Some observations on a lightweight authentication scheme with capabilities of anonymity and trust in Internet of Things (IoT)

Authors

Abstract:

Over the last years‎, ‎the concept of Internet of Things (IoT) leads to a revolution in the communications of humans and things. ‎Security and efficiency could be the main challenges of that communication‎‎. ‎‎On the other hand, ‎ authenticity and confidentiality are two important goals to provide desired security in an information system‎, including IoT-based applications. An Authentication and Key Agreement (AKA) protocol is a tool to ‎achieve authenticity and agree on a secret key to reach confidentiality. Therefor using a secure AKA protocol, one can establish the mentioned security. ‎In the last years‎, ‎several articles have discussed AKA protocols in the WSN‎. ‎For example‎, ‎in 2014‎, ‎Turkanovic et al‎. proposed a new AKA scheme for the heterogeneous ad-hoc WSN. ‎In 2016‎, ‎Sabzinejad et al‎. presented an improved one. ‎In 2017‎, ‎Jiang et al‎. introduced a secure AKA protocol‎. ‎Some other AKA protocols have presented in the last three years. ‎All the mentioned protocols are lightweight ones and need minimum resources and try to decrease the computation and communication costs in the WSN context‎. ‎In 2019‎, ‎Janababaei et al. proposed an AKA scheme in the WSN for the IoT applications, in the journal of Signal and Data Processing (JSDP)‎. ‎In the context of efficiency‎, ‎the protocol only uses a hash function‎, ‎bitwise XOR‎, ‎and concatenation operation‎. ‎Hence‎, ‎it can be  considered as a lightweight protocol‎. ‎The authors also discussed the security of their scheme and claimed that the proposed protocol has the capability  to offer anonymity and trust and is secure against traceability‎, ‎impersonation‎, ‎reply and man in the middle attacks‎. ‎However, despite their claims‎, ‎this research highlights some vulnerabilities in that protocol, for the first time to the best of our knowledge‎. More precisely, we showe that a malicious sensor node can find the secret parameters of another sensor node when it establishes a session with the victimized sensor. Besides, an adversary can determine any session key of two sensor nodes, given only a known session key of them. We also show that the protocol could not satisfy the anonymity of the sensor nodes. Other attacks which influence the Janababaei et al.’s scheme, are impersonation attack on the sensor nodes and cluster heads and also the man in the middle attack. In this paper we find that the main weaknesses of the Janababaei et al.’s protocol are related to computation of the session key, . We also propose a simple remedy to enhance the security of the Janababaei et al.’s protocol. ‎An initial attempt to improve the protocol is using a hash function on the calculated key, . This suggestion is presented to enhance the security of the protocol against the observed weaknesses in this paper; but it does not mean that there are no other security issues in the protocol. Therefore, modification and improvement of the Janababaei et al.’s protocol such that it provides other security features can be considered in the future research of this paper. Besides, since in this paper we focus on the security of the protocol, then the efficiency of it was not discussed. Therefore one can consider the modification of the message structure of the protocol to reduce the computational and telecommunication costs of it as another future work in the context of this paper.

Upgrade to premium to download articles

Sign up to access the full text

Already have an account?login

similar resources

A Mutual Authentication Method for Internet of Things

Today, we are witnessing the expansion of various Internet of Things (IoT) applications and services such as surveillance and health. These services are delivered to users via smart devices anywhere and anytime. Forecasts show that the IoT, which is controlled online in the user environment, will reach 25 billion devices worldwide by 2020. Data security is one of the main concerns in the IoT. ...

full text

Role and Application of RFID Technology in Internet of Things: Communication, Authentication, Risk, and Security Concerns

The Internet of Things (IoT) is a very encouraging and fast-growing area that brings together the benefits of wireless systems, sensor networks, actuators, etc.A wide range of IoT applications have been targeted and several aspects of this field have been identified to address specific issues, as well as technologies and standards developed in various domains such as in radio frequency id...

full text

on translation of politeness strategies in dialogues involving female characters in translations and retranslations of novels translated before and after the islamic revolution of iran and their effects on the image of women: a polysystem theory approach

abstract reception environment has considerable effects on accepting a translation. as the expectations of a target culture and its values and needs change throughout history, its criteria for accepting a translation or rejecting it will change accordingly (gentzler, 2001). the expectations of iran, as the reception environment in the present study, have changed after the islamic revolution. i...

ارائه طرح احراز اصالت سبک با قابلیت گمنامی و اعتماد در اینترنت اشیا

The Internet of Things (IoT), is a new concept that its emergence has caused ubiquity of sensors in the human life. All data are collected, processed, and transmitted by these sensors. As the number of sensors increases,   the first challenge in establishing a secure connection is authentication between sensors. Anonymity, lightweight, and trust between entities are other main issues that shoul...

full text

A Novel Trust Management Model in the Social Internet of Things

The Internet of Things (IoT) and social networking integration, create a new concept named Social Internet of Things (SIoT) according to which the things are able to autonomously establish social relationships with regard to the owners. Things in SIoT operate according to a service-oriented architecture. There may be misbehaving owners and consequently misbehaving devices that can perform harmf...

full text

Internet of Things (IoT): A Literature Review

One of the buzzwords in the Information Technology is Internet of Things (IoT). The future is Internet of Things, which will transform the real world objects into intelligent virtual objects. The IoT aims to unify everything in our world under a common infrastructure, giving us not only control of things around us, but also keeping us informed of the state of the things. In Light of this, prese...

full text

My Resources

Save resource for easier access later

Save to my library Already added to my library

{@ msg_add @}


Journal title

volume 19  issue 4

pages  89- 98

publication date 2023-03

By following a journal you will be notified via email when a new issue of this journal is published.

Keywords

No Keywords

Hosted on Doprax cloud platform doprax.com

copyright © 2015-2023