the proposed method more clearly, the notations used in this paper are listed in Table 1.

Symbol Description
The identity of node i N BS The base station q ith A large prime number

Mav
The mutual authentication value

Initialization phase
To set up the network system parameters, the base station initially chooses a large prime number q , an elliptic curve q E , a point P of order n over q E , a subgroup G with order P , and a cryptographically secure hash function . It then completes the initialization phase by carrying out the following steps.
. Here, ) to node i N , and publishes q E , q , n , P , Y to all the sensor nodes.
These three steps of the initialization phase are shown in Figure 1.

Authentication and key establishment phase
After all the sensor nodes have been deployed, if node i N wants to communicate with another node j N , they must implement the following steps to authenticate each other.Subsequently, they must establish a shared session key for securing their communication. Step to compute the public key aP and Y r i , and then sends ( ) to the node j N .
Step 3: When node i N receives the message from j N , it also computes the chameleon hash value Step 4: When Mav is discarded.The steps of the authentication and the key establishment phase are shown in Figure 2.
Note that after the sensor network has operated for a certain period of time, new nodes must be deployed in the network to extend its life.For example, for the deployment of a new node 1  i N , the base station adds the new node by following steps 2 and 3 of the initialization phase outlined in section 3.1.

ANALYSIS OF THE PROPOSED SCHEME
In this section, we analyze the correctness, the security, and the performance of the proposed access control protocol.The security analysis also shows how the proposed method can resist known security attacks.

Correctness
In the authentication and key establishment phase, node

Security Analysis
The proposed scheme utilizes the chameleon hash function and twice Diffie-Hellman key exchange produce the mutual authentication value to establish mutual authentication between communication nodes.This study construct of security chameleon hash function, further proof in [10,11].For example, if nodes i N and In addition to security analysis, the following paragraphs explain how the proposed method can resist attacks such as legal node masquerading attacks, forgery attacks, new node masquerading attacks, replay attacks, and man-in-the-middle attacks.

A. Legal node masquerading attack
In this study, the authentication of node  An attacker may obtain the commutation values by eavesdropping on the communication between nodes i N and j N .However, even if the attacker obtains the values of aP and bP from the authentication and key establishment phase, deriving the legalized session key abP is extremely difficult because of the ECDLP.Therefore, the proposed scheme can prevent a legal node masquerading attack.

B. Forgery attack
Consider the case where an adversary has obtained the commutation values by eavesdropping on the communication channel.
The adversary may attempt to create a legitimate authentication message using the following equation.
However, it is not possible for the adversary to create a forged message because the value of ' i r cannot be computed without secret key

C. New node masquerading attack
When some of the sensor nodes in the wireless sensor network are damaged or have exhausted their power, new sensor nodes must be added to the network to extend its life.In the new node addition phase, the base station preloads the Owing to the non-availability of the secret keys x and  , the attacker cannot compute the value of to verify the ID and the hash key of the new node.
Therefore, the proposed scheme can prevent new node masquerading attacks.

D. Replay attack
A replay attack is one in which an attacker captures the transmitted messages of a legitimate node, and later replays them on the network in an attempt to imitate legitimate authentication messages.For example, if an attacker transmits the captured message ( ) to another node j N , the attacker must then provide i r for establishing a mutual authentication value Mav .The Mav is required for a shared session key with the node to be connected.However, it is not possible for the attacker to obtain i r without the secret key In addition, if the attacker sends the value Mav to connect node j N , node j N can use the shared session key to authenticate whether the connecting node is legitimate or not.Another point that must be noted is that every connection between two nodes uses the up-to-date session key values a and b .By means of these different strategies, the proposed method can resist replay attacks.

E. The man-in-the-middle attack
In the proposed scheme, the communication nodes can mutually authenticate and establish session keys between users and servers.Although an attacker may launch a man-in-the-middle attack, the attacker can only know the values of aP and bP .It still has to resolve the ECDLP.Moreover, even if the attacker obtains user information (such as ), the attacker still cannot pass the authentication and key establishment phase because it cannot compute the mutual authentication value Mav of the session key.Therefore, the proposed scheme can resist man-in-middle attacks.

Session key security
The proposed scheme uses a session key.Only the communicating parties know the session key abP when the user verifies the message from receiving party.The session key abP SK  is not known by anyone other than the communicating parties because the random values aP and bP are protected by the ECDLP.Therefore, the proposed scheme provides session key security.

Performance Analysis
Table 2 shows the proposed scheme compared with related works Huang et al. [3], and Kim et al. [4], H. Lee et al. [6] and B. Molavi et al. [8] in terms of the function of access control method.The computation cost and the transmission cost are two popular benchmarks for evaluation of the efficiency of the WSNs.Table 3 shows the computation costs of the proposed method during different phases.
When compared to the computation cost of the hash chain and the elliptic curve-based schemes, the computation cost of the proposed method is slightly higher.However, our proposed method does not require time synchronization or the verification table for authentication.Hence, it is more efficient than the hash chain and elliptic curve-based methods.The energy cost of communication and cryptography in wireless sensor networks is an important consideration.In [13] indicate energy cost of cryptographic protocols, both from a communication and a computation.According to [13]

CONCLUSION
This study demonstrated a new access control scheme for WSNs that has three characteristics.First, the proposed scheme can establish mutual authentication between two communication nodes, and resist possible attacks when the base station adds a new node to the WSN.Second, the proposed scheme can establish a common session key between two nodes in an efficient manner.Moreover, it does not require time synchronization or the verification table.Third, the proposed scheme requires fewer transmissions and less bandwidth than that of existing schemes.

( 1 )
Anyone that knows the public key )

Step 1 :
Chooses random elements * , Rq xZ   as the secret key, and then computes the public key xP Y  as well as the chameleon hash value of the base station Y key, where i = 1, 2, 3,…, n, computes the trapdoor/hash key pair (

Figure 1 .
Figure 1.Steps of the initialization phase.

jN
computes the chameleon hash value BS CH  of node i N based on the received message (

Figure 2 .
Figure 2.Authentication and key establishment phase On the other hand, the random values a and b are chosen by nodes i N and j N , respectively.The point P of the Elliptic curve and the public key Y are initially published by the base station.Therefore, node i N can obtain the value of X abP using the aforementioned parameters.
are obtained by Diffie-Hellman key exchange.If they are equal, the shared session key has been established.In a similar manner, node j N can apply the method used by node i N to confirm the mutual authentication value.

jN
require mutual authentication, j N will first compare the preloaded chameleon hash value of the base station , BS CH , with the chameleon hash value of node i N , BS CH  , obtained by using Eq.(1).However, the calculation of BS CH  requires the ID, the hash key P , the process can authenticate the ID and hash key because computing BS CH  is an elliptic curve discrete logarithm problem (ECDLP) if the attacker does not have any information about the ID and hash key.Furthermore, by using the shared session key abP and security key i r .However, only the communication nodes recognize the session key abP , and only node i N and the base station can have the secret key i r .

jN
depends on the comparison of chameleon hash values in the authentication and key establishment phase.

Firstr
is legitimate, and only the base station know the secret keys  and to compute the mutual authentication value and get authenticated successfully.
computation over an elliptic curve.
of performing the modulus multiplication operation.
et al.(2012) All nodes of the WSN have the same chameleon hash value as the base station, i.e., In this case, the received message is from node i of node i N based on the result of comparison of ' BS CH with BS CH .Moreover, node i N also can ensure whether node j N is valid by applying the same method that is used by node j N .

Table 2
Compared function of access control method.

Table 3
m Te :time for cryptographic secure hash function.
[7]sure practical costs of computation and communication in WSN used TelosB sensors run Elliptic Curve Diffie-Hellman key exchange with authentication energy costs is 130(mJ), communication costs is 58.3(mJ) , and computation cost is 77(mJ).As a result, we can realize communication cost is an important consideration same with computation cost.Table4presents the computation and the transmission costs incurred by using the methods put forward by Zhou et al.[2], Huang et al.[3], Kim et al.[4]and H. Lee et al.[7].It also displays the costs incurred by using our proposed method.The protocol proposed by Huang et al. requires seven transmissions and updates the broadcast hash chain after each authentication, key establishment, and new node addition phase.Our method requires only five transmissions.Consequently, it needs less bandwidth than the schemes proposed by Zhou et al. and Huang et al.Therefore, the proposed scheme can be applied to applications from the WSNs criteria that had less number of transmissions and had lower data rate of communication.However, every broadcast has resulted in poor throughput of WSNs.Our proposed do not need broadcast to update node list and verify table.Furthermore, it can be implemented by using any elliptic curve and cryptographic secure hash function.

Table 4 .
The comparison of computation costs and number of transmissions