Simple Dynamic User Authentication 2011

Protocols for WSNs

1. INTRODUCTION

Because of the ubiquitous nature, ease of deployment, and wide range of potential
applications, wireless sensor networks (WSNs) have attracted much attention in recent years.
WSNs commonly consist of a large number of miniaturized sensor/actuator devices with low
processing power, limited storage and energy that communicate over an ad hoc wireless network.
Possible applications of WSNs include smart buildings, smart human beings, traffic monitoring,
military tracking etc. in some applications, integrity and confidentiality of collected data will be
a critical concern. Therefore, it is important to authenticate users who access the data directly
from sensor nodes.

Various source authentication schemes for WSNs have been proposed previously. The
TinyPK, a public-key-based protocol, allows authentication and key agreement between a sensor
network and a third party as well as between sensor networks. To reduce the computational
complexity, a small public exponent, i.e., e=3, is adopted for the RSA cryptosystem. It had been
studied that such a low exponent variant of RSA is secure as long as proper precautions, such as
appropriate random padding in encrypting text, is taken. The protocol was implemented on UC
Berkeley MICA2 motes to show that public-key technologies can be used on low-power devices.
Another public key-based user authentication protocol using Elliptic Curve Cryptography can be
found. In 2006, a strong-password based dynamic user authentication scheme was proposed.
This scheme imposes very light computational load that requires only one-way hash function and
exclusive-OR operations. In this scheme, a user registers with the gateway node(GW-node)
before he or she can login and access data from the sensor network. The protocol is shown to be
resistant to certain user identification/password guessing attacks and replay login-message
attacks.

We propose two simple dynamic user authentication protocols that are variations of the
strong-password based scheme. In the first protocol, we simplify the authentication process to
reduce the computational load of sensor nodes while providing the same security. In the second
protocol, we change the final decision place from GW-node to the sensor node so that no
intruder can impersonate the GW-node to grant access right to illegitimate users.

Dept. of Telecommunication 1 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

A Wireless Sensor Network (WSN) consists of spatially distributed autonomous sensors

to monitor physical or environmental conditions, such as temperature, sound, vibration, pressure,
motion or pollutants , and to cooperatively pass their data through the network to a main
location. The more modern networks are bi-directional, enabling also to control the activity of
the sensors. The development of wireless sensor networks was motivated by military
applications such as battlefield surveillance; today such networks are used in many industrial and
consumer application, such as industrial process monitoring and control, machine health
monitoring, environment and habitat monitoring, healthcare applications, home automation, and
traffic control.

Total working of wireless sensor networking is based on its construction. Sensor network
initially consists of small or large nodes called as sensor nodes. These nodes are varying in size
and totally depend on the size because different sizes of sensor nodes work efficiently in
different fields. Wireless sensor networking have such sensor nodes which are specially designed
in such a typical way that they have a microcontroller which controls the monitoring, a radio 
transceiver for generating radio waves, different type of wireless communicating devices and
also equipped with an energy source such as battery. The entire network worked simultaneously
by using different dimensions of sensors and worked on the phenomenon of multi routing
algorithm which is also termed as wireless ad hoc networking.

In the present era there are lot of technologies which are used for monitoring are
completely based on the wireless sensor networking. Some of important applications are
environmental monitoring, traffic control application, weather checking, regularity checking of
temperature etc. Wireless sensor networks can also be used for detecting the presence of vehicles
such as motor cycles up to trains. These are some important wireless sensor networking based
technologies which help us in our daily life. Some of there daily life applications are: used in
agriculture, water level monitoring, green house monitoring, landfill monitoring etc.

Dept. of Telecommunication 2 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

Authentication is the process of determining whether someone or something is, in fact,

who or what it is declared to be. In private and public computer networks (including the
Internet), authentication is commonly done through the use of logon passwords. Knowledge of
the password is assumed to guarantee that the user is authentic.

Three levels of authentication

 User level identification: user sends its pins etc. to the system to identify itself.
 Device level identification: the phone or device identifies itself to the network
 Radio line level encryption: use of encryption algorithms to send messages.
Usually, User level identification and device level identification are combinedas the user is the
device.
The first two level of authentication is the most important because security critical errors
made at this stage will undermine the security of the whole session and possibly subsequent
sessions as well. These two levels are often known as call setup process to setup a session. It
consists of protocols for authentication and key management.

What is Authentication Protocol

• Protects
User Confidentially
User Authentication

• Provides three stages:

Identification
Verification
Secret keys established

Dept. of Telecommunication 3 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

There are two main purposes involved in the forming the authentication protocol. The
first is confidentially which is preventing an attacker from know which user is using what
resource in the network and which part of the network is providing that service.
Authentication is for the communicating party to identify each other. Specifically, the
authentication protocol also provides three services.
The identification stage is when the entity or MS presents its identity to the network. The
verification stage is where the identity is checked. At the same time, the network is also
identified to the MS and that identity is checked so that MS knows, it is communicating with the
correct network. The third stage is allowing a secret key to be established once the
communicating party has identified each other.

Dept. of Telecommunication 4 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

2. LITERATURE SURVEY

TinyPK Securing sensor networks with public key technology

This paper focuses on supporting confidentiality and source authentication for sensor
network traffic. Other researchers have previously achieved a strong step towards these goals in
that symmetric encryption algorithms have been implementing on several sensor networks. For
MICA mote hardware, efficient software implementations of symmetric (i.e., secret key)
encryption and corresponding message authentication codes have been developed by UC
Berkeley and in unpublished work by SRI.Hardware implementations of AES are now included
on devices using 802.15.4 radios (such as the Ember sensor nodes). Our expectation is that
secure symmetric encryption ill be widely available on the sensor networks of the future.

The critical problem is making effective use of that secure symmetric encryption
capability. As is always the case with symmetric encryption, proper key management is a
fundamental concern. Public key (PK) technology is a widely used tool to support symmetric key
management in the realm of Internet hosts and high-bandwidth interconnections. It is the thesis
of this paper that public key technology can also be very selectively deployed in the realm of
sensor networks. In the past, the constraints of sensor networks have fostered a belief in some
researchers that many Internet-level security techniques are too heavyweight for sensor networks
and those new alternatives must be developed. This opinion has been very valuable in that it has
lead to interesting new research, but in this paper, we demonstrate that with careful design, the
widely used RSA public key cryptosystem and Diffie-Hellman key agreement techniques can be
deployed on even the most constrained of the current sensor network devices.

Wong et al proposed in 20106 a light-weight strong-password based dynamic user

authentication protocol for WSNs. It consists of three phases: Registration, Login and
Authentication.

Dept. of Telecommunication 5 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

Registration Phase:

Here user submits his or her identification user ID and password PW to the GW-node.
The GW-node computes A=h(userID||key) and B=h(A||h(PW)), where key is the private key or
shared secret key known to the GW-node, h denotes a one-way hash function and x||y represents
concatenation of two bit strings x and y. the GW-node replies to the user for successful
registration and stores (userID, PW, A, B, TS) where TS represents the timestamp that the GW-
node recorded before when a user was doing registration. The GW-node distributes (userID, A,
TS) over the sensor network in encrypted mode during transmission to those sensor nodes which
are able to provide a login interface to users.

Login Phase:

Here user submits (userID*, PW*) to a login node. The login node checks its look up
table to see if userID* is a valid user. The login request is rejected if it is not. Otherwise, the
login node retrieves the corresponding A and computes B*=h(A|| h(PW*)), C2=(B* XOR A),
and C1=h(T XOR B*), where T is the current timestamp at that moment. The login node then
sends (userID*, C2, C1, T) to the GW-node for final authentication process.

Authentication Phase:

Here the GW-node, upon receiving (userID*, C2, C1, T) at time T*, checks whether or
not userID* is a valid user. A reject message is sent to the login node if it is not. Otherwise, it
verifies if T*-T ≤∆t, where ∆t represents the expected delay of processing and transmission. If
the condition is not satisfied, then the login request is considered as a replay message and thus is
rejected. On the other hand, if T*-T ≤∆t, then the GW-node retrieves corresponding A and B and
computes C2*=(B XOR A), and C1*=h(T XOR B).

A reject message is sent to the login node if C2≠C2* or C1≠C1*. Otherwise, an accept
message is sent to the login node which is forwarded to the user.

Dept. of Telecommunication 6 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

Figure 2.1: Communication Handshakes for the proposed protocol

Dept. of Telecommunication 7 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

The communication handshakes for the three phases are summarized in fig 2.1. It is clear
that the GW-node requires two hash operations in Registration phase. Let us consider the
computational load of the authentication process for a login request. The GW-node needs to
perform one hash function and two XOR operations and the login node requires three hash
function and two XOR operations. As for communication cost, the GW-node has to distribute
(userID, A, TS) in Registration phase to those sensor nodes which are able to provide a login
interface to users. For each login request, the login node has to send (userID*, C2, C1, T) to the
GW-node and the GW-node sends either an accept message or a reject message back to the login
node. It was analyzed in that, if Registration phase is carried out in a secure mode, the above
protocol is resistant to attacks such as: valid userID, fake PW; invalid userID, valid/fake PW;
and replay login request with or without modifying the login message.

Dept. of Telecommunication 8 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

Drawbacks

Although Wong et al. proposed a dynamic user authentication scheme that allows
legitimate users to query at any of the sensor nodes and imposes very light computational load,
there still remains several security weaknesses in their scheme. We will now examine these
weaknesses in details.

1) It cannot stand against replay attacks. A replay attack is that an attacker tries to replay the
same messages obtained in previous sessions. If the attacker can successfully login to the remote
system through replay, then the scheme cannot withstand a replay attack. Assume that U is an
attacker who eavesdrops a user’s login message (userID , C1,C2 ,T) . He/she can use the same
message to login to the system successfully as long as the value T is still within the allowed time
interval. That is, as long as the difference between the current time and the value T is less than
ΔT, the attacker can use the same message to perform the replay attack.
2) It cannot stand against forgery attacks. In a forgery attack, if an attacker eavesdrops or
intercepts the login messages, he/she can modify the login messages to masquerade as a
legitimate user in order to access the resources of a remote system. Assume that U is the attacker
who can steal from a sensor login-node another user’s information (userID, A,TS) . He/she also
intercepts the user’s information 1 2 (userID,C ,C ,T) sent by the sensor loginnode. The attacker
can use the information to derive B*
as follows:
B* = C2 XOR A (8)
due to (5). Hence, U can use a new timestamp T′ to compute a new C1′ as follows:

C1= H(T XOR B* ) (9)

Dept. of Telecommunication 9 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

U then sends Msg(userID,C1′,C2 ,T′) to the GW. Hence, C1′ will be successfully verified by the
GW. Therefore, U can use another user’s ID to launch a forgery attack.
3) Passwords can be revealed by any of the sensor nodes. Even though passwords are
transmitted via a secure channel in the registration and login phases, all the passwords are still
known to the GW and all the login nodes in plain text. There is no protection mechanism for the
passwords in these phases. In case any of the GW or login nodes is compromised, all passwords
leaked out.
4) A user cannot change his/her password with Wong et al.’s scheme. Passwords are fixed
once they are set. A fixed password is more easily suffered from attacks than a regularly changed
password.

To overcome all these problems two protocols were proposed. Two protocols are
explained as mentioned below.

Dept. of Telecommunication 10 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

3. FIRST PROTOCOL

For the protocol described in the last section, the authentication result is determined in
the last step of Authentication phase by the GW-node. For each login request, the computational
load of the sensor node is higher than that of the GW-node which is not desirable. In this section,
we propose two modified protocols to reduce the computational load of sensor nodes and
improve security. In our first proposed protocol, the authentication result is determined by the
GW-node, same as the scheme proposed. Our second proposed protocol lets the login node make
the final fig 2.1.Communication handshakes for the protocol proposed in authentication decision.
Compared with the first protocol, the second protocol has advantage of being resistant to the
attack of an intruder impersonating the GW-node to grant access right to illegitimate users. The
tradeoff is slight increase in computational load and communication cost. Our proposed protocol
consists of the same three phases. Details of the first proposed protocol are described below.

Registration Phase:

Here, a user submits his/her identification userID and password PW to the GW-node. The
GW-node computes A= h(userID || PW || key). Then the GW-node replies to the user for
successful registration, stores (userID, PW, A, TS), and distributes (userID, A, TS) to those
sensor nodes which are able to provide a login interface to users.

Login Phase:

Here, a user submits (userID*, PW*) to a login node. Upon receiving the login request at
time T0, the login node checks its lookup table to see if userID* is a valid user. The login request
is rejected if it is not. Otherwise, the login node retrieves the corresponding A and computes
B=h(userID*|| B|| T0|| A). it then sends (userID*, B, T0) to the GW-node.

Authentication Phase:

Dept. of Telecommunication 11 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

In Authentication phase, the GW-node checks whether or not userID* is a valid user. The
login request is rejected if it is not. Otherwise, the GW-node verifies if T1-T0≤∆ t, where T1

represents the time the GW-node receives (userID*, B, T0). If the condition is not satisfied, then
the login request is considered as a replay message and thus is rejected. On the other hand, if T1-
T0≤∆t, then the GW-node retrieves the corresponding PW and A and computes B*=h(userID* ||
PW || T0|| A). A reject message is sent to the login node if B≠B*. Otherwise, an accept message
is sent to the login node which is forwarded to the user.

Dept. of Telecommunication 12 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

Figu
re 3.1: Communication handshakes for the First proposed protocol

Dept. of Telecommunication 13 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

4. SECOND PROTOCOL

The second proposed protocol differs from the first protocol only in Authentication
phase. The GW-node does not send an accept message to the login even if B=B*. Instead, it
computes C*= h(A || T1) and sends (userID*, C*, T1) to the login node. Upon receiving the
message at time T2, the login node checks if T2-T1≤∆ t’. If the condition does not hold, then the
login request is rejected. Otherwise, the login node retrieves the corresponding A, performs C=
h(A || T1), and checks if C*= C. An accept message is sent to the user if the condition holds.
Otherwise, the login request is rejected.

The communication handshakes for the two proposed protocol are shown in fig 3.1 and
4.1, respectively. It is clear that the GW-node requires two hash operations in Registration phase
for both protocols. Let us evaluate the computational load of the authentication process for a
login request. For the first protocol, both the GW-node and the login node perform only one hash
function operation. For the second protocol, both the GW-node and the sensor node perform two
hash function operations. No XOR operation is necessary for both protocols. As for
communication cost, the GW-node has to distribute (userID, A, TS) in Registration phase to
those sensor nodes which are able to provide a login interface to users. For each login request,
the login node sends (userID*, B, T0) to the GW-node for both protocols. The GW-node sends
either an accept/reject message or (userID*, C*, T) back to the login node for the first protocol
and the second protocol, respectively. Compared with the solution presented, our proposed
protocols require slightly less communication cost because the transmitted messages contain
fewer elements.

Dept. of Telecommunication 14 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

Protocols Overhead Cost

Registration Login Authentication
Wong et al 2TH (GW-node)+ 3Th(Login node) 1TH(GW-node)
KCMH +2TXOR (Login node) + 1TXOR (Login node)
+ 1CMH + 1CMH
Proposed Protocol1 2TH (GW-node)+ 1TH (Login node)+ 1TH (GW-node)+
KCMH 1CMH 1CMH
Proposed Protocol2 2TH (GW-node)+ 1TH(Login node)+ 2TH (GW-node)+
KCMH 1CMH 1TH (Login node)
+1CMH

Table 4.1 Cost comparisons for the proposed protocols

Table 4.1 summarizes the comparisons of the protocol presented in the two protocols in terms of
computational load and communication cost. In this table, K denotes the number of sensor nodes
which are able to provide a login interface to users and H T, XOR T, and MH C represent,
respectively, the time for performing a one-way hash function, the time for performing an XOR
operation, and the delay time for the communication taken place between the login node and the
GW-node in multi-hops. The number of elements contained in transmitted messages is not
considered in the comparison.

Dept. of Telecommunication 15 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

User Gateway node Login node

Figure 3.1: Communication handshakes for the First proposed protocol

Dept. of Telecommunication 16 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

4. SECURITY ANALYSIS

Here, we analyze the security of our proposed protocols. As we assume that Registration
phase is carried out in a secure mode so that the possibility of eavesdropping is minimized. The
Access Control List (ACL) and security modes of IEEE 802.15.4 specification can be
incorporated into our proposed protocols to provide data confidentiality on frame level at the
MAC sub-layer in all three phases. We investigate the same security scenarios considered.

1) Valid userID, fake password PW

The system may identify it in Authentication phase because B is not equal to B*.
2) Invalid userID, valid/fake password PW
The system may identify it in Login phase because the lookup table of the login node
does not contain an entry for the invalid userID.
3) Replay login-message attack without packet modification, i.e., reuse the
message(userID*, B, T0)
The system may identify it in Authentication phase because the condition T1-T0≤∆ t does
not hold.
4) Replay login-message attack with modification of T0 i.e., reuse the message (userID*, B,
T0’), where T0’ is the current date and time.
The system may identify it in Authentication phase because B’ is not equal to B*.

Note that, for the protocol presented in first proposed protocol, an intruder may
impersonate the GW-node and send or replay an accept message to the login node. Such
an attack can be avoided if the second proposed protocol is adopted. The reason is that,
for a fake (userID*, C*, T1) either the condition T2-T1 ≤ ∆ t ' does not hold or userID* is
invalid or C* ≠ C.

6. CONCLUSION
Dept. of Telecommunication 17 DSCE, Bangalore
 Simple Dynamic User Authentication 2011
Protocols for WSNs

The two simple strong-password based dynamic user authentication

protocols for wireless sensor networks are explained here. Their computational
load, communication cost, and security are evaluated. Compared with a related
previous scheme, our proposed protocols consume less energy for sensor nodes
and possess better security properties. An investigation is done to enhance or
modify the proposed protocols so that the authentication process is resistant to
attacks caused by compromised sensor nodes.

Dept. of Telecommunication 18 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

7. REFERENCES

 C. Y. Chong and S. Kumar, “Sensor networks: evolution, opportunities and challenges,”

IEEE Proceedings, Vol. 91, No. 8, pp. 1247-1256, Aug. 2003.
 C. C. Chang and T. C. Wu, “Remote password authentication with smart cards,” IEEE
Proceedings, Vol. 138, No. 3, pp. 165-168, May 1991. authentication scheme,” IEEE
Trans. on Consumer Electronics, Vol. 50, No. 2,2004.
 R. Watro, D. Kong, S. Cuti, C. Gardiner, C. Lyn, and P. Kruus, “TinyPK: Securing
sensor networks with public key technology,” Proceedings of the ACM workshop on
security of ad hoc and sensor networks, ACM Press, pp. 59-64, 2004.
 K. H. M. Wong, Y. Zheng, J. Cao, and S. Wang, “A dynamic user authentication scheme
for wireless sensor networks,” Proceedings of IEEE international conference on sensor
networks, ubiquitous, and trustworthy computing, pp. 244-251, 2006.

Web-Resources:

 http://www.google.co.in/search?hl=en&source=hp&q=ieee+xplore&meta=&aq=0s&aqi=g-
s2g1g-s3g1g-s3&aql=&oq=ieee+expl

 http://ieeexplore.ieee.org/Xplore/guesthome.jsp?reload=true

 http://ieeexplore.ieee.org/search/freesearchresult.jsp?
newsearch=true&queryText=topics+based+on+wireless+communication&x=55&y=23

 http://ieeexplore.ieee.org/search/freesearchresult.jsp?
newsearch=true&queryText=simple+dynamic+user+authentication+protocols+for+wireless+sens
or+networks&x=13&y=13

Dept. of Telecommunication 19 DSCE, Bangalore

 Simple Dynamic User Authentication 2011
Protocols for WSNs

Dept. of Telecommunication 20 DSCE, Bangalore