security design scheme for user authentication on wireless
Contents
1. Registration 2 Ty 1 Cuu to his her colleagues for using However if there is a TES 2Ty 2 Ton 1 Cun user breaching this honesty intruders can still be able Authentication 1 Ty 1 Txor 1 Cun to access the WSN The only backdoor that a syste aahon 5 Tu 3 Txor 3 Cuu administrator needs to check up with is the history 1 Table 2 Cost for Benenson s n authentication of user query From that log the same the s scheme per one user basis Phases Overhead Cost Registration CA Texp produce a certificate user could be then put into a black list i Pre User n Ty n Texp The user answers F p authentication the challenges to number of n sensors kind of checking has no guarantee to Sensors n 1 Tx 2 Tae n sensors validate the same user Authentication Total Cost 2n Ty 3n Texp ead the computation time required by sensor nodes denoted by C as the metrics to evaluate the performance of e further defined as follows TH the time for performin ne way hash function hash TXOR the time for performing an XOR operation T EXP the time for performing a modular exponential computation CMH the delay time for the communication taken place between the login node and the GW node in multi hops Table 1 shows the overall cost of the proposed dynamic UA scheme The total cost overhead is the sum of computation and communication costs for all the three phases For comparison the2. User wants to do so performed in this phase are illust Phase 3 Authe j Step 1 At GW node 1 1 IF userID exists on its table list THEN retrieve parameters of dataset userID A B 1 2 ELSE send Msg REJ_LOGIN to login node for rejecting the login Step 2 Verify timestamp T with current time T if it is within the expected time interval for transmission delay 2 1 IF T T gt delta_T THEN respond Msg REJ_LOGIN to login node 2 2 Compute C2 B XOR A 2 3 Compute C1 hash B XOR T 2 4 IF C2 C2 or C1 C1 THEN respond Msg REJ_LOGIN 2 5 ELSE send Msg ACC_LOGIN to login node for accepting the login If C2 C2 it means B has been verified and then PW is also verified if C1 C1 it means the timestamp T has been verified Step 3 Login node sends login result back to User Figure 3 Steps of operations for phase 3 Note there is one hop communication between a user s mobile device and the sensor GW node during the registration Also there is only one hop communication between the device and the sensor login node since the user will go to the nearest login node area when performing this login and subsequent queries For the communication scenario between the login node and the GW node multiple hops may be required The overall handshake of the proposed protocol for user authentication is illustrated in Figure 4 International Journal of Advances in Engineering Research Internati
3. to be transmitted to the mobile network infrastructure In our proposed out to the sensor networks too One of the drawbacks xtra communication flow between the user s home domain e four handshake flows in the protocol Therefore the Most of the existing UA mes require high computation cost caused by exponentiation operations and not suitable for mobile devices e g PDAs mobile phones sensor nodes etc Lee et al 7 also proposed an improved UA scheme with low computation cost by using smart cards and one way hash functions Only three phases are used in this scheme namely Registration Phase Login Phase and Authentication Phase This scheme can resolve the attacks of forgery replay and modified login message Our proposed solution in Section 3 makes use of Lee s framework having three phases as above but adapts it for a wireless sensor network environment UA Scheme in Sensor Networks Very few works on UA in WSN can be found Benenson et al 9 proposed a scheme against sensor node capture attacks The protocol is based on International Journal of Advances in Engineering Research International Journal of Advances in Engineering Research http www ijaer com IJAER 2012 Vol No 3 Issue No III March ISSN 2231 5152 Elliptic Curve Cryptography ECC 10 The idea of this scheme is using the Public Key Infrastructure PKI approach Base Station acts as a central Certificate Authority CA i e CA priv_keyCA pub_ke
4. 6 e Forgery Attack on a Remote Authentication Scheme pp 189 294 2003 International Journal of Advances in Engineering Research
5. AINA 2005 Taiwan March 2005 8 N El Fishway M Nofal and A Tadros An Effective Approach for Authentication of Mobile Users IEEE 55th Vehicular Technology Conference VTC May 2002 9 Z Benenson N Gedicke and O Raivio Realizing Robust User Authentication in Sensor International Journal of Advances in Engineering Research International Journal of Advances in Engineering Research http www ijaer com JAER 2012 Vol No 3 Issue No II March ISSN 2231 5152 Networks Workshop on Real World Wireless Sensor Networks Sweden June 2005 10 D Malan M Welsh and M Smith A Public key Infrastructure for Key Distribution in TinyOS based on Elliptic Curve Cryptography First IEEE International Conference on Sensor and Ad Hoc Communications 11 Z Benenson F Gartner and D Kesdogan User Authentication in Sensor Networks Extended Abstract Lecture Notes informatics Proceedings of Informatik 2004 Workshop on Sensor Networks Ulm Germany September 2004 12 N Sastry and D Wagner Security Considerations for IEEE 802 15 4 Networks ACM Workshop on Wireless Security WiSe 2004 Philadelphia October 2004 13 IEEE Standards for 802 15 4 Part 15 4 Wi Physical Layer PHY Specifications for Lo WPANSs Version of 1 October 2003 2003 pdf 14 SmartRF CC2420 Datasheet re ser Manual June 2004 pp 469 472 July 1985 ohn Wiley amp Sons Inc New York 2nd edition 199
6. International Journal of Advances in Engineering Research http www ijaer com IJAER 2012 Vol No 3 Issue No II March ISSN 2231 5152 SECURITY DESIGN SCHEME FOR USER AUTHENTICATION ON WIRELESS SENSOR NETWORKS Mr Deepak Choudhary Prof Rakesh Kumar Ms Neeru Gupta Ph D Research Scholar CMJ University Shillong Email engg_deepak yahoo com Director K P Jain Engg College Ghaziabad CoD CSE Deptt In Manav Bharti University Solan ABSTRACT password authentication approach imposes ve such as one way hash function and exclusive OR loped to collect data about the monitored environment ent and presented probably after some processing to pon event detection Many different kinds of WSN e ubiquitous nature of WSN and its easy deployment This will be available on deman general most of queries in WSN applications are issued at the points of base stations or at the backend of the application systems However we could foresee that there should have great needs to access the real time data inside WSNs Therefore real time data may no longer be accessed at the base station or the gateway node only rather they could be accessed anywhere from a sensor node in a WSN in an ad hoc manner In general the collected data may not be so critical such as the query of the current temperature in a location within a building However for some applications the data collected is valuable and confidential Security me
7. asures should be provided to protect the access to these critical data as well as to restrict non authorized users from gaining the access the data Access control is a classical problem in many existing computer systems and applications Normally user authentication UA is used as a basic solution to safeguard the access control issue International Journal of Advances in Engineering Research International Journal of Advances in Engineering Research http www ijaer com JAER 2012 Vol No 3 Issue No II March ISSN 2231 5152 Many examples of UA measures can be found in our daily life such as login to our office s local area network mobile phone s device authentication down to a password based authentication for our account transactions on banks ATM machines and the like Unfortunately a review of current studies on WSN reveals that user authentication has not been adequately addressed although many researchers have been reported on WSN security issues This may be due to the resource constrained nature of WSNs where computation storage and battery power are quite limited on each sensor node Given the resource constraints it is difficult to apply traditional UA solutions in WSNSs In this paper we study the UA problem in the context of a WSN where legitimate user is allowed to query and collect the data at any sensor node of the network We propose a UA solution based on the strong password authentication approach 4 whic
8. cost overhead for Benenson s 9 n authentication approach is listed in Table 2 Although a direct comparison might not be appropriately due to the different approaches used in each setting we can see the costs are dramatically different for the two schemes International Journal of Advances in Engineering Research International Journal of Advances in Engineering Research http www ijaer com IJAER 2012 Vol No 3 Issue No II March ISSN 2231 5152 RECOMMENDATIONS Based on the overall conceptual framework and security protocol as proposed above in this section we consider the implementation issues Although a practical and experimental implementation is beyond the scope of this paper we give the recommendations of using security options at MAC sublayer based on IEEE 802 15 4 specification 13 In particular Access Control List ACL and secured security modes 13 will be incorporated into our scheme in order to provide confidentiality on frame level at MAC sublayer for all of the three phase protocol The major effect and objective of this approach is to cover the password or user related information during its transit within the UA s handshakes Regarding security specifications for the IEEE 802 15 4 standard there are still many limitations and deficiencies that need to be revised for later version of th G ion 12 13 14 Not all of the none at the moment Developers need to i this security feature is required Withi pai
9. e combined mode i e ACL plus secured mode could also be set up on GW node at Phase 2 Login step 3 in Fig 4 where login nodes will send Msg userID C2 C1 T back to GW node awaiting for authentication in next phase Now it is the GW node s turn to examine from its ACL address entries to verify if the data frames source addresses match with its stored address list The static addresses of all the login nodes have been pre installed before the deployment on the gateway node side CONCLUSION In this paper a light weight user authentication has been introduced to address the access control problem in a WSN environment An effective dynamic vas proposed based on strong password authentication approach The proposed UA a rther justified through the with the recommendations our future work an N test bed and experimental tests will be conducted REFERENCES 1 C Y Chong and S Kumar Proceedings of IEEE Vol 9 2 C C Chang and T C Proceedings vol i A Dynamic ID based Remote User Authentication ctronics Vol 50 No 2 2004 6 M S Hwang and L H A New Remote User Authentication Scheme Using Smart Cards IEEE Transaction Consumer Electronic vol 46 No 1 pp 28 30 2000 7 C Y Lee C H Lin and C C Chang An Improved Low Communication Cost User Authentication Scheme for Mobile Communication Proceedings of the IEEE 19th International Conference on Advanced Information Networking and Applications
10. e device and a User submits his her ID userID and a chosen password PW Sensor Gateway node GW for registration with private key or shared secret key i e key computes A hash userlD Il key output 512 bit e g use SHA 512 as the one way hash function B hash A i hash PW chance of having j attacks Also Denial of Service Do occur by sending either many bogus certifi to make sensor nodes memory exhausted or bogus signatures to make sensor nodes running out of energy in verifying them THE PROPOSED USER AUTHENTICATION SCHEME A wireless sensor network is deployed in a confined area which is divided into different zones Authorized users can access the WSN somewhere in the network using mobile devices say a Notebook PC The mobile The GW node replics to the user for successful registration GW node then passes the dataset of userID PW A B TS in clear texts to the GW PC s database engine TS represents the Timestamp that the Gateway recorded before when a user was doing the registration String A and B are the outputted 512 bit hex strings of hash operations and are used to cover the contexts of userID and PW respectively A subset userID A TS is then distributed over the sensor network in encrypted mode during transmission This datasct userID A TS is assumed to be stored on a particular set of sensor nodes which are able to provide a login interface to users devices in order to perform the login s
11. ervice at later time Figure 1 Steps of operations for phase 1 International Journal of Advances in Engineering Research International Journal of Advances in Engineering Research IJAER 2012 Vol No 3 Issue No II March http www ijaer com ISSN 2231 5152 device is assumed to have the ability to communicate with the sensor nodes within the WSN e g through an embedded sensor node Before issuing any queries into the system a user must register with a name and a password probably at the sensor gateway GW node Upon successful registration the user can submit a query to the sensor network system at any time within a predefined or administrative configurable period This configurable time period could be set differently depending on the nature of applications During a particular querying process the user has to remain in place login to a nearest sensor login node in a zone issue the queries and get back the result Once the predefined time period has expired the user may need to restart a new cycle by doing the registration again if he she foresees that more queries need to be performed Protocol Description The proposed scheme is divided into three phases the H Authentication phase The operations of the three p node has registration and login interface The sensor n device say a PDA or a Notebook PC collectively called GW node is also performed in this phase are illustrated in Phase 2 Login If the
12. h reg h less computation and thus is of this paper is organized as ection 3 we propose our analytical evaluation with and 5 respectively ntication scheme WSNs However it is cards based UA schemes for mobile communications or remote netv i ties types of attacks and protocol handshakes from the ramework for developing UA solutions for the ples it can perform a one way hash function generate tiny sensor node could perform parts of these operations card based UA scheme w design a UA scheme for WSNs A number of UA schemes u smart cards can be found in 3 4 5 6 and 7 The scheme 6 is based on El Gamal cryptosystem 16 which belongs to a public key cryptosystem and a signature scheme based on discrete logarithms However the scheme can be broken by creating a valid pair of userID PassWord without knowing the secret key of the system Thus a legitimate user could compute some other s password To address this problem a modified UA scheme was introduced 18 to prevent the forgery attack Also an enhanced smart card based remote UA scheme with check digits was introduced to remove the threats of impersonating other legal users Detailed descriptions of these works can be found in 3 International Journal of Advances in Engineering Research International Journal of Advances in Engineering Research http www ijaer com IJAER 2012 Vol No 3 Issue No II March ISSN 2231 5152 Dynamic ID based Remote UA Sche
13. mes Password based authentication schemes are the most widely used methods for remote UA 4 Existing schemes could be categorized into two types One uses weak password approach while the other uses strong password approach The weak password authentication approach is based on El Gamal cryptosystem The advantage of this scheme is that the remote system does not need to keep a user ID password table to verify the validity of the user login However such a weak password authentication approach leads to heavy computational load on the whole system Thus this scheme cannot be applied to a WSN environment as remote sensor nodes cannot afford to do this heavy computation Unlike the weak password approach strong password authentication is mostly based on one way hash function 17 and exclusive Of operations XOR It requires much less computanpn and need only simple operaon in mind this seheri may have ainst ID theft and able to resist the replay and forger insi t some of the algorithms were proved by Awasthi 5 t These loopholes are already enough to make any random password to get into the system UA Scheme for Mobile Com El Fishway et al 8 proposed aenticati e for mobile users This scheme could even be a ist It is assumed that there is no central certification autho i S mmunicating entities The protocol also makes use of public one way hash function concepts One of the merits for s secret i e password or secret key
14. ode of AES CCM 128 which stands for Advanced Encryption Standard combined encryption and authentication at MAC level 12 or C1 in Authentication state at step 1 in Fig 4 if no security mode is enabled since Figure 4 Communication handshakes for the three C1 will not equal to C1 even T is modified as Te C1 value in fact directly protects the value of T 5 Replay login message attack with modifications of T and Cl i e Msg userID C2 Cle Te In this case an intruder has to be recomputed a correct value of Cle hash Te XOR B International Journal of Advances in Engineering Research International Journal of Advances in Engineering Research http www ijaer com JAER 2012 Vol No 3 Issue No II March ISSN 2231 5152 however the intruder does not have the value of B on hand That means when the GW node tries to verify Cle it will not match with the value of C1 Therefore the replay login message could also be identified during Authentication process at step 1 in Fig 4 The attacks of login message replay and login message forgery can be protected from the above scenarios 3 4 and 5 However this proposed UA scheme has a weakness for protecting from insider attacks which is a very difficult to handle Insider Attack iid ne e 1 Cost for th d UA sch Apparently legitimate users are assumed to be honest iiis lean ises scheme het and they will not disclose his her userID and password Phases Overhead Cost
15. onal Journal of Advances in Engineering Research http www ijaer com IJAER 2012 Vol No 3 Issue No II March ISSN 2231 5152 Step 1 User submits userID PW to login node Step 2 IF user D is contained in the login node s list of dataset userID A TS THEN the corresponding A is known 1 ELSE send Msg REJ_LOGIN to User 2 Compute B hash A ll hash PW 3 Compute C2 B XOR A use C2 to seal the content of B 2 4 Compute C1 hash T XOR B T is the current timestamp at that moment Step 3 Login node sends Msg userID C2 C1 T to the registration GW node for final authentication process Figure 2 Steps of operations for phase 2 ANALYTICAL EVALUATION In this section we present the analysis of security proposed protocol and the comparison of the cost overhead Security Analysis Security Scenario Cases Assume that the registration process in P i i ode For example the registration place can be in an area where on i are allowed to enter This will minimize the possibi i dentify it quickly in Login state at step 2 packet modification i e reuse the packet of Msg userID C2 C1 T his could be identified by delta_T in Authentication state at step 1 in Fig 4 4 Replay login message attack with vats EA modification of value T i e Msg userID C2 unD c aleen 73 C1 Te Te is modified to current date and time This replay could be identified by either IEEE 802 15 4 enabled security m
16. rwise keying in the 802 15 4 speci ured mode ACL mode for the MAC sublayer this mode provides a means for ACL entries on the receiving node ssed to the next higher layer for further The destination address of an outgoing an ACL entry The packet is then processed using the and IV Initialization Vector field listed in the ACL ntication functions depending on which security suite be enabled on incoming and ing frames In our proposed UA scheme the ACL mode tv counter Combined with the secured mode could be set up on login nodes during the Phase 1 Registration at Step 3 since the sensor GW node will distribute the Msg userID A TS to the group of sensor login nodes All the login nodes will have their ACL entries recording the source address of GW node For other ordinary sensor nodes they do not have this ACL entry and that they will not retain this data frame which has already been filtered out at MAC sublayer Also during this data frame distribution with the sensor network no password information will be disclosed since data value of password and B are not distributed outside the Suite Address S CUrity key Last Replay Figure 5 Format of an ACL entry International Journal of Advances in Engineering Research International Journal of Advances in Engineering Research http www ijaer com JAER 2012 Vol No 3 Issue No II March ISSN 2231 5152 GW node in this case Similarly the abov
17. yCA A legitimate User s certificate U is signed by the CA with user s public key certU signCA pub_keyU The scheme requires more overhead for encryption and signature verification than decryption and signing The authors claimed that ECC is still feasible for sensor nodes However it could possibly become a bottle neck for sensor nodes to perform the verification process during a high traffic load of the whole network The notion of n authentication is introduced in Benenson et al 11 which means that the whole authentication succeeds if the user can successfully authenticate with any subset of sensors out of a set of n sensors n could be the average number of the sensors within a unit broadcast distance of a particular sensor or the user The protocol works in the following manner A user trie d his her ID and certificate to a group of n sensor nodes Each sensor node will send bg use allenge i e Msg sensor id nonce and the user needs to respond all the challeng om the set ensor nodes The response from user to a Sensor i is sighU hash U Sensor i no Nowe sensor node will verify the user s reply of response in the following Sensor i verify cert U pub_keyU Sensor i verify SignU hash U Sensor i non If the user is successfully authenticated for Yes vote to other nodes in user is not successfully out Each sensor node in the Phase Registration A registration interface is launched on a user s mobil
Download Pdf Manuals
Related Search