Wireless Personal Communications

, Volume 95, Issue 3, pp 3141–3166 | Cite as

Improving Security of Lightweight Authentication Technique for Heterogeneous Wireless Sensor Networks

  • Chandra Sekhar Vorugunti
  • Bharavi Mishra
  • Ruhul Amin
  • Rakesh P. Badoni
  • Mrudula Sarvabhatla
  • Dheerendra Mishra


One of the great application of user authentication and key agreement protocol is to access sensor information securely over the insecure networks. Recently, Kalra and Sood proposed an efficient smart card based authentication protocol to exchange confidential information securely between the user and sensor node. We review the security of Kalra and Sood scheme and observe that their scheme is vulnerable to stolen smart card attack, stolen verifier attack and impersonation attack. The entire analysis indicates that there is a need of secure and user-friendly authentication mechanism for wireless sensor networks (WSNs). To ensure secure communication in WSNs, we improve the security of the authentication mechanism for WSNs. The main intention of this paper is to confiscate the mentioned security attacks by proposing an efficient authentication protocol using smart card. To validate security attributes, we have used well-popular AVISPA simulation tool whose results shows that the proposed protocol is SAFE under OFMC and CL-AtSe models. Further, the performance analysis shows its efficiency.


Wireless sensor networks Authentication Security 


  1. 1.
    Amin, R., & Biswas, G. P. (2016). A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Networks,  36, 58–80. Google Scholar
  2. 2.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P. H., Héam, P.-C., Kouchnarenko, O., & Mantovani, J., et al. (2005). The avispa tool for the automated validation of internet security protocols and applications. In Computer Aided Verification. Springer, pp. 281–285.Google Scholar
  3. 3.
    Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed on January 2014.
  4. 4.
    Basin, D., Mödersheim, S., & Vigano, L. (2005). Ofmc: A symbolic model checker for security protocols. International Journal of Information Security, 4(3), 181–208.CrossRefGoogle Scholar
  5. 5.
    Boyd, C., & Mathuria, A. (2003). Protocols for authentication and key establishment. Berlin: Springer.CrossRefMATHGoogle Scholar
  6. 6.
    Chen, T.-H., & Shih, W.-K. (2010). A robust mutual authentication protocol for wireless sensor networks. Etri Journal, 32(5), 704–712.CrossRefGoogle Scholar
  7. 7.
    Das, M. L. (2009). Two-factor user authentication in wireless sensor networks. IEEE Transactions on Wireless Communications, 8(3), 1086–1090.MathSciNetCrossRefGoogle Scholar
  8. 8.
    Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Eisenbarth, T. Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., & Shalmani, M. T. M. (2008). On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In Advances in Cryptology-CRYPTO. Springer, 2008, pp. 203–220.Google Scholar
  10. 10.
    He, D., Kumar, N., & Chilamkurti, N. (2015). A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Information Sciences 321, 263–277. doi:10.1016/j.ins.2015.02.010. http://www.sciencedirect.com/science/article/pii/S0020025515001012.
  11. 11.
    He, D., Gao, Y., Chan, S., Chen, C., & Bu, J. (2010). An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc and Sensor Wireless Networks, 10(4), 361–371.Google Scholar
  12. 12.
    He, D., Zhang, Y., & Chen, J. (2014). Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wireless Personal Communications, 74(2), 229–243.CrossRefGoogle Scholar
  13. 13.
    Huang, B., Khan, M., Wu, L., Muhaya, F., & He, D. (2015). An efficient remote user authentication with key agreement scheme using elliptic curve cryptography. Wireless Personal Communications. doi:10.1007/s11277-015-2735-1.Google Scholar
  14. 14.
    Jin, A. T. B., Ling, D. N. C., & Goh, A. (2004). Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition, 37(11), 2245–2255.CrossRefGoogle Scholar
  15. 15.
    Kalra, S., & Sood, S. K. (2015). Advanced password based authentication scheme for wireless sensor networks. Journal of Information Security and Applications, 20, 37–46.CrossRefGoogle Scholar
  16. 16.
    Khan, M. K., & Alghathbar, K. (2010). Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors, 10(3), 2450–2459.CrossRefGoogle Scholar
  17. 17.
    Kocher, K., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in Cryptology CRYPTO’99. Springer, pp. 388–397.Google Scholar
  18. 18.
    Maitra, T., Amin, R., Giri, D., & Srivastava, P. D. (2016). An efficient and robust user authentication scheme for hierarchical wireless sensor networks without tamper-proof smart card. International Journal of Network Security, 18(1), 553–564.Google Scholar
  19. 19.
    Messerges, T. S., Dabbish, E., Sloan, R. H., et al. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.MathSciNetCrossRefGoogle Scholar
  20. 20.
    Mishra, D. (2015). On the security flaws in id-based password authentication schemes for telecare medical information systems. Journal of Medical Systems, 39(1), 1–16.MathSciNetCrossRefGoogle Scholar
  21. 21.
    Mishra, D. (2015). Design and analysis of a provably secure multi-server authentication scheme. Wireless Personal Communications. doi:10.1007/s11277-015-2975-0.Google Scholar
  22. 22.
    Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41(18), 8129–8143.CrossRefGoogle Scholar
  23. 23.
    Nanni, L., Brahnam, S., & Lumini, A. (2011). Biohashing applied to orientation-based minutia descriptor for secure fingerprint authentication system. Electronics Letters, 47(15), 851–853.CrossRefGoogle Scholar
  24. 24.
    Nanni, L., & Lumini, A. (2008). Random subspace for an improved biohashing for face authentication. Pattern Recognition Letters, 29(3), 295–300.CrossRefMATHGoogle Scholar
  25. 25.
    Ning, H., & Hu, S. (2012). Technology classification, industry, and education for future internet of things. International Journal of Communication Systems, 25(9), 1230–1241.CrossRefGoogle Scholar
  26. 26.
    Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards and Interfaces, 32(5), 321–325.CrossRefGoogle Scholar
  27. 27.
    Wander, A. S., Gura, N., Eberle, H., Gupta, V., & Shantz, S. C. (2005). Energy analysis of public-key cryptography for wireless sensor networks. In Third IEEE international conference on pervasive computing and communications, 2005. PerCom 2005, IEEE, pp. 324–328.Google Scholar
  28. 28.
    Watro, R., Kong, D., Cuti, S. -F., Gardiner, C., Lynn, C., & Kruus, P. (2004). Tinypk: Securing sensor networks with public key technology. In Proceedings of the 2nd ACM workshop on security of ad hoc and sensor networks, ACM, pp. 59–64.Google Scholar
  29. 29.
    Wong, K. H., Zheng, Y., Cao, J., & Wang, S. (2006). A dynamic user authentication scheme for wireless sensor networks. In IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, 2006, IEEE, Vol. 1, p. 8.Google Scholar
  30. 30.
    Xue, K., Ma, C., Hong, P., & Ding, R. (2013). A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. Journal of Network and Computer Applications, 36(1), 316–323.CrossRefGoogle Scholar
  31. 31.
    Xu, J., Zhu, W.-T., & Feng, D.-G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4), 723–728.CrossRefGoogle Scholar
  32. 32.
    Yeh, H.-L., Chen, T.-H., Liu, P.-C., Kim, T.-H., & Wei, H.-W. (2011). A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors, 11(5), 4767–4779.CrossRefGoogle Scholar
  33. 33.
    Yick, J., Mukherjee, B., & Ghosal, D. (2008). Wireless sensor network survey. Computer Networks, 52(12), 2292–2330.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  • Chandra Sekhar Vorugunti
    • 1
  • Bharavi Mishra
    • 2
  • Ruhul Amin
    • 3
  • Rakesh P. Badoni
    • 4
  • Mrudula Sarvabhatla
    • 5
  • Dheerendra Mishra
    • 6
  1. 1.Indian Institute of Information TechnologyChittoorIndia
  2. 2.Department of Computer ScienceLNM Institute of Information TechnologyJaipurIndia
  3. 3.Department of Computer Science and EngineeringThapar UniversityPatialaIndia
  4. 4.Computer Science and Engineering DepartmentBML Munjal UniversityGurgaonIndia
  5. 5.Department of Computer ScienceNBKRISTNelloreIndia
  6. 6.Department of MathematicsLNM Institute of Information TechnologyJaipurIndia

Personalised recommendations