Secure and Efficient User Authentication Scheme in Ubiquitous Wireless Sensor Networks

The user authentication scheme in ubiquitous wireless sensor networks (WSNs) is an important security mechanism that allows users to access sensors through wireless networks. Therefore, many user authentication schemes in ubiquitous WSNs have been proposed. However, many user authentication schemes are vulnerable to impersonation attacks, parallel session attacks, password guessing attacks, stolen smart card attacks, and so forth. In this paper, we propose a secure and efficient user authentication scheme for use in ubiquitous WSNs. Our proposed scheme is secure against various attacks and provides mutual authentication and session key establishment. Furthermore, our proposed scheme is efficient at using the hash function and exclusive-OR operation.


Introduction
In a ubiquitous wireless sensor network (WSN), a sensor is configured as a network.WSN technology has been actively researched globally and has expanded into a ubiquitous paradigm that can access a computing environment anytime and anywhere [1][2][3].The main characteristics of a WSN include the following: power consumption constraints for nodes using batteries or energy harvesting, ability to cope with node failures, mobility of nodes, communication failures, heterogeneity of nodes, scalability to large-scale deployment, ability to withstand harsh environmental conditions, and ease of use [4].
WSN-related software platforms such as TinyOS [5], Nano-Qplus [6], Contiki [7], and LiteOS [8] support a variety of standards and protocols.WSN-related standards include 6LoWPAN [9] by the Internet Engineering Task Force (IETF), ROLL [10] by the IETF, CoRE [11] by the IETF, ZigBee [12], Wireless HART [13], and ISA 100 [14].Some applications of ubiquitous WSN technology include area monitoring, environmental/earth monitoring, industrial monitoring, agriculture, passive localization and tracking, and smart home monitoring [15,16].In these applications, the ubiquitous WSN must have a user authentication scheme in which the user has secure access to the sensor nodes.As a result, many user authentication schemes have been proposed for ubiquitous WSNs.However, the existing proposed schemes are vulnerable to various attacks and are not efficient.Therefore, in this paper, we propose a secure and efficient user authentication and key-establishment scheme for use in ubiquitous WSNs.
This study is organized as follows.Section 2 describes related work, and Section 3 proposes a secure and efficient user authentication scheme for ubiquitous WSNs.In Section 4, we analyze and compare related work.Section 5 presents our conclusion.

Related Work
In 2004, Watro et al. [17] proposed TinyPK, a user authentication scheme that uses RSA and the Diffie-Hellman algorithm.However, Das [18] proposed that TinyPK is vulnerable to "masquerade as sensor node to an unknowing user" attack.In 2006, Wong et al. [19] proposed a dynamic strong-passwordbased scheme to address this access control problem and 2 International Journal of Distributed Sensor Networks adapted it into the WSN environment.Their scheme imposes a very light computational load and requires simple operations, such as a one-way hash function and exclusive-OR.Unfortunately, Das also proposed that in Wong et al. 's scheme, many logged-in users are vulnerable to the same login-id attack and stolen-verifier attack.
Das [18] proposed a user authentication scheme that eliminates the weaknesses of Wong et al. 's scheme and provides better security and efficiency.Later, Nyang and Lee [20] found that Das's scheme is vulnerable to an offline password guessing attack by insiders and showed a security-enhanced user authentication scheme to overcome this vulnerability without sacrificing efficiency and usability.
In 2010, He et al. [21] demonstrated that Das's scheme suffers from insider attacks and impersonation attacks, and users cannot change their passwords.As a solution to these weaknesses in Das's scheme, He et al. [21] proposed an enhanced two-factor user authentication scheme.In the same year, Khan and Alghathbar [22] found that Das's scheme is vulnerable to gateway ()-node bypassing attacks, does not provide mutual authentication between the  node and sensor nodes, is vulnerable to insider attacks, and does not have provisions for changing or updating registered users' passwords.To overcome these security weaknesses of Das's scheme, they proposed improvements and security patches.Unfortunately, Kumar and Lee [23] pointed out the vulnerabilities of He et al. 's and Khan and Alghathbar's schemes.First, Kumar and Lee found that He et al. 's scheme is susceptible to information-leakage attacks and cannot preserve user anonymity, does not provide mutual authentication between the sensor and the user, and does not establish a session key between the user and the sensor node.Second, they found that Khan and Alghathbar's scheme does not provide mutual authentication between the sensor and the user, does not establish a session key between the user and the sensor node, and does not provide confidentiality for their air message.
Further, Huang et al. [24] found that Das's scheme is still vulnerable to masquerade attacks and cannot provide user anonymity, so they proposed an improvement to remedy these weakness.In addition, Vaidya et al. [25] showed that both Das's scheme and Khan and Alghathbar's scheme have flaws and remain vulnerable to various attacks including stolen smart card attacks.Thus, they proposed an improved two-factor user authentication that is resilient to stolen smart card attacks as well as other common types of attacks.Chen and Shih [26] found that Das's scheme cannot provide mutual authentication.To address this problem, they proposed a robust mutual authentication scheme for WSN.Recently, Xue et al. [27] proposed a temporal credential-based mutual authentication and key agreement scheme for WSNs.

The Proposed Scheme
In this section, we propose a secure and efficient user authentication scheme for use in ubiquitous WSNs.The  node selects a master secret key  and a secret number , computes ℎ(  ‖ ℎ() ‖   ), and shares them with sensor node   through a secure channel, where   is the identity of th sensor node, and   is a random nonce of each th sensor node generated by the  node.This scheme consists of four phases: registration, login, authentication and key establishment, and password change. 1 summarizes the notation used to describe our proposed scheme.

Registration Phase.
Figure 1 illustrates the procedure of the registration phase.When a new user   wants to register with the  node, he/she performs the following steps.

Login Phase.
If the user   wants to access th sensor node   , he/she performs the following steps.
Step L1.   inserts his/her smart card into the device and inputs the identity   and the password   .
Step L3.The smart card computes the following: where  1 is the current timestamp of   's system.

Authentication and Key Establishment
Phase.The procedure that is followed in the authentication and key establishment phase is illustrated in Figure 2.After receiving the login request message {  ,   ,   ,   ,  1 ,  1 } from user   , the  node performs the following steps.
Step A1 (the  node validates timestamp  1 ).If | * −  1 | ≤ Δ, then the  node proceeds to the next step, where Δ is the expected time interval for the transmission delay and  * is the current timestamp of the  node.Otherwise, the procedure is terminated.The  node computes the following: Then the  node checks whether   1 is equal to  1 .If they are equal, the  node accepts the login request and computes the following: where  2 is the current timestamp of  node's system.
Step A3 (  validates timestamp  2 ).If | * −  2 | ≤ Δ, then   proceeds to the next step, where Δ is the expected time interval for the transmission delay and  * is the current timestamp of   .Otherwise, the procedure is terminated.  computes the following: Then   checks whether   3 is equal to  3 .If they are equal,   authenticates  and   , generates , and computes the following: where  3 is the current timestamp of   sensor node's system.
Step A5 (the  node validates timestamp  3 ).If | * −  3 | ≤ Δ, then the  node proceeds to the next step, where Δ is the expected time interval for the transmission delay, and  * is the current timestamp of the  node.Otherwise, the procedure is terminated.The  node computes the following: Then the  node checks whether   5 is equal to  5 .If they are not equal, the procedure is terminated.Otherwise,  authenticates   and computes the following: where  4 is the current timestamp of the  node's system.
Step A6 ( →   : { 6 ,   the expected time interval for the transmission delay and  * is the current timestamp of   .Otherwise, the procedure is terminated.  computes the following: Then   checks whether   7 is equal to  7 .If they are equal,   authenticates  and   , and the mutual authentication process is completed.After the mutual authentication process,   and   compute  = ℎ( ‖ ℎ( ⊕   ) ‖ ℎ(  ‖   ) ‖   ) for future secure communication.

Password Change Phase
. The procedure that is followed in the password change phase is depicted in Figure 3.If user   wants to change his/her password, he/she performs the following steps.
Step P1.   inserts his/her smart card into the device and inputs the identity   and the password   .
Step P3.   inputs the new password    and a new random number   .
Step P4.The smart card computes the following: Then the smart card replaces   with    and   with    .

Security and Efficiency Analysis of the Proposed Scheme
4.1.Security Analysis.Table 2 compares the security of existing schemes with that of our proposed scheme.Our scheme uses the security properties described in the following subsections.

Simulation Environments.
In Section 4.2, we compared the performance of existing schemes with that of our proposed scheme.As a result, we implemented a simulation for various schemes.The simulation was performed and evaluated in a standard PC environment.The algorithm for the schemes was implemented using JAVA, and the simulation environment was evaluated with an Intel Core i5-2537 M (1.40 MHz) with 4 GB of RAM.

Simulation Results.
Our simulation calculated the average time to perform the 10 simulation tests because the measured results were slightly different each time.Figure 4 shows the measured results for users performing the login and authentication phase.As shown in Figure 4, our proposed scheme incurs a little more computational time than existing schemes [18,21,22,[24][25][26].However, our proposed scheme is more secure against various attacks than existing schemes and provides mutual authentication between the user and the  node, between the user and the sensor nodes, and between the  node and the sensor nodes.If our proposed scheme performs authentication to the  node and the sensor nodes only in the authentication phase, it will show measured results similar to the existing schemes [18,21,22,[24][25][26].

Conclusion
In this paper, we proposed a secure and efficient mutual user authentication and key establishment scheme that can be used in ubiquitous WSNs.The proposed scheme provides mutual authentication between the user and the  node, between the user and the sensor node, and between the  node and the sensor node.Compared with existing  schemes, the proposed scheme has been proven to be secure against various attacks.In addition, the proposed scheme is computationally efficient compared with existing schemes.

Figure 1 :
Figure 1: Registration phase of our proposed scheme.

Figure 2 :
Figure 2: Login and authentication and key establishment phase of our propose scheme.

Figure 3 :
Figure 3: Password change phase of our proposed scheme.

Figure 4 :
Figure 4: Analysis of time according to number of users.
4.1.1.User Anonymity.Even if an attacker eavesdrops on   's login request message {  ,   ,   ,   ,  1 ,  1 } in the login phase, the attacker cannot obtain   's identity   from   ,   ,   , and  1 , because , , , and   are not known.Furthermore, even if the attacker obtains   's smart card, he/she cannot obtain   's   .Therefore, the proposed scheme achieves user anonymity.4.1.2.Impersonation Attack.

Table 2 :
[18,21,22,24,25,27]f the compared schemes.Scheme Section 4.1.1Section4.1.2Section4.1.3Section4.1.4Section4.1.5Section4.1.6Section4.1.7Section4.1.8Evenwhenanattackereavesdropson'sloginrequestmessage{  ,   ,   ,   ,  1 ,  1 }, the attacker cannot guess   's password   from login request message {  ,   ,   ,   ,  1 ,  1 }.This is because the attacker cannot determine the , , , and   from login request message {  ,   ,   ,   ,  1 ,  1 } due to the nature of the one-way hash function.4.1.5.Replay Attack.We assume that an attacker intercepts   's login request message {  ,   ,   ,   ,  1 ,  1 } in the login phase.The attacker is replaying the intercepted message to authenticate but cannot authenticate from the server, because the timestamp  1 fails to validate.Although the attacker generates the correct timestamp , he/she cannot compute the correct login request message, because ,   , and   are not known.4.1.6.Stolen Smart Card Attack.We assume that an attacker steals   's smart card or extracts information from   's smart card.However, the attacker cannot compute the login request message without knowing   and   .In addition, the attacker cannot obtain   and   through the extracted information because of the nature of the one-way hash function.Therefore, the proposed scheme is resilient against stolen smart card attacks because the   and   cannot be obtained from   's stolen smart card.The  node can authenticate the user by checking  1 in Step A1 of the authentication and key establishment phase, and the sensor node can authenticate the user and the  node by checking  3 in Step A3 of the authentication and key establishment phase.Likewise, the  node can authenticate the sensor node by checking  5 in Step A5 of the authentication and key establishment phase, and the user can authenticate the  node and sensor node by checking  7 in Step A7 of the authentication and key establishment phase.4.2.Efficiency Analysis.Table3compares the performance of existing schemes with that of our proposed scheme.Our proposed scheme incurs less computational overhead than Nyang and Lee's[20]or Xue et al. 's[27]schemes.Although our proposed scheme incurs slightly more computational overhead than conventional schemes, it is more secure against various attacks than conventional schemes[18,21,22,24,25,27].

Table 3 :
Performance analysis of the compared schemes.