PSAP-WSN:A Provably Secure Authentication Protocol for 5G-Based Wireless Sensor Networks

Xuanang Li,Shuangshuang Liu,Saru Kumari and Chien-Ming Chen,★

1Shandong University of Science and Technology,Qingdao,266590,China

2Department of Mathematics,Chaudhary Charan Singh University,Meerut,250004,India

★Corresponding Author:Chien-Ming Chen.Email:chienmingchen@ieee.org

ABSTRACT Nowadays, the widespread application of 5G has promoted rapid development in different areas, particularly in the Internet of Things (IoT), where 5G provides the advantages of higher data transfer rate, lower latency,and widespread connections.Wireless sensor networks (WSNs), which comprise various sensors, are crucial components of IoT.The main functions of WSN include providing users with real-time monitoring information,deploying regional information collection, and synchronizing with the Internet.Security in WSNs is becoming increasingly essential because of the across-the-board nature of wireless technology in many fields.Recently,Yu et al.proposed a user authentication protocol for WSN.However,their design is vulnerable to sensor capture and temporary information disclosure attacks.Thus,in this study,an improved protocol called PSAP-WSN is proposed.The security of PSAP-WSN is demonstrated by employing the ROR model,BAN logic,and ProVerif tool for the analysis.The experimental evaluation shows that our design is more efficient and suitable for WSN environments.

KEYWORDS 5G;wireless sensor networks;IoT;authentication protocol

1 Introduction

Historically,communication modes have evolved constantly,progressing through flying pigeons,post stations, wireless telegrams, fixed telephones, and mobile phones.Currently, most countries enjoy excellent Internet communication.Humans can control objects around them,as well as distant objects.Consequently,the Internet of Things(IoT)[1–3]emerged.In 1990,the world’s first IoT device,Xerox’s vending machine,appeared.In 1999,Professor Kevin Ashton of the Massachusetts Institute of Technology first proposed the definition of the IoT[4].IoT now controls distant things from theory to practice.However,the slow transmission speed of information in the IoT,high latency,and limited support for connected devices are significant problems.5G has emerged to solve these problems[5,6],providing higher data transfer rates, lower latency, and more connections to facilitate the efficient application of IoT worldwide[7].Currently,IoT has been deployed in various applications[8–10].

In the last two or three decades, people’s lives have continuously improved with the vigorous development of the Internet.Expectations for quality of life have generally increased.However,traditional electronic devices cannot meet the growing needs of people.With the rapid development of IoT,sensors joined IoT to form wireless sensor networks(WSNs)[11–13],meeting people’s needs for work, production, study, entertainment, and other aspects.Sensors are ubiquitous in everyday life.As shown in Fig.1,different types of sensors are deployed in homes,hospitals,schools,and other environments.In hospitals,patients are equipped with sensors to self-monitor physiological indicators,and doctors can remotely analyze these data to provide timely medical services to patients.Sensors are placed in schools or homes to collect temperature,carbon monoxide,or pyroelectric data.

Figure 1:Wireless sensor network environment

Although WSNs make people’s lives more efficient and convenient, they also create security problems [14–16].For example, in 2016, a massive network outage in the eastern United States was caused by hackers who exploited vulnerabilities in communication protocols through a distributed denial-of-service attack [17,18].Therefore, security is a significant problem that must be solved in WSNs[19,20].In a typical WSN,two vital security issues must be carefully considered.First,because all sensing data are transmitted through a public channel, the data must be encrypted.Second, all members in a WSN should authenticate each other before sending data[21,22].Many authentication protocols have been proposed to overcome these two security issues[23–25].

Recently, Yu et al.[26] proposed an authentication protocol called SLUA-WSN, declaring that it is secure against various attacks.Nevertheless, their design remains insecure against temporary information disclosure and sensor capture attacks[26].To address these vulnerabilities,in this study,a novel authentication protocol,called PSAP-WSN,is proposed.To demonstrate that PSAP-WSN is secure and addresses the vulnerability issues,the ROR model,BAN logic,and ProVerif tools,which are three effective methods for proving the security of an authentication protocol,were employed.In addition, a performance evaluation was conducted to demonstrate that PSAP-WSN is suitable for WSN environments.

The remainder of this paper is organized as follows.In Sections 2 and 3,related work and Yu et al.’s protocol are described,respectively.In Section 4,it is demonstrated that Yu et al.’s protocol is insecure.In Section 5, new solutions are proposed.In Sections 6 and 7, a security analysis and performance evaluation are provided,respectively.

2 Related Work

5G requires powerful security and privacy solutions because it connects all aspects of a communication network.Various security mechanisms have been proposed for 5G applications.In 2019,Lu et al.[27] recognized the crucial challenges of security and privacy in 5G vehicle-to-everything.In 2020, Liu et al.[28] proposed a federated learning framework to make 5G environments secure.In 2021,Afaq et al.[29]recognized essential security issues in 5G networks.Then,Yahaya et al.[30]proposed a privacy handover scheme for SDN-based 5G networks.In 2022,Yahaya et al.[30]provided an energy trading model for a 5G-deployed smart community based on blockchain technology.

Various authentication protocols have been proposed for WSNs.In 2015, Chang et al.[31]proposed an authentication protocol for protecting user privacy.However,some parameters of their protocols are not protected.Anonymity and backward confidentiality attacks may occur when users lose their smart cards.In 2017, Lu et al.[32] presented a three-factor authentication protocol with anonymity.In 2019,Mo et al.[33]analyzed Lu et al.’s protocol and concluded that it did not provide three-factor security.Therefore,an improved protocol was proposed.In 2020,Yu et al.[26]indicated that their protocol[33]was insecure against camouflage and session key exposure attacks.In addition,this protocol [33] does not provide anonymity.In 2020, Almuhaideb et al.[34] analyzed Yu et al.’s protocol and noted loopholes.Security problems occur if an adversary obtains both random numbers and sensitive information stored in a smart card.However,we believe that this attack is not reasonable because an adversary should simultaneously obtain two types of secret information.

3 Revisit SLUA-WSN

Here, Yu et al.’s design, which consists of sensor registration, user registration, and login and authentication phases,is revisited.The symbols and notations used are listed in Table 1.

Table 1: Notation definitions in SLUA-WSN

Table 1 (continued)Notations Definitions h(·) One-way hash function

3.1 Sensor Registration Phase

Assuming that a sensorSjdesires to enter a WSN,Sjmust register with the gatewayGWNfirst.GWNselects identitySIDjforSjand calculatesXj=h(SIDj||KGWN).Subsequently,GWNtransmits{SIDj,Xj}toSj.

3.2 User Registration Phase

1.Uienters hisIDi,PWiandBIOiand then calculatesGen(BIOi)=(Ri,Pi)andMPWi=h(PWi||Ri),whereGenis a fuzzy extractor operation andUitransmits{IDi,MPWi}toGWN.

2.GWNgeneratesRgand calculatesMIDi=h(IDi||h(KGWN||Rg)),Xi=h(MIDi||Rg||KGWN),Qi=h(MIDi||MPWi)⊕XiandWi=h(MPWi||Xi).GWNdepositsRgin its own database and further issues a smart card storing{MIDi,Qi,Wi}toUi.

3.3 Login and Authentication Phase

4 Attacks on the SLUA-WSN Protocol

This section analyzes the SLUA-WSN protocol [26].The adversary model utilized in this study is presented,demonstrating that SLUA-WSN is insecure against sensor node capture and temporary information leakage attacks.

4.1 Adversary Model

The Dolev-Yao(DY)model[35]is a widely used and reasonable adversary model for analyzing authentication protocols[36].Under the DY model,the protocol can be thoroughly and reasonably cryptanalyzed.Therefore,the DY model was used as the adversary model withAutilized to denote an attacker;the detailed attack capability is described below:

1.Acan intercept/modify/delete messages submitted via a public channel.

2.Acan steal temporary variables used in the process of an authentication protocol.

3.Acan crack parameters stored in a smart card[37],implying that,once the user’s smart card is stolen,sensitive parameters in this smart card will also be compromised byA.

4.Acan capture the sensor and obtain the information stored in it.

4.2 Sensor Node Capture Attack

According to the DY model, after capturing a sensor,Acan capture the sensitive parameters stored therein.Various authentication protocols have considered this attack[38–41].

Assume thatAcaptures a sensorSj,and thenAperforms the following steps:

1.Aobtains{SIDj,Xj}stored inSj.

2.Aintercepts{M1,M2,M4,MIDi,CIDi,MGS,MUG,T1,T2,T4}via a public channel.

3.Aobtains(Ru||Rg)by computingM2⊕h(SIDj||Xj||T2).

4.WithRuandM1,Acan haveXi.

5.Now,Awill haveRsby computingM4⊕h(MIDi||Xi||T4).

6.Eventually,Acan haveSKbecauseSK=h(Ru||Rs).

Evidently,the SLUA-WSN protocol[26]cannot effectively resist sensor node capture attacks.

4.3 Temporary Information Leakage Attack

As mentioned in the adversary model,Asteals temporary variables during the authentication process.Various authentication protocols have considered this attack[41–43].

Suppose thatAobtains{Ru},which is a temporary variable in this protocol.The following steps are then performed:

1.Aintercepts{M1,M4,MIDi,T4}via a public channel.

2.AobtainsXiby computingRu⊕M1.

3.Aobtains||Rs||Rg)by computingM4⊕h(MIDi||Xi||T4).

4.Eventually,AobtainsSKbecauseSK=h(Ru||Rs).

5 PSAP-WSN

This section describes,in detail,the proposed PSAP-WSN,which consists of the pre-processing,user registration, login, and authentication phases.The symbols used in PSAP-WSN are listed in Table 2.

Table 2: Notations used in PSAP-WSN

5.1 Pre-Processing Phase

GWNhas to prepare some parameters for the sensors before they are deployed.This phase does not significantly differ from the SLUA-WSN protocol[26].Fig.2 illustrates this process.The detailed steps are as follows:

(1)GWNchooses the uniqueSUIDjforSjand uses its own keyKGto calculateUAj=h(SUIDj||KG).Then,GWNsubmits{SUIDj,UAj}toSj.

(2)Sjstores them in its local memory.

Figure 2:Pre-processing phase

5.2 User Registration Phase

All users need to register withGWNbefore entering the network.Assume thatUidesires to join this network; then, the user registration phase is initiated.In Fig.3, the procedure followed in this phase is displayed.The detailed steps are as follows.Note that this phase is executed through a secure channel.

1.UiinputsUIDi,UPWiandUBIOiand computesGen(UBIOi)=〈URi,UPi〉.Uithen calculatesMUPWi=h(UPWi||URi)and encryptsMUPWiwithGWN’s public keyPU.Thereafter,Uisends{URi,UIDi,S}toGWN.

2.GWNobtainsMUPWiby decryptingSwith his private keyPR.Further,GWNgeneratesRnand calculatesMUIDi=h(h(KG||Rn)||UIDi),UAi=h(KG||Rn||MUIDi),UBi=UAi⊕h(MUIDi||MUPWi), andUCi=h(MUPWi||UAi).GWNissues a smart card toUi, which storesUBi,UCi,andMUIDi.GWNalso storesRn,URiandSin its database.

Figure 3:User registration phase

5.3 Login and Authentication Phase

This phase is performed when the user is expected to connect to a specific sensor.Fig.4 illustrates this process.Suppose thatUiwishes to connect toSj;the following steps are then executed:

Figure 4:Login and authentication phase

6 Security Analysis

This section demonstrates that PSAP-WSN is provably secure against different attacks, using BAN logic,ROR model,and ProVerif tool.

6.1 BAN Logic

Ban Logic Rules

6.1.1 Idealizing Communication

Msg1U→G:{M1,MUIDi,CUIDi,KUG,T1}.

Msg2G→S:{M2,MUIDi,KGS,T2}.

Msg3S→G:{N,KSG,KSU,T3}.

Msg4G→U:{MKU,M4,KSU,KGU,T4}.

Initial state assumptions

Detailed steps

WithMsg1and using the seeing rule,we obtain

S1:G◁{〈Ru〉UAi,〈MUIDi,CUIDi,KUG,T1〉}

Using S1,R1,and A2,we obtain

S2:G|≡U|～(Ru)

Using S2,under the assumption of A3 and nonce verification postulate R2,S3 can be obtained.

S3:G|≡U|≡(Ru)

With A4,R3,and S3,we obtain

S4:G|≡(Ru)

Similarly,we obtain

S5:G|≡(Rs)

BecauseSK=h(Ru||Rs),using S4 and S5,we obtain

S6:G|≡U2).With A3,A5,and R4,we obtain

S7:G|≡U|≡U4).In addition,usingMsg4,we obtain

S8:U◁{〈Rs〉UAi,MKU,KSU,M4,T4}.By using A1,and R1 we obtain

S9:U|≡G|～(Rs)

With S9,A6,and R2,we obtain

S10:U|≡G|≡(Rs)

Using A7,S9,and R3,we obtain

S11:U|≡(Rs).thus,

S12:U|≡(Ru).

BecauseSK=h(Ru||Rs),using S11 and S12,we obtain

S13:U|≡U1)

With S13,A6,and R4,we obtain

S14:U|≡G|≡U3).

By considering the messageMsg2,we obtain

S15:S◁{〈Ru,Rs〉UAj,MUIDi,KGS}

Using S15,R1,and A8,we obtain

S16:S|≡G|～(Ru,Rs)

Using S16, under the assumption of A10 and the nonce verification postulate R2, S17 can be obtained.

S17:S|≡G|≡(Ru,Rs)

Using A11,R3,and S17,we obtain

S18:S|≡(Ru,Rs)

BecauseSK=h(Ru||Rs),using S18,we obtain

S19:S|≡G5)

Using S19,A10,and R4,we obtain

S20:S|≡G|≡S7).

By considering messageMsg3,we obtain

S21:G◁{〈Ru,Rs〉SUIDj,KGU}

Using S21,R1,and A9,we obtain

S22:G|≡S|～(Ru,Rs)

Using S22, under the assumption of A3, A5, and nonce verification postulate R2, S23 can be obtained.

S23:G|≡U|≡(Ru,Rs)

Using A4,R3,and S2,we obtain

S24:G|≡(Ru,Rs)

BecauseSK=h(Ru||Rs),using S24,we obtain

S25:G|≡S6)

Using S25,A3,A5,and R4,we obtain

S26:S|≡G|≡S8).

6.2 ROR Model

The well-known real-or-random(ROR)model[44]was used to demonstrate that PSAP-WSN is provably secure.The ROR model has been widely used in numerous studies.The PSAP-WSN has three entities:Ui,GWN,andSj.In the proof,we defineR=where,anddenote thex-th Ui,y-th GWN,andz-th Sj,respectively.In addition,Aas an attacker can perform the following operations:

Execute(R):WithExecute(R),Acan obtain messages transmitted byUi,GWN,andSjthrough a public channel.

Send(R,M):Acan receive or send messages transmitted between entities viaSend(R,M).

Reveal(R): By performingReveal(R),Acan access the session key generated between various entities.

Hash(String):UsingHash(String),Acan calculate the hash value of a fixed string.

Test(O): During the execution of the game, it is necessary to flip coinCto determine the probability thatAcan obtainSK.IfCequals 1, the correct painting key is obtained; if it equals 0,a string with the same length as the painting key is obtained.

Theorem 1: Usingas the main function forAtheSKbetween the communicators is obtained.qhandqsrepresent the number ofHashandSendqueries,respectively,andHandBrepresent the range that can be accommodated by the hash function and the space size of the user password dictionary.The advantage of using a function to crackSKis that≤|H|+2qs/|B|.

Security proof

Subsequently,we obtain

≤|H|+2qs/|B|.Therefore,it is proven that Theorem 1 is valid.

6.3 ProVerif

To further verify the security of the proposed PSAP-WSN,a well-known verification tool called ProVerif [45,46] was used.In this simulation, we definechas a public channel andschas a secure channel.SKiandSKjrepresent the session keys established by the user and the sensor node,respectively.In addition,PRandKGrepresent the gateway’s private and master keys,respectively.The simulation contained five events: UserStarted(), UserAuthed(), GatewayAcUser(), SjAcGateway(),and UserAcSj().The defined parameters and function codes are presented in detail in Fig.5.

Figure 5:Definition,queries,and events in the ProVerif tool

The results for ProVerif are shown in Fig.6.We can see “Result not attacker (ski []) is true,”“RESULT not attacker(SKj[])is true,”“RESULT inj-event(UserAuthed)==＞inj-event(UserStarted)is true,”“RESULT inj-event(GatewayAcSj)==＞inj-event(GatewayAcUser)is true,”“RESULT injevent(Sj-“AcGateway) ==＞inj-event(GatewayAcSj) is true,” and “RESULT inj-event(UserAcSj)==＞inj-event(SjAcGateway)is true.”The results show that PSAP-WSN can pass the Proverif tool.

Figure 6:Operation results

6.4 Security Requirement Analysis

Next,it is demonstrated that PSAP-WSN is secure against the following attacks.

6.4.1 Sensor Node Capture Attack

Because a sensor node is unattended,it is easily obtained byAto analyze the internal parameters.AssumeAobtainsSUIDjandUAjafter capturingSj.However,to obtainSK,Amust knowRuandRssimultaneously.Rucan be obtained through(Ru||Rg)=h(SUIDj||UAi||T2)⊕M2,whereT2andM2are submitted via a public channel.Unfortunately,Rsis a temporary random number;therefore,the PSAP-WSN can resist this attack.

6.4.2 Temporary Information Disclosure Attack

This attack assumes thatAcan obtain a random number in PSAP-WSN ifRuis leaked,butUAiandUIDiare not obtained.OnlyUIDi⊕UAican be acquired,but other operations cannot be further performed.IfRgis leaked,but other parameters have not been analyzed,Acannot carry out the next operation.Thus,the PSAP-WSN can resist this type of attack.

6.4.3 Impersonation Attack

Acan impersonate a user to send messages toGWN, butAcannot generate a request messageM1,MUIDi,CUIDi,KUG.This is becauseAcannot obtain the user identity, biometrics, and random numbers;thus,PSAP-WSN can resist this attack.

6.4.4 Replay Attack

SupposeAperforms a replay attack.However, whenAattempts to send a requestM1,MUIDi,CUIDi,KUG,T1,GWNverifies the freshness of the timestampT1.Simultaneously, PSAP-WSN usesUAi,Ru,andUIDito hashT1.For these reasons,it is concluded that PSAP-WSN can resist this attack.

6.4.5 Anonymity and Untraceability

In our design, neitherUIDiis transferred, nor are there any devices to storeUIDi.In addition,one-way hash function processing is performed for the places whereUIDiis required; therefore,Acannot analyzeUIDiin various ways.The user parametersMUIDi,UBi,UCiare updated after each authentication round.Acannot use the current information to infer previously transmitted information and cannot track the user; therefore, the proposed protocol can ensure anonymity and untraceability.

6.5 Security Comparisons

The proposed PSAP-WSN was compared with similar protocols.The primary attacks included A1:sensor node capture attack;A2:privileged insider attack;A3:temporary information disclosure attack; A4: impersonation attack; A5: replay attack; and A6: anonymity and untraceability attacks.The results in Table 3 confirm that PSAP-WSN provides sufficient security advantages compared with other protocols.

7 Performance Evaluation

This section evaluates the performance by experimentally calculating the computation and communication overhead.

7.1 Computation Comparisons

The three different types of devices used in the comparisons included the OPPO-R9 mobile phone,MI10-UTAR mobile phone,and ASUS-A456U notebook to represent the user,gateway,and sensor,respectively.The running times of the different functions for each device are listed in Table 4.In our experiment,the running times of symmetric encryption and asymmetric encryption were almost the same.In the experiment mentioned in[47],the running time ofTR(rep operation)is nearly equal toTm.Therefore,this setting was adopted in our experiment.

Table 4: Running time on different devices

The experimental results are presented in Table 5.As shown in the Table 5,the running times of the user,gateway,and sensor node were 15.055,0.0825,and 0.11 ms,respectively.Although the running time of our design was not always optimal, the overall ranking was relatively high.In addition, the difference was also quite small.Most importantly,these protocols have better running times and are vulnerable to attacks.The results are illustrated in Fig.7.

Table 5: Computational cost of the proposed protocol

Figure 7:Running time

7.2 Communication Comparisons

Here, to discuss the communication overhead, the proposed protocol is compared with other related protocols.In the experiment, the settings in [26] were adopted, thereby assuming that the prime number, random nonce, identity, timestamp, and hash function are 160, 128, 32,32, and 160 bits, respectively.The information exchanged in our proposed protocol includes,M1,MUIDi,CUIDi,KUG,T1,M2,MUIDi,MGS,T2,N,KSG,KSU,T3,andMKU,M4,KSU,KGU,T4,respectively, denoted by (160+160+160+160+32=672 bits), (160+160+160+32=672 bits), (128+160+160+32=480 bits), (160+160+160+32=672 bits).Table 6 lists the overhead for each protocol.It is observed that our design is not the best in terms of communication overhead, but the differences are not significant.However,the proposed method provides better security than these other protocols.

Table 6: Communication overhead comparison

8 Conclusions

In this paper,first,Yu et al.’s protocol was reviewed and cryptanalyzed,thereby determining that it is vulnerable to sensor node capture attacks and temporary information disclosure attacks.Therefore,the PSAP-WSN protocol was proposed.Subsequently,PSAP-WSN was demonstrated to be provably secure,using BAN logic,the ROR model,and the Proverif tool.In addition,an adversarial attack was simulated against the proposed PSAP-WSN.The performance evaluation indicates that the PSAPWSN has reasonable communication and computation overhead and is suitable for WSNs.

Funding Statement:The authors received no specific funding for this study.

Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.