An Access Control Protocol for Wireless Sensor Network Using Double Trapdoor Chameleon Hash Function

Wireless sensor network (WSN), a type of communication system, is normally deployed into the unattended environment where the intended user can get access to the network. The sensor nodes collect data from this environment. If the data are valuable and confidential, then security measures are needed to protect them from the unauthorized access. This situation requires an access control protocol (ACP) in the design of sensor network because of sensor nodes which are vulnerable to various malicious attacks during the authentication and key establishment and the new node addition phase. In this paper, we propose a secured ACP for suchWSN.This protocol is based on Elliptic Curve Discrete Log Problem (ECDLP) and double trapdoor chameleon hash function which secures the WSN from malicious attacks such as node masquerading attack, replay attack, man-in-the-middle attack, and forgery attacks. Proposed ACP has a special feature known as session key security. Also, the proposed ACP is more efficient as it requires only one modular multiplication during the initialization phase.


Introduction
A wireless sensor network (WSN) is a system of a network consisting of spatially distributed autonomous devices which uses sensors to cooperatively monitor physical or environmental conditions such as temperature, sound, vibration, pressure, motion, or pollutants at different locations.The purpose of a WSN is to collect and process data from a target domain and transmit the information back to specific sites.WSN technology is an emerging technology that can be utilized in a wide range of potential applications in the real world.Such a network usually consists of a number of wireless sensor nodes that arrange themselves into a multihop network.Each node consists of one or more sensors.In many WSN, it is sufficient to secure the data transfer between the sensor nodes and the base station, especially, when the base station is needed to ensure that the received message sent by the specific sensor node is unaltered during transfer.However, in any WSN, providing security during authentication, key establishment and new node deployment is important and for that purpose, an ACP is needed.In the health-care monitoring systems, military domains, and in many other applications, WSN requires a hard and fast authentication scheme to secure the data from the attackers because the authenticity and integrity of such data received at the base station highly influence the final results in many WSN applications, as shown by Abduvaliev et al. [1], Akyildiz et al. [2], and Akyildiz and Kasimoglu [3].In a paper, Zhou et al. [4] developed an ACP based on the elliptic curve cryptosystem (ECC) for securing the new node deployment process.For details on the elliptic curve (EC) one can refer to Miller and Koblitz [5,6] and so forth.Next, Huang [7] proposed an efficient ACP based on the EC and hash chains.In this scheme, new nodes can be easily added.The authors claimed that it is resistant to various attacks.Later, Kim and Lee [8] pointed out that the ACP given by Huang [7] is insecure and it lacks hash chain renewability which is an important aspect needed in any resource constrained sensor network.Consequently, Kim and Lee [8] further proposed an enhanced ACP by adding a hash chain renewal phase supporting the mutual authentication.Also, they claimed that their enhanced access control protocol is resistant to various known attacks.
Further, Shen et al. [9] and Zeng et al. [10] demonstrated that the scheme given by Kim and Lee was still vulnerable to masquerade attack executed by new as well as legal nodes because it lacks hash chain renewability soon after the authentication and key established phase.Finally, Lee et al. [11] proposed a practical ACP based on EC and the hash chain.However, it was later observed that a large number of key distributions in Lee et al. [11] and Zhou [4] are also vulnerable to various adversary attacks and had hung storage overhead at the sensor node.
The concept of chameleon hash function was first given by Krawczyk and Rabin [12].Chameleon hash function is used to calculate the message digest.A chameleon hash function is a basically trapdoor collision-resistant hash function.It is found to be a very useful tool in cryptography.In order to take such advantage of this function, Chen et al. [13] involved it in the access control protocol.However, the Chen et al. [13] protocol required the precomputed secret value of  −1 during the transection even without verifying the authentic value and thus invites attacks.
Motivated by the use of the double trapdoor chameleon hash function by Chen et al. [14], in this paper, we propose a secure and efficient ACP based on ECDLP.In our opinion, the proposed protocol which does not require the precomputed value of  −1 dynamically provides the security against different attacks, even when new nodes are added to the WSN.Looking to the other advantages, our proposed scheme is better as compared to the scheme given by Chen et al. [13].
The rest of the paper is organized as follows.In Section 2, we give preliminaries required for the proposed access control protocol.In Section 3, the proposed scheme is explained.The security and efficiency analysis of our proposed scheme is given in Section 4. Finally, the conclusion is made in Section 5.

Preliminaries
As we have said earlier, in this section, we first explain the requirements for the ACP of a wireless sensor network using the ECDLP and trapdoor chameleon hash function.Before doing so, we need to explain the notion of a trapdoor chameleon hash function as given by Chen et al. [15] scheme.Let us first recall the EC as given below.

Elliptic Curve.
We consider the parameters of any EC such that the EC domain parameters can be verified to meet the requirements as given by Law et al. [16].In order to avoid the Pollard-rho [17] and Pohlig-Hellman algorithms for the discrete logarithm problem defined on EC, it is necessary that the number of   -rational points on , denoted by #(  ), be divisible by a sufficiently large prime .Also, in order to avoid the reduction algorithms of Menezes et al. [18] and Frey and Rück [19], our EC should be nonsuper singular (i.e.,  should not divide ( + 1 − #(  ))).Further, in order to avoid the attack of Semaev [20] on   -anomalous curves, our EC should not be   -inconsistent (i.e., #(  ) ̸ = ).

Elliptic Curve Discrete Logarithm Problem.
Let  be an elliptic curve defined over a finite field   and let  ∈ (  ) be a point of order .Given , where  ∈ (  ), the ECDLP is used to find the integer , 0 ≤  ≤  − 1, such that  =  ⋅ .

Trapdoor Chameleon Hash Function.
Following the ACP of Chen et al. [15], we define double trapdoor chameleon hash function as below.
( ( The value of  2 can be computed in polynomial time as follows: Also, as  1 is uniformly distributed in R then the distribution of  2 is computationally indistinguishable from the uniformly distributed  1 in R.

Proposed Access Control Protocol Based on ECDLP
Now we propose our ACP based on ECDLP and double trapdoor chameleon hash function.This method consists of two phases: initialization phase and the node authentication with key establishment phase.The implementation of the proposed ACP is as follows.
3.1.Initialization Phase of the Proposed ACP.The initialization phase is described in the following steps.
Step 1.The base station (BS) chooses a random element  ∈    and computes  = .The public hash key is HK =  =  and the private trapdoor key is TK = .
Step 2. Choose a random number  * ∈    , and compute the chameleon hash value  HK BS =  * . Step

Authentication with Key Establishment Phase of ACP.
In this section, we give different steps of authentication of the proposed ACP.In all the sensor nodes when deployed, if node   wants to communicate with another node   , they must implement the following steps to authenticate each other.Subsequently, they must establish a shared session key for securing their communication.
Step 2. Node   computes the chameleon hash value  HK of node   based on the received message (  ,  New Node Addition Phase.During the network communication phase, if some sensor nodes are lost, new sensor nodes are needed to deploy.When a new node with  +1 is added, the base station also generates a secret key  +1 and then the base station computes the chameleon hash value  HK BS = (,  +1 )( +1  + ) +  +1  at node  +1 and update as broadcasting chameleon hash value  HK BS in the base station.The authentication and key establishment for any old node with the new node  +1 is the same as authentication steps.

Correctness of the Proposed ACP.
In order to show the correctness of our proposed ACP, we assert that, during the authentication with key establishment phase, node   authenticates node   based on the chameleon hash value of node   ; that is, it computes the value of  HK BS = (, )( + ) +    based on the received message (  ,  1 ,   ( + ),   ) from node   and publishes the message of the base station which is written as  HK BS = (,   )(   + ) +  *  − (,   )(   + ) =  *  the chameleon hash value (see Box 1).

Security Analysis
For the purpose of analyzing the security aspect of our proposed ACP, we claim that attacker can not find the authentication value for communication node between   and   .These nodes require authentic value of the message to be communicated from   to   .First we ascertain that node   has been authenticated by node   using the chameleon hash value and then computes the authentication value    corresponding to    .The authentication value    is obtained by the shared session key and the security key   .However, only the communication nodes accept the session key  1  2 , and the only node   and the base station can have the security key   .Second, node   is preloaded with the chameleon hash value by the base station  HK BS along with node   and obtained   HK BS .However, the computed value of   HK BS needs some value of identity ID, secure hash key   , and security key   of node   .This way, the process can authenticate ID and the hash key because computing   HK BS is an elliptic curve discrete logarithm problem and attacker can not find  1, we have first given the computational cost of our ACP for three phases at base station and at node   considering the elliptic curve and hash chain components as below.
The notations we use in Tables 1 and 2 for the purpose of comparison are as follows: : one multiplication computation over an elliptic curve.
The total computational cost of proposed ACP is 4   + 1 ℎ during the authentication and key establishment phase at node   and its computational cost is 3   +1 ℎ +1 mul during the base station and 2   + 1 mul is the computational cost at the new node addition phase in Table 1.
Next, in Table 2, we have shown the comparison of the computational cost of our proposed ACP with Zhou et al. [4], Kim and Lee [8], Huang [7], and Lee et al. [11] scheme during authentication and key establishment phase.

Protocol
Time consumed during authentication phase Zhou et al. [4] 2.56 CPU time Kim and Lee [8] 1.57CPU time Huang [7] 0.895 CPU time Our scheme 0.256 CPU time From Table 2, it is evident that the proposed ACP has the lowest computational cost 4   + 1 ℎ as compared to other schemes.
Finally, we compare the time consumed at authentication phase during data transmission in CPU device with other schemes using Mathematica 7.0, shown in Table 3.
From Table 3, it is evident that the proposed ACP takes 0.256 seconds in CPU time which is less as compared to other protocols.

Conclusion
From the aforesaid sections, we conclude to say that our proposed ACP using the double trapdoor function and whose security is based on ECDLP is best suited to any WSN environment.The reason for being more secured is that it can resist many known attacks such as masquerading, replay, man-in-the-middle, and forgery attacks and has a special feature known as session key security and as shown in Tables 1, 2, and 3 it is more efficient as compared to many other existing protocols.

Table 1 :
Computational cost of the proposed protocol.

Table 2 :
Comparison of computation cost with other protocols.Even if the attacker obtains the user's information (  ,   , ( + )  ), then also the attacker cannot pass the authentication and key establishment phase, because he cannot compute the session key   .Hence, our ACP can resist man-in-middle attack.(6) Session Key Security.Our proposed ACP is well equipped with the session key security feature.Since only the communicating parties know the session key  1  2  and hence are aware of the security of the session key, consequently, they can only verify the user of the message.The session key  1  2  is not known to anyone because random values  1  and  2  are protected by the ECDLP.Therefore, the proposed ACP provides session key security as an additional feature.4.1.Efficiency.The computational cost of proposed ACP is calculated in Table 1 at different phases and these are compared with other such schemes in Table 2.For this purpose, in Table

Table 3 :
Comparison of time consumed with other protocols.