用于工业传感器网络系统的可证明安全的认证密钥协议

IF 1.5 4区 计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING
Garima Thakur, Mohammad S. Obaidat, Piyush Sharma, Sunil Prajapat, Pankaj Kumar
{"title":"用于工业传感器网络系统的可证明安全的认证密钥协议","authors":"Garima Thakur,&nbsp;Mohammad S. Obaidat,&nbsp;Piyush Sharma,&nbsp;Sunil Prajapat,&nbsp;Pankaj Kumar","doi":"10.1002/cpe.8250","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>The convergence of reliable and self-organizing characteristics of Wireless Sensor Networks (WSNs) and the IoT has increased the utilization of WSN in different scenarios such as healthcare, industrial units, battlefield monitoring and so forth, yet has also led to significant security risks in their deployment. So, several researchers are developing efficient authentication frameworks with various security and privacy characteristics for WSNs. Subsequently, we review and examine a recently proposed robust key management protocol for an industrial sensor network system. However, their work is incompetent to proffer expedient security and is susceptible to several security attacks. We demonstrate their vulnerabilities against man-in-the-middle attacks, privileged insider attacks, secret key leakage attacks, user, gateway, and sensor node impersonation attacks, and offline password-guessing attacks. We further highlight the design flaw of no session key agreement in Itoo et al. Therefore to alleviate the existing security issues, we devise an improved key agreement and mutual authentication framework. Our protocol outperforms Itoo et al.'s drawbacks, as demonstrated by the comprehensive security proof performed using the real-or-random (ROR) model and the formal verification accomplished using the Automated Validation of Internet Security Protocols (AVISPA) tool.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"36 23","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2024-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A provably secure authenticated key agreement protocol for industrial sensor network system\",\"authors\":\"Garima Thakur,&nbsp;Mohammad S. Obaidat,&nbsp;Piyush Sharma,&nbsp;Sunil Prajapat,&nbsp;Pankaj Kumar\",\"doi\":\"10.1002/cpe.8250\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>\\n \\n <p>The convergence of reliable and self-organizing characteristics of Wireless Sensor Networks (WSNs) and the IoT has increased the utilization of WSN in different scenarios such as healthcare, industrial units, battlefield monitoring and so forth, yet has also led to significant security risks in their deployment. So, several researchers are developing efficient authentication frameworks with various security and privacy characteristics for WSNs. Subsequently, we review and examine a recently proposed robust key management protocol for an industrial sensor network system. However, their work is incompetent to proffer expedient security and is susceptible to several security attacks. We demonstrate their vulnerabilities against man-in-the-middle attacks, privileged insider attacks, secret key leakage attacks, user, gateway, and sensor node impersonation attacks, and offline password-guessing attacks. We further highlight the design flaw of no session key agreement in Itoo et al. Therefore to alleviate the existing security issues, we devise an improved key agreement and mutual authentication framework. Our protocol outperforms Itoo et al.'s drawbacks, as demonstrated by the comprehensive security proof performed using the real-or-random (ROR) model and the formal verification accomplished using the Automated Validation of Internet Security Protocols (AVISPA) tool.</p>\\n </div>\",\"PeriodicalId\":55214,\"journal\":{\"name\":\"Concurrency and Computation-Practice & Experience\",\"volume\":\"36 23\",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2024-08-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Concurrency and Computation-Practice & Experience\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/cpe.8250\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.8250","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

摘要

摘要 无线传感器网络(WSN)的可靠和自组织特性与物联网的融合提高了 WSN 在医疗保健、工业单位、战场监控等不同场景中的利用率,但也导致了其部署过程中的重大安全风险。因此,一些研究人员正在为 WSN 开发具有各种安全和隐私特性的高效身份验证框架。随后,我们回顾并研究了最近提出的工业传感器网络系统鲁棒密钥管理协议。然而,他们的工作无法提供便捷的安全性,而且容易受到多种安全攻击。我们展示了它们在中间人攻击、内部特权攻击、密钥泄露攻击、用户、网关和传感器节点冒充攻击以及离线密码猜测攻击方面的漏洞。因此,为了缓解现有的安全问题,我们设计了一个改进的密钥协议和相互验证框架。我们的协议优于 Itoo 等人的缺点,使用实数或随机(ROR)模型进行的全面安全证明和使用互联网安全协议自动验证(AVISPA)工具完成的正式验证都证明了这一点。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
A provably secure authenticated key agreement protocol for industrial sensor network system

The convergence of reliable and self-organizing characteristics of Wireless Sensor Networks (WSNs) and the IoT has increased the utilization of WSN in different scenarios such as healthcare, industrial units, battlefield monitoring and so forth, yet has also led to significant security risks in their deployment. So, several researchers are developing efficient authentication frameworks with various security and privacy characteristics for WSNs. Subsequently, we review and examine a recently proposed robust key management protocol for an industrial sensor network system. However, their work is incompetent to proffer expedient security and is susceptible to several security attacks. We demonstrate their vulnerabilities against man-in-the-middle attacks, privileged insider attacks, secret key leakage attacks, user, gateway, and sensor node impersonation attacks, and offline password-guessing attacks. We further highlight the design flaw of no session key agreement in Itoo et al. Therefore to alleviate the existing security issues, we devise an improved key agreement and mutual authentication framework. Our protocol outperforms Itoo et al.'s drawbacks, as demonstrated by the comprehensive security proof performed using the real-or-random (ROR) model and the formal verification accomplished using the Automated Validation of Internet Security Protocols (AVISPA) tool.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Concurrency and Computation-Practice & Experience
Concurrency and Computation-Practice & Experience 工程技术-计算机:理论方法
CiteScore
5.00
自引率
10.00%
发文量
664
审稿时长
9.6 months
期刊介绍: Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of: Parallel and distributed computing; High-performance computing; Computational and data science; Artificial intelligence and machine learning; Big data applications, algorithms, and systems; Network science; Ontologies and semantics; Security and privacy; Cloud/edge/fog computing; Green computing; and Quantum computing.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信