On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions

Computer Networks

Volumn 73, Issue , 2014, Pages 41-57

  Wang, Ding ^a,b   Wang, Ping ^a,b  

^a PEKING UNIVERSITY   (China)

^b Ministry of Education   (China)

Author keywords

Non tamper resistant; Smart card; Two factor authentication; User anonymity; Wireless sensor networks

Indexed keywords

HASH FUNCTIONS; SMART CARDS; WIRELESS SENSOR NETWORKS;

GLOBAL MOBILITY NETWORK; INHERENT COMPLEXITY; NON-TAMPER RESISTANTS; PRACTICAL SOLUTIONS; PRIVACY PRESERVING; TWO FACTOR AUTHENTICATION; USER ANONYMITY; WIRELESS SENSOR NETWORK (WSNS);

AUTHENTICATION; SMART CARDS;

EID: 84906774949     PISSN: 13891286     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.comnet.2014.07.010     Document Type: Article

References (119)

1. O. Gnawali, K.-Y. Jang, J. Paek, M. Vieira, R. Govindan, B. Greenstein, A. Joki, D. Estrin, and E. Kohler The tenet architecture for tiered sensor networks Proc. SenSys 2006 2006 ACM 153 166 (Pubitemid 47168684)
2. J. Shi, R. Zhang, and Y. Zhang Secure range queries in tiered sensor networks Proc. INFOCOM 2009 2009 IEEE 945 953
3. D. Yang, S. Misra, X. Fang, G. Xue, and J. Zhang Two-tiered constrained relay node placement in wireless sensor networks: computational complexity and efficient approximations IEEE Trans. Mobile Comput. 11 8 2012 1399 1411
4. W. Zhang, H. Song, S. Zhu, and G. Cao Least privilege and privilege deprivation: towards tolerating mobile sink compromises in wireless sensor networks Proc. MobiHoc 2005 2005 ACM 378 389 (Pubitemid 43037612)
5. D. He, J. Bu, S. Zhu, S. Chan, and C. Chen Distributed access control with privacy support in wireless sensor networks IEEE Trans. Wireless Commun. 10 10 2011 3472 3481
6. G.M. Yang, D.S. Wong, H.X. Wang, and X.T. Deng Two-factor mutual authentication based on smart cards and passwords J. Comput. Syst. Sci. 74 7 2008 1160 1172
7. D. Wang, and P. Wang Offline dictionary attack on password authentication schemes using smart cards Y. Desmedt, B. Thuraisingham, K. Hamlen, Proc. ISC 2013, LNCS 2014 Springer-Verlag 1 16, < http://eprint.iacr.org/2014/208.pdf >
8. S.J. Murdoch, S. Drimer, R. Anderson, M. Bond, Chip and PIN is broken, in: Proc. IEEE Security&Privacy 2010, IEEE Computer Society, 2010, pp. 433-446.
9. N. Mavrogiannopoulos, A. Pashalidis, and B. Preneel Security implications in kerberos by the introduction of smart cards Proc. ACM ASIACCS 2012 2012 ACM New York, NY, USA 59 63
10. J.-P. Kaps, G. Gaubatz, and B. Sunar Cryptography on a speck of dust IEEE Comput. 40 2 2007 38 44
11. M.L. Das Two-factor user authentication in wireless sensor networks IEEE Trans. Wireless Commun. 8 3 2009 1086 1090
12. Taking the Pulse of the Planet: Epas Remote Sensing Information Gateway. < http://www.epa.gov/geoss >.
13. The National Oceanographic Partnership Program (nopp). < http://www.nopp.org/ >.
14. B. Liu, Y. Jiang, F. Sha, and R. Govindan Cloud-enabled privacy-preserving collaborative learning for mobile sensing Proc. Sensys 2012 2012 ACM 57 70
15. F. Zhu, S. Carpenter, and A. Kulkarni Understanding identity exposure in pervasive computing environments Pervasive Mobile Comput. 8 5 2012 777 794
16. K. Mangipudi, and R. Katti A secure identification and key agreement protocol with user anonymity (SIKA) Comput. Secur. 25 6 2006 420 425 (Pubitemid 44307349)
17. J. Sun, C. Zhang, Y. Zhang, and Y. Fang Sat: a security architecture achieving anonymity and traceability in wireless mesh networks IEEE Trans. Depend. Secur. Comput. 8 2 2011 295 307
18. C. Lai, H. Li, X. Liang, R. Lu, K. Zhang, and X. Shen Cpal: a conditional privacy-preserving authentication with access linkability for roaming service IEEE Internet Things J. 2014 http://dx.doi.org/10.1109/JIOT.2014.2306673
19. D. Hughes, V. Shmatikov, and Information hiding anonymity and privacy: a modular approach J. Comput. Secur. 12 1 2004 3 36
20. X. Li, W. Qiu, K. Chen, and J. Li Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards IEEE Trans. Ind. Electron. 57 2 2010 793 800
21. D. Wang, and C. Ma Cryptanalysis of a remote user authentication scheme with provable security for mobile client-server environment based on ECC Inform. Fusion 14 4 2013 498 503
22. K. Xue, P. Hong, and C. Ma A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture J. Comput. Syst. Sci. 80 1 2014 195 206
23. D. He, Y. Gao, S. Chan, C. Chen, and J. Bu An enhanced two-factor user authentication scheme in wireless sensor networks Ad Hoc Sensor Wireless Netw. 10 4 2010 361 371
24. M. Khan, and K. Alghathbar Cryptanalysis and security improvements of two-factor user authentication in wireless sensor networks Sensors 10 3 2010 2450 2459
25. P. Kumar, A.J. Choudhury, M. Sain, S.M. Lee, and H.J. Lee Ruasn: a robust user authentication framework for wireless sensor networks Sensors 11 5 2011 5020 5046
26. Q. Jiang, Z. Ma, J.F. Ma, and G. Li Security enhancement of robust user authentication framework for wireless sensor networks China Commun. 9 10 2012 103 111
27. K. Xue, C. Ma, P. Hong, and R. Ding A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks J. Network Comput. Appl. 36 1 2013 316 323
28. C. Lai, H. Li, R. Lu, and X.S. Shen SE-AKA: a secure and efficient group authentication and key agreement protocol for LTE networks Comput. Networks 57 17 2013 3492 3510
29. D. Nyang, M. Lee, Improvement of Das's Two-Factor Authentication Protocol in Wireless Sensor Networks, Cryptology ePrint Archive, Report 2009/631, 2009. < http://eprint.iacr.org/2009/631.pdf >.
30. T. Chen, and W. Shih A robust mutual authentication protocol for wireless sensor networks ETRI J. 32 5 2010 704 712
31. H. Yeh, T. Chen, P. Liu, T. Kim, and H. Wei A secured authentication protocol for wireless sensor networks using elliptic curves cryptography Sensors 11 5 2011 4767 4779
32. D. Sun, J. Li, Z. Feng, Z. Cao, and G. Xu On the security and improvement of a two-factor user authentication scheme in wireless sensor networks Pers. Ubiquitous Comput. 17 5 2013 895 905
33. A.K. Das, P. Sharma, S. Chatterjee, and J.K. Sing A dynamic password-based user authentication scheme for hierarchical wireless sensor networks J. Network Comput. Appl. 35 52 2012 1646 1656
34. J.-J. Yuan An enhanced two-factor user authentication in wireless sensor networks Telecommun. Syst. 55 1 2014 105 113
35. B. Vaidya, D. Makrakis, and H. Mouftah Two-factor mutual authentication with key agreement in wireless sensor networks Secur. Commun. Netw. 2012 http://dx.doi.org/10.1002/sec.517
36. R. Fan, D. He, X. Pan, and L. Ping An efficient and dos-resistant user authentication scheme for two-tiered wireless sensor networks J. Zhejinag Univ.-Sci C 12 7 2011 550 560
37. M. Turkanovic, and M. Holbl An improved dynamic password-based user authentication scheme for hierarchical wireless sensor networks Electron. Electr. Eng. 19 6 2013 109 116
38. C.-T. Li, C.-Y. Weng, C.-C. Lee, and C.-W. Lee Towards secure and dynamic password based user authentication scheme in hierarchical wireless sensor networks Int. J. Secur. Appl. 7 3 2013 249 258
39. M. González Muñiz, and P. Laud On the (im) possibility of perennial message recognition protocols without public-key cryptography Proc. ACM SAC 2011 2011 ACM 1510 1515
40. D. Simon Finding collisions on a one-way street: can secure hash functions be based on general assumptions? K. Nyberg, Proc. EUROCRYPT 1998, LNCS vol. 1403 1998 Springer Verlag 334 345 (Pubitemid 128081496)
41. M. Backes, and B. Pfitzmann Limits of the cryptographic realization of dolev-yao-style xor S. Vimercati, P. Syverson, D. Gollmann, Proc. ESORICS 2005, LNCS vol. 3679 2005 Springer Berlin Heidelberg 178 196
42. A. Buldas, and A. Jrgenson Does secure time-stamping imply collision-free hash functions? W. Susilo, J. Liu, Y. Mu, Proc. ProvSec 2007, LNCS vol. 4784 2007 Springer Berlin Heidelberg 138 150
43. R. Impagliazzo, S. Rudich, Limits on the provable consequences of one-way permutations, in: Proc. 21th Ann. ACM Symp. on Theory of Computing (STOC 1989), ACM, 1989, pp. 44-61.
44. S. Halevi, and H. Krawczyk Public-key cryptography and password protocols ACM Trans. Inf. Syst. Secur. 2 3 1999 230 268
45. D. Park, C. Boyd, and S.-J. Moon Forward secrecy and its application to future mobile communications security H. Imai, Y. Zheng, Proc. PKC 2000, LNCS vol. 1751 2000 Springer Berlin/ Heidelberg 433 445
46. M.-H. Nguyen The relationship between password-authenticated key exchange and other cryptographic primitives J. Kilian, Proc. TCC 2006, LNCS vol. 3378 2005 Springer Verlag 457 475 (Pubitemid 41231178)
47. P. Zeng, Z. Cao, K.-k. Choo, and S. Wang On the anonymity of some authentication schemes for wireless communications IEEE Commun. Lett. 13 3 2009 170 171
48. J. Zhu, and J. Ma A new authentication scheme with anonymity for wireless environments IEEE Trans. Consum. Electron. 50 1 2004 231 235
49. C.-C. Lee, M.-S. Hwang, and I.-E. Liao Security enhancement on a new authentication scheme with anonymity for wireless environments IEEE Trans. Ind. Electron. 53 5 2006 1683 1687 (Pubitemid 44593519)
50. C.-C. Wu, W.-B. Lee, and W.-J. Tsaur A secure authentication scheme with anonymity for wireless communications IEEE Commun. Lett. 12 10 2008 722 723
51. C.-T. Li, C.-Y. Weng, and C.-C. Lee An advanced temporal credential-based security scheme with mutual authentication and key agreement for WSNs Sensors 13 8 2013 9589 9603
52. P. Kumar, S.-G. Lee, and H.-J. Lee E-sap: Efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks Sensors 12 2 2012 1625 1647
53. T.S. Messerges, E.A. Dabbish, and R.H. Sloan Examining smart-card security under the threat of power analysis attacks IEEE Trans. Comput. 51 5 2002 541 552 (Pubitemid 34550462)
54. K. Markantonakis, M. Tunstall, G. Hancke, I. Askoxylakis, and K. Mayes Attacking smart card systems: theory and practice Inform. Secur. Tech. Rep. 14 2 2009 46 56
55. T.H. Kim, C. Kim, and I. Park Side channel analysis attacks using am demodulation on commercial smart cards with seed J. Syst. Soft. 85 12 2012 2899 2908
56. J. Lancia Java card combined attacks with localization-agnostic fault injection S. Mangard, Proc. of the 11th Int. Conf. on Smart Card Research and Advanced Applications, LNCS vol. 7771 2013 Springer Verlag 31 45
57. K. Nohl, D. Evans, S. Starbug, H. Plötz, Reverse-engineering a cryptographic rfid tag, in: Proc. 17th USENIX Security Symp. (USENIX Security 2008), USENIX Association, 2008, pp. 185-193.
58. J.-S. Leu, and W.-B. Hsieh Efficient and secure dynamic id-based remote user authentication scheme for distributed systems using smart cards IET Inf. Secur. 8 2 2014 104 113
59. H. Li, Y. Yang, and L. Pang An efficient authentication protocol with user anonymity for mobile networks Proc. WCNC 2013 2013 IEEE 1842 1847
60. D. He, M. Ma, Y. Zhang, C. Chen, and J. Bu A strong user authentication scheme with smart cards for wireless communications Comput. Commun. 34 3 2011 367 374
61. C. Chen, D. He, S. Chan, J. Bu, and R. Fan Lightweight and provably secure user authentication with anonymity for the global mobility network Int. J. Commun. Syst. 24 3 2011 347 362
62. X. Li, Y. Xiong, J. Ma, and W. Wang An enhanced and security dynamic identity based authentication protocol for multi-server architecture using smart cards J. Network Comput. Appl. 35 2 2012 763 769
63. F. Wen, and X. Li An improved dynamic id-based remote user authentication with key agreement scheme Comput. Electri. Eng. 38 2 2012 381 387
64. M. Khan, and S. Kim Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme' Comput. Commun. 34 3 2011 305 309
65. M. Turkanović, B. Brumen, and M. Hölbl A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion Ad Hoc Networks 20 2014 96 112
66. C.-C. Chang, T.-F. Cheng, and H.-L. Wu An authentication and key agreement protocol for satellite communications Int. J. Commun. Syst. 2013 http://dx.doi.org/10.1002/dac.2448
67. S. Shin, H. Yeh, and K. Kim An efficient secure authentication scheme with user anonymity for roaming user in ubiquitous networks Peer-to-Peer Network Appl. 2013 http://dx.doi.org/10.1007/s12083-013-0218-2
68. F. Bao, and R. Deng Privacy protection for transactions of digital goods S. Qing, T. Okamoto, J. Zhou, Proc. ICICS 2001, LNCS vol. 2229 2001 Springer-Verlag 202 213 (Pubitemid 33361969)
69. M.L. Das, A. Saxena, and V.P. Gulati A dynamic id-based remote user authentication scheme IEEE Trans. Consum. Electron. 50 2 2004 629 631
70. Y.-P. Liao, and S.-S. Wang A secure dynamic id based remote user authentication scheme for multi-server environment Comput. Stand. & Inter. 31 1 2009 24 29
71. D. Wang, and P. Wang Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks Ad Hoc Networks 20 2014 1 15
72. Y.G. Wang Password protected smart card and memory stick authentication against off-line dictionary attacks Proc. SEC 2012, IFIP AICT vol. 376 2012 Springer Boston 489 500
73. S. Zhong, and F. Wu A collusion-resistant routing scheme for noncooperative wireless ad hoc networks IEEE/ACM Trans. Network 18 2 2010 582 595
74. Q. Xiao, K. Bu, Z. Wang, and B. Xiao Robust localization against outliers in wireless sensor networks ACM Trans. Sensor Network 9 2 2013 24
75. D. Dolev, and A. Yao On the security of public key protocols IEEE Trans. Inform. Theory 29 2 1983 198 208
76. Miracl Library, Shamus Software Ltd. < http://www.shamus.ie/index.php? page=home >.
77. J. Bonneau, M. Just, and G. Matthews Whats in a name? R. Sion, Proc. FC 2010, LNCS vol. 6052 2010 Springer 98 113
78. J. Bonneau, The science of guessing: analyzing an anonymized corpus of 70 million passwords, in: Proc. IEEE S&P 2012, IEEE Computer Society, 2012, pp. 538-552.
79. M. Dell'Amico, P. Michiardi, Y. Roudier, Password strength: An empirical analysis, in: Proc. INFOCOM 2010, 2010, pp. 1-9.
80. H.-M. Sun, W.-C. Ting, and K.-H. Wang On the security of chien's ultralightweight RFID authentication protocol IEEE Trans. Depend. Secur. Comput. 8 2 2011 315 317
81. H. Wang, and Y. Zhang On the security of a ticket-based anonymity system with traceability property in wireless mesh networks IEEE Trans. Depend. Secur. Comput. 9 3 2012 443 446
82. G. Wang, J. Yu, and Q. Xie Security analysis of a single sign-on mechanism for distributed computer networks IEEE Trans. Ind. Inform. 9 1 2013 294 302
83. D. Wang, P. Wang, C.G. Ma, Z. Chen, iPass: robust smart card based password authentication scheme against smart card loss problem, J. Comput. Syst. Sci., (2014) (in press). < http://eprint.iacr.org/2012/439.pdf >.
84. M. Khan, and D. He A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography Secur. Commun. Netw. 5 11 2012 1260 1266
85. C. Ma, D. Wang, and S.D. Zhao Security flaws in two improved remote user authentication schemes using smart cards Int. J. Commun. Syst. 2012 http://dx.doi.org/10.1002/dac.2468
86. D. Wang, P. Wang, J. Liu, Improved privacy-preserving authentication scheme for roaming service in mobile networks, in: Proc. WCNC 2014, 2014, pp. 3178-3183.
87. D. Wang, C.G. Ma, D.L. Gu, and Z.S. Cui Cryptanalysis of two dynamic id-based remote user authentication schemes for multi-server architecture L. Xu, Y. Mu, Proc. NSS 2012, LNCS vol. 7645 2012 Springer Berlin/Heidelberg 462 475
88. P. Kumar, A. Gurtov, M. Ylianttila, S.-G. Lee, and H. Lee A strong authentication scheme with user privacy for wireless sensor networks. ETRI J. 35 5 2013 889 899
89. F. Wu, and L. Xu Security analysis and improvement of a privacy authentication scheme for telecare medical information systems J. Med. Syst. 2014 http://dx.doi.org/10.1007/s10916-013-9958-z
90. M.K. Khan, and S. Kumari Cryptanalysis and improvement of an efficient and secure dynamic id-based authentication scheme for telecare medical information systems Secur. Commun. Networks 2013 http://dx.doi.org/10.1002/sec. 791
91. M.-C. Chuang, J.-F. Lee, and M.-C. Chen Spam: A secure password authentication mechanism for seamless handover in proxy mobile ipv6 networks IEEE Syst. J. 7 1 2013 102 113
92. J. Katz, R. Ostrovsky, and M. Yung Efficient and secure authenticated key exchange using weak passwords J. ACM 57 1 2009 1 39
93. D. Wang, C.G. Ma, On the Security of Some Smart-Card-Based Remote User Authentication Schemes for wsn, Cryptology ePrint Archive, Report 2012/581, 2012. < http://eprint.iacr.org/2012/581.pdf >.
94. F. Wen, W. Susilo, and G. Yang A secure and effective anonymous user authentication scheme for roaming service in global mobility networks Wireless Pers. Commun. 2013 http://dx.doi.org/10.1007/s11277-013-1243-4
95. H.-C. Hsiang, and W.-K. Shih Improvement of the secure dynamic id based remote user authentication scheme for multi-server environment Comput. Stand. Interfaces 31 6 2009 1118 1123
96. M. Kang, S. Rhee, and Y. Choi Improved user authentication scheme with user anonymity for wireless communications IEICE Trans. Fund. Electron. Commun. Comput. Sci. 94 2 2011 860 864
97. X. Li, J. Ma, W. Wang, and J. Zhang A novel smart card and dynamic id based remote user authentication scheme for multi-server environments Math. Comput. Model. 58 2 2013 85 95
98. J. Kim, D. Lee, W. Jeon, Y. Lee, and D. Won Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks Sensors 14 4 2014 6443 6462
99. S. Kumari, M.K. Khan, and X. Li An improved remote user authentication scheme with key agreement Comput. Electrical Eng. 2014 http://dx.doi.org/10. 1016/j.compeleceng.2014.05.007
100. X. Leroy, Smart card security from a programming language and static analysis perspective, INRIA Rocquencourt & Trusted Logic, Tecnical Report, 2013. < http://pauillac.inria.fr/xleroy/talks/language-security-etaps03.pdf >.
101. D. Sun, J. Huai, J. Sun, J. Li, J. Zhang, and Z. Feng Improvements of Juang et al.'s password-authenticated key agreement scheme using smart cards IEEE Trans. Ind. Electron. 56 6 2009 2284 2291
102. T. Zhou, and J. Xu Provable secure authentication protocol with anonymity for roaming service in global mobility networks Comput. Network 55 1 2011 205 213
103. D. He, C. Chen, J. Bu, S. Chan, and Y. Zhang Security and efficiency in roaming services for wireless networks: challenges, approaches, and prospects IEEE Commun. Mag. 51 2 2013 142 150
104. D. He, C. Chen, S. Chan, and J. Bu Secure and efficient handover authentication based on bilinear pairing functions IEEE Trans. Wireless Commun. 11 1 2012 48 53
105. D. Chaum, and E. Heyst Group signatures D. Davies, Proc. EUROCRYPT 1991, LNCS vol. 547 1991 Springer Verlag 257 265
106. J. Ren, and L. Harn An efficient threshold anonymous authentication scheme for privacy-preserving communications IEEE Trans. Wireless Commun. 12 3 2013 1018 1025
107. J. Xu, and W.-T. Zhu A generic framework for anonymous authentication in mobile networks J. Comput. Sci. Technol. 28 4 2013 732 742
108. K. Son, D. Han, and D. Won A privacy-protecting authentication scheme for roaming services with smart cards IEICE Trans. Commun. 95 5 2012 1819 1821
109. E. Fujisaki, and T. Okamoto Secure integration of asymmetric and symmetric encryption schemes M. Wiener, Proc. CRYPTO 1999, LNCS vol. 1666 1999 Springer Verlag 537 554
110. T. Zhou, and J. Xu Provable secure authentication protocol with anonymity for roaming service in global mobility networks Comput. Netw. 55 1 2011 205 213
111. M. Bellare, D. Pointcheval, and P. Rogaway Authenticated key exchange secure against dictionary attacks Proc. EUROCRYPT 2000, LNCS vol. 1807 2000 Springer Verlag 139 155
112. M. Abdalla, P.-A. Fouque, and D. Pointcheval Password-based authenticated key exchange in the three-party setting S. Vaudenay, Proc. PKC 2005, LNCS vol. 3386 2005 Springer Verlag 65 84 (Pubitemid 41231326)
113. D. Boneh Simplified OAEP for the RSA and Rabin functions J. Kilian, Proc. CRYPTO 2001, LNCS vol. 2139 2001 Springer Verlag 275 291 (Pubitemid 33317921)
114. R. Canetti, O. Goldreich, and S. Halevi The random oracle methodology, revisited J. ACM 51 4 2004 557 594
115. D. Boneh, and M. Franklin Identity-based encryption from the weil pairing SIAM J. Comput. 32 3 2003 586 615
116. S.-Y. Chang, Y.-H. Lin, H.-M. Sun, and M.-E. Wu Practical rsa signature scheme based on periodical rekeying for wireless sensor networks ACM Trans. Sen. Network 8 2 2012 13
117. A.S. Wander, N. Gura, H. Eberle, V. Gupta, and S.C. Shantz Energy analysis of public-key cryptography for wireless sensor networks Proc. PerCom 2005 2005 IEEE 324 328 (Pubitemid 43727945)
118. M. Scott, N. Costigan, and W. Abdulwahab Implementing cryptographic pairings on smartcards L. Goubin, M. Matsui, CHES 2006, LNCS vol. 4249 2006 Springer Verlag 134 147 (Pubitemid 44700054)
119. P. Szczechowiak, A. Kargl, M. Scott, and M. Collier On the application of pairing based cryptography to wireless sensor networks Proc. WiSec 2009 2009 ACM 1 12