Abstract: In this study, we proposed a mutual authentication protocol between sensor nodes and gateway nodes. In our scheme, we adopted multiple security techniques against different security threats, such as time stamps against replay attacks, the ZUC encryption algorithm against data eaves dropping and unauthorized falsification. To verify the effectiveness and efficiency of our scheme, we implemented a telosb-based wireless sensor test bed, in which all sensor nodes were equipped with our security scheme to facilitate mutual authentications between each other. The experiment results reveal that, our proposal can not only resist the common attacks, such as the impersonation attack, replay attack and DoS attacks, but show a sound network performance.
INTRODUCTION
Wireless Sensor Network (WSN) consists of many tiny, distributed, low-power and low-complexity sensor nodes to cooperatively monitor physical environmental information, such as temperature, humidity, vibration and light conditions (Sen, 2012). The sensor nodes detect events or phenomena, collect and process data and transmit sensed information to interested users. Some of the data collected is not particularly important, such as the temperature and humidity in a house etc., but some data are sensitive, vulnerable, such as the size of our army, the business insurance, etc. When we access the data stored in the sensor nodes, in order to prevent illegitimate user and information of the malicious nodes, it is necessary to design a secure access control mechanism. That is achieving mutual authentication between the query node and sensor nodes.
Recently, there are many schemes about authentication in WSN, such as public key-based authentication protocol system (Benenson et al., 2006; Jiang et al., 2008; Wang and Li, 2012), user authentication protocol based on smart cards and two-factor password technology (Wong et al., 2006; Das, 2009; Arikumar and Thirumoorthy, 2011), Merkle Hash tree authentication technology (Shen et al., 2007; Du et al., 2010), identity-based authentication schemes (Ren et al., 2010; Cao et al., 2008; Yasmin et al., 2010; Shim et al., 2013) and so on. uTESLA is the first protocol in WSN which provides authenticated broadcast for resource-constrained environments (Perrig et al., 2002), the contribution of this protocol is use efficient symmetric cryptography and has an authenticator size of 160 bits. Benenson et al. (2006) proposed a mechanism for authentication of queries in WSN called AQF, (Benenson et al., 2006), the base station appends an authenticator to every query, such that each sensor can verify with certain probability that the query is sent by the base station. Wong et al. (2006) proposed a dynamic user authentication scheme for wireless sensor networks. The proposed scheme imposes very little computational load and requires only simple operations with hash function. However, Das find a security flaw in Wong et al. (2006) protocol as vulnerable to many logged-in and suffers from stolen-verifier attack. So, they present a two-factor user authentication protocol for WSN (Das, 2009), His protocol uses the two factor authentication concept based on password and smart card and resists many logged-in users with the same login identity, stolen-verifier, guessing, replay and impersonation attacks. In Arikumar’s scheme, they showed Das’s scheme is not provide real mutual authentication between GW-node and sensor nodes. So, they use another secret parameter xs which only be known to the GW-node and sensor nodes (Arikumar and Thirumoorthy, 2011). But if the xs is compromised, the entire system will not be security at all.
By analyzing typical scheme above, we find that the proposed schemes to authentication should not only against the attacks but also can really apply in the specific WSN (e.g., limited compute and power). Most existing solutions to query authentication is based on the trusted GW-node but in the real situation, the GW-node can also suffer attacks and impersonation attack. In this study, we propose security mutual query authentication solution based on hash function, times tamp and random strategy. And we realize this scheme by implementing a TelosB-based wireless sensor tested.
WSN models and assumptions attack
WSN network system: WSN nodes deployed in the monitor area, Where the
sink node would require the service data of the sensor nodes (Fig.
1).
Adversary model: Typical sensor nodes are small with limited communication and computing capabilities. These small sensor nodes are susceptible to many kinds of attacks (Sen, 2012).
We assume that attackers can eavesdrop, inject and intercept data packets in the WSN. But the attacker is not able to analyze the sensor node code. So, in this study we consider the attack model as below: Replay attacks, denial of service attacks (Raymond and Midkiff, 2008), personate attack, eavesdropping analysis attacks etc.
Mutual authentication scheme: The basic idea of this protocol is that provide One-Time Pad between sink node and sensor nodes. We use the node identity (ID), nonce and local times as the key parameters. The hash function generate secure dynamic session key which avoiding the threat of traditonal key distribution.
| Fig. 1: | WSN network system |
| Table 1: | Notation used in the protocol |
The ZUC algorithms is a new stream cipher, simple and efficient which can assure confidentiality, integrity and availability during the whole mutual authentication scheme.
The protocol is divided into three phases: WSN deployment phase, the query mutual authentication phase and update the network key phase. The notation used throughout the paper is shown in Table 1.
WSN deployment phase: Distribute the sink node and sensor nodes which has been assigned an identify by IDi. All nodes have a pre-assigned network key a.
Mutual authentication phase
Sink node: Sends a message<M1||M2> by DIP routing protocol (Lin
and Levis, 2008), where:
M1 = <IDi||Tk||N1>
M2 = EIA3a(M1)
N1 = Nonce1⊕h(a)
Sensor nodes: Upon receiving <M1,M2> at time Ts, the node authenticates the data packet by the following steps:
| • | Validate ΔT, if (TS-TK≤ΔT and IDi==IDi* ), then proceeds to next steps, else abort |
| • | Compute the Message Authentication Code (MAC) M2* = EIA3α (M1), if M2 = M2*, then receive, else abort |
| • | Compute Nounce1* = N1⊕h(α), N2 = Nounce2⊕Nounce1*, M3 = (IDi||TS||N2) compute the MAC M4 = ElA3α, then sends the message packet <M3||M4> to sink node by CTP protocol (Gnawali et al., 2009) |
Sink node: When receiving the message <M3||M4> at time Tk’, Likewise, if (T’K-TS), then proceeds to next steps:
| • | Compute M4* = ElA3α if (M4* = M4), then sink calculate Nonce2’ = N2⊕Nonce1 N3 = Nonce3⊕Nonce2’, else abort |
| • | Compute the session key: |
Sk = h(IDi||Nonce2’||Nonce3||Tk’||TS)
| • | With the session key Sk, compute the query message M5, the message integrity M6 and send to the sensor node IDi: |
M5 =<IDi||Tk’||N3||EEA3Sk(Q_Msg)>M6 = EIA3Sk(M5)
Sensor node: Upon receiving<M5||M6> at time Ts’, validate ΔT and Identity, if (Ts’-Tk’≤ and Idi= =IDi*) then calculate Nonce3’ = N3□Nonce and the session key Sk* = h (IDi||Nonce2||Nonce3’|| Tk’||TS), else abort.
Next, verifies the M6 = M6* ( compute by EIA3Sk* (M5) ), if pass, then decrypt the query message Q_Msg = EEA3 (EEA3Sk* (Q_Msg)). Finally, crypt the respond message R_Msg* = EEA3Sk* (R_Msg), packing the message M7 = <Idi||TS’||R_Msg*> and the MAC M8 = EIA3Sk* (M7⊕Nonce3’). Send <M7||M8> to the sink node.
Sink node: After receiving<M7||M8>, verifies the time stamp, if pass, find the corresponding nonce with the IDi, compute M8* = EIA3Sk (M7⊕Nonce3), if (M8 = M8*), then obtained the respond message from decrypting the R_Msg*.
Network key update phase: Here, the sink node can sends the new network key a* inincluded in the query message Q_Msg. The update process becomes very simple.
Security analysis: This section analyzes the security of our protocol.
Confidentiality: We proposed scheme provides adequate confidentiality to their messages (such as, h(a), EIA3a(M3) and EEA3sk(Q_Msg)). More precisely, these messages are confidential from any attacker.
Replay attack: A replay attack (replaying an intercepted message) cannot work in this protocol. On the one hand, we use the timestamp concept, it can verify the timeliness, On an other hand, we use the nonces to set up secure communication, the nodes can not only know the data integrality but also judge the replay attack by verifying MAC. For example, the sink node judge the equality between MAC M8 and M8* (Eq. 1-2):
M8* = ElA3sk (M7⊕Nonce3) |
(1) |
M8 = ElA3sk* (M7⊕Nonce3') |
(2) |
Session key establishment: We provide the dynamic session key establishment between the sink node and the sensor nodes during the mutual authentication phase. The session key is generated by locally which avoids the threat of being captured during the network transmission. Meanwhile, the security features of hash function as a collision-free function and a one way function further ensure the safety of the system. The main parameters of the session key agreementare the random nonce and the local time generated by nodes, which ensure the security and time consistency of the key generation process. That is:
Sk = h(IDi||Nounce2'||Nounce3||TK’||TS)
This reduces the probability of crack key by adversary, because the session key is different for each communication.
Mutual authentication: In order to provide the proof to each communication parties, the mutual authentication issue is discussed in our proposed scheme. At the sensor node side, the nodes can confirm the legality of the sink node by verifing the following euation:
M6 = M6*
Where:
M6 = EIA3Sk(IDi||Tk’||N3||EEA3Sk(Q_Msg))
M6* = EIA3Sk*(IDi*||Tk’||N3||EEA3Sk(Q_Msg))
The above equation can be proof by the following equation:
N1 = Nounce⊕h (a)
N1' = N1⊕h (a)
N2 = Nounce2⊕Nounce1'
Nounce2' = N2⊕Nounce1'
Nounce2' = N2⊕Nounce1
N3 = Nounce3⊕Nounce2'
Nounce3' = N3⊕Nounce2
Sk = h(IDi||Nounce2'||Nounce3||Tk’||TS)
Sk* = h(IDi||Nounce2'||Nounce3'||Tk’||TS)
M6 = ElA3SK (M5)
M6* = ElA3SK* (M5)
Likewise, at the sink node side, the sink can use the same principle to verify the legality of the sensor node.
Experimental analysis: We use TelosB platform deployed sensor network test system to analyze performance of our proposed scheme.
System settings: TelosB is composed of the MSP430 (the MSP430F1611) microcontroller and the CC2420 radio chi. The microcontroller of this mote operates at 4.15 MHz and has a 10 kB internal RAM and a 48 kB program flash memory. The gateway system is composed of sink node and ARM6410 embedded, the sensor nodes are placed at around 20 m away from the gateway. After a certain period of time, the sink node sends a query request to sensor nodes, the data returned from the sensor nodes are released through the gateway system.
Computation cost: In this subsection, we examine the computation costof our proposed scheme. We define some symbols to describe the computational cost better as follows:
| TXOR: | The time for performing an XOR operation |
| TEEA3: | The time for performing an EEA3 operation |
| TEIA3: | The time for performing an EIA3 operation |
| MD5: | The time for performing an MD5 operation |
In Table 2, we test the time delay and energy consumption of the algorithms. All the algorithms are running on the TelosB motes. Table 3 shows the performance comparison with others schemes. In our protocol, we provide confidentiality and integrity of data, so the computation times is more than others.
Storage requirement: In our protocol, we choose the TinyOS (Levis et al., 2005) as the embedded operating system written in the nes C programming language.
| Table 2: | Average time delay and energy consumption |
| Table 3: | Comparison with other scheme |
| Fig. 2: | WSN network system |
| Table 4: | Storage requirement |
| Table 5: | Communication overhead of our scheme based on telosb |
| Table 6: | Authentication time comparison |
We designed safety component called security C on TelosB platform, the component mainly contain ZUC encryption algorithm module (ZucSecurityC), hashing algorithms module (MD5P), random number generation module (RandomC) and time synchronization module (Security TimerC), etc. (Fig. 2). Table 4 shows the memory requirements of the components. From the Table 4, the RAM take 15% and the ROM take 31.8%.
Communication cost: As energy to transmit and receive is proportional to message size, the main factor of the communication cost are the packet size and message exchanging times. According to Yussoff et al. (2012), the energy consumption of sending and receiving in TelosBare 1.83uJ/Byte and 1.98uJ/Byte, Table 5 shows the energy consumptionof the sink node and sensor node in our proposed scheme.
Cost efficiency: In order to verify the effectiveness of our scheme, in Table 6, we compare the authentication time with other typical scheme. The comparison result show that our scheme have better performance. However, our data obtained in the case of the communication distance which are single-hop between sensor nodes and sink node.
CONCLUSION
Authentication is one of the important security services in the wireless sensor network. It’s necessary to provide secure mutual authentication mechanisms and data privacy when sink node query the data from the sensor node. In this study, we propose a light weight dynamic mutual authentication protocol using one-way hash function and random nonce and realize it on the Telosb-based platform. The experiment results show that the scheme which not only have a small amount of computation and power cost but also have a better security performance in mutual authentication.
ACKNOWLEDGMENT
Thanks for this study is supported by The PhD Startup Foundation Grant No. 21361355. The author would like to thank the anonymous reviewers for their constructive comments that helped the quality of this study.