A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor

Das, Ashok Kumar

doi:10.1002/dac.2933

Cited by 132 publications

(108 citation statements)

References 47 publications

(94 reference statements)

Supporting

Mentioning

107

Contrasting

Order By: Relevance

“…In 2016, Alizadeh et al [20] presented a comprehensive survey of authentication schemes of mobile cloud computing (MCC) to explain MCC authentication and differentiate it with that of cloud computing schemes. However, in this paper we performed the cryptanalysis of A.K.Das [17] scheme and found that it is susceptible to stolen smart card attack. Similarly, we found that Choi et al [21] (proposed in 2016), Park et al [22] (introduced in 2016), and Moon et al's [23] (proposed in 2017) schemes are also insecure against various security attacks as we have illustrated in Section 4 of this paper.…”

Section: Related Workmentioning

confidence: 99%

“…In 2015, A.K. Das [17] proposed fuzzy extractor based authentication scheme which resists well known security attacks of WSNs and have more security features compared to Althobaiti et al (2013) [18] scheme. Sharaf et al [19] proposed (in 2016) an object authentication system in order to exploit device-specific data, known as fingerprints, to authenticate the objects associated with the IoT.…”

Section: Related Workmentioning

confidence: 99%

“…A.K.Das [17] performed the security analysis of Althobaiti et al's [18] scheme and proposed an improved scheme of user authentication using the fuzzy extractor in order to resist node capture attack, impersonation attack, man-in-the-middle attack. A.K.Das [17] proposed a novel approach (considering the resource constraints of sensor node) for bio-metric based user authentication using the fuzzy extractor.…”

Section: Review Of Akdas's Schemementioning

confidence: 99%

See 2 more Smart Citations

Fuzzy Extractor and Elliptic Curve Based Efficient User Authentication Protocol for Wireless Sensor Networks and Internet of Things

Maurya

Sastry

2017

Information

View full text Add to dashboard Cite

Abstract:To improve the quality of service and reduce the possibility of security attacks, a secure and efficient user authentication mechanism is required for Wireless Sensor Networks (WSNs) and the Internet of Things (IoT). Session key establishment between the sensor node and the user is also required for secure communication. In this paper, we perform the security analysis of A.K.Das's user authentication scheme (given in 2015), Choi et al.'s scheme (given in 2016), and Park et al.'s scheme (given in 2016). The security analysis shows that their schemes are vulnerable to various attacks like user impersonation attack, sensor node impersonation attack and attacks based on legitimate users. Based on the cryptanalysis of these existing protocols, we propose a secure and efficient authenticated session key establishment protocol which ensures various security features and overcomes the drawbacks of existing protocols. The formal and informal security analysis indicates that the proposed protocol withstands the various security vulnerabilities involved in WSNs. The automated validation using AVISPA and Scyther tool ensures the absence of security attacks in our scheme. The logical verification using the Burrows-Abadi-Needham (BAN) logic confirms the correctness of the proposed protocol. Finally, the comparative analysis based on computational overhead and security features of other existing protocol indicate that the proposed user authentication system is secure and efficient. In future, we intend to implement the proposed protocol in real-world applications of WSNs and IoT.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Review Of Akdas's Schemementioning

confidence: 99%

See 1 more Smart Citation

Fuzzy Extractor and Elliptic Curve Based Efficient User Authentication Protocol for Wireless Sensor Networks and Internet of Things

Maurya

Sastry

2017

Information

View full text Add to dashboard Cite

show abstract

“…In some schemes, [5] √ × √ Jung et al [6] √ × × Fan et al [7] × × × Amin and Biswas [8] × × × Nam et al [9] × × √ Lu et al [10] √ √ × Zhao et al [11] √ × × Hou et al [12] × × × Farash et al [13] × × × Turkanović et al [14] × × × PriAuth √ √ √ all the users share the same key to encrypt their identities, this means the encrypted identity could be decrypted by a malicious or curious user using the same key [5,6,10,13]. Some of the schemes fail to enable the anonymity of the user or sensor, such as [37][38][39]. We adopt the ECC based method to enable the anonymity, which is similar to [15][16][17][18][19][20][21] because "ECC requires smaller keys compared to non-ECC cryptography (based on plain Galois fields) to provide equivalent security" [40].…”

Section: Related Workmentioning

confidence: 99%

A Privacy Protection User Authentication and Key Agreement Scheme Tailored for the Internet of Things Environment: PriAuth

Chen

Martínez-Ortega

Castillejo

et al. 2017

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

In a wearable sensor-based deployment, sensors are placed over the patient to monitor their body health parameters. Continuous physiological information monitored by wearable sensors helps doctors have a better diagnostic and a suitable treatment. When doctors want to access the patient's sensor data remotely via network, the patient will authenticate the identity of the doctor first, and then they will negotiate a key for further communication. Many lightweight schemes have been proposed to enable a mutual authentication and key establishment between the two parties with the help of a gateway node, but most of these schemes cannot enable identity confidentiality. Besides, the shared key is also known by the gateway, which means the patient's sensor data could be leaked to the gateway. In PriAuth, identities are encrypted to guarantee confidentiality. Additionally, Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol has been adopted to ensure the secrecy of the key, avoiding the gateway access to it. Besides, only hash and XOR computations are adopted because of the computability and power constraints of the wearable sensors. The proposed scheme has been validated by BAN logic and AVISPA, and the results show the scheme has been proven as secure.

show abstract

“…Therefore, biometricbased user authentication is inherently more secure and reliable than conventional authentication schemes. [20][21][22] In 2010, Yuan et al 18 proposed the first biometricbased user authentication scheme for WSNs. Their scheme was very efficient because it used only the hash function.…”

Section: Introductionmentioning

confidence: 99%

Secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks

Park

Lee

Kim³

2016

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

Wireless sensor networks (WSNs) are ad-hoc networks composed primarily of a large number of sensor nodes with limited power, computation, storage and communication capabilities. The issue of securing and authenticating communications in such a network is problematic, and thus an adversary has an opportunity to capture a sensor node directly from the target field and extract all the information from its memory. In 2013, Yoon and Kim proposed an advanced biometric-based user authentication scheme for WSNs. Choi et al. analyzed Yoon and Kim's scheme and performed a security cryptanalysis in 2016. They demonstrated that Yoon and Kim's scheme had several security problems, and proposed instead an improved biometric-based user authentication scheme using fuzzy extraction. However, we cryptanalyze Choi et al.'s scheme and demonstrate that their scheme is vulnerable to insider attack and has a problem with smart card revocation/reissue. To overcome these drawbacks, we propose a secure biometric-based authentication scheme in WSNs that is secure against inside adversaries and provides secure and efficient smart card revocation/reissue.

show abstract

A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor

Cited by 132 publications

References 47 publications

Fuzzy Extractor and Elliptic Curve Based Efficient User Authentication Protocol for Wireless Sensor Networks and Internet of Things

Fuzzy Extractor and Elliptic Curve Based Efficient User Authentication Protocol for Wireless Sensor Networks and Internet of Things

A Privacy Protection User Authentication and Key Agreement Scheme Tailored for the Internet of Things Environment: PriAuth

Secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks

Contact Info

Product

Resources

About