Wireless sensor networks (WSNs) consist of lightweight devices with low cost, low power, and short-ranged wireless communication. The sensors can communicate with each other to form a network. In WSNs, broadcast transmission is widely used along with the maximum usage of wireless networks and their applications. Hence, it has become crucial to authenticate broadcast messages. Key management is also an active research topic in WSNs. Several key management schemes have been introduced, and their benefits are not recognized in a specific WSN application. Security services are vital for ensuring the integrity, authenticity, and confidentiality of the critical information. Therefore, the authentication mechanisms are required to support these security services and to be resilient to distinct attacks. Various authentication protocols such as key management protocols, lightweight authentication protocols, and broadcast authentication protocols are compared and analyzed for all secure transmission applications. The major goal of this survey is to compare and find out the appropriate protocol for further research. Moreover, the comparisons between various authentication techniques are also illustrated.
Wireless sensor networks (WSNs) are rapidly growing in popularity due to the low cost solutions for a variety of challenges in the real-world. WSN has no infrastructure support, is quickly deployed in a region with several low-cost sensor nodes, is employed for monitoring the environment, and is rigid to maintain its security. It comprises huge number of resource sensor nodes, which are spatially dispersed in the hostile environment. The task of the sensor nodes is to sense the physical phenomena from their immediate neighbors and process and transfer the sensed data to the base stations. Multihop communication is preferred in WSN as the number of nodes is very large, and sensor nodes have constraints with respect to power, computation, communication, and storage.
Security in WSN becomes crucial since the nodes after the deployment cannot be manually maintained and observed. This situation becomes a major issue in WSN due to its network of communication. The authentication is provided to the data that can be sent or accessed by any node in the network. Also, it is critical to prevent and gain the information from the unauthorized users. As new threats and attack models are proposed, several kinds of authentication mechanisms have been introduced in WSN security. Authentication mechanism can be differentiated based on the following criteria: authenticating unicast, multicast, or broadcast messages, symmetric (shared key) or asymmetric (public key) cryptographic method, static, mobile, or both aspects of WSN.
Various researches have focused on point-to-point authentication mechanisms, which authenticate unicast messages [ checking the source identity from which the message originates, confirming the message integrity for ensuring the message originality.
Additionally, it offers precaution against (a) forgery, (b) replay attacks, and (c) impersonation, which are main features of the authentication mechanisms. There are two authentication mechanisms based on the cryptographic methods as discussed above. It can either be a symmetric method or an asymmetric method. The former methods use shared key cryptography, where both the sender and the receiver employ similar key in the process of authentication and verification. The latter case uses public key cryptography, where the sender signs a message with the private key and the receivers authenticate it by the respective public key.
In this survey, various existing authentication protocols in wireless sensor networks are discussed. A list of major issues and open research challenges are compared and analyzed. Moreover, an exhaustive survey on the available protocols for authentication in the wireless sensor networks and their applications is provided. The survey also contains the major aspects of examining the protocols on the basis of quality measurement as needed for authentication mechanisms. The comparison tables are provided for decision-making on the most appropriate protocols. It fulfils the requirements of the particular application scenario. This paper reviews several authentication protocols in WSN and its major contributions are listed as follows: comparison of various authentication protocols, information about several existing authentication protocols, analyses of various schemes with different parameters in the existing methodologies.
The rest of this paper is organized as follows. Section
Several WSN routing protocols are simple and are vulnerable to attacks from those works on routing in ad hoc networks. Most threats against WSNs fall into one of the following groups: spoofed, altered, or replayed routing information, selective forwarding, sinkhole attacks, Sybil attacks, wormholes, HELLO flood attacks, acknowledgment spoofing.
This attack targets the information of a routing exchanged between the nodes. Adversaries are able to establish routing loops, produce false messages, maximize end-to-end latency, and extend or reduce source routes, network partition, and more.
In this threat, malicious nodes may decline to forward particular messages and basically drop them. It makes sure that the malicious nodes are not propagated further as it behaves like a black hole; further all the received messages are rejected. The selective forwarding attacks are normally more efficient as the attacker is explicitly involved in the path of a data flow.
By establishing a metaphorical sinkhole with the adversary at the middle, the attacker’s goal is to get all the traffic within certain area via a compromised node. With respect to the routing algorithm, this attack can function by making a compromised node appear attractive to the nearby nodes. Various protocols might try to check the route quality with end-to-end acknowledgements comprising the information of reliability or latency.
In this attack, a single node offers several identities to the other nodes in the network. It can significantly minimize the effectiveness of the fault-tolerant systems. This attack also causes a significant attack to geographic routing protocols. By using this attack, an adversary can be in various places at once.
In the wormhole attack, an adversary in one part of the network can receive messages over a low-latency link and replay them in distinct parts via a tunnel. This attack usually includes two detached malicious nodes, which collude to minimize their distance from each other by replaying packets.
This attack is a novel attack introduced against sensor networks, where the nodes can be convinced by the adversary to trust that the adversary is its nearby neighbor. This can possibly transfer the fake information with high transmission power. Many packets request nodes to broadcast HELLO packets by assuming themselves as their neighbor nodes. A node thus reaching such a packet will assume that it is within the radio range of the sender.
This attack has the objective of proving to the sender that a dead node is still alive or a weak link is strong enough. Herein, an adversary can eliminate information transmitting to these dead nodes or weak links. Also, an adversary can eavesdrop packets addressed to the other nodes and identify which nodes are dead or weak.
Table
Several attacks and their corresponding security mechanisms in WSN.
Type of attack | Layer | Security mechanism |
---|---|---|
Jamming | Physical | ( |
( |
||
|
||
Tampering | Physical | ( |
|
||
Collision | Data link | ( |
|
||
Exhaustion | Data link | ( |
|
||
Replayed routing information | Network | ( |
( |
||
|
||
Selective forwarding attack | Network | ( |
( |
||
|
||
Sybil attack | Network | ( |
|
||
Sinkhole attack | Network | ( |
( |
||
( |
||
|
||
Wormhole attack | Network | ( |
|
||
HELLO flood attack | Network | ( |
( |
||
|
||
Flooding attack | Transport | ( |
( |
||
|
||
Clone attack | Application | ( |
WSNs share some common functionalities with a typical computer network as it is a special type of network. It also exhibits several characteristics that are unique to it. In WSNs, the most important requirements for security [ Data confidentiality: it ensures that no messages in the network are understood by the recipient. Also, it provides privacy for wireless communication channels such as mobile codes, application data, and control message so that overhearing is prevented. Availability: it guarantees the service presented either by the entire WSN or by any part of it. Authentication: before allowing a limited resource or revealing information, it authenticates the sensor nodes, cluster heads, and base stations. Authorization: only authorized nodes comprise a particular activity. Integrity: ensures that no message or an entity can be changed as it negotiates from the sender to the receiver. Freshness: it implies whether the data is recent and safeguards the network against replay attack. Nonrepudiation: it protects from the malicious nodes in order to hide their activities.
Towards design of efficient security solution, there are more challenges in the wireless sensor networks than wired networks. They are listed as follows: wireless nature of communication, resource inadequacy on sensor nodes, very large and dense sensor network, unknown network topology, dynamic network topology.
Authentication is a process by which the identity of a node in a network is verified and guarantees that the data or the control messages originate from an authenticated source. Various authentication procedures consist of one-way authentication, two-way or mutual authentication, three-way authentication, implicit authentication.
Only one message is transmitted from the sender node to the receiver node. This message will be able to create sender’s identity, message that is generated by the sender, message that is intended to the receiver, message that is not altered during transit.
Both entities can authenticate each other in a communication link. In WSN environments, this scheme not only means the authentication between normal nodes and the base station but also mentions the two counterparts that are secure of each other’s identity.
A third message from the sender to the receiver is sent once the clocks of the nodes cannot be synchronized.
Implicit authentication not only is accomplished as an independent process but also is the byproduct of other processes like key establishment. In WSNs, this type of authentication can minimize both operating complexity and energy consumption.
The authentication issues based on the node deployment are (a) static deployment and (b) dynamic deployment. In the former case, the nodes are static and are vulnerable to replay attacks. Authentication protocols should counteract these issues since the nodes are easily traceable. Some of the issues in the latter case are (a) moving node’s reauthentication, (b) node’s movement that should be untraceable, (c) message integrity, (d) confidentiality, and (e) node capture and compromise.
This section briefly discusses some of the popular authentication protocol schemes in wireless sensor networks.
WSN is deployed in a confined area that is separated into several zones. Using mobile devices, the authorized users can access and communicate with the sensor nodes within the WSN. This scheme [ the registration phase, the login phase, the authentication phase.
Initially, a user must register with a name and a password at the sensor gateway node before issuing any queries to the system. After successful registration, the user may submit a query to the WSN system at any time within a predefined period. Depending upon the nature of the application, the predefined time period must be set in a different way. The user needs to restart a new cycle by doing the registration again, while the predefined time period has expired. A dynamic user authentication allows the genuine user to query the sensor data from any one of the sensor nodes. It imposes very less computational load, which can be evaluated using simple strong-password based dynamic user authentication protocols for WSNs [
An enhanced lightweight user authentication scheme [
In order to consume less memory and energy, the lightweight schemes are introduced [ Initially, the trust is computed as positive integer in the range from 0 to 100. It computes only one byte of memory. This scheme does not directly store the computed value of trust in the transaction table. The memory consumption is reduced significantly as the trust level consumes only 3 bits of memory.
This scheme also enhances the packet delivery ratio using a trust management system. It significantly decreases the energy consumption by avoiding promiscuous operation mode.
An authentication and key establishment energy-efficient scheme [
This scheme has a good resilience to node capture attacks, and it scales properly with an arbitrarily huge number of nodes. Similarly, Secured Energy Conserving Slot-Based Topology Maintenance Protocol for Wireless Sensor Networks [
In WSN, the lightweight scheme for key management [ efficiency of resource consumption, scalability, backward and forward secrecy.
It requires less key storage space with minimal number of message exchanges. The advantages of this scheme are as follows: (a) it occupies less memory space, (b) consumes less energy, and (c) ensures lightweight key computation. Moreover, this scheme will resist node comprising attacks.
According to various requirements of WSN security, SPINS [ data confidentiality, data integrity, data authentication, freshness of weak message, protection of replay message.
A common solution to accomplish message authenticity and integrity is to employ a Message Authentication Code (MAC), which is added along with a message as a signature. The SNEP protocol seems to be feasible for WSN due to the function of the MAC value. The requirements of
In WSNs, LEAP offers multiple keying mechanisms to provide confidentiality and authentication [ an individual key shared with the BS, a pairwise key shared with the other WSNs, a cluster key shared with several neighboring nodes, a group key shared by all the nodes in the network.
The authentication scheme known as
Depending on the use of one-way key chains, LEAP consists of an efficient protocol for local broadcast authentication. It may protect or maximize the difficulty of introducing several security attacks in WSNs. In LEAP, the storage requirements per node are small and the procedures for establishment and updating of key are efficient. The major benefits of the LEAP protocol are as follows: (a) comprising
In this protocol [ implicit certificate generation process, hybrid key establishment process.
The impersonation attack is prevented by using certificates in the key establishment protocol. Here, a certificate is the simple key along with the device identity and certificate expiry date. This scheme has the major difficulty where each node must have direct communication with the CA that might be a bottleneck. The authors did not state the dynamic node reauthentication as well.
The preshared key-pair is not always present among the roaming nodes and new nearby nodes in dynamic WSNs. Consequently, it necessitates an efficient and scalable protocol for establishing and updating the keys between nodes for secure communication. Every sensor node maintains a table, namely, key cache to manage the keys. The procedure of key management [ Check whether there is an existing key pair among the sensor nodes. If not, process the subroutine of shared-key detection. The sensor node allots an entry in the key cache if there is no common key among them. Once the notice message is received, the session key is recalculated, and the sensor node updates the key stuff and key lifetime. The dynamic sensor node should reinitiate this procedure while the lifetime of the key expires. In order to save the storage, the sensor node eliminates the related entry from its cache table.
Thus, this efficient and scalable protocol is suitable for both the static and dynamic environments. This scheme has maximum probability of sharing a key and less communication cost.
There are two general methods for broadcast authentication in WSNs: digital signatures and
In order to overcome the difficulty of [
The most suitable WSN applications are self-healing key management schemes with broadcast authentication [
This system minimizes the time of signature verification using several short-lived public keys [
Four various public key-based methods are proposed to offer in-depth analysis of its benefits and limitations [ a straight-forward certificate-based method, direct storage-based system, bloom filter-based system, hybrid system.
A multiuser authentication scheme is employed for storing user IDs and public keys using bloom filter. The drawback of bloom filter is that it can be forged, and it cannot protect the DoS attack.
In WSNs, this scheme allows sensor nodes to authenticate broadcast message from the BS. The symmetric cryptographic primitives are used to accomplish the asymmetric property for broadcast authentication [ Initially, the signer must generate the pair of keys that consist of private key with private balls and public key with public balls. Based on the public balls, the private balls can be authenticated by a verifier. There are three phases present in this scheme: initial phase, signing phase, and verification phase. The sender produces the private key and its respective public key in the initial phase. A pseudo random generator generates a private key that is made of random numbers. The public key generation algorithm produces the public key that has hash values, and the sender employs the private key in the signing phase. In the verification phase, the receivers utilize the public key of the sender for validating the signature of the message. The signature scheme consumes less storage, less communication overhead, and high computation cost when compared to the HORS system. This scheme also employs few extra hash computations since storage is a more expensive resource than computation power in a sensor node.
This scheme has four major benefits over
This system is described for IP-enabled WSN based on 6LoWPAN [ Offline key assignment: a random number and single share of the public key are assigned to each entity of the network. The source and destination IP are employed for generating a particular ECC while considering the secure communication among two nodes in the network. Authentication: it allows a trusted node for accessing the network resources. Private key generation: the private key is generated as follows: Handover: it updates the private and the public keys of the nodes to avoid the node replication and Sybil attacks.
This system provides better results against several attacks and also takes less time for exchanging the key establishment packets. Furthermore, the Cooja can be analyzed for total energy consumption and overhead during the connectivity and handover.
The network of this scheme includes a fixed sink, network users, and a huge number of sensor motes. The sink that serves as a private key generator is liable to generate the private keys for users. It also has limited storage capacity. EIBAS scheme [ System initialization: at first, it generates a prime generator, and a bilinear pairing by the given security parameter. Then, a random number and four cryptographic hash functions are selected. Private key extraction: the private key that is generated by the sink should be obtained for the user along with an identity in order to join the WSN. Signature generation and message broadcast: initially, it picks a current timestamp, and then the user broadcasts the message in the sensor networks. Broadcast authentication: each sensor node checks its authenticity upon receiving the message. Once the verification process fails, the sensor node rejects the message. Or else, the authenticity of the received message is assured.
The pairing-optimal ID-based signature scheme is used to reduce the communication and computational costs. Among all the existing schemes, EIBAS method requires the shortest size of the broadcast message. Also, it minimizes the total energy consumption. Further, it can enhance the overall energy consumption with respect to the size of the network.
The lightweight authentication schemes [ Key predistribution: this phase is carried out before the network is deployed, that is, during the installing time of the node. Network initialization: this phase is the initial step for setting up the security of the network, and it is accomplished during the deployment of the network. Authentication: this process is carried out every time a new node requests to join the network as the earlier phase has been completed.
The advantage of this system is that it provides (a) a perfect resilience against node capture and (b) node-to-node identity authentication. This system is designed to require only one message to be exchanged, and, thus, it can be further investigated.
Another lightweight authentication scheme is TinyZKP [
A lightweight hashing system [ Initially, the input message is preprocessed by converting it into binary ASCII codes. It employs padding in the least significant position of the message to make it divisible by 512. If the length of the message is already a multiple of 512, then add an extra 512 zeros for improving the robustness of the algorithm. Thus, the preprocessed message is divided into 3 levels in a nested manner, which results in 512-, 64-, and 8-bit blocks, respectively. Then, the transformations take place for three nested levels to ensure the uniformity and also to minimize the storage overhead. The 3-level swapping is applied to receive the final hash digest.
This scheme shows that it is lightweight with respect to the communication, computation, energy efficiency, and storage overhead. It can further employ the generated hash digest in the node or message authentication in wireless sensor network.
CFA scheme [ Node initialization: a maximum number of compromised nodes are selected first, and then the adversary can inject falsified data without being detected if it exceeds the global security parameter. Report endorsement: a node enters this phase once it has an event report to be sent after sensor deployment. If nodes want to send an event report to the destination node, it first broadcasts an even report in the form of plaintext to its nearby nodes. En-route filtering: once the packet is received, the intermediate node verifies whether the attached endorsements are established by the distinct nodes. Once the verification fails, the packet will be dropped.
CFAEF has low filtering capability when compared to the other existing methods. Furthermore, various vulnerabilities can be analyzed numerically and theoretically based on the CFAEF scheme.
This framework is employed to apply a security policy towards the WSNs [ Initialization of provisioning authority (PA): an individual PA is generated for each group of nodes to be deployed. A master PA is responsible for creating the pairing information for each PA. Initialization of sensor key: each group and every node have a unique identity. Each node in the group is preloaded with the public information for group along with the unique identity-based key. Deployment of sensor: the sensors are deployed in groups over the intended area in a predetermined pattern. There is no need of additional bootstrapping for nodes to generate pairwise keys. Establishment of pairwise key: it can be established in either of the two ways: intragroup key establishment or intergroup key establishment.
It is resistant to node replication, Sybil, and wormhole attacks in WSNs. Furthermore, it may include multihop key establishment to improve the network capabilities.
This scheme [ low overhead, strong authenticity, immediate authentication, no time synchronization, resilience to node compromise attacks.
This scheme exploits one ECDSA signature for authenticating all broadcast messages. The authenticator in the extended block 0 is employed to authenticate the extended block 1. It contains the broadcast messages and only one authenticator. The process continues until
This scheme retains greater security besides low overhead and overcomes the defect of
The security of transferring the broadcast data becomes significant for the networks in hostile areas. Comprising a limited nodes of the network, an adversary initiates serious attacks against the network with high probability of node compromise. Byzantine attackers are considered with the similar authority as any other legitimate node. To prevent the attacks, the cryptographic services are required. Thus, the Authenticated Collaborative Rateless Broadcast (AuCRB) [ Based on a broadcast protocol, AuCRB is designed using rateless coding. Thus, it provides low communication and computation overhead. Instead of waiting for multiple packets, the nodes individually authenticate each received packet in order to perform authentication. Consequently, the receivers can immediately filter out bogus packet and also save energy. The malicious nodes in the network can be detected using the authentication information transmitted by the source. In the presence of the malicious nodes, it ensures data availability with very low latency. An adversary can compromise nodes and then inject bogus packets or mounts routing attacks by dropping or modifying the packets. Moreover, the scheme can be used while the packets are lost due to reasons other than the Byzantine attacks.
A simplified WSN in this scheme has three kinds of nodes: sensor node, transmission node, and sink node. At first, the sensor node groups the data and is composed of two nonoverlapping authentication groups. From the first data group, the watermark bits are computed and embedded into the next before transmission. Furthermore, sink synchronizes the data group and checks the watermark bits from computing and extraction. Lastly, the original data is restored.
In this scheme [ encoding, initialization, generating, embedding, decoding.
A new reversible watermarking authentication scheme is employed to verify the integrity and to restore the original data. After watermark embedding, the sensor nodes immediately transmit the data packet, and, thus, the delay will not affect the real-time stream. This technique has no communication, computation, and storage overhead. Further, it can be incorporated with the other techniques for better performance.
In WSNs, key management is an important challenging issue as in [ distributing the keys in a dynamic method before deployment, a dynamic authentication and key establishment methodology with the modules as follows: key predistribution, which is the step based on Elliptic Curve Cryptography (ECC), pairwise key agreement establishment, which permits a node to discover its neighbors and also for establishing secure paths with an authentication phase.
While minimizing the communication overhead and energy consumption, this scheme ensures an enhanced security level. It also resists against compromise node.
Several authentication protocols for secure wireless sensor networks are depicted. The result of the survey is shown in Table
Information about different authentication protocols in wireless sensor networks.
Techniques | Author and reference | Year | Performance | Quality measurement |
---|---|---|---|---|
Lightweight authentication protocols | ||||
Lightweight authentication protocol (LAP) for smart dust WSNs | Sharifi et al. [ |
2009 | LAP employs comparatively fewer keys to accomplish security for nodes before deployment and minimizes the communication overhead | ( |
Lightweight authentication scheme for WSNs |
Delgado-Mohatar et al. [ |
2011 | This scheme employs symmetric cryptography and encryption algorithm to provide perfect resilience against various attacks | ( |
Lightweight authentication for recovery in WSNs | Li et al. [ |
2009 | This scheme is used to recluster and reprogram the nodes in a WSN | ( |
Lightweight protocol | Shah et al. [ |
2014 | This protocol utilizes Fermat Number Transform (FNT) and Chinese Remainder Theorem (CRT) for enabling secure communication | ( |
LSec: Lightweight Security protocol for WSN | Shaikh et al. [ |
2006 | LSec offers authentication and authorization of sensor nodes. Also, it provides simple key exchange scheme and data confidentiality | ( |
Lightweight security framework |
Zia and Zomaya [ |
2011 | This mechanism ensures a sensor node to base station and also has better total security for WSNs | ( |
Self-key establishment protocol for WSNs | Sharifi et al. [ |
2009 | SKEW uses a refreshing mechanism for offering greater security. It does not need a particular key server for key broadcasting | ( |
|
||||
Key management protocols | ||||
LEAP: localized encryption and authentication protocol | Zhu et al. [ |
2006 | Based on the use of one-way key chains, LEAP comprises an efficient protocol for local broadcast authentication. It maximize the difficulty of introducing various security attacks on WSN | ( |
BROSK: broadcast session key |
Camtepe and Yener [ |
2005 | BROSK uses master key for establishing session key. It is the master key based key distribution solutions | ( |
LKHW: logical key hierarchical for wireless sensor networks | Pietro et al. [ |
2003 | LKHW offers secure multicasting using an extension of the directed diffusion protocol. It also supports both backward and forward secrecy | ( |
Random key distribution scheme | Du et al. [ |
2004 | This scheme uses the deployment knowledge and accomplishes the level of connectivity. It also enhances the resilience of the network against node capture | ( |
Pairwise keys in sensor networks | Liu et al. [ |
2005 | This system enables sensor nodes to communicate securely with each other via the cryptographic methods | ( |
|
||||
MAC-based broadcast authentication protocols | ||||
Multiple TESLA | Perrig et al. [ |
2005 | This protocol addresses the scalability of TESLA minimizing the congestion load using distributed and secure time servers | ( |
Ullah et al. [ |
2011 | This protocol saves energy by minimizing the size of transmitted packets | ( |
|
Multilevel |
Liu and Ning [ |
2004 | This scheme offers a solution for the unicast bootstrapping problem of |
( |
Scalable |
Liu et al. [ |
2005 | This scheme improves scalability by maximizing the number of senders. For the distribution of initial parameters and commitments, the Merkle hash tree is used in |
( |
Regular predictable TESLA (RPT) |
Luk et al. [ |
2006 | RPT offers an immediate solution to the authentication delay problem | ( |
BABRA |
Zhou and Fang [ |
2006 | This scheme is based on |
( |
Unbounded one-way chains | Groza [ |
2008 | This scheme overcomes the limitation of length of key chains in standard TESLA using squaring function | ( |
Long duration TESLA | Liu et al. [ |
2012 | This protocol modifies the creation of the key chain and also overcomes the limited length of one-way key chain used in |
( |
TESLA++ | Studer et al. [ |
2009 | In this protocol, only the MAC of the message is broadcast with the index number of the recent key | ( |
Localized TESLA (L-TESLA) | Drissi and Gu [ |
2006 | This minimizes the authentication delay by partitioning a large network to multiple smaller subsets | ( |
Extended TESLA (X-TESLA) | Kwon and Hong [ |
2010 | The major purpose of this protocol is to save energy and avoid data-memory trade-off attacks | ( |
Table It detects the wrong input information in the earlier stage of the login phase. It is efficient with respect to the computation and communication complexities during the authentication phase. It resists towards insider (clone) attack.
The system can yield better energy consumption, communication overhead, and computation overhead than the other existing protocols.
Several authentication mechanisms and lightweight schemes were compared and analyzed with respect to various parameters [
Comparison of existing and lightweight authentication schemes.
Authentication protocols | Source authentication | Data integrity | Immediate authentication | Time synchronization | Communication overhead | Computation overhead | Cryptographic method | DoS Resistance | Robustness to packet loss | Message Cost |
---|---|---|---|---|---|---|---|---|---|---|
TESLA | Yes | Yes | No | Yes | Low | Low | MD5 | No | Yes | 2 |
Yes | Yes | No | Yes | Low | Low | MD5 | No | Yes | 3 | |
Multilevel |
Yes | Yes | No | Yes | Low | Low | MD5 | Yes | Yes | 3 |
BABRA | Yes | Yes | No | No | Low | Low | MD5 | Yes | Yes | 3 |
Unbounded key chains | Yes | Yes | No | Yes | Low | Medium | SHA-1 | No | Yes | 2 |
L-TESLA | Yes | Yes | No | Yes | Low | Low | MD5 | No | Yes | 3 |
X-TESLA | Yes | Yes | No | Yes | Low | Low | MD5 | Yes | Yes | 3 |
TESLA++ | Yes | Yes | No | Yes | Low | Low | MD5 | Yes | Yes | 2 |
RPT | Yes | Yes | No | Yes | Low | Low | MD5 | No | Yes | 3 |
Hierarchical key chains | Yes | Yes | No | Yes | Very Low | Very Low | SHA-1 | No | Yes | 1 |
Lightweight scheme | Yes | Yes | No | Yes | Very Low | Very Low | SHA-1 | No | Yes | 1 |
This parameter is used for the broadcast transmissions that validates the source ID from which the message originates. It is performed by each of the receiver(s) receiving a broadcasted message.
In data integrity, the content of the message makes sure that it has not been modified during transmission after being transmitted by the sender and before being established by the receivers.
Immediate authentication is accomplished when there is no delay between the message reception and its acceptance/rejection. Most of the MAC protocols do not support this criterion and are not applicable in highly time critical systems.
This security condition check helps the receivers by making sure that the respective key has not been released by the sender at the time when a message is received.
The message cost includes the total number of messages required for authentication. If there are more number of message exchanges, the message cost will be high and vice versa.
Most of the sensor networks and vehicular networks using MAC based protocols require low communication overhead, whereas the digital signature (DS) based protocols are influenced by the public key size.
Depending upon the message cost, the communication overhead is determined for the authentication protocols. The protocols such as TESLA,
The sending side suffers from more computation overhead whereas the receiver computation overhead is negligible. Authentication increases computation overhead that is accountable in both signature generation and verification.
The protocols such as TESLA,
It uses either symmetric key MAC systems or asymmetric key DS systems, wherein the DS systems can be either one time systems or public key based systems. The names of the specific symmetric or asymmetric approaches used in the protocols are mentioned in the Table
A protocol is considered as DoS resistant as it offers a countermeasure for one or more of the DoS attacks such as flooding and jamming. It is necessary to make sure that the broadcast authentication protocol executes its activities without interruption.
It is used in terms of loss of authentication information. Most of the TESLA-based schemes use one-way key chains where, once a key is lost, it can be recovered from future keys. It is robust and does not require separate authentication packets.
Based on the above discussion, the future direction of our research incorporates a secure lightweight scheme [ It uses symmetric cryptography with minimum encryption using hash functions. It provides node-to-node identity authentication. It is efficient with respect to the computation and communication complexities during the authentication phase. It resists towards insider (clone) attack with denial of service attacks.
The proposed system will yield better energy consumption, communication overhead, and computation overhead than the existing mechanisms.
Security is the major concern for the energy-constrained WSN due to the broad security applications. In recent years, security has attracted a lot of attention and it is very challenging to design strong security protocols. Several schemes proposed on authentication are analyzed to accomplish confidentiality and authenticity of nodes. Most authentication mechanisms focus only on security, while others offer proper scalability, minimized communication, and computation overhead. The authentication is an efficient methodology to repel various attacks as it requires sharing of keys. It is therefore evident from the literature that an authentication scheme can reduce the computation cost and save energy. Based on our comparisons and study, we conclude that authentication mechanism has been widely used nowadays but still suffers from the following issues such as complex management of public key infrastructure and computational bottleneck which have to be resolved by future research.
The authors declare that there is no conflict of interests regarding the publication of this paper.