An Authentication Protocol for Future Sensor Networks

Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis and simulated the SMSN and previously proposed schemes in an automated protocol verifier tool. Finally, we compared the computational complexity and communication cost against well-known authentication protocols.Comment: This article is accepted for the publication in "Sensors" journal. 29 pages, 15 figure

Certificateless Algorithm for Body Sensor Network and Remote Medical Server Units Authentication over Public Wireless Channels

Wireless sensor networks process and exchange mission-critical data relating to patients’ health status. Obviously, any leakages of the sensed data can have serious consequences which can endanger the lives of patients. As such, there is need for strong security and privacy protection of the data in storage as well as the data in transit. Over the recent past, researchers have developed numerous security protocols based on digital signatures, advanced encryption standard, digital certificates and elliptic curve cryptography among other approaches. However, previous studies have shown the existence of many security and privacy gaps that can be exploited by attackers to cause some harm in these networks. In addition, some techniques such as digital certificates have high storage and computation complexities occasioned by certificate and public key management issues. In this paper, a certificateless algorithm is developed for authenticating the body sensors and remote medical server units. Security analysis has shown that it offers data privacy, secure session key agreement, untraceability and anonymity. It can also withstand typical wireless sensor networks attacks such as impersonation, packet replay and man-in-the-middle. On the other hand, it is demonstrated to have the least execution time and bandwidth requirements

LDAKM-EIoT: Lightweight Device Authentication and Key Management Mechanism for Edge-Based IoT Deployment

In recent years, edge computing has emerged as a new concept in the computing paradigm that empowers several future technologies, such as 5G, vehicle-to-vehicle communications, and the Internet of Things (IoT), by providing cloud computing facilities, as well as services to the end users. However, open communication among the entities in an edge based IoT environment makes it vulnerable to various potential attacks that are executed by an adversary. Device authentication is one of the prominent techniques in security that permits an IoT device to authenticate mutually with a cloud server with the help of an edge node. If authentication is successful, they establish a session key between them for secure communication. To achieve this goal, a novel device authentication and key management mechanism for the edge based IoT environment, called the lightweight authentication and key management scheme for the edge based IoT environment (LDAKM-EIoT), was designed. The detailed security analysis and formal security verification conducted by the widely used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool prove that the proposed LDAKM-EIoT is secure against several attack vectors that exist in the infrastructure of the edge based IoT environment. The elaborated comparative analysis of the proposed LDAKM-EIoT and different closely related schemes provides evidence that LDAKM-EIoT is more secure with less communication and computation costs. Finally, the network performance parameters are calculated and analyzed using the NS2 simulation to demonstrate the practical facets of the proposed LDAKM-EIoT

A lightweight and secure multilayer authentication scheme for wireless body area networks in healthcare system

Wireless body area networks (WBANs) have lately been combined with different healthcare equipment to monitor patients' health status and communicate information with their healthcare practitioners. Since healthcare data often contain personal and sensitive information, it is important that healthcare systems have a secure way for users to log in and access resources and services. The lack of security and presence of anonymous communication in WBANs can cause their operational failure. There are other systems in this area, but they are vulnerable to offline identity guessing attacks, impersonation attacks in sensor nodes, and spoofing attacks in hub node. Therefore, this study provides a secure approach that overcomes these issues while maintaining comparable efficiency in wireless sensor nodes and mobile phones. To conduct the proof of security, the proposed scheme uses the Scyther tool for formal analysis and the Canetti–Krawczyk (CK) model for informal analysis. Furthermore, the suggested technique outperforms the existing symmetric and asymmetric encryption-based schemes

Seamless key agreement framework for mobile-sink in IoT based cloud-centric secured public safety sensor networks

Recently, the Internet of Things (IoT) has emerged as a significant advancement for Internet and mobile networks with various public safety network applications. An important use of IoT-based solutions is its application in post-disaster management, where the traditional telecommunication systems may be either completely or partially damaged. Since enabling technologies have restricted authentication privileges for mobile users, in this paper, a strategy of mobile-sink is introduced for the extension of user authentication over cloud-based environments. A seamless secure authentication and key agreement (S-SAKA) approach using bilinear pairing and elliptic-curve cryptosystems is presented. It is shown that the proposed S-SAKA approach satisfies the security properties, and as well as being resilient to nodecapture attacks, it also resists significant numbers of other well-known potential attacks related with data confidentiality, mutual authentication, session-key agreement, user anonymity, password guessing, and key impersonation. Moreover, the proposed approach can provide a seamless connectivity through authentication over wireless sensor networks to alleviate the computation and communication cost constraints in the system. In addition, using Burrows–Abadi–Needham logic, it is demonstrated that the proposed S-SAKA framework offers proper mutual authentication and session key agreement between the mobile-sink and the base statio

Seamless key agreement framework for mobile-sink in IoT based cloud-centric secured public safety sensor networks

Recently, the Internet of Things (IoT) has emerged as a significant advancement for Internet and mobile networks with various public safety network applications. An important use of IoT-based solutions is its application in post-disaster management, where the traditional telecommunication systems may be either completely or partially damaged. Since enabling technologies have restricted authentication privileges for mobile users, in this paper, a strategy of mobile-sink is introduced for the extension of user authentication over cloud-based environments. A seamless secure authentication and key agreement (S-SAKA) approach using bilinear pairing and elliptic-curve cryptosystems is presented. It is shown that the proposed S-SAKA approach satisfies the security properties, and as well as being resilient to nodecapture attacks, it also resists significant numbers of other well-known potential attacks related with data confidentiality, mutual authentication, session-key agreement, user anonymity, password guessing, and key impersonation. Moreover, the proposed approach can provide a seamless connectivity through authentication over wireless sensor networks to alleviate the computation and communication cost constraints in the system. In addition, using Burrows–Abadi–Needham logic, it is demonstrated that the proposed S-SAKA framework offers proper mutual authentication and session key agreement between the mobile-sink and the base statio

Security in 5G-Enabled Internet of Things Communication: Issues: Challenges, and Future Research Roadmap

5G mobile communication systems promote the mobile network to not only interconnect people, but also interconnect and control the machine and other devices. 5G-enabled Internet of Things (IoT) communication environment supports a wide-variety of applications, such as remote surgery, self-driving car, virtual reality, flying IoT drones, security and surveillance and many more. These applications help and assist the routine works of the community. In such communication environment, all the devices and users communicate through the Internet. Therefore, this communication agonizes from different types of security and privacy issues. It is also vulnerable to different types of possible attacks (for example, replay, impersonation, password reckoning, physical device stealing, session key computation, privileged-insider, malware, man-in-the-middle, malicious routing, and so on). It is then very crucial to protect the infrastructure of 5G-enabled IoT communication environment against these attacks. This necessitates the researchers working in this domain to propose various types of security protocols under different types of categories, like key management, user authentication/device authentication, access control/user access control and intrusion detection. In this survey paper, the details of various system models (i.e., network model and threat model) required for 5G-enabled IoT communication environment are provided. The details of security requirements and attacks possible in this communication environment are further added. The different types of security protocols are also provided. The analysis and comparison of the existing security protocols in 5G-enabled IoT communication environment are conducted. Some of the future research challenges and directions in the security of 5G-enabled IoT environment are displayed. The motivation of this work is to bring the details of different types of security protocols in 5G-enabled IoT under one roof so that the future researchers will be benefited with the conducted work

A Survey on Smart Home Authentication: Toward Secure, Multi-Level and Interaction-based Identification

With the increased number and reduced cost of smart devices, Internet of Things (IoT) applications such as smart home (SHome) are increasingly popular. Owing to the characteristics of IoT environments such as resource constrained devices, existing authentication solutions may not be suitable to secure these environments. As a result, a number of authentication solutions specifically designed for IoT environments have been proposed. This paper provides a critical analysis of existing authentication solutions. The major contributions of the paper are as follows. First, it presents a generic model derived from an SHome use-case scenario. Secondly, based on the model, it performs a threat analysis to identify possible means of attacks. The analysis leads to the specification of a set of desirable security requirements for the design of authentication solutions for SHome. Thirdly, based on the requirements, existing authentication solutions are analysed and some ideas for achieving effective and efficient authentication in IoT environments are proposed