Abstract

In 2012, Das et al. proposed a new password-based user authentication scheme in hierarchical wireless sensor networks [Journal of Network and Computer Applications 35(5) (2012) 1646-1656]. The proposed scheme achieves better security and efficiency as compared to those for other existing password-based user authentication schemes proposed in the literature. This scheme supports to change dynamically the user’s password locally at any time without contacting the base station or gateway node. This scheme also supports dynamic node addition after the initial deployment of nodes in the existing sensor network. In this paper, we simulate this proposed scheme for formal security verification using the widely-accepted Automated Validation of Internet Security Protocols nd Applications (AVISPA) tool. AVISPA tool ensures that whether a protocol is insecure against possible passive and active attacks, including the replay and man-in-the-middle attacks. Using the AVISPA model checkers, we show that Das et al.’s scheme is secure against possible assive and active attacks.

Abstract

In this paper, we propose a novel identity-based random key pre-distribution scheme called the identity based key pre-distribution using a pseudo random function (IBPRF), which has better trade-off between communication overhead, network connectivity and resilience against node capture compared to the other existing key predistribution schemes. IBPRF always guarantees that no matter how many sensor nodes are captured, the secret communication between non-compromised sensor nodes are still secure. We then propose an improved version of our scheme in a large-scale hierarchical wireless sensor network. This improved approach has better trade off among network connectivity, security, communication, computational and storage overheads, and scalability than the existing random key pre-distribution schemes. The strength of the proposed IBPRF scheme and its improved approach is establishing pairwise secret keys between neighboring nodes with scantling communication and computational overheads. The improved IBPRF approach further supports a large-scale sensor network for the network connectivity. Through the analysis we show that the improved IBPRF scheme provides better security and lower overheads than other existing schemes.

Abstract

Several symmetric-key distribution mechanisms are proposed in the literature, but most of them are not scalable or they are vulnerable to a small number of captured nodes. In this paper, we propose a new dynamic random key establishment mechanism in large-scale distributed sensor networks, which supports deployment of sensor nodes in multiple phases. In the existing random key distribution schemes, nodes do not refresh their own keys, and thus, the keys in their key rings remain static throughout the lifetime of the network. One good property of our dynamic key distribution scheme is that the already deployed nodes in a deployment phase refresh their own keys in key rings before another deployment phase occurs. The strength of the proposed scheme is that it provides high resilience against node capture as compared to that for the other existing random key distribution schemes. Through analysis and simulation results, we show that our scheme achieves better network performances as compared to those for the existing random key distribution schemes. Finally, we propose an extended version of our scheme for practical usefulness to support high network connectivity and resilience against node capture

Abstract

Most queries in wireless sensor network (WSN) applications are issued at the point of the base station or gateway node of the network. However, for critical applications of WSNs there is a great need to access the real-time data inside the WSN from the nodes, because the real-time data may no longer be accessed through the base station only. So, the real-time data can be given access directly to the external users (parties) those who are authorized to access data as and when they demand. The user authentication plays a vital role for this purpose. In this paper, we propose a new password-based user authentication scheme in hierarchical wireless sensor networks. Our proposed scheme achieves better security and efficiency as compared to those for other existing password-based approaches. In addition, our scheme has merit to change dynamically the user's password locally without the help of the base station or gateway node. Furthermore, our scheme supports dynamic nodes addition after the initial deployment of nodes in the existing sensor network.

Abstract

Several key management schemes for dynamic access control in a user hierarchy are proposed in the literature based on elliptic curve cryptosystem (ECC) and polynomial interpolation. Since the elliptic curve scalar multiplication and construction of interpolating polynomials are time-consuming operations, most of the proposed schemes require high storage and computational complexity. Further, most of the proposed schemes are vulnerable to different attacks including the man-in-the-middle attacks. In this paper, we propose a novel key management scheme for hierarchical access control based on linear polynomials only. We show that our scheme is secure against different attacks including the man-in-the-middle attack, which are required for an idle access control scheme. Moreover, the computational cost and the storage space are significantly reduced in our scheme while compared to the recently proposed related schemes.

Abstract

In a key management scheme for hierarchy based access control, each security class having higher clearance can derive the cryptographic secret keys of its other security classes having lower clearances. In 2008, Chung et al. proposed an efficient scheme on access control in user hierarchy based on elliptic curve cryptosystem [Information Sciences 178 (1) (2008) 230–243]. Their scheme provides solution of key management efficiently for dynamic access problems. However, in this paper, we propose an attack on Chung et al.’s scheme to show that Chung et al.’s scheme is insecure against the exterior root finding attack. We show that under this attack, an attacker (adversary) who is not a user in any security class in a user hierarchy attempts to derive the secret key of a security class by using the root finding algorithm. In order to remedy this attack, we further propose a simple improvement on Chung et al.’s scheme. Overall, the main theme of this paper is very simple: a security flaw is presented on Chung et al.’s scheme and then a fix is provided in order to remedy the security flaw found in Chung et al.’s scheme.

Abstract

Establishment of pairwise keys between sensor nodes in a sensor network is a difficult problem due to resource limitations of sensor nodes as well as vulnerability to physical captures of sensor nodes by the enemy. Public-key cryptosystems are not much suited for most resource-constrained sensor networks. Recently, elliptic curve cryptographic techniques show that public key cryptosystem is also feasible for resource-constrained sensor networks. However, most researchers accept that the symmetric key cryptosystems are viable options for resource-constrained sensor networks. In this paper, we first develop a basic principle to address the key pre-distribution problem in mobile sensor networks. Then, using this developed basic principle, we propose a scheme which takes the advantage of the post-deployment knowledge. Our scheme is a modified version of the key prioritization technique proposed by Liu and Ning. Our improved scheme provides reasonable network connectivity and security. Moreover, the proposed scheme works for any deployment topology.

Abstract

The author first reviews the recently proposed Li-Hwang's biometric-based remote user authentication scheme using smart cards; then shows that the Li-Hwang's scheme has some design flaws in their scheme. In order to withstand those flaws in their scheme, an improvement of their scheme is further proposed. The author also shows that the improved scheme provides strong authentication with the use of verifying biometric, password as well as random nonces generated by the user and the server as compared to that for the Li-Hwang's scheme and other related schemes.