Wireless sensor networks (WSNs) are spreading rapidly due to their flexibility to communicate which demands a secure environment. The most important requirements of WSN security are confidentiality, authentication, and integrity. User authentication is necessary for legitimate access control in WSNs. Sensors have limited processing power, bandwidth, memory, and limited communication abilities. Significantly, the system must produce an authentication method to confirme if the user is legal or not. In this paper, we present a solution based on biometric and adapt it for a WSN environment. The proposed protocol involves simple operations and light computations. The main advantage of the proposed protocol is using the user's iris to regenerate the user’s key on-the-fly every time the user wants be authenticated which dramatically enhances security aspects in WSNs. The key used in this protocol is stronger than passwords and shorter than biometric data, which balances between security and performance. Our protocol uses much light computations and simple operations in both homogenous and heterogeneous environments; therefore, it is suitable to the WSNs.
1. Introduction
Wireless sensor network (WSN) collects the observed data about an environment over a certain geographic area [1]. Users can request and watch the data when they need it (ad hoc queries) or when an event has been triggered.
Very soon, the environmental data will be omnipresent. The reason behind that are the pervasive nature of WSN and its simplicity of deployment which helps in proposing various types of WSN implementations. Such usage of a WSN for smart constructions and the prediction of heat and dampness measurements in a specific position of an area will be on request. Commonly, the great number of requests in WSN implementations is processed at the gateway or the base station points. Nevertheless, we could predict the increasing of higher requests to reach the real-time data from WSNs. This will prevent the real-time data from being reached just at the gateway nodes or at the base stations, rather it could be reached from a sensor node of a WSN in an ad hoc way. Nonetheless, in several situations the use of such gateway node or base station is impossible or not achievable forcing the user to access the sensor devices directly. For instance, data might be located in the directly accessed nodes. In such situation, inquiries and data dissemination have to be performed through the WSN for security purposes. For example, the temporary deployment in battlefield or area where there is no existing network infrastructure is the situation with deployment deep in desert or forest.
The collected data might not be critical (e.g., the humidity in a specific location inside a house), while in some cases they might be confidential and valuable. In the latter case, some security measures must be considered to protect these critical data and not to allow the accessibility of unauthorized users to reach these data. One of the well-known problems in most of the available computer applications and systems is the access control. One of the primary solutions is the user authentication which used to prove the identity of user or a machine as client to access the system or application. User authentication examples can be faced regularly, like entering a local area network of our work place, verification of hand phone appliances, down to the verification of our account transaction of ATM machines, and so on. Nevertheless, a great effort has been done on WSN security but there are many opened issues that need to be tickled taking into consideration the nature of resource constraints of WSN such as computation limitations, storage, and battery power. It is very challenging to implement the traditional solution of user authentication for wired environments to WSNs.
In this paper, we will discuss the problem of the user authentication in the context of WSNs since a legal user is permitted to query the data in an ad hoc way from any sensor node within WSN and present the needed literature review in Section 2. Furthermore, we suggest a biometric-based user authentication protocol in Section 3. Moreover, Section 4 analyses the security aspects of our protocol. In Section 5, we analyse the protocol performance using analytical modeling. Performance evaluation for the proposed protocol using simulator is presented in Section 6, while Section 7 concludes our study.
2. Literature Review
In a WSN application layer, many security protocols were applied to enhance the security of the layer efficiently, since the standard security protocols in an application layer are considered not strong enough for many information systems privacy [2]. In [3], Benenson et al. propose a user authentication protocol which is used to handle node capture attack. This protocol needs exponential computations because of their protocol based on elliptic curve discrete logarithm problem (ECDLP). As a result, the computational time of Benenson et al.’s protocol is high because exponential computations are expensive. Also, this protocol relies on the existence of a trusted third party.
In 2006, Wong et al. [4] has proposed a dynamic WSN authentication scheme based on a light-weight strong password. This scheme involves three phases: registration phase, login phase, and authentication phase. However, Wong et al.’s scheme has three main advantages that are discussed as follows.
It gives the authorized users privilege to access data at any sensor nodes in an ad hoc method.
It reduces the computation cost by loading very little operations.
It is secure enough against some of replay/forgery attacks.
Whereby, this scheme has four disadvantages.
It has some weakness in protecting against all replay/forgery attacks.
Sometimes sensor node reveals and exposes the password information to other nodes.
It does not allow users to change their password freely.
The scheme is always vulnerable to stolen-verifier threats.
Tseng et al. [5] have improved Wong et al.’s scheme by fixing the security weakness in it. This improvement has been designed by adding an extra phase on Wong et al. phases. However, Tseng et al.’s scheme has four phases: registration, login, authentication, and password changing phase.
Novelty, Ko [6] showed that the authentication process shown in [5] is still insecure and does not achieve mutual authentication, which is very important for many applications. Moreover, Vaidya et al. [7] highlighted other weaknesses on Tseng et al., Wong et al., and Ko schemes. Vaidya et al. pointed out that the previous mentioned schemes are still not strong enough to protect against some attacks such as replay of account login, stolen verifier, and man-in-the-middle attacks. Vaidya et al. enhanced the security by proposing two WSN authentication schemes depending on the traditional password authentication schemes.
However, Das [8] has also highlighted the weakness of Wong et al. against stolen-verifier attacks, as well as identified two-factor user authentication scheme for WSN which is based on password and smart card. Although this two-factor scheme can be used to protect networks but it requires some complicated equipment.
In [9], He et al. have developed and discussed two-factor authentication scheme. This development is proposed to enhance the security of the two-factor scheme by dividing their scheme into three main phases: registration, authentication, and password-changing phase.
However, He et al. have developed another issue from Das’s scheme. This developed issue is still suffering from some security limitations, such as session key establishment (where the session key between user and node sensor is not established after authentication phase in the developed scheme) and authentication process between user and sensor node.
Consequently, Nyang and Lee [10] showed that Das’s scheme is still vulnerable and has some security weakness in offline-password-guessing attacks. As a result, Das’s scheme cannot control and protect the established query-response messages between sensor node and user. Therefore, Nyang and Lee proposed a scheme to overcome the important security weakness in Das’s scheme.
Khan and Alghathbar [11] studied Das’s scheme in more details. They mentioned that Das’s scheme is still vulnerable to several types of attack, since Das’s scheme does not provide some features such as password changing and gateway and sensor mutual authentication. Therefore, their suggestions to fix this weakness are by adding password changing phase and providing gateway/sensor mutual authentication phase. The suggested scheme is still weak because of the limitations on the session key establishment between the user and sensor node in WSN.
Arikumar and Thirumoorthy [12] proposed their contribution in securing WSN depending on the two-factor authentication scheme and nonpublic key operations such as hash function. This contributed scheme prevents users who have the same identity from logging into the system.
Yeh et al. [13] presented a new user authentication scheme depending on elliptic curve cryptosystem and smart card authentication method. This contribution is still weak in the following regards.
Communication cost is very expensive compared to the existing schemes.
Working without user/sensor node mutual authentication.
Working without key sharing between the user and the sensor node.
Recently, Yuan et al. [14] used biometric approach to propose their user authentication scheme in WSN. In addition, they used password and smart card in their presented work. After Yuan et al.’s biometric scheme, Yoon and Yoo [15] proposed a new user authentication protocol based on biometric approach and without using password. They also showed the message integrity problem in Yuan et al.’s scheme. Although they suggested security improvements of Yuan et al.’s protocol, but some drawbacks are still in their protocol, for example, there is no session key established after authentication between the sensor node and the user, and no confidentiality of messages is considered; also their protocol requires some complicated equipment and is still vulnerable to several types of attack such as denial of service (DoS) attack.
3. Proposed Protocol
We observed that the existing protocols have security weaknesses, such as, DoS, man-in-the-middle attack (MIMA), and guessing attack. No confidentiality of messages is considered and may require some complicated equipment. We suggest security improvements in our protocol to fix some of the drawbacks to improve the existing user authentication in WSNs. Our protocol not only solves the aforementioned drawbacks but also improves the security of user authentication in WSNs.
Our user authentication protocol is based on biometric encryption and hash function which is feasible for WSNs without special hardware support (i.e., without additional equipment) and without third party. Moreover, our protocol is suitable for large scale applications.
The main advantage which dramatically enhances security aspects in WSNs is that the user’s iris is used to regenerate the user’s key on-the-fly every time the user wants to be authenticated. This encryption key is shorter than biometric data and stronger than a password, that balances the tradeoff between performance and required security; it becomes possible to achieve biometric-based user authentication without transmitting and saving any private information anywhere (i.e., no need to store neither images nor the template of them in the memory. The encryption key and the image or template of image must be discarded at the end of the registration phase).
Our major goal is to decrease possible problems which are caused by illegal users. So we suggest a user authentication protocol to fulfill the following requirements.
Our protocol provides protection against main attacks in WSNs such as replay attack, impersonation attack, MIMA, stolen-verifier attack, repudiation attack, data corruption attack, password guessing attack, and DoS attack. The security of conventional user authentication protocols is founded on password. Short password is broken without difficulty using password guessing attacks. Furthermore, a password can be shared with other people or be lost so there is no method to know who is the real user. Biometric encryption can solve the above security problems, that is, based on behavioral or physiological characteristics of persons, for example, fingerprints, iris scan, faces, hand geometry, vein patterns, voice patterns, and so forth. The biometric-based authentication is more reliable than conventional authentication based on a password.
Our protocol provides mutual authentication between not only gateway and sensor node but also between gateway and user.
Our protocol was adapted to be efficient and lightweight in terms of computational cost and communication cost to decrease the energy consumption of sensor nodes which have limited energy and resources.
Our protocol is based on a zero-knowledge proof. This means that it allows a claimant to prove the knowledge of a secret without revealing it.
Our protocol provides confidentiality of messages between all entities (user, gateway, and sensor node); therefore, only authorized users can use these messages, which are confidential against any attack.
The proposed protocol uses iris encryption in user authentication for wireless sensor networks. In this protocol, there are four main phases: registration, login, authentication, and user’s key change. We chose iris scan as the most appropriate personnel trait for authenticating users, because it was demonstrated that iris is one of the most accurate traits for user authentication. Other advantages for authentication based on iris scan are found in the literature [16]. Moreover, iris authentication may need no additional hardware on the user devices with the presence of digital cameras now are included in most computer devices [17]. The number of commercial software produces iris recognition using mobile devices cameras, for example, BioWallet on Android and OKI’s iris recognition on Symbian.
We have made the following assumptions for user authentication.
The gateway node (GW-node) or base station (BS) is considered as trusted node.
Each user must register in the system once to access the WSN data.
The notations used in the protocol are explained in Table 1.
Notations used in the protocol.
Notation
Meaning
U
User
SN
Identity of sensor login-node N, that is, nearest sensor node of WSN
ID
User’s identity
h(·)
One-way Hash function
∥
Concatenation
Ekey(m)
Message m is encrypted with secret key
Dkey(m)
Message m is decrypted with secret key
MACkey(m)
Message authentication code
After extracting the iris’s features, the biometric encryption will take place by using a fuzzy commitment scheme, as in [17]. Fuzzy commitment scheme overcomes the drawback of traditional biometric systems where there is no need to store neither images nor the template of them in the memory. Biometric data has a variable nature and the encryption needs an exact key to work well; so before biometric data can be used as a key for encryption, its representation must be stabilized. Error-correction codes are used for the stabilization process [17].
Registration phase of our protocol is performed by extracting the features of iris using an iris recognition system, then binding (XORing) the corrected biometric data with a random generated key (user’s key). Then the biometric encryption (BE) template will be saved in the user’s device (PDA/PC).
Additionally, the hash value of encryption key will be saved with the BE template to be able to reject incorrect keys in an early step, before beginning the process of remote authentication as shown in Figure 1.
Biometric cryptography.
When the BE template is saved in the user’s device, the user can retrieve his key by capturing an image of his iris via the user’s device camera. After that, the features of iris will be extracted by the iris recognition model, then XORed with the BE template to regenerate the user’s key as shown in Figure 2.
Decrypt with same biometric.
There are two methods to authenticate the user using the biometric encryption. One of them uses the biometric to create a pair of private and public key, as proposed by [16], and publish the public key. The other method uses biometric encryption to generate a user’s secret key [18]. The problem in the second method is the decision of what should be saved on the GW-node/BS to authenticate the user. The first answer is the “BE template,” as it is in a normal biometric authentication. Unluckily, this is not useful from the viewpoint of the biometric, because the user must transmit his/her biometric data to the remote authenticator for retrieving his/her key from the GW-node database. The best solution is that the key of user is saved on the GW node. Although this solution contradicts with the biometric encryption aim to not save the key of user, but this inconsistency will be on the GW-node side only which has a high level of security, particularly if the users’ keys were encrypted in the GW-node database. Hence, the security of the GW-node is not the matter because this method is similar to the well-known Kerberos protocol. Furthermore, if the user’s key is stolen, it can be simply revoked using the reenrollment process. We use the second method for our user authentication protocol because the symmetric cryptographic is less complex than asymmetric cryptography and consumes less resources, which is an important issue in limited resources devices, for example, sensor node and mobile devices.
3.1. Registration Phase
When the user Ui registers in the system, an encryption key will be generated randomly for Ui. The generated key is saved on the GW node as a key of Ui. After that, the features of the Ui’s iris are extracted then hashed by SHA256 [17], then the hash is XORed with the key to generate a BE template which will be saved in the Ui’s device to use it for the authentication phase to regenerate the key from the Ui’s iris. The template of iris is large, also if we use a part of the iris template in the biometric encryption that is not secured enough, so the hash was used because a fixed size output for variable length inputs is produced by the hash function and the hash function is collision resistant. Additionally, the hash of the key will be saved with the BE template to be able to reject incorrect keys in an early step, before beginning the procedure of remote authentication. The Ui data (IDi, name, etc.) and the encryption key of the Ui are saved in the GW-node database. After that, the GW node sends to the Ui an IDi and Fi=h(IDi⊕X) through a secure channel to utilize them at an authentication phase to authenticate himself. Where X is a secret parameter which is generated by the GW-node and it is saved in all the SNs (the sensor login-nodes) before the nodes are deployed in the field. These sensor nodes (SNs) will be responsible to respond to the data/query that users are looking for and know X.
3.2. Login Phase
After iris acquisition by camera in the Ui’s device, the features of Ui’s iris are extracted. After that, the iris’s features are corrected by error correcting code and hashed by SHA256. Then, the hash of corrected iris’s features is XORed with the saved BE template to regenerate the Ui’s key as in Figure 3. Then, the Ui’s key is hashed, and this hash will be compared with the saved hash of the Ui’s key. If the two hashes are not equal, the remote authentication is aborted. If they are equal, the application is proceeded. After that, a request is sent to the GW node including the user IDi.
Login phase.
3.3. Authentication Phase
When GW node receives the login request, it replies with a random challenge R. Here the GW node would challenge the user to encrypt a bit of known information using the encryption key. When the user receives the GW-node response, he/she will encrypt R and T1, where T1 denotes the current timestamp of the Ui’s device, using the encryption key which is generated from the iris template and sent the encrypted message to GW node. When GW node receives encrypted message at time T2, it will decrypt this message using the key of Ui then checks the freshness of timestamp T1 as in Figure 4. If (T2-T1)>ΔT, the authentication phase will be aborted, where ΔT denotes interval of the expected time for the transmission delay in the WSN. In contrast, if (T2-T1)≤ΔT, the following steps will be achieved.
Authentication between user Ui and GW node.
The next step is that GW node computes Fi=h(IDi⊕X), then computes Yi=MACFi(IDi∥SN∥T3), where SN denotes the sensor node which will reply to the query with what Ui is looking for and T3 denotes the GW node’s current timestamp. The GW node transmits a message (IDi,Yi,T3) to the SN over a public channel. Yi used by SN to ensure that the message (IDi,Yi,T3) issues from the legal GW node since Yi is produced using X, that is known to the GW node and SN.
When the request is received by the SN at time T4, it will carry out the following steps, the verification of T3. If (T4-T3)>ΔT, the authentication phase will be aborted, where ΔT denotes interval of the expected time for the transmission delay in the WSN. In contrast, if (T4-T3)≤ΔT, the following step will be achieved. The SN computes Fi=h(IDi⊕X) and Yi*=MACFi(IDi∥SN∥T3); after that, it verifies whether or not Yi* is equal to Yi. If the previous two verifications successfully pass, the SN sets respond to the Ui query (RM), then compute Vi=h(IDi∥Fi∥T5) and Ci=h(RM), where T5 denotes the sensor node’s current timestamp, then compute L=Evi(RM,Ci) (i.e., SN encrypts RM and Ci with Vi); after that, the SN sends a message (L,T5) to the Ui.
In next step, when the Ui receives the message (L,T5) at time T6, Ui verifies from freshness of timestamp T5. If (T6-T5)>ΔT, the authentication phase will be aborted. In contrast, if (T6-T5)≤ΔT, Ui computes Vi=h(IDi∥Fi∥T5) and then decrypts the message L with Vi (i.e., Ui computes Dvi(L)) to get RM and Ci and then computes Ci*=h(RM); after that, he/she verifies whether or not Ci* is equal to Ci. If the previous steps successfully pass, the Ui will accept the RM as explained in Figure 5. Furthermore, the SN and Ui have become the shared session key Vi=h(IDi∥Fi∥T5); this session key can be used to achieve more operations during a session. Therefore, a legal user communicates to sensor nodes in an ad hoc way to access data of the WSN.
Authentication phase.
3.4. User’s Key Change Phase
According to the proposed protocol, the user’s key can be changed by re-enrollment process. When the key is compromised, Ui can do re-enrollment by his/her biometric, and then a new key is generated randomly; this key differs from the previous.
4. Security Analysis Using Threat Model
This section proves our protocol’s strength in terms of security. We demonstrate that the proposed protocol resists main types of attacks in WSNs which are found in the literature.
In communication networks, the threat model is employed to analyze crypto protocols formally, since the threat model assumes that two parties can communicate over an insecure channel. WSNs can adopt the threat model where the channel of communication between two parties is insecure, and the end points (sensor node and user) cannot be trusted generally.
Proclamation 1. The proposed protocol resists a DoS attack.
Proof.
The DoS attack in the existing user authentication protocols can be occurred by attacker who is transmitting the large number of requests to GW node in login and authentication phases to make the GW node fail. Our protocol prevents DoS attack by preauthentication, since each request should associate with timestamp T1 encrypted by the Ui’s key; for this reason, a large number of unauthorized requests cannot get into the GW node.
Ui → GW-node: preauthentication = EK(R,T1), where T1 denotes the current timestamp of the Ui’s device.
Proclamation 2. The proposed protocol provides confidentiality of messages between all entities (user, gateway, and sensor node).
Proof.
Messages confidentiality against eavesdropping attack are performed by data encryption service. Our protocol can provide sufficient confidentiality for transmitted messages (e.g., EK(R,T1) and L=Evi(RM,Ci)). More specifically, these messages are confidential against any adversary. If data is sent without encryption over a public channel, the attacker is able to view the plaintext data as it passes over the network; this attack occurs in Yoon and Yoo’s protocol [15], where in [15] the sensor node’s responding message (RM) is sent to the user over a public channel without encryption.
Proclamation 3. The proposed protocol resists a node compromise attack.
Proof.
WSNs are normally deployed in an unattended environment. The attacker can easily capture a sensor node (SN) and attempt to collect some secret information about the network from this sensor node. Implementation of one-time sensors prevents this type of the attack, but it is limited to some applications (e.g., fire alarm), because the data confidentiality is not important. When the data confidentiality is important, it is a difficult task to prevent this type of the attack if sensor nodes are not tamper-proof and the environment is hostile and unattended. However, the GW node can periodically monitor whether any sensor node is captured or not. If authentication of user and data access from sensor node are allowed directly to the user (i.e., without GW node’s notice) then the effect of “node compromise” attack is very high, which occurs in Watro et al.’s scheme [19]. But in our protocol, the user’s request is first authenticated by the GW node and after that the request is transmitted to the sensor node to respond to the user query.
Proclamation 4. The proposed protocol resists a replay attack.
Proof.
As a rule, if previously obtained information is not reusable, then replay attacks are impossible [20]. When an opponent eavesdrops on the communication between the Ui and the GW node, he/she only gets encrypted data (unreadable form), which is not reusable. Therefore, no opponents’s success replay attacks on the proposed protocol.
The timestamps Ti(i=1,2,…,6) are used in the suggested protocol to prevent the replay attack. If an adversary intercepts the message EK(R,T1) and attempts replaying the same message for login to the GW node, he/she cannot pass the verification of the login request because of (T2-T1)>ΔT, where T2 denotes the time when the replayed message is received by the GW node. Similarly if an adversary intercepts (IDi,Yi,T3) and attempts replaying the same message, he/she cannot pass the verification of the login request because of (T4-T3)>ΔT. Also if an adversary intercepts (L,T5) and attempts replaying the same message, he/she cannot pass the verification of the login request because of (T6-T5)>ΔT.
Proclamation 5. The proposed protocol resists an impersonation attack.
Proof.
The suggested protocol resists impersonation attack since an adversary may intercept a login request EK(R,T1), nevertheless, to log in again, EK(R,T1) must be recomputed by using a new timestamp Tnew, for avoiding the replay attacks. This is impossible without Ui’s iris since Ui’s iris is required to regenerate the Ui’s key, and the user’s biometrics cannot be attained by the adversary. Therefore, the adversary cannot achieve impersonate attack. Therefore, the proposed scheme can resist user impersonation attack. Also the adversary cannot impersonate a valid GW node. Assume that an adversary intercepts a valid login message (IDi,Yi,T3) to impersonate a valid GW-node. Nevertheless; because the MAC function must be one way where MAC function must be hard to invert (i.e., given random y∈{0,1}n, hard to find any x such that h(x)=y), the adversary cannot extract secret value Fi=h(IDi⊕X) from Yi=MACFi(IDi∥SN∥T3). Without knowing Fi, the adversary cannot perform the GW-node impersonation attack since the adversary cannot make a new message (IDi,Yinew,Tnew), where Yinew=MACFi(IDi∥SN∥Tnew) and Tnew denotes a timestamp of the adversary. Consequently, the suggested protocol resists the GW-node impersonation attack. For the same reason, the adversary cannot impersonate a valid sensor node (SN) without knowing the secret value Fi since he/she cannot obtain Fi from the intercepted value L=Evi(RM,Ci) where Vi=h(IDi∥Fi∥T5).
Proclamation 6. The proposed protocol resists a stolen verifier attack.
Proof.
The attackers who have stolen the users’ keys from GW node cannot obtain any useful information, because the users’ keys were encrypted in the GW-node database.
Proclamation 7. The proposed protocol resists guessing attacks.
Proof.
This type of attack is a serious concern in systems based on password. The suggested protocol resists password guessing attacks, because the password of user is not required to login to the WSN. Also the suggested protocol resists the biometric guessing attacks, because our protocol does not require transmitting and saving any private information anywhere. In other words, no preservation of the biometric template or image is done. The best practice from a privacy point of view, in the first place, is not to collect any personally identifiable information (PII) to a completely and fully possible capacity. This is known as “data minimization” which means to minimize the quantity of personal data that are possessed and collected; in this manner, it eradicates the likely preceding abuse. The retention and wrong usage of biometric data are considered as the main reasons of driving most concerns of privacy and security. These threats and concerns are addressed by biometric encryption.
Proclamation 8. The proposed protocol resists a repudiation attack.
Proof.
This type of attack indicates to participation denial in all of the communication or part of it. Our protocol requires Ui’s iris to regenerate the Ui’s key; therefore, the Ui cannot deny that he/she performed a specific participation; also we assume the GW node is considered as trusted node; thus, our protocol resists a repudiation attacks.
Proclamation 9. The proposed protocol can resist an integrity threat.
Proof.
Data integrity threats faced by our protocol are as follows:
data modification attack,
data corruption attack,
data insertion attack.
Integrity is a service used to guarantee that the transmitted data has not been modified via an unauthorized entity. Our protocol can resist integrity threats, since Yi=MACFi(IDi∥SN∥T3) and Ci=h(RM) could be used to protect against integrity threats. The sensor node (SN) can guarantee that the message (IDi,Yi,T3) has not been modified via an unauthorized entity by recomputing MAC and verifies whether it is equal to the MAC attached to the message. Also the Ui can guarantee that the message (L, T5) has not been modified via an unauthorized entity by recomputing h(RM) and verifies whether it is equal to the h(RM) attached to the message.
Proclamation 10. The proposed protocol resists an insider attack.
Proof.
An insider attack is intentionally misused by authorized parties. Our protocol aims to achieve biometric-based user authentication without transmitting and saving any private information anywhere (i.e., no need to store the template of image or image in the memory). The encryption key and the image or template of image must be discarded at the end of the registration phase, since only the BE template will be saved in the Ui’s device to use it for the authentication phase to regenerate the key from the Ui’s iris. For this reason, any insider attack cannot get the correct biometric and cannot get the correct user’s key from the BE template because of the advantages of biometric encryption and the one-way hash function. Also the users’ keys were encrypted in the GW-node database.
Table 2 shows the functionality comparisons between our protocol and related protocols. According to Table 2, our protocol not only presents confidentiality of messages but also performs all security requirements and without complicated equipment. From the above descriptions, we conclude that our protocol is more practical than the related protocols.
Comparison among representative protocols and our protocol.
Benenson et al.’s protocol
Yuan et al.’s protocol
Yoon et al.’s protocol
Our protocol
Stolen-verifier attacks
Secure
Secure
Secure
Secure
Guessing attacks
Secure
Secure
Secure
Secure
Impersonation attacks
Insecure
Insecure
Secure
Secure
Replay attacks
Secure
Secure
Secure
Secure
Insider attack
Secure
Insecure
Secure
Secure
Repudiation attack
Secure
Secure
Secure
Secure
Node compromise attack
Secure
Insecure
Insecure
Secure
Denial-of-service attack
Insecure
Insecure
Insecure
Secure
Message confidentiality
Not provided
Not provided
Not provided
Provided
Password change
Not required
Required
Not required
Not required
Key revocability
Not provided
Not provided
Not provided
Provided
Complicated equipment
Not required
Required
Required
Not required
Session key establishment
Not provided
Not provided
Not provided
Provided
Mutual authentication
Not provided
Not provided
Provided
Provided
Data integrity
Not provided
Not provided
Provided
Provided
5. Analytical-Based Performance Evaluation
In this section, we analyze the performance of our protocol based on a mathematical model and compare with the ones in the literature. We employ the computational overhead (denoted by T) to study the performance. The computation time required by each security primitives as stated by practical implementations on Mica2 motes [21] is recorded in Table 3. The total computational cost of our protocol, Benenson et al.’s protocol, Yuan et al.’s protocol, and Yoon et al.’s protocol is shown in Table 4. We calculate the computational time for registration phase separately because the computational time for registration phase is a one-time task at some period. From Table 4, Benenson et al.’s protocol needs exponential computations because their protocol-based on ECDLP. As a result, the computational time of Benenson et al.’s protocol is the highest among the four protocols because exponential computations are expensive.
Execution times on Mica2.
Notation
Description
Time (ms)
TH
Time for performing one-way hash function (SHA-1)
3.636
TMAC
Time for performing MAC function (HMAC-SHA1)
3.12
TRC5
Time to encrypt/decrypt using RC5
0.26
Computational time comparison.
Benenson et al.’s protocol
Yuan et al.’s protocol
Yoon et al.’s protocol
Our protocol
Registration phase
1TEXP
4TH
3TH
2TH
Login and authentication phases
2nTH + 3nTEXP
9TH
10TH
4TRC5 + 2TMAC + 6TH
Total
2nTH + 3nTEXP + 1TEXP
13TH
13TH
4TRC5 + 2TMAC + 8TH
Total time
375000 ms*
47.268 ms
47.268 ms
36.368 ms
*Time required for the authentication phase on sensor node only for one session [3].
TEXP: the time required to achieve a modular exponential computation.
n: number of sensors in the communication range of the user.
Also, Benenson et al.’s protocol relies on the existence of a trusted third party while we only assume that the GW node is trusted. Briefly, we minimize the computational time and avoid the want for a trusted third party. Based on Table 4, our protocol requires only 36.368 ms, which is less than Benenson et al.’s protocol (375000 ms), Yuan et al.’s protocol (47.268 ms), and Yoon et al.’s protocol (47.268 ms) as explained in Figure 6.
Delay performance.
We compute the energy consumption of security computations by (1) to (3) [21]. For Mica2 mote, I=8 mA if the processor status is in active mode. In general, if two new AA batteries are used, V=3.0 V [21]. Therefore, total energy consumption of our protocol is only 0.87 mJ, which is more efficient than Benenson et al.’s protocol (9000 mJ), Yuan et al.’s protocol (1.13 mJ), and Yoon et al.’s protocol (1.13 mJ) as shown in Figure 7:
(1)E=V×Q.
Since
(2)Q=I×t,
and therefore,
(3)E=V×I×t,
where E denotes the energy consumption, Q is the charge, V is the voltage, I is the current, and t is the elapsed time.
Comparison of energy consumption.
6. Implementation-Based Performance Evaluation
In this section, we introduce the performance evaluation based on the implementation.
6.1. Iris Recognition System
The biometric systems give automatic identifications of the persons derived from a unique characteristics or features. Iris recognition has many advantages such as it has an internal organ (body part), reliable, and does not need to be identified by touching used equipment so iris is considered one of the most important biometric recognition systems.
Our iris recognition system (Figure 8) is performed by Masek’s method [22]; some modifications are introduced to Masek’s method to achieve the biometric encryption. This iris recognition system uses the global transform to segment the image. Therefore, it can detect the pupil and the iris region. After normalizing the image, the data is extracted and quantized to encode the unique pattern of the iris image using 1D Log-Gabor filters. All tests are performed with CASIA iris image database [23]. Our iris recognition system requires only 4.6570 seconds to extract the features of iris and create BE template. For regenerating the user’s key, our system requires 4.8280 seconds.
Iris recognition system.
6.2. Simulation-Based Performance Evaluation
In this section, we evaluate the performance of our protocol by MATLAB simulator version R2010a [24]. Results of our simulation comprise not security computational cost only, but also communication cost for transmitting security messages. We will assess the performance of our protocol in the presence of homogeneity and heterogeneity to prove the robustness of our protocol, and it works well regardless of network kind. For the aim of this research, we apply similar energy model as discussed in [25, 26] shown in Figure 9.
Energy dissipation model.
In this energy model, the energy dissipated per bit (Eelec) is 50 nJ/bit for running the receiver or transmitter circuits and the transmit amplifier (εamp) is 10 pJ/bit/m2. The energy expended to send k-bits is
(4)ETx(k,d)=ETx-elec(k)+ETx-amp(k,d),ETx(k,d)=Eelec×k+εamp×k×d2,
where d is the distance between the sender and the receiver, and ETx includes the loss of energy because of channel attenuation.
The energy expended to receive k-bits is
(5)ERx(k)=Eelec×k.
Also, we assume that the same amount of energy is needed to send k-bits from A to B and vice versa. The parameters used in our simulation are summarized in Table 5.
The parameters used in our simulation.
Parameter
Value
Number of sensor nodes
n=100
Packet size
k=4000 bits
Area
A=M×M=120×120
GW-node location
(50, 50)
Number of runs
10
MAC protocol
CDMA and TDMA
Communication model
Bi-direction
Transmitter/receiver electronics
Eelec=50 nJ/bit
Initial energy for normal node
Eo=0.5 J
Data aggregation energy
EDA=5 nJ/bit/message
Transmit amplifier
εamp=10 pJ/bit/m2
Security Primitives Choice. Traditional wisdom states select either AES or DES when a block cipher is required. Nevertheless, DES is too slow to be implemented on limited resources devices, and AES is also quite slow. Moreover, AES has the drawback that its block length is long. Skipjack and RC5 are the most appropriate to be implemented on limited resources devices [21]. RC5 has been proven to be secure in the literature [27]. Therefore, we choose RC5 (size of key = 20 byte) as a block cipher. Also, we choose HMAC-SHA1 (size of key = 20 byte) as a MAC function. Value of SHA-1 is 20 bytes.
6.2.1. Homogeneous Wireless Sensor Networks
In this study, we assume that the homogeneous wireless sensor network shown in Figure 10 has the following properties.
Supposing a 120 m × 120 m region of 100 sensors.
The sensor nodes are uniformly distributed (i.e., they are randomly distributed in a 2-dimensional space).
The sensor nodes are static.
It is supposed that the GW node is placed at the center of the sensing region.
At the network layer, the LEACH (low energy adaptive clustering hierarchy) [25] is used for the routing protocol. Typically, the stability period for LEACH protocol is 995 rounds [28].
(a) A homogeneous wireless sensor network when all the sensor nodes are alive, (b) the network when some sensor nodes are dead.
The results are present in Figure 11, which compare delay of cases without (w/o) and with (w/) in the proposed protocol and are evaluated during the stability period of network. In the first case (i.e., without the proposed protocol), there were only plain texts transmitted between the accessed node and the user. For the second case (i.e., with the proposed protocol), all security communications and computations of proposed protocol were considered. The communicational and computational cost with the proposed protocol is 99.89 seconds, while without the proposed protocol is 97.37 seconds. This means that the proposed protocol only increases only by 2.59% delay. Briefly, the final results of the simulation demonstrate a small increase of cost of proposed protocol compared with a former case. As a result, such delay is insignificant for the WSN.
Delay performance of homogeneous network.
Figure 12 shows one that authentication of Benenson et al.’s protocol takes approximately 440 seconds, while one authentication of our protocol takes only 0.53 second. In addition, Benenson et al.’s protocol needs the certificate and public key of a user at the side of receiver, which have been transmitted with each request of user (i.e., rising overhead of transmission). It is clear that the performance of our protocol is high enough compared to that of Benenson et al.’s protocol (by 83574.05%).
Comparison of delay.
6.2.2. Heterogeneous Wireless Sensor Networks
We suppose that heterogeneous wireless sensor network such as Figure 13 has the following properties of heterogeneity.
The SEP (stable election protocol) [26] is used at the network layer. Typically, the stability period for SEP protocol is 1385 rounds [28].
The heterogeneity parameters are the fraction of advanced nodes (m=10%) and the additional energy level between advanced node and normal node (α=1).
(a) A heterogeneous wireless sensor network when all the sensor nodes are alive, (b) the network when some sensor nodes are dead.
The communicational and computational cost during the stability period of heterogeneous network with the proposed protocol is 137.89 seconds, while without the proposed protocol is 135.24 seconds as explained in Figure 14. This means that the proposed protocol increases only by 1.96% delay. In brief, the final results of the simulation show a small increase of cost of the proposed protocol compared to a normal case. Therefore, our protocol is robustness and works well regardless of network kind.
Delay performance of heterogeneous network.
7. Conclusion and Future Work
In this paper, we have conducted a study on the security of WSNs in the field of authentication. We have studied the existing protocols of user authentication in WSNs. Furthermore, we suggest a biometric-based user authentication protocol. The above analysis proves that our protocol is more practical than the representative protocols and proves the robustness of our protocol since it works well regardless of network kind.
The main advantage of the proposed protocol, which dramatically enhances security aspects in WSNs, is that the user’s iris is used to regenerate the user’s key on-the-fly every time the user wants be authenticated. In the future, a hardware implementation (with real sensors) of our protocol will be conducted to analyze its real performance and efficiency. Also, we will improve the iris recognition system to introduce detection methods to prevent attacks based on using artificial iris images.
Acknowledgment
The authors extend their appreciation to the Deanship of Scientific Research at King Saud University for funding this work through research group no. RGP-VPP-264.
ChongC.-Y.KumarS. P.Sensor networks: evolution, opportunities, and challenges2003918124712562-s2.0-294268642510.1109/JPROC.2003.814918KumarP.LeeH.-J.Cryptanalysis on two user authentication protocols using smart card for wireless sensor networksProceedings of the Wireless Advanced (WiAd '11)2011London, UK241245BenensonZ.GedickeN.RaivioO.Realizing robust user authentication in sensor networks200514WongK. H. M.YuanZ.JiannongC.ShengweiW.A dynamic user authentication scheme for wireless sensor networksProceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy ComputingJune 2006Taichung, Taiwan2442512-s2.0-3384545833610.1109/SUTC.2006.1636182TsengH.-R.JanR.-H.YangW.An improved dynamic user authentication scheme for wireless sensor networksProceedings of the 50th Annual IEEE Global Telecommunications Conference (GLOBECOM '07)November 2007Washington, DC, USA9869902-s2.0-3934909319610.1109/GLOCOM.2007.190KoL.-C.A novel dynamic user authentication scheme for wireless sensor networksProceedings of the IEEE International Symposium on Wireless Communication Systems, ISWCS'08October 2008Reykjavik, Iceland6086122-s2.0-6244929025310.1109/ISWCS.2008.4726128VaidyaB.RodriguesJ. J.ParkJ. H.User authentication schemes with pseudonymity for ubiquitous sensor network in NGN2010239-10120112222-s2.0-7795638857910.1002/dac.1097DasM. L.Two-factor user authentication in wireless sensor networks200983108610902-s2.0-6294913077410.1109/TWC.2008.080128HeD.GaoY.ChanS.ChenC.BuJ.An enhanced two-factor user authentication scheme in wireless sensor networks20101043613712-s2.0-78650459565NyangD. H.LeeM. K.Improvement of Das’s two-factor authentication protocol in wireless sensor networkshttp://eprint.iacr.org/2009/631.pdfKhanM. K.AlghathbarK.Cryptanalysis and security improvements of “two-factor user authentication in wireless sensor networks”2010103245024592-s2.0-7795549542710.3390/s100302450ArikumarK. S.ThirumoorthyK.Improved user authentication in wireless sensor networksProceedings of the International Conference on Emerging Trends in Electrical and Computer Technology (ICETECT '11)March 2011Tamil Nadu, India101010152-s2.0-7995759606410.1109/ICETECT.2011.5760267YehH.-L.ChenT.-H.LiuP.-C.KimT.-H.WeiH.-W.A secured authentication protocol for wireless sensor networks using Elliptic Curves Cryptography2011115476747792-s2.0-7995770236310.3390/s110504767YuanJ.JiangC.JiangZ.A biometric-based user authentication for wireless sensor networks20101532722762-s2.0-7795233946910.1007/s11859-010-0318-2YoonE.-J.YooK.-Y.A new biometric-based user authentication scheme without using password for wireless sensor networksProceedings of the 20th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises2011Paris, France279284MohammadiS.AbediS.ECC-based biometric signature: a new approach in electronic banking securityProceedings of the International Symposium on Electronic Commerce and Security (ISECS '08)August 2008Guangzhou City, China7637662-s2.0-5404912965710.1109/ISECS.2008.98Al-HussainA.Al-RassanI.A biometric-based authentication system for web services mobile userProceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia (MoMM '10)November 2010New York, NY, USA4474522-s2.0-7995626167010.1145/1971519.1971596LeeuwE. D.2008Rotterdam, The NetherlandsSpringerWatroR.KongD.CutiS.-F.GardinerC.LynnC.KruusP.TinyPK: securing sensor networks with public key technologyProceedings of the 2004 ACM Workshop on Security of Ad Hoc and Sensor Networks, SASN'04October 2004New York, NY, USA59642-s2.0-14844304757IslamM. R.SayeedM. S.SamrajA.Biometric template protection using watermarking with hidden password encryption1Proceedings of the International Symposium on Information Technology (ITSim '08)200818KarlofC.SastryN.WagnerD.TinySec: a link layer security architecture for wireless sensor networksProceedings of the Second International Conference on Embedded Networked Sensor Systems (SenSys '04)November 2004New York, NY, USA1621752-s2.0-26444574670MasekL.Recognition of human iris patterns for biometric identificationThe University of Western Australia, http://people.csse.uwa.edu.au/pk/studentprojects/libor/LiborMasekThesis.pdfChinese Academy of Sciences, Institute of Automation, Database of 756 Greyscale Eye Images. Version 1. 0, 2003, http://www.sinobiometrics.com/MATLAB simulatorhttp://www.mathworks.com/products/matlab/HeinzelmanW. R.ChandrakasanA.BalakrishnanH.Energy-efficient communication protocol for wireless microsensor networksProceedings of the 33rd Annual Hawaii International Conference on System Siences (HICSS '33)January 20002-s2.0-0033877788SmaragdakisG.MattaI.BestavrosA.SEP: a stable election protocol for clustered heterogeneous wireless sensor networks2004Boston University Computer Science DepartmentLeX. H.KhalidM.SankarR.LeeS.An efficient mutual authentication and access control scheme for wireless sensor networks in healthcare2011633553642-s2.0-7995306558910.4304/jnw.6.3.355-364AderohunmuF. A.DengJ. D.PurvisM.Enhancing clustering in wireless sensor networks with energy heterogeneity2011741831