Analysis and Improvement of a Robust User Authentication Framework for Ubiquitous Sensor Networks

As an infrastructure of the ubiquitous sensor networks, the wireless sensor network plays an important role in generation of multi-networks integrated system. And currently the wireless sensor network is not only being used to monitor and analyze information about the environment but also being used for more dynamic systems. The security system is one of standards for measuring whether a wireless sensor networks is an outstanding wireless sensor network. RUASN proposes a robust user authentication framework for wireless sensor networks, based on a two-factor concept. This proposed scheme possessed many advantages against major existing attacks and performed well at efficiency and low consumption. However, we have identified that the resistance of collusion attacks is weak. After analyzing, we proved that we can obtain the session key via controlling a compromised sensor node and using the collusion attack when a user wants to establish a session with a legal node. Therefore, to enhance the resistance of collusion attacks, we present two ways to solve the security drawbacks of RUASN scheme. One is to add a slight improvement into the RUASN scheme to enhance this scheme. Another is using the Hardware Security Module. After a simple analysis, we have proved that the improved scheme can resist the collusion attack.


Introduction
The ubiquitous sensor network (USN) is used to describe a network of intelligent sensors that could, one day, become ubiquitous.The term "ubiquitous" means "everywhere" normally.The further expression "anywhere, anytime, by anyone and anything" has come to be used to illustrate the trend towards ubiquitous networks.According to the related works, USNs have applications in both civilian and military fields.For civilian applications, these include environment and habitat monitoring, healthcare, home automation, and intelligent transport systems.This ubiquitous sensor network requires huge investments and a large degree of customization and high degree of complexity.As the important underlying infrastructure, wireless sensor networks also have the same requirements as USN.
Wireless sensor networks (WSNs), the term "sensor" in USN, have large potential impact on the next generation technology.First of all, WSN is one part of Internet of Things (IOT).The underlying infrastructures of IOT consist of sensor networks organized by these small devices.Obviously, sensor nodes can be easily and quickly deployed in any environment, and these sensor nodes can offer economically viable, real-time monitoring solutions [1].Currently the wireless sensor network is not only being used to monitor and analyze information about the environment but also being used for more dynamic systems [2,3].These dynamic systems have to be capable of handling those changing situations, commonly called context changes, detected by means of sensors.Nowadays, WSN [4] is not isolated anymore; it is integrated in other bigger networks more and more, such as cloud computing networks [5][6][7] and ubiquitous sensor networks [8,9].
In traditional WSN systems, a user usually communicates with sensor nodes via gateway nodes or base stations.Then sensor nodes can provide its services to the user.As a result, it is necessary to enhance the access control and the authentication for the security of the whole system.Access control not only provides access rights to users who can access the service but also gives different users different right; namely, every user's identity is associated with his own right.How to identify users' access rights?The answer is 2 International Journal of Distributed Sensor Networks Authentication.In general, user authentication process [10,11] where each user must verify their legitimacy is considered as an important part of the access control system.This way, many schemes designed for the access control system of WSN are presented.When we present our schemes, we not only ensure that the security can increasingly rise but also put down the energy consumption and computation.Taking the characteristics low power, low computation, low cost, and limited memory into account, Kumar et al. have presented a robust user authentication framework called RUASN to satisfy the above challenges [12].
The proposed RUASN framework uses two factors approach to achieve user authentication for wireless sensor networks.The first factor refers to something that is known by the user, such as the password, while the second factor refers to something that is embedded on a device, such as smart cards, software tokens, digital certificates, or biometric identifiers.The proposed scheme resists many popular attacks, such as replay attack and impersonation attack.RUASN also provides users privacy protection, mutual authentication, and secure session key establishment.
However, we have identified that RUSAN had some flaws under the collusion attack.The collusion attack, also called colluding attack, is a practice attack for networks, such as peer-to-peer networks [13] and mobile networks [14].The collusion attack [15] is a practice attack for WSNs.The "collusion" means that this attack is always executed with a "partner" who has a legal identity.In WSNs, this "partner" may be a sensor node, a base station, or a legal user.Taking advantages of the collusion attacks, we can make an unauthorized sensor node authenticated via an authorized sensor node who was under our control.Furthermore, we will control most of the sensor nodes.To enhance RUSAN scheme, we have proposed two improvements.One is to add a slight improvement into the RUASN scheme to enhance this algorithm.Another is using the Hardware Security Module to prevent secret materials from being obtained or extracted by themselves.After analyzing, we can guarantee that our improvement can resist collusion attack and make no impact on the security RUSAN.
The rest of the paper is structured as follows.Section 2 briefly reviews RUSAN scheme.In Section 3, we discuss the flaw RUSAN has.In Section 4, we will present our improvement and give a simple analysis.Section 5 is the conclusion.

Review of RUSAN
Before issuing a query to a sensor node, each user must register with the gateway in a secure manner so that they can access the real time sensors' data.Upon the successful user registration request, the gateway node personalizes a smart card for every registered user.Then, a user can submit his/her query in an authentic way and access the sensor network data at any time.In order to execute the proposed framework, we considered that the gateway is a trusted node and it holds two master keys ( and ), which are sufficiently large for the sensor network.As a result, only the users authorized by the gateway have privileges to access the sensors, which share a long-term secret with the gateway.The framework is separated into four phases, user registration phase, login phase, authentication phase, and password update phase.For convenience, Notations section provides a list of notations and symbols which will be used throughout the rest of the paper.
The whole RUASN has four phases; the login phase and authentication phase are our main discussion.Therefore, the rest will be generally indicated as follows.

Registration Phase. User:
(i) Registration phase requires every user to register in the GW node.First, a user chooses ID  , PW  , and selects an arbitrary random number .
(ii) After the above parameters are determined, the user calculates ℎ( ⊕ PW  ).
Then, user sends his request and ID  and ℎ( ⊕ PW  ) to gateway node.Gateway node: (i) Upon receiving the request from the user, GW node generates a number  randomly.
(ii) GW node calculates Here,  is the gateway secret key and ℎ(⋅) is a collision free one-way function, for example, SHA- (i) Gateway node personalizes a smart card to user with (ii) After receiving this card, user inputs  into it.This way, the user needs not memorize the arbitrary random number .Now, {  ,   ,   , ℎ(⋅),   [⋅],   [⋅], } is held in the smart card.

Login Phase (LP) and Authentication Phase (AP).
First is the login phase; this phase is executed by the smart card and the terminal node after the user inputting his ID and PW.
As a result, the user believes that the sensor node   is authentic.

Password-Update
Phase.Though password-update phase is not our discussion, and this paper will not indicate this phase, this phase can be generally shown in Algorithm 1.
For describing clearly, we have summarized the whole process of login phase and authentication phase in Figure 1.

Analysis of RUASN with the Collusion Attack
Firstly, we will analyze the RUASN scheme.The security of RUASN scheme is the product of cooperation of users, gateway nodes, and sensor nodes.Users keep their own ID  , PW  , and smart cards.ID  and PW  are traditional security ways to identify different users and guarantee users' rights.The smart card is the most popular way to keep one's secret information.In RUASN scheme, we can see that most secret information are held in the smart card.The gateway node and sensor node only execute verification and computation process at most of their time.Other parameters are mostly used for verification in the middle of authentication process except   .  is a key secret information for the whole process, and it is only held in the gateway node.  held in the gateway node combines secret information kept in the smart card to provide mutual authentication.These solutions guarantee the security of RUASN scheme.
In RUASN scheme, though it says that it can provide mutual authentication, in fact, the core process is only executed in gateway node, and the key secret information are only kept in the smart card and the gateway node.In these phases, besides the information held in the smart card,   is the core element.  is only held in the gateway Enter ID  and PW  (i)   * = ℎ(ID  ‖ ℎ( ⊕ PW  )) (ii) Check   * =   , if yes, and then go to the next step.(iii) Enter PW new node.However, we have found that the key parameter   would appear in the target sensor node in a short time when the session happens between the user and the sensor node.The encrypted information with   will be decrypted and obtained by the sensor node to execute the following steps.This is to say, we can take this moment into account to attack the RUASN scheme.
Direct attacks are not sensible, obviously.Then, we can attack via a circuitous way, and, this is a popular attack applied to target WSN, the collusion attack.The collusion attack is a practice attack for WSNs.The "collusion" means that this attack is always executed with a "partner" who has a legal identity.In WSNs, this "partner" may be a sensor node, a base station, or a legal user."The easiest way to capture a fortress is from within." The previous literatures show that it is easy to succeed an attack with a "partner." In WSNs, the collusion attack is always executed via controlling one or more compromised sensor nodes.For the RUASN, it is viable to obtain the session key between an authorized node and a user via a legal node which is under an adversary's control.The whole attack process will be separated into two steps and detailed as follows.
3.1.Obtain the Secret Key   .In this paper, we assumed that   is a legal node under the adversary's control.He can use this sensor node   correctly and normally; he can obtain not only the message transmitted publicly but also the information held in   at any time.Then, the adversary can obtain the secret key   .The process of the adversary carried out is summarized as follows.
(i) When a registered user A wants to access target node   via a gateway node, he will execute a normal login phase and authentication phase.The adversary can eavesdrop the information transmitted between the user and sensor node   ; namely, the adversary can obtain the message  1 ,  2 ,  3 , and  4 .
(ii) When we want to get the session key Ses  , the controlled node   will play an important rule.The only thing we need is to monitor the information transmitted seriously.
(iii) When the user A wants to access another legal node   , he will work normally.When the gateway sends the message  1 to the node   , we will capture it and then send it to the compromised node   .  cannot distinguish whether this message is sent to it;   would just work as normal.Then   will send the message International Journal of Distributed Sensor Networks User GW Sensor ⟨  2 ,   ⟩ to the gateway node.Meanwhile, the node   will send the message ⟨ 2 , ⟩ to the gateway node.
(iv) Because the node   is not the user's target, the gateway node will not answer.When the message  3 is sent to target node   from the gateway node, we will also capture and then send it to the compromised node   .  cannot distinguish whether this message is correct to send to itself, too.After executing the AP-4 (1) and (2) normally, sensor node   will decrypt the information , and then, the adversary can obtain the information   and ℎ(ID  ).

Generate the Session Key 𝑆𝑒𝑠 𝑘 .
The adversary can obtain the secret information   and ℎ(ID  ).Combining with the parameters   ,   , and   , the adversary can calculate the session key Ses  with the hash algorithm ℎ(⋅).Furthermore, he can use this session key to obtain all the session information between node   and the user.

Our Improvement and Analysis
Generally speaking, there are two reasons that make the adversary succeed to attack RUASN schemes.( 1) We can obtain some key parameters via the collusion attack.(2) The mutual authentication RUASN possessed has drawbacks under the collusion attack.To enhance the RUASN scheme, we can bring a slight improvement into RUASN while we have not made important impacts on the primary scheme.This improvement only needs to add a secret parameter into each sensor node, and the improved process is detailed as follows.
(i) In the predistribution of the sensor node, a secret parameter   will be stored in the sensor node   ( = 1, . . ., ); namely, each node has its own secret parameter.All the parameters ( 1 ∼   ) will be listed and stored in the gateway node.
Bringing the secret parameter   into the authentication process makes the security standard of RUASN raised.The mutual authentication RUASN possessed has been changed.In RUASN scheme, the user's smart card and the gateway sensor node provide the mutual authentication, together.In our improvement, the sensor node will be brought into the mutual authentication.In RUASN scheme, an adversary can obtain the session key via collusion attack.However, we add a parameter into each sensor node to enhance the mutual authentication; the adversary cannot get   from sensor node   , even if he can control a legal node   .Upon receiving  1 from the gateway node in AP-2, the target node   will return the improved message ⟨ 2 , ⟩ to the gateway node after calculation and verification.The gateway node will know that the sensor node   has got ready for the session.AP-3 is the core step against the collusion attack and also a vulnerable step in RUASN scheme.In RUASN scheme, we can obtain   and ℎ(ID  ) and then generate the session key via the collusion attack.However, in our improved scheme, the adversary only knows   the compromised node   .He cannot get the parameter   from target node   and the gateway node.Then, he cannot decrypt the message  and obtain   and ℎ(ID  ).Furthermore, the adversary has no way to attack the improved RUASN scheme via the collusion attack.
Our improvement only adds a random parameter into two calculations.Such improvement makes no change on the general process of RUASN.Thus, this enhanced RUASN still has the original advantages, such as resisting replay attacks, user impersonation attacks, gateway impersonation attacks, insider attacks, stolen-verifier attacks, offlinepassword guessing attacks, man-in-the-middle attacks, and gateway secret key guessing attacks.And, now, after the above analyzing, it can also resist the colluding attack via our improvement.Considering efficiency of the improved RUASN scheme, first, we can see the computation cost comparisons of the enhanced scheme, the original scheme, and other related schemes summarized in Table 1.
It is clear to see that our improved scheme has the same efficiency as RUASN.Though the enhanced RUASN and the original RUASN are less efficient than two of the other three schemes, they can provide more functions such as mutual authentication, user anonymity, trusted messages, and secure session key establishment.It is easy to visualize from Figure 1 that RUASN and improved RUASN only require four messages transmitted.
In addition, there is another way to enhance the RUASN scheme, using a Hardware Security Module (HSM) [16,17], which is a tamper-resistant module used to store the security materials, for example, secret keys and certificates.Also the HSM is responsible for performing all the cryptographic operations such as signing messages, verifying certificates, and keys updating.Using HSM, we can consider that legitimate sensors cannot collude with the compromised sensors as it is difficult for legitimate sensors to extract their security materials from their HSMs.In addition, we can consider that all the keys update processes are executed in the HSM, which means that the new material is stored in the HSM, and it cannot be transmitted in clear under any circumstances.This is to say, this enhanced RUASN scheme can resist the colluding attack.Taking the efficiency of this enhancement, obviously, it is the same as RUASN, too.Furthermore, if we combine this improvement with the first improvement, it will have higher security performance than either of them.

Conclusion
Nowadays, "anywhere, anytime, by anyone and anything" influences the developing trend of ubiquitous sensor networks deeply.As the sensing "organ, " wireless sensor networks play an important role for their widely practical applicability.Therefore, the security system has to be established carefully, especially the authentication framework.Pardeep et al. present a scheme called RUASN.This scheme has the advantages low power, low computation, low cost, and limited memory.It also provides mutual authentication, user anonymity, session key establishment, confidentiality, and secure password update, and it can resist replay attacks, user impersonation attacks, gateway impersonation attacks, insider attacks, stolen-verifier attacks, offlinepassword guessing attacks, man-in-the-middle attacks, and gateway secret key guessing attacks.Generally, the RUASN is a robust user authentication protocol and provides more security services at low cost.However, it is not safe enough under a popular attack called the collusion attack.Generally speaking, the collusion attack means that we can obtain some secret information from target system via cooperating with a legal "partner" who belongs to target system.In this paper, we have proved that we can obtain the session key via controlling a compromised sensor node when a user wants to establish a session with another legal node.To enhance this scheme, we present two improvements.One adds a random parameter into the predistribution of the sensor node and the authentication phase of RUASN; the other is to store all the secret materials into the Hardware Security Module.After a simple analysis, we have proved that the enhanced scheme can resist the collusion attack, and it also has the security performance which RUASN has.

Figure 1 :
Figure 1: The login and authentication phases of RUASN.
International Journal of Distributed Sensor Networks Notations GW node: WSN gateway node   : Th eth user to login ID  : L o g i nI Do f  PW  : P a s s w o r do f   and :