{"title":"A Privacy-Preserving Three-Factor Authentication System for IoT-Enabled Wireless Sensor Networks","authors":"Garima Thakur , Sunil Prajapat , Pankaj Kumar , Chien-Ming Chen","doi":"10.1016/j.sysarc.2024.103245","DOIUrl":null,"url":null,"abstract":"<div><p>Recently, Sahoo et al. introduced a three-factor authentication scheme for Wireless Sensor Networks (WSNs) based on an elliptic curve cryptosystem. Nonetheless, upon closer examination, we have identified critical vulnerabilities in their scheme, including susceptibility to user impersonation, gateway impersonation, sensor node impersonation attacks, and a breach in the three-factor security aspect. Further, the scheme fails to withstand offline sensor node identity guessing attacks, man-in-the-middle attacks, and known session-specific temporary information attacks. Intending to elevate both security and efficiency, we propose a novel three-factor authentication scheme that capitalizes on the strengths of a fuzzy extractor and a cryptographic one-way hash function. The proposed scheme’s security has been rigorously assessed using the SCYTHER tool, confirming its validity under the real-or-random (ROR) model. Moreover, a heuristic analysis exemplifies that the scheme effectively withstands various known cryptographic attacks. Consequently, the performance comparisons establish the superiority of our scheme over related approaches in terms of security and efficiency. Additionally, its suitability for WSNs is evident due to the minimal overhead on the sensor nodes, making it a highly promising solution for real-world implementation.</p></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"154 ","pages":"Article 103245"},"PeriodicalIF":3.7000,"publicationDate":"2024-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762124001826","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
Abstract
Recently, Sahoo et al. introduced a three-factor authentication scheme for Wireless Sensor Networks (WSNs) based on an elliptic curve cryptosystem. Nonetheless, upon closer examination, we have identified critical vulnerabilities in their scheme, including susceptibility to user impersonation, gateway impersonation, sensor node impersonation attacks, and a breach in the three-factor security aspect. Further, the scheme fails to withstand offline sensor node identity guessing attacks, man-in-the-middle attacks, and known session-specific temporary information attacks. Intending to elevate both security and efficiency, we propose a novel three-factor authentication scheme that capitalizes on the strengths of a fuzzy extractor and a cryptographic one-way hash function. The proposed scheme’s security has been rigorously assessed using the SCYTHER tool, confirming its validity under the real-or-random (ROR) model. Moreover, a heuristic analysis exemplifies that the scheme effectively withstands various known cryptographic attacks. Consequently, the performance comparisons establish the superiority of our scheme over related approaches in terms of security and efficiency. Additionally, its suitability for WSNs is evident due to the minimal overhead on the sensor nodes, making it a highly promising solution for real-world implementation.
期刊介绍:
The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software.
Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
