An Access Control Protocol for Wireless Sensor Network Using Double Trapdoor Chameleon Hash Function

Thakur, Tejeshwari

doi:https://doi.org/10.1155/2016/1210938

Journal of Sensors

On this page

Abstract Introduction Preliminaries Conclusion References Copyright Related Articles

Research Article | Open Access

Volume 2016 | Article ID 1210938 | https://doi.org/10.1155/2016/1210938

An Access Control Protocol for Wireless Sensor Network Using Double Trapdoor Chameleon Hash Function

Tejeshwari Thakur¹

Academic Editor: Hana Vaisocherova

Received03 Jun 2016

Revised06 Sept 2016

Accepted20 Sept 2016

Published25 Oct 2016

Abstract

Wireless sensor network (WSN), a type of communication system, is normally deployed into the unattended environment where the intended user can get access to the network. The sensor nodes collect data from this environment. If the data are valuable and confidential, then security measures are needed to protect them from the unauthorized access. This situation requires an access control protocol (ACP) in the design of sensor network because of sensor nodes which are vulnerable to various malicious attacks during the authentication and key establishment and the new node addition phase. In this paper, we propose a secured ACP for such WSN. This protocol is based on Elliptic Curve Discrete Log Problem (ECDLP) and double trapdoor chameleon hash function which secures the WSN from malicious attacks such as node masquerading attack, replay attack, man-in-the-middle attack, and forgery attacks. Proposed ACP has a special feature known as session key security. Also, the proposed ACP is more efficient as it requires only one modular multiplication during the initialization phase.

1. Introduction

A wireless sensor network (WSN) is a system of a network consisting of spatially distributed autonomous devices which uses sensors to cooperatively monitor physical or environmental conditions such as temperature, sound, vibration, pressure, motion, or pollutants at different locations. The purpose of a WSN is to collect and process data from a target domain and transmit the information back to specific sites. WSN technology is an emerging technology that can be utilized in a wide range of potential applications in the real world. Such a network usually consists of a number of wireless sensor nodes that arrange themselves into a multihop network. Each node consists of one or more sensors. In many WSN, it is sufficient to secure the data transfer between the sensor nodes and the base station, especially, when the base station is needed to ensure that the received message sent by the specific sensor node is unaltered during transfer. However, in any WSN, providing security during authentication, key establishment and new node deployment is important and for that purpose, an ACP is needed. In the health-care monitoring systems, military domains, and in many other applications, WSN requires a hard and fast authentication scheme to secure the data from the attackers because the authenticity and integrity of such data received at the base station highly influence the final results in many WSN applications, as shown by Abduvaliev et al. [1], Akyildiz et al. [2], and Akyildiz and Kasimoglu [3]. In a paper, Zhou et al. [4] developed an ACP based on the elliptic curve cryptosystem (ECC) for securing the new node deployment process. For details on the elliptic curve (EC) one can refer to Miller and Koblitz [5, 6] and so forth. Next, Huang [7] proposed an efficient ACP based on the EC and hash chains. In this scheme, new nodes can be easily added. The authors claimed that it is resistant to various attacks. Later, Kim and Lee [8] pointed out that the ACP given by Huang [7] is insecure and it lacks hash chain renewability which is an important aspect needed in any resource constrained sensor network. Consequently, Kim and Lee [8] further proposed an enhanced ACP by adding a hash chain renewal phase supporting the mutual authentication. Also, they claimed that their enhanced access control protocol is resistant to various known attacks.

Further, Shen et al. [9] and Zeng et al. [10] demonstrated that the scheme given by Kim and Lee was still vulnerable to masquerade attack executed by new as well as legal nodes because it lacks hash chain renewability soon after the authentication and key established phase. Finally, Lee et al. [11] proposed a practical ACP based on EC and the hash chain. However, it was later observed that a large number of key distributions in Lee et al. [11] and Zhou [4] are also vulnerable to various adversary attacks and had hung storage overhead at the sensor node.

The concept of chameleon hash function was first given by Krawczyk and Rabin [12]. Chameleon hash function is used to calculate the message digest. A chameleon hash function is a basically trapdoor collision-resistant hash function. It is found to be a very useful tool in cryptography. In order to take such advantage of this function, Chen et al. [13] involved it in the access control protocol. However, the Chen et al. [13] protocol required the precomputed secret value of during the transection even without verifying the authentic value and thus invites attacks.

Motivated by the use of the double trapdoor chameleon hash function by Chen et al. [14], in this paper, we propose a secure and efficient ACP based on ECDLP. In our opinion, the proposed protocol which does not require the precomputed value of dynamically provides the security against different attacks, even when new nodes are added to the WSN. Looking to the other advantages, our proposed scheme is better as compared to the scheme given by Chen et al. [13].

The rest of the paper is organized as follows. In Section 2, we give preliminaries required for the proposed access control protocol. In Section 3, the proposed scheme is explained. The security and efficiency analysis of our proposed scheme is given in Section 4. Finally, the conclusion is made in Section 5.

2. Preliminaries

As we have said earlier, in this section, we first explain the requirements for the ACP of a wireless sensor network using the ECDLP and trapdoor chameleon hash function. Before doing so, we need to explain the notion of a trapdoor chameleon hash function as given by Chen et al. [15] scheme. Let us first recall the EC as given below.

2.1. Elliptic Curve

We consider the parameters of any EC such that the EC domain parameters can be verified to meet the requirements as given by Law et al. [16]. In order to avoid the Pollard-rho [17] and Pohlig-Hellman algorithms for the discrete logarithm problem defined on EC, it is necessary that the number of -rational points on , denoted by , be divisible by a sufficiently large prime . Also, in order to avoid the reduction algorithms of Menezes et al. [18] and Frey and Rück [19], our EC should be nonsuper singular (i.e., should not divide . Further, in order to avoid the attack of Semaev [20] on -anomalous curves, our EC should not be -inconsistent (i.e., ).

2.2. Elliptic Curve Discrete Logarithm Problem

Let be an elliptic curve defined over a finite field and let be a point of order . Given , where , the ECDLP is used to find the integer , such that .

2.3. Trapdoor Chameleon Hash Function

Following the ACP of Chen et al. [15], we define double trapdoor chameleon hash function as below.

Let be a subgroup generated by and define a cryptographic secure keyed-hash function . Choose random elements (two trapdoor keys) and compute . The public hash key is , and the private trapdoor key is . For the given hash family, we define the hash key and the proposed chameleon hash function as follows: A double trapdoor chameleon hash function carries the following properties. (1) Efficiency. Given a hash key pair and a pair , is computable in the polynomial time.(2) Collision Resistance. Without the trapdoor key , it is computationally infeasible to find two pairs which satisfy and .(3) Trapdoor Collision. Assume that we have given the hash and the trapdoor key pair , a pair , and an additional message , and we want to find such that The value of can be computed in polynomial time as follows: . Also, as is uniformly distributed in then the distribution of is computationally indistinguishable from the uniformly distributed in .

2.4. Notations Used in the Proposed Scheme

The notations involved are listed as follows: : th node. : th node. : base station. : integer number. : elliptic curve. : generator of subgroup . : cryptography secure hash function. : random number. : chameleon hash function. : authentication value.

3. Proposed Access Control Protocol Based on ECDLP

Now we propose our ACP based on ECDLP and double trapdoor chameleon hash function. This method consists of two phases: initialization phase and the node authentication with key establishment phase. The implementation of the proposed ACP is as follows.

3.1. Initialization Phase of the Proposed ACP

The initialization phase is described in the following steps.

Step 1. The base station (BS) chooses a random element and computes . The public hash key is and the private trapdoor key is .

Step 2. Choose a random number , and compute the chameleon hash value

Step 3. Given message from pair , where as the secrete key and , then compute a security key , uploaded to node .

Note. It requires only modular multiplication of in this phase.

3.2. Authentication with Key Establishment Phase of ACP

In this section, we give different steps of authentication of the proposed ACP.

In all the sensor nodes when deployed, if node wants to communicate with another node , they must implement the following steps to authenticate each other. Subsequently, they must establish a shared session key for securing their communication.

Step 1. Two nodes are and , where and , for , and node chooses random number to compute the public key and and then sends to node .

Step 2. Node computes the chameleon hash value of node based on the received message . If and are equal, then node chooses random number to compute and session key between nodes and . Then node uses different security key to compute authentication value . It then delivers the message to node .

Step 3. Node receives the message from and computes chameleon hash value of node and according to the message from , it then computes with the chameleon hash of base station . If , node then computes the share session key and the authentication value , where .
Again, node checks the authentication value ; if then node is valid and goes back to a authentication value for given and , where

Step 4. Node receives ; it also computes the value . If then node is authenticated; otherwise, the value is discarded. Same method applies for node , if is authenticated; otherwise value is discarded.

New Node Addition Phase. During the network communication phase, if some sensor nodes are lost, new sensor nodes are needed to deploy. When a new node with is added, the base station also generates a secret key and then the base station computes the chameleon hash value at node and update as broadcasting chameleon hash value in the base station. The authentication and key establishment for any old node with the new node is the same as authentication steps.

3.3. Correctness of the Proposed ACP

In order to show the correctness of our proposed ACP, we assert that, during the authentication with key establishment phase, node authenticates node based on the chameleon hash value of node ; that is, it computes the value of based on the received message from node and publishes the message of the base station which is written as the chameleon hash value (see Box 1).

4. Security Analysis

For the purpose of analyzing the security aspect of our proposed ACP, we claim that attacker can not find the authentication value for communication node between and . These nodes require authentic value of the message to be communicated from to . First we ascertain that node has been authenticated by node using the chameleon hash value and then computes the authentication value corresponding to . The authentication value is obtained by the shared session key and the security key . However, only the communication nodes accept the session key , and the only node and the base station can have the security key

Second, node is preloaded with the chameleon hash value by the base station along with node and obtained . However, the computed value of needs some value of identity , secure hash key , and security key of node . This way, the process can authenticate and the hash key because computing is an elliptic curve discrete logarithm problem and attacker can not find any information about and hash key. On the other hand, even if attacker successfully finds out the security key then also he can not know the secret values and because of its trapdoor chameleon hash value. Only the authorized user can find out the secret key.

In addition, we claim that the proposed ACP is able to resist the attacks such as forgery attacks, legal node masquerading attacks, new node attack, replay attacks, man-in-the-middle attacks, and session key security attack as given below.(1) Forgery Attack. Say, an attacker tries to obtain the commutation values by eavesdropping on the communication channel as But it is not possible for him because the value of cannot be computed without secret key .(2) Legal Node Masquerading Attacks. Under this attack, the attacker has to deploy a pseudonode by removing the legal one. For this purpose, attacker has to obtain the commutation values by eavesdropping on the communication between nodes and . However, even if the attacker obtains the values of and from the authentication and key establishment phase, then also, deriving the legalized session key is extremely difficult to obtain because of the security tool employed as ECDLP. In other words, the legal node is well equipped with the security key provided by the base station which attacker can not retrieve.(3) New Node Masquerading Attacks. Under this attack, when some sensor node is lost, it needs to be replaced by new sensor node . To take advantage of this situation, the attacker may try to know the secrete keys and from the new node. But, this is not possible because the secret keys are provided by the base station to the new node with chameleon hash values and which attacker can not compute.(4) Replay Attack. In this attack, the adversary first eavesdrops on the communication between two communicating entities and then tries to impersonate the legal authentic message by simply replacing the other messages to the dedicated entity. For example, when an attacker transfers the message to another node , the attacker provides for establishing authentication value . is required for shared session key with the node to be connected. It is not possible for the attacker to obtain without and which is the trapdoor secret value and available at the base station only. On the other hand, if the attacker sends the authenticated value to node , he can use the shared session key to authenticate, whether the connecting node is legitimate or not; if the node is legitimate then process is to proceed for the next step, otherwise discard, because the authenticated node uses up-to-date session keys and in order to apply the different strategies. Hence our proposed ACP successfully resists the replay attack.(5) The Man-in-the-Middle Attack. This is one of the classical attacks that can be executed in any environment. However, in any WSN equipped with our proposed ACP, the communication nodes can authenticate and establish the session keys between the users and the server. If attacker wants to mount the man-in-the-middle attack, he only knows the public keys and and wants to solve the . Even if the attacker obtains the user’s information (), then also the attacker cannot pass the authentication and key establishment phase, because he cannot compute the session key . Hence, our ACP can resist man-in-middle attack.(6) Session Key Security. Our proposed ACP is well equipped with the session key security feature. Since only the communicating parties know the session key and hence are aware of the security of the session key, consequently, they can only verify the user of the message. The session key is not known to anyone because random values and are protected by the ECDLP. Therefore, the proposed ACP provides session key security as an additional feature.

4.1. Efficiency

The computational cost of proposed ACP is calculated in Table 1 at different phases and these are compared with other such schemes in Table 2. For this purpose, in Table 1, we have first given the computational cost of our ACP for three phases at base station and at node considering the elliptic curve and hash chain components as below.

The notations we use in Tables 1 and 2 for the purpose of comparison are as follows: : one multiplication computation over an elliptic curve. : cryptographic secure hash function. : modulus multiplication operation.

The total computational cost of proposed ACP is during the authentication and key establishment phase at node and its computational cost is during the base station and is the computational cost at the new node addition phase in Table 1.

Next, in Table 2, we have shown the comparison of the computational cost of our proposed ACP with Zhou et al. [4], Kim and Lee [8], Huang [7], and Lee et al. [11] scheme during authentication and key establishment phase.

From Table 2, it is evident that the proposed ACP has the lowest computational cost as compared to other schemes.

Finally, we compare the time consumed at authentication phase during data transmission in CPU device with other schemes using Mathematica 7.0, shown in Table 3.

From Table 3, it is evident that the proposed ACP takes 0.256 seconds in CPU time which is less as compared to other protocols.

5. Conclusion

From the aforesaid sections, we conclude to say that our proposed ACP using the double trapdoor function and whose security is based on ECDLP is best suited to any environment. The reason for being more secured is that it can resist many known attacks such as masquerading, replay, man-in-the-middle, and forgery attacks and has a special feature known as session key security and as shown in Tables 1, 2, and 3 it is more efficient as compared to many other existing protocols.

Competing Interests

The author declares that there is no conflict of interests.

References

A. Abduvaliev, S. Lee, and Y.-K. Lee, “Simple hash based message authentication scheme for wireless sensor networks,” in Proceedings of the 9th IEEE International Symposium on Communications and Information Technology (ISCIT '09), pp. 982–986, Incheon, South Korea, September 2009.
View at: Publisher Site | Google Scholar
I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “A survey on sensor networks,” IEEE Communications Magazine, vol. 40, no. 8, pp. 102–114, 2002.
View at: Publisher Site | Google Scholar
I. F. Akyildiz and I. H. Kasimoglu, “Wireless sensor and actor networks: research challenges,” Ad Hoc Networks, vol. 2, no. 4, pp. 351–367, 2004.
View at: Publisher Site | Google Scholar
Y. Zhou, Y. Zhang, and Y. Fang, “Access control in wireless sensor networks,” Ad Hoc Networks, vol. 5, no. 1, pp. 3–13, 2007.
View at: Publisher Site | Google Scholar
N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, no. 177, pp. 203–209, 1987.
View at: Publisher Site | Google Scholar | MathSciNet
V. Miller, “Uses of elliptic curves in cryptography,” in Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT '85), vol. 218 of Lecture Notes in Computer Science, pp. 417–426, Linz, Austria, 1986.
View at: Google Scholar
H.-F. Huang, “A novel access control protocol for secure sensor networks,” Computer Standards and Interfaces, vol. 31, no. 2, pp. 272–276, 2009.
View at: Publisher Site | Google Scholar
H.-S. Kim and S.-W. Lee, “Enhanced novel access control protocol over wireless sensor networks,” IEEE Transactions on Consumer Electronics, vol. 55, no. 2, pp. 492–498, 2009.
View at: Publisher Site | Google Scholar
J. Shen, M. Sangman, and C. Ilyong, “Comment: enhanced novel ACP over wireless sensor networks,” IEEE Transactions on Consumer Electronics, vol. 56, no. 3, pp. 2019–2021, 2010.
View at: Publisher Site | Google Scholar
P. Zeng, K.-K. R. Choo, and D.-Z. Sun, “On the security of an enhanced novel access control protocol for wireless sensor networks,” IEEE Transactions on Consumer Electronics, vol. 56, no. 2, pp. 566–569, 2010.
View at: Publisher Site | Google Scholar
H. Lee, K. Shin, and D. H. Lee, “PACPs: practical access control protocols for wireless sensor networks,” IEEE Transactions on Consumer Electronics, vol. 58, no. 2, pp. 491–499, 2012.
View at: Publisher Site | Google Scholar
H. Krawczyk and T. Rabin, “Chameleon hashing and signatures,” in Proceedings of the Network and Distributed Systems Symposium (NDSS '00), pp. 143–154, San Diego, Calif, USA, February 2000.
View at: Google Scholar
C.-Y. Chen, A. D. Yein, T.-C. Hsu, J. Y. Chiang, and W.-S. Hsieh, “Secure access control method for wireless sensor networks,” International Journal of Distributed Sensor Networks, vol. 2015, Article ID 261906, 6 pages, 2015.
View at: Publisher Site | Google Scholar
X. Chen, F. Zhang, W. Susilo, and Y. Mu, “Efficient generic on-line/off-line signatures without key exposure,” in Applied Cryptography and Network Security, vol. 4521 of Lecture Notes in Computer Science, pp. 18–30, Springer, Berlin, Germany, 2007.
View at: Google Scholar
X. Chen, F. Zhang, H. Tian et al., “Efficient generic on-line/off-line (threshold) signatures without key exposure,” Information Sciences, vol. 178, no. 21, pp. 4192–4203, 2008.
View at: Publisher Site | Google Scholar | MathSciNet
M. Q. J. S. L. Law, A. Menezes, and S. Vanstane, “An efficient protocol for authenticated key agreement,” Codes and Cryptography, vol. 28, no. 2, pp. 119–134, 2003.
View at: Publisher Site | Google Scholar
J. M. Pollard, “Monte carlo methods for index computation mod p,” Mathematics of Computation, vol. 32, no. 143, pp. 918–924, 1978.
View at: Google Scholar | MathSciNet
A. J. Menezes, T. Okamoto, and S. A. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field,” IEEE Transactions on Information Theory, vol. 39, no. 5, pp. 1639–1646, 1993.
View at: Publisher Site | Google Scholar | MathSciNet
G. Frey and H.-G. Rück, “A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves,” Mathematics of Computation, vol. 62, no. 206, pp. 865–874, 1994.
View at: Publisher Site | Google Scholar | MathSciNet
I. A. Semaev, “Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p,” Mathematics of Computation, vol. 67, no. 221, pp. 353–356, 1998.
View at: Publisher Site | Google Scholar | MathSciNet

Copyright

Copyright © 2016 Tejeshwari Thakur. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1613

Downloads

734

Citations