Garima Thakur, Mohammad S. Obaidat, Piyush Sharma, Sunil Prajapat, Pankaj Kumar
{"title":"A provably secure authenticated key agreement protocol for industrial sensor network system","authors":"Garima Thakur, Mohammad S. Obaidat, Piyush Sharma, Sunil Prajapat, Pankaj Kumar","doi":"10.1002/cpe.8250","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>The convergence of reliable and self-organizing characteristics of Wireless Sensor Networks (WSNs) and the IoT has increased the utilization of WSN in different scenarios such as healthcare, industrial units, battlefield monitoring and so forth, yet has also led to significant security risks in their deployment. So, several researchers are developing efficient authentication frameworks with various security and privacy characteristics for WSNs. Subsequently, we review and examine a recently proposed robust key management protocol for an industrial sensor network system. However, their work is incompetent to proffer expedient security and is susceptible to several security attacks. We demonstrate their vulnerabilities against man-in-the-middle attacks, privileged insider attacks, secret key leakage attacks, user, gateway, and sensor node impersonation attacks, and offline password-guessing attacks. We further highlight the design flaw of no session key agreement in Itoo et al. Therefore to alleviate the existing security issues, we devise an improved key agreement and mutual authentication framework. Our protocol outperforms Itoo et al.'s drawbacks, as demonstrated by the comprehensive security proof performed using the real-or-random (ROR) model and the formal verification accomplished using the Automated Validation of Internet Security Protocols (AVISPA) tool.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"36 23","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2024-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.8250","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0
Abstract
The convergence of reliable and self-organizing characteristics of Wireless Sensor Networks (WSNs) and the IoT has increased the utilization of WSN in different scenarios such as healthcare, industrial units, battlefield monitoring and so forth, yet has also led to significant security risks in their deployment. So, several researchers are developing efficient authentication frameworks with various security and privacy characteristics for WSNs. Subsequently, we review and examine a recently proposed robust key management protocol for an industrial sensor network system. However, their work is incompetent to proffer expedient security and is susceptible to several security attacks. We demonstrate their vulnerabilities against man-in-the-middle attacks, privileged insider attacks, secret key leakage attacks, user, gateway, and sensor node impersonation attacks, and offline password-guessing attacks. We further highlight the design flaw of no session key agreement in Itoo et al. Therefore to alleviate the existing security issues, we devise an improved key agreement and mutual authentication framework. Our protocol outperforms Itoo et al.'s drawbacks, as demonstrated by the comprehensive security proof performed using the real-or-random (ROR) model and the formal verification accomplished using the Automated Validation of Internet Security Protocols (AVISPA) tool.
期刊介绍:
Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of:
Parallel and distributed computing;
High-performance computing;
Computational and data science;
Artificial intelligence and machine learning;
Big data applications, algorithms, and systems;
Network science;
Ontologies and semantics;
Security and privacy;
Cloud/edge/fog computing;
Green computing; and
Quantum computing.