Journal
JOURNAL OF INFORMATION SECURITY AND APPLICATIONS
Volume 34, Issue -, Pages 133-141Publisher
ELSEVIER SCIENCE BV
DOI: 10.1016/j.jisa.2017.04.002
Keywords
Iot; Wireless sensor network; Authentication Key agreement; Integrity
Categories
Funding
- Ministry of Science and Technology [MOST 104-2221-E-025-006, MOST 105-2221-E-034-014-]
Ask authors/readers for more resources
In 2014, Turkanovic et al. applied the Internet of Things (IoT) notion to wireless sensor networks (WSNs) and proposed a user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks with lightweight computational operations. In 2015, Chang et al. find that Turkanovic et al.'s scheme possesses two drawbacks that can be overcome with simple modification. After further analyzing Turkanovic et al.'s scheme, we find that their scheme suffers from two fatal security flaws. First, user anonymity is not provided as claimed. Second, an attacker can obtain the session key shared between a normal sensor node and the user who has ever connected to a compromised sensor node. In this paper, we explicitly show the found security flaws and propose an improvement by taking the following into consideration: (1) user anonymity, (2) no complex computations, (3) mutual authentication between any two of a gateway node, a sensor node, and the user, (4) user friendly, and (5) ensuring the correctness of the session key earlier. (C) 2017 Elsevier Ltd. All rights reserved.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available