Cogent and Energy Efficient Authentication Protocol for WSN in IoT

Tariq Mahmood Butt,Rabia Riaz,Chinmay Chakraborty,Sanam Shahla Rizvi and Anand Paul

1Department of CS&IT,University of Azad Jammu and Kashmir,Muzaffarabad,13100,Pakistan

2Birla Institute of Technology,Mesra,Jharkhand,814142,India

3Raptor Interactive(Pty)Ltd.,Eco Boulevard,Witch Hazel Ave,Centurion,0157,South Africa

4The School of Computer Science and Engineering,Kyungpook National University,Daegu,41566,Korea

Abstract: Given the accelerating development of Internet of things (IoT), a secure and robust authentication mechanism is urgently required as a critical architectural component.The IoT has improved the quality of everyday lifefor numerous people in many ways.Owing to the predominantly wireless nature of the IoT,connected devices are more vulnerable to security threats compared to wired networks.User authentication is thus of utmost importance in terms of security on the IoT.Several authentication protocols have been proposed in recent years,but most prior schemes do not provide sufficient security for these wireless networks.To overcome the limitations of previous schemes,we propose an efficient and lightweight authentication scheme called the Cogent Biometric-Based Authentication Scheme (COBBAS).The proposed scheme is based on biometric data, and uses lightweight operations to enhance the efficiency of the network in terms of time, storage, and battery consumption.A formal security analysis of COBBAS using Burrows-Abadi-Needham logic proves that the proposed protocol provides secure mutual authentication.Formal security verification using the Automated Validation of Internet Security Protocols and Applications tool shows that the proposed protocol is safe against man-in-the-middle and replay attacks.Informal security analysis further shows that COBBAS protects wireless sensor networks against several security attacks such as password guessing,impersonation,stolen verifier attacks, denial-of-service attacks, and errors in biometric recognition.This protocol also provides user anonymity,confidentiality,integrity,and biometric recovery in acceptable time with reasonable computational cost.

Keywords:Internet of things; wireless sensor networks; authentication;Burrows-Abadi-Needham logic; fuzzy extractor; elliptic curve cryptography

1 Introduction

The core purpose of the Internet of things (IoT) is a convergence of the physical and digital worlds.On the IoT, a set of sensors is attached to a thing (object or device) from which sensors collect various data and transmit it to a central system via a public network.The central system organizes data and extracts results before sending it to an authorized recipient.Consequently,an authorized user can remotely connect with that object or thing.Statistics show that the IoT market is continuously growing.By 2019, the IoT market growth was 212 billion US dollars,and in 2020, it is expected to reach up to 248 billion US dollars [1].Moreover, the number of connected devices is expected to reach 100 billion by 2030.There are many examples of IoT, such as smart cities, smart homes, industry and building automation systems, and health care systems.A wireless sensor network (WSN) embedded in a building/home provides services such as heat control, air conditions, refrigerator, and lighting control, security and surveillance.Conventional cryptographic algorithms may not be practicable for WSN or IoT due to insufficient computational and storage resources of remote sensor systems.Furthermore, traditional password-based protocols can be vulnerable because they are easily breakable, especially by social engineering.In the IoT, a user registers on a network themselves to acquire data from the sensors.This registration is performed by a gateway node; after successful registration, a user may be able to access secret information.During the registration or login phase, an intruder can easily obtain data and secret information because this information is transmitted through public networks.In such situations, an efficient, lightweight, and intelligent scheme is required to ensure the security of wireless sensors.To ensure that communication between a user and sensor nodes remains secure,various authentication schemes have been proposed over the last decades; however, most of these schemes fail to provide sufficient security for practical applications and future development.In this study, we propose an authentication scheme using light operations, providing a higher level of security than previously proposed related schemes.

For the analysis of the proposed scheme, we use the Dolev-Yao model [2], which is based on the assumption that an adversary can attack at any time and at any level.In the login and authentication phase, an adversary can steal the password or impersonate a legal user or node.Similarly, an adversary can repudiate and change the content of a message.An attacker can also send fake messages to the gateway and sensor nodes, and involve the nodes in useless tasks.All the above threats are considered in the proposed protocol.We have relied on hashing and encryption algorithms for security.This protocol also uses ECC and RC5 to protect networks from attackers.The contributions of this research are briefly summarized below.

? A detailed analysis of recent biometric-based authentication schemes, highlighting their limitations, is presented, particularly a cryptanalysis of the scheme proposed by Riaz et al.[3].

? A new scheme named Cogent Biometric-Based Authentication Scheme (COBBAS) is proposed that provides sufficient security and lightweight operations, enhancing the network efficiency in terms of communication and computational overload.

? Time stamps have been used in the majority of existing schemes to ensure data freshness.Because a time stamp requires clock synchronization between the user’s mobile device or PC and a WSN, it is an unreasonable way to ensure data freshness.COBBAS uses a nonce value instead of a time stamp to ensure data freshness.

? The authenticity of the proposed scheme is formally analyzed using Burrows-Abadi-Needham (BAN) logic.Moreover, the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is used to demonstrate that the proposed scheme is secure.

? Informal security analysis of COBBAS is performed to check its protection against various cybersecurity attacks.

? The efficiency of the proposed scheme in terms of time and computational cost is also compared with recent existing schemes.

In the remaining paper, Section 2 provides a comprehensive literature review of prior schemes.The detailed work of the Secure User Biometric Based Authentication Scheme (SUBBASe) and its limitations are presented in Section 3.The proposed scheme is explained in Section 4.The results, including formal and informal analyses, are presented in Section 5.Section 6 concludes.

2 Literature Review

To ensure the security of WSNs, many password-based authentication schemes have been proposed over the last few decades [4-13].More recently, Jian Jun et al.[14] proposed a biometric authentication scheme consisting of four phases:registration, login, authentication, and password change.As transmitted messages are not encrypted in this scheme, if an unauthorized user obtains control over a sensor node, he/she can easily capture all the information stored on that sensor node.In this scheme, secure channels are not provided; thus, it has major problems with data confidentiality and integrity.

Khan and Alghathbar’s (K-A) scheme [10] is a password-based authentication scheme; however, it is defenseless against non-repudiation and mutual authentication between the user and gateway node.Yuan modified the K-A scheme to remove these weaknesses in their protocol [15].In addition, Das proposed a scheme that consists of a registration phase, login, authentication,and a key agreement phase.His scheme resists insider attacks, online password-guessing attacks,and biometric key-guessing attacks.The author passwords, smart cards, and user biometrics for authentication.Hence, this authentication scheme depends on three factors [16].

To address the weaknesses of Yuan’s scheme, Wei et al.[17] proposed a scheme that suffers from many vulnerabilities such as the misuse of biometrics, stolen smart card attacks, gateway node impersonation attacks, and a lack of session key establishment.Wei et al.proposed a threephase scheme that removed some of the weaknesses of the Yuan scheme.Similarly, Wu et al.[18]identified the weaknesses in Das’scheme; i.e., it is defenseless against offline password-guessing and de-synchronization attacks.To improve Das’scheme, Wu et al.proposed a two-step registration phase of user registration and sensor node registration.In this scheme, they provide a secure mechanism against insider, offline password-guessing, user forgery, and gateway forgery attacks.

Park et al.[19] proposed a three-factor authentication scheme.This scheme draws its efficiency from the use of elliptic curve cryptography and a fuzzy extractor.Maurya et al.[20] proposed another fuzzy extractor-and ECC-based scheme consisting of four phases.However, Maurya’s scheme was inefficient with regard to computation time.

Kang et al.[21] proposed a scheme to address the problems of a lack of user anonymity and offline password-guessing attacks in previous schemes.Their analysis shows that their scheme provides a high level of security without the need for time synchronization.The Bi-Phase Authentication Scheme (BAS) [22] was proposed to improve Wong et al.[6] scheme.BAS consists of initial and final authentication phases, and uses special hardware called Full Function Devices(FFDs) and Reduced Function Devices (RFDs).BAS has several weaknesses; for instance, the protocol requires extra hardware, message confidentiality is not considered, and a session key is not established after user authentication.

To address the weaknesses of the BAS scheme, the SUBBASe was proposed in [3].SUBBASe provides mutual authentication and network defense against several common security attacks such as stolen verifier attacks, message confidentiality, replay attacks, guessing attacks, and network traffic attacks.However, it suffers from security vulnerabilities such as biometric recognition errors, user anonymity issues, perfect forward secrecy, and gateway node impersonation attacks.To overcome the vulnerabilities of SUBBASe, Riaz et al.[23] proposed a scheme with two phases.The first phase was “Registration” and the second was “Login and Authentication.” This scheme overcomes the weaknesses of SUBBASe, removes biometric recognition errors, and ensures user anonymity.However, it still suffers from gateway node impersonation attacks and Sybil attacks.In addition, these schemes use a time stamp to ensure data freshness.Because the time stamp requires clock synchronization between a user’s mobile device or PC and the WSN, this timestamp is not a practical way to ensure data freshness.

Authentication in WSNs has attracted considerable research attention in the domain of IoT and smart homes.In 2019, Shin et al.[24] proposed a smart card-based authentication scheme for smart homes.Their scheme consists of five phases, but takes considerable time to complete its run.Lightweight three-factor authentication schemes have been proposed for IoT and 5G in [25,26] respectively.

All these schemes require smart cards to store user biometric information and provide authentication.These schemes provides desirable attributes for IoT environments, and authors’shows that the computation and communication costs of their proposed scheme are suitable for extremely low-cost IoT devices.However, the need for smart cards was removed using the scheme proposed in [27].Biometric and smartcard-based authentication schemes have been proposed for health care in [28,29].A stream-based authentication mechanism, using key authorization infrastructure,specifically addressing security concerns of multi-homing sub-aqueous big data networks was presented in [30].A novel Fractal-Based Authentication Technique was proposed by implementing a Sierpinski triangle in [31].Their scheme reduces the probability of password guessing, and provides security against attacks such as shoulder surfing.To reduce energy consumption in IoT, a game-based mechanism was suggested in [32], and an electoral system was proposed in [33].These schemes select the most appropriate cluster heads or community heads to enhance the efficiency of a network.Human activity recognition in home automation systems is an emerging topic addressed in [34].Their scheme provides an efficient technique to observe human behavior within a smart home.The study of human behaviors can also be helpful in designing authentication mechanisms.

All these schemes are valuable additions to IoT systems; however, they also suffer from several security threats.To overcome the flaws in these schemes, we propose a scheme called“COBBAS.” It not only provides sufficient security, but also uses nonce values instead of time stamps to ensure data freshness.Furthermore, this scheme removes biometric recognition errors using fuzzy extraction.The authenticity of the proposed scheme is formally analyzed using BAN logic.Moreover, the AVISPA tool is used to prove that the proposed scheme is secure.

3 Review of SUBBASe

In this section, we first provide a brief description of the details of SUBBASe [3], and then,conduct a security analysis to explain its vulnerabilities.For convenience, the notations used in this paper are given in Tab.1.

This scheme has two phases.In the first phase, the user enrolls themselves with the network,which is called the enrollment phase.The second is an authentication phase where the user is authenticated by a trusted node, and the required information is provided to the user.

Table 1:Notations used in SUBBASe and proposed scheme

Before deployment, each node in the network is preloaded with the following information:ID of sensor node and secret valuexo.We describe both phases and security weaknesses below.

3.1 Enrollment Phase

(a) In the enrollment phase, the user registers with the network.The user imprints their biometric data, and calculates its hash value.Then, the user inputsIDiand sends it to a trusted node, i.e.,IDiandAi.

(b) The trusted node receives the value from the user and calculatess, which is a hash value of theIDiof a user and a secretxo, i.e.,s=h(IDi||xo).Then, the trusted node sends this value to the user.

3.2 Authentication Phase

(a) In this phase, the user imprints fingerBiand calculates the hash value of biometricA′i =h(Bi).Then, the user inputs his/herIDi, takes a time stampTo, requests informationRI,and sends the following message to the sensor node.

(b) After receiving a message from the user, the sensor node calculates the time interval ifT1?T0>ΔT;if this condition is true, the request will be rejected.Otherwise, the sensor node computesy, and sends the following message to the trusted node.

(c) The trusted node receives the message and checks the time stamp ifT3?T2>ΔTthen request will be rejected; otherwise, the trusted node checksA’iand comparesAiwith the previously savedAi.IfAi =A′iis not satisfied, then the trusted node sends a reject message{reject...}to the sensor node; otherwise, it sendsM5=[In-Progress...]The message inprogress means that all parameters have been verified, and data will be provided presently after some calculations.Then, the trusted node calculatessand sends the following message toSN.

(d) The sensor node first verifies the timestamp; if conditionT5?T4>ΔTbecomes true, then the request is rejected.In this case, the sensor node computess=h(IDi||xo), calculates the valuesd=(RI)andsk=h(IDi||T6||s), and encrypts the data with the help of this session key.Subsequently, this sensor node and user will use this session key to access a session.ESK(d)represents the encryption of the required user information.

(e) The user verifies the time stamp ifT7?T6≥ΔTis true; if they haves, then they can obtain their required information.The user first calculates their session key, and then,decrypts dataewith the help of a session key.The user calculates the session key withIDi T6ands,sk=h(IDi||T6||s).Withsk, users can decrypt the required information,DSK(e).

3.3 Weaknesses of SUBBASE

3.3.1 Insecure User ID

In SUBBASe, theIDiof the user is sent on public network without encryption.In the enrollment phase, the user inputs his/herIDi, imprints his/her biometricBi, calculatesAi, which is the hash ofBi, and sends it to the trusted node (TN).Similarly, in the authentication phase, the user imprints fingerBiand calculates the hash value of biometricA′i=h(Bi).The user inputs his/herIDi, takes a time stampToand requested informationRI, and sends the following message to the sensor node.M1=IDi,RI,A′i,To.In both phases,IDiis sent openly on a public network,making it insecure.

3.3.2 Biometric Recognition Error

A hash function returns a different value even if a single bit changes in input.Conversely,biometric input contains various noise and cannot reproduce 100% identical output over multiple access attempts.In the enrollment phase, the users imprint their biometricBiand calculate its hash valueAi.Moreover, in the authentication phase, the user again imprints fingerBiand calculates the hash value of biometricA′i =h(Bi).Based on the above discussion, it is possible that a user’s device will produce a different hash valueAi.Consequently, errors in biometric recognition will occur, causing termination of the authentication process.

3.3.3 Vulnerable Session Key

The session keys perform a crucial role in security.Moreover, sensor nodes have limited computational resources.The SUBBASe session key (sk) is created by the sensor node through the following operations; the sensor node computess=h(IDi||xo)to calculatesk=h(IDi||T6||s).Then, the sensor node and user will use this key as a session key for the ongoing session.ESK(d)represents the encryption of the required user information.Session keyskis calculated using parametersIDi,T6, ands.As we know thatIDiis not encrypted, the adversary can easily obtain it.Similarly,s=h(IDi||xo)also depends onIDiandxo.In other words, the session key only depends onIDi,xo, andT6, which is not efficient.Moreover, the calculation of hash values by a sensor node is not efficient in terms of the computational load.This task can instead be performed by a trusted node that has high computational capacity.

4 Proposed Scheme:COBBAS

In proposed scheme, the following information is preloaded onto the network nodes.

? The nodeID

? A secret valuexo

The secret valuexois shared among the user, sensor node (SN), and gateway node (GN).The login and authentication phases are performed by both the sensor and gateway nodes.Two types of devices are used in WSNs, namely FFDs and RFDs.In this scheme, an FFD acts as an authenticator, whereas an RFD continuously manages communication among the devices.In this scheme, the fingerprint of a user is collected, and a random string is generated using a fuzzy extractor.The collection of fingerprints does not require special hardware, because a user can easily imprint his/her biometric on his/her personal tablet or PC to login into the network.COBBAS usesSHA-256to perform a one-way hash function.It uses RC5 with a key size of 20 bytes, as this size is the most suitable for resource-constrained devices.The phases of the proposed scheme are described below.

4.1 Registration Phase

In the registration phase, the user is registered with the network.The steps are briefly discussed below.

(a) The user inputs his/herIDi, passwordPW, and biometricBiusing a tablet or PC.The user computesID?iand a hash of his/her passwordHPW, and generates random stringsRiandPfefrom inputBiusing the fuzzy extractor Gen algorithm:Gen(Bi) = Ri,Pfe.Moreover, the user calculatesAiandHPWfromRiandPW, respectively.Then, the user sends messageM1, comprising the following values to the gateway node through a secure channel.

(b) The gateway node calculates the authentication measures using the received values.The gateway node calculatesNi, which will be used by the gateway node to authenticate the user during the login and authentication phase.Siis used for user anonymity, andMiis used by the sensor node to authenticate the gateway node in the login and authentication phase.The gateway node broadcastsM2, which comprises the following values (Ni,Si,Mi),to the user and sensor node.

(c) The gateway node broadcasts the above parameters to the user and all nodes in the network.After this step, the registration phase is complete.Fig.1 describes the process of registration.

Figure 1:Registration phase of proposed scheme

4.2 Login and Authentication Phase

The steps included in login and authentication phase are given below.

(a) The user again enters his/herIDiand passwordPW?, and imprints his/her biometricB?i.UsingB?iand a helping stringPfe, the user generatesR?iwith the help of the fuzzy extractorRepalgorithm asRep(B?i,Pfe) =Ri.Then, the user calculates the hash ofR?i,A?i=h(R?i)and the hash of the password,HPW?=h(PW?).Moreover, the user calculates variableYiasYi =IDi⊕Ni, whereNiisNi =HPW⊕xo.Subsequently, this user calculatesID?iasID?i =Yi⊕HPW?.The user selects a random numberruand nonce valueNa, and calculatesXi =(Pec×ru)⊕xo, which is the product of a point on an elliptic curve and a generated random numberruthat is then XOR with secret valuexo.Finally, the user sends the following message to the gateway node.

(b) The gateway node first verifies the user asIDi = ID?i⊕xo.If the condition holds true,then the gateway node proceeds further; otherwise, the request is rejected.Moreover, the gateway node comparesA?iandHPW?; with the previously saved valuesAiandHPW.If all these conditions are satisfied, then the gateway node calculatesS?i = xo⊕ID?iandM?i =S?i⊕h(A?i⊕HPW?).Moreover, GN generates a random numberrsand calculates the public keyDi =rs×pecandCi =X?i×rs.The gateway node then sends the following message along with the required informationRIto the sensor node.

(c) The sensor node first verifies the gateway node and user by comparingMi = M?iand calculatesX?i =Xi⊕xo.The sensor node calculates the session key usingIDi,Ci,Na, andxoasSKs =h(Ci||IDi||Na||xo).It encrypts the required informationRIusing the sensor session keySKsase=ESKs(RI).Moreover, SN generates a nonceNsand sends messageM5to the user.

(d) The user calculatesCiwith the help ofDi,Ci=Di×ru.The user then calculates the session keySKu =h(Ci||IDi||Na||xo)and decrypts dataewith the help of their session keySKuasDSKu (e)=RI.

(e) The user sends an acknowledgment to the sensor node to ensure mutual authentication as(Ns⊕xo)SKu.The authentication phase ends with this step.

(f) The sequence of message exchanges in the login and authentication phases are shown in Fig.2.

Figure 2:Login and authentication phases of proposed scheme

5 Results

5.1 Formal Security Analysis Using BAN Logic

COBBAS provides mutual authentication between the sensor node and user.In this section,we prove this using BAN logic [35].The postulates of BAN logic are described, and the formal proof of the proposed scheme, which comprises “Assumptions,” “Messages,” “Goals,” and“Analysis” parts, is given below.The basic symbols used for BAN logic are described in Tab.2.

Table 2:Notations and symbols used in BAN logic

5.1.1 Inference Rules

Rule 1:Message meaning rule:If U believes that he/she shares key K with S and U sees message X encrypted with key K, U believes that S once said X.

Rule 2:Nonce verification rule:If U believes X is fresh and S once said X, U believes S believes X.

Rule 3:Belief ruleIf U believes that X once said (X, Y), then U believes that S once said (X).

Rule 4:Freshness rule:If part of a message is fresh, then the entire message is fresh.

Rule 5:Jurisdiction rule:If U believes that S has jurisdiction over X and believes S believes X, U believes X.

Rule 6:Seeing rule:If U sees (X, Y), then U sees X as well.In addition, the second seeing rulemeans that U can see message X only if he/she knows the shared secret key K.

5.1.2 Idealized Form

The message exchange of COBBAS in idealized form is given below.

Message 1:U→GN:〈ID?i,(ru×Pec)xo,Na, (Bi)xo, (HPW)xo〉

Message 2:GN→SN:〈Na, (Bi,IDi, HPW)xo, (ru×Pec)xo, (rs×Pec)xo〉

Message 3:SN→U:〈(rs×Pec)xo,NS, (Usk?SN)xo〉

Message 4:U→SN:〈NS, (Usk?SN)xo〉

5.1.3 Goals

To ensure secure operation, the proposed protocol should meet the following security goals.

Goal 1:U|≡USN (U believes that U shares a secret session key with SN)

Goal 2:SN |≡USN (SN believes that U shares a secret session key with SN)

Goal 3:U|≡SN |≡USN (U believes that SN believes that U shares a secret session key with SN)

Goal 4:SN|≡U |≡USN (SN believes that U believes that U shares a secret session key with SN)

5.1.4 Assumptions

To proceed with the proof, following assumptions are made.

Assumption 7:U |≡#(Na)

Assumption 8:SN |≡#(Ns)

5.1.5 Analysis

Step 1:From Message 1,

Step 2:From the message meaning rule and Assumption 2

Step 3:From Message 2,

Step 4:From the message meaning rule and Assumption 4

Step 5:From Message 3,

Step 6:From the message meaning rule and Assumption 6

Step 7:From Message 4,

Step 8:From the message meaning rule and Assumption 5

Step 9:From Step 6, the freshness rule, and Assumption 7,

Step 10:From Step 6 and the second seeing rule,

Step 11:From Step 8, the freshness rule, and Assumption 8,

Step 12:From Step 8 and the second seeing rule,

Step 13:From Steps 6 and 9, the nonce verification rule, and Assumption 7,

Step 14:From the nonce verification rule, Assumption 8, and Steps 8 and 11,

Key freshness is vital to security protocols.The results of Step 9, i.e., Eq.(10), prove that the user trusts the freshness of the key shared between the user and sensor node.Similarly, from Step 11 Eq.(12), it is clear that the sensor node also believes that the key shared between itself and the user is fresh.Moreover, Step 10 shows that the user believes that he/she and the sensor node share the same secret key (Goal 1).Step 12 verifies that the sensor node also believes that it shares the same secret key with the user (Goal 2).Steps 13 and 14 verify that the user believes that the sensor node believes that the user and sensor node share the same secret key and vice versa (Goals 3 and 4).

5.2 Formal Security Analysis with AVISPA

AVISPA is an automated protocol validation tool.This tool uses high-level protocol specification language (HLPSL) [36].AVISPA provides a suite of applications for building and analyzing formal models of security protocols written in HLPSL.

In this section, it is proven that the proposed scheme is safe against intruder attacks.The session key generated by the sensor node is safely received by the user.HLPSL is a rolebased language.In the proposed scheme, three entities are involved:user (U), gateway node(GN), and sensor node (SN).The roles of these entities are described in the HLPSL code in Figs.3-5, respectively.

Figure 3:Role specification of user in HLPSL

Once the basic roles have been defined, we need to define a composed role and session role(Fig.6) to integrate them so that several roles can be executed together.Lastly, the environment role is defined in Fig.7, which contains “intruder knowledge” and “goal section.”

The results of the AVISPA analysis, using on-the-fly model-checker (OFMC) and attack search (AtSeE) backends to ensure the security of the proposed protocol, are shown in Figs.8 and 9.To estimate its security against a replay attack, the OFMC checks whether a legitimate entity can execute the protocol by searching for a passive adversary.Moreover, the OFMC checks whether the proposed protocol is secure against the man-in-the-middle attack using the Dolev-Yao model.

The OFMC backend takes 0.04 s to visit eight nodes.The replay attack and Dolev-Yao model checks were performed successfully, showing that the proposed protocol is safe against replay and man-in-the-middle attacks.Figs.7-9 show the goals section and simulation results.

Figure 4:Role specification of gateway in HLPSL

Figure 5:Role specification of sensor node

5.3 Informal Analysis

This section presents the security analysis of COBBAS with a focus on the shortcomings of previous authentication mechanisms, i.e., user anonymity, integrity, and biometric recognition error.It also provides an in-depth analysis of how the proposed scheme is resilient against various security attacks.

5.3.1 User Anonymity

The proposed scheme ensures the user’s anonymity because of the shared secretxo.The user calculates a variableYi, which isXORwithIDiandNi.Here,Niwas shared by the gateway node during the registration phase.Then, the user calculatesID?i=YiHPW* and sends this result to the gateway node.The use of previously shared secrets and values confirms that the user is anonymous.

Figure 6:Role session

Figure 7:Environment and goals in HLPSL

5.3.2 Replay Attack

In this scheme, the user sendsNa, a nonce value, to the gateway node.A nonce is the number generated by a node or user for one session only.These variables cannot be used in the next section.The nonceNasent from the user will be received by the sensor node.The sensor node encryptsNaand sends it to the user.The user receives the values and other data with his/her generated nonce.This confirms that the message has not been replayed.

5.3.3 Biometric Recognition

The proposed scheme avoids biometric recognition errors using a fuzzy extractor.When the user inputs his/her biometricBiusing a tablet or computer, the protocol first calculatesRiandPfeusing the fuzzy extractor, whereRiis a random string that representsBiandPfeis a helping string.

Figure 8:Simulation results with OFMC

Figure 9:Simulation results with ATSE

When the user wants to login to the network again, the fuzzy extractor calculatesR?iusing theRepalgorithm, which takesB?iandPfeas input and calculatesR?iaccordingly.

The advantage of a fuzzy extractor is that, if there is a small difference betweenBiandB?ifor the same user, the fuzzy extractor can calculateRivia helping stringPfe.

5.3.4 Integrity

The integrity of a scheme is established if an adversary cannot alter the contents of a transmitted message.In this scheme, integrity is ensured using hash functions.TheIDiof the user is sent asID?i=YiHPW*, whereYiis calculated with the help ofNiandxo.Similarly, the password of the user is shared by hashing the value of the passwordPW, which is calculated asHPW=h(PW).Moreover, the biometric imprint of the user is secured through hashing asRi =Gen(Bi)andAi =h(Ri).

5.3.5 Complexity of Equipment

Previously proposed schemes using smart cards or biometrics required special hardware.To use smart cards, a card reader is necessary.In this scheme, the user imprints his/her biometrics on his/her tablet or PC to login to the network.Hence, special hardware is not required in this scheme.

5.3.6 Insider Attack

An insider attack is launched by an adversary through an authorized system.It is difficult to identify and protect against insider attacks.

In this scheme, this type of attack is not beneficial for the attacker because of one-way hashing.All the information that is sent is calculated using a one-way hash function.

5.3.7 Password-Guessing Attack

The proposed scheme resists password-guessing attacks because the user imprints his/her personal biometrics for logging in.The password is encrypted with a one-way hash function.Even the gateway node does not know the original password.Hence, it is difficult for an adversary to obtain the original password or biometric imprint of the user.

Tab.3 compares the proposed scheme with previous related schemes based on various security features.It clearly shows that the proposed scheme provides mutual authentication and session key establishment, and is robust to biometric recognition error.

Table 3:Comparison of security features with related schemes

5.4 Performance Analysis of COBBAS

MICAz motes were used to evaluate the time utilization and energy consumption of the COBBAS protocol on sensor nodes.

The results are then compared with the related schemes proposed by Wei et al.[17], Maurya et al.[20], Shin et al.[24], Park et al.[19], SUBBASe [3], and Riaz et al.[23].The time and energy consumed by the related schemes were also calculated for the MICAz motes.The MICAz mote is constructed using second-and third-generation sensor node technology by Crossbow Technology USA [37].MICAz motes can measure biometric pressure and seismic waves, and are equipped with humidity, light, and temperature sensors [38].

The currentIon the MICAz mote is 8 mA, and its voltage is 3 V [20].The total energy required for elliptic-curve Diffie-Hellman (ECDH) key exchange is 57 mJ [3].Therefore, the time required for key exchange can be calculated by:

whereEis the energy consumed,Vis the voltage of the node,Iis the current in mA, and t is the time required for key exchange.Therefore, the time required for oneECDHkey exchange (TECDH)on the MICAz mote is 2.375 ms.In addition, the computational cost for the fuzzy extractor is lesser than the cost of hashing [17].Therefore, for simplicity, we assumed the same values for both operations.The time for the one-way hash function (TH) was 3.636 [24].Here,TRC5denotes the time required to perform oneRC5encryption or decryption on the MICAz mote.On the MICAz mote, execution time for one RC5 encryption or decryption was 0.26 ms [3].Moreover, the time for symmetric key encryption/decryption cost is one hash function [3].Therefore, we assumed that the time for symmetric key encryption decryption (Tsym) on the MICAz mote was 3.636 ms.The computational times on the MICAz mote for different cryptographic operations is given in Tab.4

Table 4:Execution time and energy consumption on sensor node

According to [24], the execution time of a one-way hash function (T’H) on a PC is 2.58μs.The time required for ECC point multiplication (T’P) on a PC was 1.226 ms, while the time for ECC point multiplication (TP) on the MICAz sensor was 114 ms.The time required for symmetric key encryption decryption (T’sym) on a PC was 8.7 ms [20].The computational time on PC for different cryptographic operations, as considered in, [20,24] is given in Tab.5.

5.4.1 Time Analysis

In this section, the proposed scheme and existing schemes are compared in terms of time consumption.We have compared only the login and authentication phases of COBBAS with previous schemes because registration and password updates are not used frequently.Tab.6 summarizes the time analysis.

Table 5:Execution time on PC/device

Table 6:Comparison of time consumption with related schemes

Table 7:Comparison of energy consumption with related schemes

Tab.6 shows that the times required for Maurya et al.[20] scheme, Wei et al.[17] scheme,Park et al.[19] scheme, Shin et al.[24] scheme, Riaz et al.[23] scheme, and SUBBASe [3] were 43.4, 37.0,245.1, 21.9, 236.7,and 22.4 ms, respectively.The time required for the COBBAS scheme was 13.3 ms.The authentication time of the proposed scheme is much faster than that of the current schemes.Moreover, this comparison shows that the proposed scheme outperforms and provides a higher level of security, even with light computation.

5.4.2 Energy Analysis

The authentication process is completed by exchanging several messages among the entities involved in the network.During this process, energy is consumed by the sensor node.This section compares the energy consumption of the proposed scheme with related schemes.We measured the energy consumed by the proposed protocol and related schemes on the MICAz mote.The energy is calculated with the help of Eq.16.The energy consumed by each protocol for one node’s authentication is given in Tab.7.This table shows the energy consumed by SUBBASe [3],Wei et al.[17], Park et al.[19] Maurya et al.[20], Riaz et al.[23] and Shin et al.[24] schemes are 537.6, 888, 5882.4, 1041.6, 5680.8, and 525.6 J, respectively.The energy consumed by the proposed method was only 319.2 J, which shows that the proposed scheme is efficient compared to related schemes in terms of energy input.

6 Conclusions

In this study, we analyzed various studies related to authentication mechanisms in recent years.To overcome the flaws in previous schemes, we proposed an efficient authentication scheme,comprising only two phases using simple and lightweight computations.The COBBAS scheme protects WSNs from different types of attacks, and provides user anonymity along with biometric error recovery.The mutual authentication of the proposed scheme was proved using BAN logic.In addition, AVISPA analysis proved that the proposed scheme is safe from intruder-based interventions.Furthermore, an informal security analysis showed that COBBAS provides better security than previous schemes with reasonable resource utilization.Additionally, its computational cost and energy consumption are believed to be suitable for resource-constrained networks.Moreover,the proposed scheme is energy efficient, and provides a higher level of security than related proposed schemes.

Funding Statement:This project was funded by the National Research Foundation of Korea.Grant Number:2020R1A2C1012196.

Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.