Document Type : Research Article
Authors
Department of Electrical and Computer Engineering, Sicence and Research Branch, Islamic Azad University, Sattari St., Tehran, 10587, Tehran, Iran
Abstract
Designing authentication techniques suitable for wireless sensor networks (WSNs) with their dedicated consideration is critical due to the nature of public channel. In 2022, Liu et al. presented an authentication protocol which employs dynamic authentication credentials (DACs) and Intel software guard extensions (SGX) to guarantee security in WSNs, and it was shown that it is secure by formal and informal security analysis. In this paper, we show that it is not secure against desynchronization attack and offline guessing attack for long-term random numbers of users. In addition, it suffers from the known session-specific temporary information attack. Then, to address these vulnerabilities an improved authentication scheme using DAC and Intel SGX will be presented. It is shown that not only it is secure against aforementioned attacks with employing formal and informal analysis, but also it has a reasonable communication and computation overhead. It should be highlighted that the communication and computation overheads of our proposal are increased negligibly, but it provides more security features compared to the baseline protocol.
Keywords
[1] L. Zhu X. Du M. Shen, X. Tang and M. Guizani. Privacy-preserving support vector machine training over blockchain-based encrypted iot data in smart cities. IEEE Internet of Things Journal, 6(5):7702–7712, 2019.
[2] N. Kumar X. Jia, D. He and K.-K. R. Choo.Authenticated key agreement scheme for fogdriven iot healthcare system. Wireless Networks, 25(8):4737–4750, 2019.
[3] K. Wu M. Cao S. Jiang H. Fu, G. Manogaran and A. Yang. Intelligent decision-making of online shopping behavior based on internet of things. nternational Journal of Information Management, 50:515–525, 2020.
[4] M. S. Farash T. Shon S. A. Chaudhry, H. Naqvi and M. Sher. An improved and robust biometrics-based three factor authentication scheme for multiserver environments. Journal of Supercomputing, 74:3504–3520, 2015.
[5] A. Jabbari and J. Bagherzadeh. A revised key agreement protocol based on chaotic maps. Non-linear Dynamics, 78(1):669–680, 2014.
[6] S. Fan M. Ma, D. He and D. Feng. Certificateless searchable public key encryption scheme secure against keyword guessing attacks for smart healthcare. Journal of Information Security and Applications, 50(102429), 2020.
[7] M. M. Modiri; J. Mohajeri; M. Salmasizadeh. Gslha: Group-based secure lightweight handover authentication protocol for m2m communication. The ISC International Journal of Information Security (ISeCure 2020), 12(2):101–111, 2020.
[8] V. Chegeni; H. Haj Seyyed Javadi; M. R.Moazami Goudarzi; A. Rezakhani. Providing a hybrid cryptography algorithm for lightweight authentication protocol in rfid with urban traffic usage case. The ISC International Journal of Information Security (ISeCure 2021), 13(1):73–85, 2021.
[2] N. Kumar X. Jia, D. He and K.-K. R. Choo.Authenticated key agreement scheme for fogdriven iot healthcare system. Wireless Networks, 25(8):4737–4750, 2019.
[3] K. Wu M. Cao S. Jiang H. Fu, G. Manogaran and A. Yang. Intelligent decision-making of online shopping behavior based on internet of things. nternational Journal of Information Management, 50:515–525, 2020.
[4] M. S. Farash T. Shon S. A. Chaudhry, H. Naqvi and M. Sher. An improved and robust biometrics-based three factor authentication scheme for multiserver environments. Journal of Supercomputing, 74:3504–3520, 2015.
[5] A. Jabbari and J. Bagherzadeh. A revised key agreement protocol based on chaotic maps. Non-linear Dynamics, 78(1):669–680, 2014.
[6] S. Fan M. Ma, D. He and D. Feng. Certificateless searchable public key encryption scheme secure against keyword guessing attacks for smart healthcare. Journal of Information Security and Applications, 50(102429), 2020.
[7] M. M. Modiri; J. Mohajeri; M. Salmasizadeh. Gslha: Group-based secure lightweight handover authentication protocol for m2m communication. The ISC International Journal of Information Security (ISeCure 2020), 12(2):101–111, 2020.
[8] V. Chegeni; H. Haj Seyyed Javadi; M. R.Moazami Goudarzi; A. Rezakhani. Providing a hybrid cryptography algorithm for lightweight authentication protocol in rfid with urban traffic usage case. The ISC International Journal of Information Security (ISeCure 2021), 13(1):73–85, 2021.
[9] F. B. Bayatiani; H. Mala. A lightweight rfid grouping proof protocol with forward secrecy and resistant to reader compromised attack. The ISC International Journal of Information Security (ISeCure 2023), 15(3):1–12, 2023.
[10] R. Zhang X. Liu and M. Zhao. A robust authentication scheme with dynamic password for wireless body area networks. Computer Networks, 116:220–234, 2019.
[11] J. Ma X. Liu, Z. Guo and Y. Song. A secure authentication scheme for wireless sensor networks based on dac and intel sgx. IEEE Internet of Things Journal, 9(5):3533–3547, 2021.
[12] M. L. Das. Two-factor user authentication in wireless sensor networks. IEEE transactions on wireless communications, 8(3):1086–1090, 2009.
[13] M. K. Khan and K. Alghathbar. Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks. Sensors, 10(3):2450–2459, 2010.
[14] D. Makrakis B. Vaidya and H. T. Mouftah. Improved two-factor user authentication in wireless sensor networks. In Proc. of the 6-th International Conference on international conference on wireless and mobile computing, networking and
communications, pages 600–606, Niagara Falls, ON, Canada, 11-13 October 2010. IEEE.
[15] W. Jeon Y. Lee J. Kim, D. Lee and D. Won.Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks. Sensors, 14(4):6443–6462, 2014.
[16] Z. Xiong J. Li, Y. Ding and S. Liu. An improved two-factor mutual authentication scheme with key agreement in wireless sensor networks. KSII Transactions on Internet and Information Systems, 11(11):5556–5573, 2017.
[17] K. Lee K. Park S. Yu, J. Lee and Y. Park. Secure authentication protocol for wireless sensor networks in vehicular communications. Sensors, 18(10):doi: 10.3390/s18103191, 2018.
[18] M. J. Sadri and M. R. Asaar. A lightweight anonymous two-factor authentication protocol for wireless sensor networks in internet of vehicles. Internatonal Journal of Communication Systems, 33(14):e4511, 2020.
[19] G. P. Biswas M. K. Khan L. Leng R. Amin, S. K. H. Islam and N. Kumar. Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Computer Networks, 101:42–62, 2016.
[20] M. Nikooghadam A. Ostad-Sharif, H. Arshad and D. Abbasinezhad-Mood. Three party secure data transmission in iot networks through design of a lightweight authenticated key agreement scheme. Future Generation Computer Systems,
100(2):882–892, 2019.
[21] C.-C. Lee C.-T. Chen and I.-C. Lin. Efficient and secure three-party mutual authentication key agreement protocol for
wsns in iot environments. PLoS ONE, 15(4):https://doi.org/10.1371/journal.pone.0232277, 2020.
[22] C. C. Chang and H. D. Lee. A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Transactions on wireless communications, 15(1):357–366, 2016.
[23] N. Kumar R. Amin, S. K. H. Islam and K.-K. R.Choo. An untraceable and anonymous password authentication protocol for heterogeneous wireless sensor networks. Journal of network and computer applications, 104:133–144, 2018.
[24] W.-Y. Hsueh C.-C. Chang and T.-F. Cheng. A dynamic user authentication and key agreement scheme for heterogeneous wireless sensor networks. Wireless Personal Communications, 89(2):447–465, 2016.
[25] Y. Sun Z. Yang, J. Lai and J. Zhou. A novel authenticated key agreement protocol with dynamic credential for wsns. ACM Transactions on Sensor Networks (TOSN), 15(2):1–27, 2019.
[26] M. L. Das S. Agrawal and J. Lopez. Detection of node capture attack in wireless sensor networks. IEEE Systems Journal, 13(1):238–247, 2018.
[27] D. Fu and X. Peng. Tpm-based remote attestation for wireless sensor networks. Tsinghua Science and Technology, 21(3):312–321, 2016.
[28] W. Hu H. Tan and S. Jha. A remote attestation protocol with trusted platform modules (tpms) in wireless sensor networks. Security and Communication Networks, 8(13):2171–2188, 2015.
[29] R. A. Balisane and A. Martin. Trusted execution environment-based authentication gauge (teebag). In Proc. of the 2016 New Security Paradigms Workshop (NSPW2016), pages 61–67, New York, NY, USA, 26-29 September 2016. ACM.
[30] C. A. Maziero R. C. R. Cond´e and N. C. Will. Using intel sgx to protect authentication credentials in an untrusted operating system. In Proc. of the 2018 IEEE Symposium on Computers and Communications (ISCC2018), pages 00158–00163., Natal, Brazil, 25-28 June 2018. IEEE.
[31] H. Sun and S. Xiao. Dna-x: Dynamic network authentication using sgx. In Proc. of the 2nd International Conference on Cryptography, Security and Privacy (ICCSP 2018), pages 110–115, Guiyang, China, 16-19 March 2018. ACM.
[32] N. Asokan K. Kostiainen and J.-E. Ekberg. Credential disabling from trusted execution environments. In Proc. of the 15th Nordic Conference on Secure IT Systems: Information Security Technology for Applications (NordSec2010), pages 110–115, Espoo, Finland, 27-29 October 2010. Springer, Berlin, Heidelberg.
[33] K. Kostiainen and N. Asokan. Credential life cycle management in open credential platforms. In Proc. of the 6th ACM workshop on Scalable trusted computing (STC2011), pages 65–70, Chicago Illinois, USA, 17 October 2011. ACM.
[34] J.-F Lalande G. Arfaoui, S. Gharout and J. Traor´e. Practical and privacy-preserving tee migration. In Proc. of Information Security Theory and Practice: 9th IFIP WG 11.2 International Conference (WISTP 2015), pages 93–98, Heraklion, Crete, Greece, 24-25 August 2015. Springer, Berlin, Heidelberg.
[35] R. N. Akram C. Shepherd and K. Markantonakis. Establishing mutually trusted channels for remote sensing devices with trusted execution environments. In Proc. of the 12th International Conference on Availability, Reliability and Security (ARES 2017), pages 1–10, Reggio Calabria, Italy, 29 August-1 September 2017. ACM.
[36] R. N. Akram C. Shepherd and K. Markantonakis. Remote credential management with mutual attestation for trusted execution environments. In Proc. of the 12th International Conference on Availability, Reliability and Security (ARES 2017), pages 1–10, Reggio, Calabria, Italy, 29 August- 1 September 2017. ACM.
[37] Y. Omori and T. Yamashita. Extended interdevice digital rights sharing and transfer based on device-owner equality verification using homomorphic encryption. IEICE TRANSACTIONS on Information and Systems, 103(6):1339–1354, 2020.
[38] M. Wazid J. Srinivas, A. K. Das and N. Kumar. Anonymous lightweight chaotic map-based authenticated key agreement protocol for industrial internet of things. IEEE Transactions on Dependable and Secure Computing, 17(6):1133–1146, 2018.
[39] E. A. Dabbish T. S. Messerges and R. H. Sloan.Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on computers, 51(5):541–552, 2002.
[40] F. D. Garcia J. V. Bulck D. Gruss K. Murdock, D. Oswald and F. Piessens. Plundervolt: Software-based fault injection attacks against intel sgx. In Proc. of the IEEE Symposium on Security and Privacy (SP), pages 1466–1482, San Francisco, CA, USA, 18-21 May 2020. IEEE.
[41] J. V. Bulck et al. Foreshadow: Extracting the keys to the intel sgx kingdom with transient out-of-order execution. In Proc. of the 27th USENIX Security Symposium, pages 991–1008, Baltimore, MD, USA, 15–17 August 2018. IEEE.
[42] P. Oechslin. Making a faster cryptanalytic time-memory trade-off. In Proc. of the 23rd Annual International Cryptology Conference on Advances in Cryptology-CRYPTO 2003, pages 617–630, Santa Barbara, California, USA, August 17-21, 2003. Springer Berlin Heidelberg.
[43] R.M. Needham M. Burrows M, M. Abadi. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18–36, 1990.
[44] Z. Xia G. Gao, Z. Feng. Energy efficient three-factor authentication in wireless sensor networks with resisting insider attacks. IEEE Transactions on Green Communications and Networking, 7(3):https://doi.org/10.1145/3607142, 2023.
[45] K. Mahmood S. Shamshad M.A. Saleem M.F. Ayub M. N. Fatima, M.S. Obaidat. Privacy-preserving three-factor authentication protocol for wireless sensor networks deployed in agricultural field. ACM Transactions on Sensor Networks, page https://doi.org/10.1145/3607142, 2023.
[10] R. Zhang X. Liu and M. Zhao. A robust authentication scheme with dynamic password for wireless body area networks. Computer Networks, 116:220–234, 2019.
[11] J. Ma X. Liu, Z. Guo and Y. Song. A secure authentication scheme for wireless sensor networks based on dac and intel sgx. IEEE Internet of Things Journal, 9(5):3533–3547, 2021.
[12] M. L. Das. Two-factor user authentication in wireless sensor networks. IEEE transactions on wireless communications, 8(3):1086–1090, 2009.
[13] M. K. Khan and K. Alghathbar. Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks. Sensors, 10(3):2450–2459, 2010.
[14] D. Makrakis B. Vaidya and H. T. Mouftah. Improved two-factor user authentication in wireless sensor networks. In Proc. of the 6-th International Conference on international conference on wireless and mobile computing, networking and
communications, pages 600–606, Niagara Falls, ON, Canada, 11-13 October 2010. IEEE.
[15] W. Jeon Y. Lee J. Kim, D. Lee and D. Won.Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks. Sensors, 14(4):6443–6462, 2014.
[16] Z. Xiong J. Li, Y. Ding and S. Liu. An improved two-factor mutual authentication scheme with key agreement in wireless sensor networks. KSII Transactions on Internet and Information Systems, 11(11):5556–5573, 2017.
[17] K. Lee K. Park S. Yu, J. Lee and Y. Park. Secure authentication protocol for wireless sensor networks in vehicular communications. Sensors, 18(10):doi: 10.3390/s18103191, 2018.
[18] M. J. Sadri and M. R. Asaar. A lightweight anonymous two-factor authentication protocol for wireless sensor networks in internet of vehicles. Internatonal Journal of Communication Systems, 33(14):e4511, 2020.
[19] G. P. Biswas M. K. Khan L. Leng R. Amin, S. K. H. Islam and N. Kumar. Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Computer Networks, 101:42–62, 2016.
[20] M. Nikooghadam A. Ostad-Sharif, H. Arshad and D. Abbasinezhad-Mood. Three party secure data transmission in iot networks through design of a lightweight authenticated key agreement scheme. Future Generation Computer Systems,
100(2):882–892, 2019.
[21] C.-C. Lee C.-T. Chen and I.-C. Lin. Efficient and secure three-party mutual authentication key agreement protocol for
wsns in iot environments. PLoS ONE, 15(4):https://doi.org/10.1371/journal.pone.0232277, 2020.
[22] C. C. Chang and H. D. Lee. A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Transactions on wireless communications, 15(1):357–366, 2016.
[23] N. Kumar R. Amin, S. K. H. Islam and K.-K. R.Choo. An untraceable and anonymous password authentication protocol for heterogeneous wireless sensor networks. Journal of network and computer applications, 104:133–144, 2018.
[24] W.-Y. Hsueh C.-C. Chang and T.-F. Cheng. A dynamic user authentication and key agreement scheme for heterogeneous wireless sensor networks. Wireless Personal Communications, 89(2):447–465, 2016.
[25] Y. Sun Z. Yang, J. Lai and J. Zhou. A novel authenticated key agreement protocol with dynamic credential for wsns. ACM Transactions on Sensor Networks (TOSN), 15(2):1–27, 2019.
[26] M. L. Das S. Agrawal and J. Lopez. Detection of node capture attack in wireless sensor networks. IEEE Systems Journal, 13(1):238–247, 2018.
[27] D. Fu and X. Peng. Tpm-based remote attestation for wireless sensor networks. Tsinghua Science and Technology, 21(3):312–321, 2016.
[28] W. Hu H. Tan and S. Jha. A remote attestation protocol with trusted platform modules (tpms) in wireless sensor networks. Security and Communication Networks, 8(13):2171–2188, 2015.
[29] R. A. Balisane and A. Martin. Trusted execution environment-based authentication gauge (teebag). In Proc. of the 2016 New Security Paradigms Workshop (NSPW2016), pages 61–67, New York, NY, USA, 26-29 September 2016. ACM.
[30] C. A. Maziero R. C. R. Cond´e and N. C. Will. Using intel sgx to protect authentication credentials in an untrusted operating system. In Proc. of the 2018 IEEE Symposium on Computers and Communications (ISCC2018), pages 00158–00163., Natal, Brazil, 25-28 June 2018. IEEE.
[31] H. Sun and S. Xiao. Dna-x: Dynamic network authentication using sgx. In Proc. of the 2nd International Conference on Cryptography, Security and Privacy (ICCSP 2018), pages 110–115, Guiyang, China, 16-19 March 2018. ACM.
[32] N. Asokan K. Kostiainen and J.-E. Ekberg. Credential disabling from trusted execution environments. In Proc. of the 15th Nordic Conference on Secure IT Systems: Information Security Technology for Applications (NordSec2010), pages 110–115, Espoo, Finland, 27-29 October 2010. Springer, Berlin, Heidelberg.
[33] K. Kostiainen and N. Asokan. Credential life cycle management in open credential platforms. In Proc. of the 6th ACM workshop on Scalable trusted computing (STC2011), pages 65–70, Chicago Illinois, USA, 17 October 2011. ACM.
[34] J.-F Lalande G. Arfaoui, S. Gharout and J. Traor´e. Practical and privacy-preserving tee migration. In Proc. of Information Security Theory and Practice: 9th IFIP WG 11.2 International Conference (WISTP 2015), pages 93–98, Heraklion, Crete, Greece, 24-25 August 2015. Springer, Berlin, Heidelberg.
[35] R. N. Akram C. Shepherd and K. Markantonakis. Establishing mutually trusted channels for remote sensing devices with trusted execution environments. In Proc. of the 12th International Conference on Availability, Reliability and Security (ARES 2017), pages 1–10, Reggio Calabria, Italy, 29 August-1 September 2017. ACM.
[36] R. N. Akram C. Shepherd and K. Markantonakis. Remote credential management with mutual attestation for trusted execution environments. In Proc. of the 12th International Conference on Availability, Reliability and Security (ARES 2017), pages 1–10, Reggio, Calabria, Italy, 29 August- 1 September 2017. ACM.
[37] Y. Omori and T. Yamashita. Extended interdevice digital rights sharing and transfer based on device-owner equality verification using homomorphic encryption. IEICE TRANSACTIONS on Information and Systems, 103(6):1339–1354, 2020.
[38] M. Wazid J. Srinivas, A. K. Das and N. Kumar. Anonymous lightweight chaotic map-based authenticated key agreement protocol for industrial internet of things. IEEE Transactions on Dependable and Secure Computing, 17(6):1133–1146, 2018.
[39] E. A. Dabbish T. S. Messerges and R. H. Sloan.Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on computers, 51(5):541–552, 2002.
[40] F. D. Garcia J. V. Bulck D. Gruss K. Murdock, D. Oswald and F. Piessens. Plundervolt: Software-based fault injection attacks against intel sgx. In Proc. of the IEEE Symposium on Security and Privacy (SP), pages 1466–1482, San Francisco, CA, USA, 18-21 May 2020. IEEE.
[41] J. V. Bulck et al. Foreshadow: Extracting the keys to the intel sgx kingdom with transient out-of-order execution. In Proc. of the 27th USENIX Security Symposium, pages 991–1008, Baltimore, MD, USA, 15–17 August 2018. IEEE.
[42] P. Oechslin. Making a faster cryptanalytic time-memory trade-off. In Proc. of the 23rd Annual International Cryptology Conference on Advances in Cryptology-CRYPTO 2003, pages 617–630, Santa Barbara, California, USA, August 17-21, 2003. Springer Berlin Heidelberg.
[43] R.M. Needham M. Burrows M, M. Abadi. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18–36, 1990.
[44] Z. Xia G. Gao, Z. Feng. Energy efficient three-factor authentication in wireless sensor networks with resisting insider attacks. IEEE Transactions on Green Communications and Networking, 7(3):https://doi.org/10.1145/3607142, 2023.
[45] K. Mahmood S. Shamshad M.A. Saleem M.F. Ayub M. N. Fatima, M.S. Obaidat. Privacy-preserving three-factor authentication protocol for wireless sensor networks deployed in agricultural field. ACM Transactions on Sensor Networks, page https://doi.org/10.1145/3607142, 2023.
[46] A. Jabbari and J. B. Mohasefi. User-sensor mutual authenticated key establishment scheme for critical applications in wireless sensor networks. Wireless Networks, 27:227–248, 2020.
[47] S. J. Yu and Y. Park. Slua-wsn: Secure and lightweight three-factor-based user authentication protocol for wireless sensor networks. Sensors, 20(15):4143–1354, 2020.
[48] MIRACL Cryptographic Library: Multiprecision Integer and Rational Arithmetic C/C++ Library. Available at https://www.shamus.ie.
[47] S. J. Yu and Y. Park. Slua-wsn: Secure and lightweight three-factor-based user authentication protocol for wireless sensor networks. Sensors, 20(15):4143–1354, 2020.
[48] MIRACL Cryptographic Library: Multiprecision Integer and Rational Arithmetic C/C++ Library. Available at https://www.shamus.ie.
)