Security and Privacy Analysis of Vinoth et al.’s Authenticated Key Agreement Scheme for Industrial IoT
Abstract
:1. Introduction
1.1. Industrial IoT Sensing Model and Its Authenticated Key Agreement Scheme
1.1.1. Industrial IoT Sensing Model
1.1.2. Authenticated Key Agreement Scheme
1.2. Related Work
1.3. Our Contributions
2. Review of Vinoth et al.’s Authenticated Key Agreement Scheme
2.1. Scheme Description
2.1.1. Offline Sensing Device Registration Phase
2.1.2. User Registration Phase
2.1.3. Login Phase
2.1.4. Authenticated Key Agreement Phase
2.2. Vinoth et al.’s Security Assumption
3. User Impersonation Attack
3.1. Impersonation of IoT Sensing Devices
3.2. Impersonation of Other Users
3.3. Impersonation of GWN
3.4. Further Disscussion
4. IoT Sensing Device Impersonation Attacks
4.1. Impersonation of Users
4.2. Impersonation of GWN
4.3. Impersonation of Other IoT Sensing Devices
4.4. Further Disscussion
5. Replay Attack
6. Desynchronization Attack
7. Weakness of User Privacy
8. Conclusions and Future Work
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Hirman, M.; Benesova, A.; Sima, K.; Steiner, F.; Tupa, J. Design, fabrication and risk assessment of IoT unit for products manufactured in industry 4.0 factory. Procedia Manuf. 2020, 51, 1178–1183. [Google Scholar] [CrossRef]
- Macioszek, E.; Kurek, A. Extracting road traffic volume in the city before and during COVID-19 through video remote sensing. Remote Sens. 2021, 13, 2329. [Google Scholar] [CrossRef]
- Hassija, V.; Chamola, V.; Saxena, V.; Jain, D.; Goyal, P.; Sikdar, B. A survey on IoT security: Application areas, security threats, and solution architectures. IEEE Access 2019, 7, 82721–82743. [Google Scholar] [CrossRef]
- Vinoth, R.; Deborah, L.J.; Vijayakumar, P.; Kumar, N. Secure multifactor authenticated key agreement scheme for industrial IoT. IEEE Internet Things J. 2021, 8, 288–296. [Google Scholar] [CrossRef]
- Kumari, S.; Khan, M.K.; Atiquzzaman, M. User authentication schemes for wireless sensor networks: A review. Ad Hoc Netw. 2015, 27, 159–194. [Google Scholar] [CrossRef]
- Singh, D.; Kumar, B.; Singh, S.; Chand, S. Evaluating authentication schemes for real-time data in wireless sensor network. Wirel. Pers. Commun. 2020, 114, 629–655. [Google Scholar] [CrossRef]
- Sun, D.Z.; Li, J.X.; Feng, Z.Y.; Cao, Z.F.; Xu, G.Q. On the security and improvement of a two-factor user authentication scheme in wireless sensor networks. Pers. Ubiquitous Comput. 2013, 17, 895–905. [Google Scholar] [CrossRef]
- Wang, D.; Wang, P. Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw. 2014, 20, 1–15. [Google Scholar] [CrossRef]
- Jiang, Q.; Ma, J.; Lu, X.; Tian, Y.L. An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-Peer Netw. Appl. 2015, 8, 1070–1081. [Google Scholar] [CrossRef]
- Wei, F.; Zhang, R.; Shen, J. A Provably Secure Two-Factor Authenticated Key Exchange Protocol for Wireless Sensor Networks Based on Authenticated Encryption. In Lecture Notes on Data Engineering and Communications Technologies, Proceedings of the 11th International Conference on Advances on Broad-Band Wireless Computing, Communication and Applications (BWCCA 2016), Asan, Korea, 5–7 November 2016; Barolli, L., Xhafa, F., Yim, K., Eds.; Springer: Cham, Switzerland, 2017; Volume 2, pp. 849–855. [Google Scholar]
- Wu, F.; Xu, L.L.; Kumari, S.; Li, X. A new and secure authentication scheme for wireless sensor networks with formal proof. Peer-Peer Netw. Appl. 2017, 10, 16–30. [Google Scholar] [CrossRef]
- Wu, F.; Li, X.; Sangaiah, A.K.; Xu, L.L.; Kumari, S.; Wu, L.X.; Shen, J. A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Future Gener. Comput. Syst. 2018, 82, 727–737. [Google Scholar] [CrossRef]
- Chandrakar, P. A secure remote user authentication protocol for healthcare monitoring using wireless medical sensor networks. Int. J. Ambient Comput. Intell. 2019, 10, 6. [Google Scholar] [CrossRef] [Green Version]
- Kaur, D.; Kumar, D. Cryptanalysis and improvement of a two-factor user authentication scheme for smart home. J. Inf. Secur. Appl. 2021, 58, 102787. [Google Scholar]
- Qi, M.P.; Chen, J.H. Secure authenticated key exchange for WSNs in IoT applications. J. Supercomput. 2021. [Google Scholar] [CrossRef]
- Das, A.K. An efficient and novel three-factor user authentication scheme for large-scale heterogeneous wireless sensor networks. Int. J. Commun. Netw. Distrib. Syst. 2015, 15, 22–60. [Google Scholar] [CrossRef]
- Das, A.K. A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-Peer Netw. Appl. 2016, 9, 223–244. [Google Scholar] [CrossRef]
- Wang, C.Y.; Xu, G.A.; Sun, J. An enhanced three-factor user authentication scheme using elliptic curve cryptosystem for wireless sensor networks. Sensors 2017, 17, 2946. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Wu, F.; Xu, L.L.; Kumari, S.; Li, X. An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer-Peer Netw. Appl. 2018, 11, 1–20. [Google Scholar] [CrossRef]
- Shin, S.; Kwon, T. A lightweight three-factor authentication and key agreement scheme in wireless sensor networks for smart homes. Sensors 2019, 19, 2012. [Google Scholar] [CrossRef] [Green Version]
- Luo, H.G.; Wen, G.J.; Su, J. Lightweight three factor scheme for real-time data access in wireless sensor networks. Wirel. Netw. 2020, 26, 955–970. [Google Scholar] [CrossRef]
- Jabbari, A.; Mohasef, J.B. Improvement of a user authentication scheme for wireless sensor networks based on internet of things security. Wirel. Pers. Commun. 2021, 116, 2565–2591. [Google Scholar] [CrossRef]
- Jiang, Q.; Kumar, N.; Ma, J.F.; Shen, J.; He, D.B.; Chilamkurti, N. A privacy-aware two-factor authentication protocol based on elliptic curve cryptography for wireless sensor networks. Int. J. Netw. Manag. 2017, 27, e1937. [Google Scholar] [CrossRef]
- Adavoudi-Jolfaei, A.; Ashouri-Talouki, M.; Aghili, S.F. Lightweight and anonymous three-factor authentication and access control scheme for real-time applications in wireless sensor networks. Peer-Peer Netw. Appl. 2019, 12, 43–59. [Google Scholar] [CrossRef]
- Lu, Y.R.; Xu, G.Q.; Li, L.X.; Yang, Y.X. Anonymous three-factor authenticated key agreement for wireless sensor networks. Wirel. Netw. 2019, 25, 1461–1475. [Google Scholar] [CrossRef]
- Sadri, M.J.; Asaar, M.R. A lightweight anonymous two-factor authentication protocol for wireless sensor networks in internet of vehicles. Int. J. Commun. Syst. 2020, 33, e4511. [Google Scholar] [CrossRef]
- Far, H.A.N.; Bayat, M.; Das, A.K.; Fotouhi, M.; Pournaghi, S.M.; Doostari, M.A. LAPTAS: Lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-based IIoT. Wirel. Netw. 2021, 27, 1389–1412. [Google Scholar]
- Das, A.K.; Sutrala, A.K.; Kumari, S.; Odelu, V.; Wazid, M.; Li, X. An efficient multi-gateway-based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks. Secur. Commun. Netw. 2016, 9, 2070–2092. [Google Scholar] [CrossRef] [Green Version]
- Amin, R.; Biswas, G.P. A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Netw. 2016, 36, 58–80. [Google Scholar] [CrossRef]
- Wu, F.; Xu, L.L.; Kumari, S.; Li, X.; Shen, J.; Choo, K.K.R.; Wazid, M.; Das, A.K. An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment. J. Netw. Comput. Appl. 2017, 89, 72–85. [Google Scholar] [CrossRef]
- Sutrala, A.K.; Das, A.K.; Reddy, A.G.; Vasilakos, A.V.; Rodrigues, J.J.P.C. On the design of secure user authenticated key management scheme for multigateway-based wireless sensor networks using ECC. Int. J. Commun. Syst. 2018, 31, e3514. [Google Scholar] [CrossRef]
- Guo, H.; Gao, Y.; Xu, T.G.; Zhang, X.Y.; Ye, J.F. A secure and efficient three-factor multi-gateway authentication protocol for wireless sensor networks. Ad Hoc Netw. 2019, 95, 101965. [Google Scholar] [CrossRef]
- Lee, J.; Yu, S.; Park, K.; Park, Y.; Park, Y. Secure three-factor authentication protocol for multi-gateway IoT environments. Sensors 2019, 19, 2358. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Xu, L.L.; Wu, F. A lightweight authentication scheme for multi-gateway wireless sensor networks under IoT conception. Arab. J. Sci. Eng. 2019, 44, 3977–3993. [Google Scholar] [CrossRef]
- Wang, D.; Hong, S.H.; Wang, Q.X. Revisiting a multifactor authentication scheme in industrial IoT. Secur. Commun. Netw. 2021, 2021, 9995832. [Google Scholar] [CrossRef]
- Vinoth, R.; Deborah, L.J. An efficient key agreement and authentication protocol for secure communication in industrial IoT applications. J. Ambient Intell. Humaniz. Comput. 2021. [Google Scholar] [CrossRef]
- Gupta, M.; Chaudhari, N.S. Anonymous two factor authentication protocol for roaming service in global mobility network with security beyond traditional limit. Ad Hoc Netw. 2019, 84, 56–67. [Google Scholar] [CrossRef]
- Wang, F.F.; Xu, G.A.; Gu, L.Z. A secure and efficient ECC based anonymous authentication protocol. Secur. Commun. Netw. 2019, 2019, 4656281. [Google Scholar] [CrossRef]
- Jiang, Q.; Zhang, N.; Ni, J.B.; Ma, J.F.; Ma, X.D.; Choo, K.K.R. Unified biometric privacy preserving three-factor authentication and key agreement for cloud-assisted autonomous vehicles. IEEE Trans. Veh. Technol. 2020, 69, 9390–9401. [Google Scholar] [CrossRef]
- Canetti, R.; Krawczyk, H. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In Lecture Notes in Computer Science, Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2001), Innsbruck, Austria, 6–10 May 2001; Pfitzmann, B., Ed.; Springer: Berlin/Heidelberg, Germany, 2001; Volume 2045, pp. 453–474. [Google Scholar]
- Bellare, M.; Rogaway, P. Provably Secure Session Key Distribution—The Three Party Case. In Proceedings of the 27th ACM Symposium on the Theory of Computing (STOC’95), Las Vegas, NV, USA, 29 May–1 June 1995; ACM: New York, NY, USA, 1995; pp. 57–66. [Google Scholar]
Term | Definition |
---|---|
GWN, U | Gateway node and user |
Sj | jth IoT sensing device |
IDGWN, IDU, IDSj | GWN’s, U’s, and Sj’s identities |
TIDU | U’s temporary identity for user anonymity |
γ, KGWN | GWN’s long-term secret keys |
KGWN-U | Long-term secret key shared by GWN and U |
PW | U’s password |
B, BK, τ | U’s biometrics, biometrics key, and public reproduction parameter |
sj, fj, kj | Sj’s secret parameters |
KGWN-Sj | Secret key shared by GWN and Sj |
KU-Sj | Secret session key shared by U and Sj |
rGWN, rU, RN | Random numbers |
TS1, TS2, TS3, TS4,TS1′, TS2′, TS3′, TS4′ | Timestamps |
ΔTS | Maximum transmission delay |
φ() | Vinoth et al.’s access structure function [4] |
Gen()/Rep() | Generation algorithm/reproduction algorithm using biometrics fuzzy extractor |
h() | Cryptographic hash function |
EK()/DK() | Encryption algorithm/decryption algorithm using secret key K |
mod | Congruent |
⊕, ‖ | Bitwise exclusive-or and concatenation |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the author. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Sun, D.-Z. Security and Privacy Analysis of Vinoth et al.’s Authenticated Key Agreement Scheme for Industrial IoT. Symmetry 2021, 13, 1952. https://doi.org/10.3390/sym13101952
Sun D-Z. Security and Privacy Analysis of Vinoth et al.’s Authenticated Key Agreement Scheme for Industrial IoT. Symmetry. 2021; 13(10):1952. https://doi.org/10.3390/sym13101952
Chicago/Turabian StyleSun, Da-Zhi. 2021. "Security and Privacy Analysis of Vinoth et al.’s Authenticated Key Agreement Scheme for Industrial IoT" Symmetry 13, no. 10: 1952. https://doi.org/10.3390/sym13101952
APA StyleSun, D. -Z. (2021). Security and Privacy Analysis of Vinoth et al.’s Authenticated Key Agreement Scheme for Industrial IoT. Symmetry, 13(10), 1952. https://doi.org/10.3390/sym13101952