Santanu Chatterjee

A dynamic password-based user authentication scheme for hierarchical wireless sensor networks

Most queries in wireless sensor network (WSN) applications are issued at the point of the base station or gateway node of the network. However, for critical applications of WSNs there is a great need to access the real-time data inside the WSN from the nodes, because the real-time data may no longer be accessed through the base station only. So, the real-time data can be given access directly to the external users (parties) those who are authorized to access data as and when they demand. The user authentication plays a vital role for this purpose. In this paper, we propose a new password-based user authentication scheme in hierarchical wireless sensor networks. Our proposed scheme achieves better security and efficiency as compared to those for other existing password-based approaches. In addition, our scheme has merit to change dynamically the users password locally without the help of the base station or gateway node. Furthermore, our scheme supports dynamic nodes addition after the initial deployment of nodes in the existing sensor network.

An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks

For critical applications, real-time data access is essential from the nodes inside a wireless sensor network WSN. Only the authorized users with unique access privilege should access the specific, but not all, sensing information gathered by the cluster heads in a hierarchical WSNs. Access rights for the correct information and resources for different services from the cluster heads to the genuine users can be provided with the help of efficient user access control mechanisms. In this paper, we propose a new user access control scheme with attribute-based encryption using elliptic curve cryptography in hierarchical WSNs. In attribute-based encryption, the ciphertexts are labeled with sets of attributes and secret keys of the users that are associated with their own access structures. The authorized users with the relevant set of attributes can able to decrypt the encrypted message coming from the cluster heads. Our scheme provides high security. Moreover, our scheme is efficient as compared with those for other existing user access control schemes. Through both the formal and informal security analysis, we show that our scheme has the ability to tolerate different known attacks required for a user access control designed for WSNs. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted automated validation of Internet security protocols and applications tool. The simulation results demonstrate that our scheme is secure. Copyright

Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment

Multi-server environment is the most common scenario for a large number of enterprise class applications. In this environment, user registration at each server is not recommended. Using multi-server authentication architecture, user can manage authentication to various servers using single identity and password. We introduce a new authentication scheme for multi-server environments using Chebyshev chaotic map. In our scheme, we use the Chebyshev chaotic map and biometric verification along with password verification for authorization and access to various application servers. The proposed scheme is light-weight compared to other related schemes. We only use the Chebyshev chaotic map, cryptographic hash function and symmetric key encryption-decryption in the proposed scheme. Our scheme provides strong authentication, and also supports biometrics & password change phase by a legitimate user at any time locally, and dynamic server addition phase. We perform the formal security verification using the broadly-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to show that the presented scheme is secure. In addition, we use the formal security analysis using the Burrows-Abadi-Needham (BAN) logic along with random oracle models and prove that our scheme is secure against different known attacks. High security and significantly low computation and communication costs make our scheme is very suitable for multi-server environments as compared to other existing related schemes.

A NOVEL EFFICIENT ACCESS CONTROL SCHEME FOR LARGE-SCALE DISTRIBUTED WIRELESS SENSOR NETWORKS

In a wireless sensor network, we often require the deployment of new nodes to extend the lifetime of the network because some sensor nodes may be lost due to power exhaustion problem or they may be...

Formal Security Verification of a Dynamic Password-Based User Authentication Scheme for Hierarchical Wireless Sensor Networks

In 2012, Das et al. proposed a new password-based user authentication scheme in hierarchical wireless sensor networks [Journal of Network and Computer Applications 35(5) (2012) 1646-1656]. The proposed scheme achieves better security and efficiency as compared to those for other existing password-based user authentication schemes proposed in the literature. This scheme supports to change dynamically the user’s password locally at any time without contacting the base station or gateway node. This scheme also supports dynamic node addition after the initial deployment of nodes in the existing sensor network. In this paper, we simulate this proposed scheme for formal security verification using the widely-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. AVISPA tool ensures that whether a protocol is insecure against possible passive and active attacks, including the replay and man-in-the-middle attacks. Using the AVISPA model checkers, we show that Das et al.’s scheme is secure against possible passive and active attacks.

Cryptanalysis and enhancement of a distributed fine-grained access control in wireless sensor networks.

Fine-grained access control is used to assign unique access privilege to a particular user for accessing the relevant information. Recently, Yu et al. and Ruj et al. proposed a couple of fine grained access control schemes using public key cryptography. These schemes exploit and maneuver the concept of KP-ABE and a cryptographic technique based on bilinear pairing on elliptive curve groups. In this paper, we first show that though these schemes are efficient, but both schemes suffer from some fatal weakness such as vulnerability against an insider attack, specifically key abuse attacks by the genuine users. Therefore, a user with lower access privilege can access the secret data sent for a user of higher access privilege. This contradicts the basic objective of fine grained access control. Also, information sent for a particular user can be revealed to an adversary. In order to remedy that weakness, we propose some simple countermeasures to prevent key-abuse insider attack while the merits of existing fine grained access control scheme are left unchanged. Further, our scheme is unconditionally secure against various attacks such as man-in-the-middle attack, replay attack and denial of service attack. While providing these extra security features, our scheme incurs no such extra communication, computation or storage overhead as compared to the existing schemes.

On the Design of Provably Secure Lightweight Remote User Authentication Scheme for Mobile Cloud Computing Services

Secure and efficient lightweight user authentication protocol for mobile cloud computing becomes a paramount concern due to the data sharing using Internet among the end users and mobile devices. Mutual authentication of a mobile user and cloud service provider is necessary for accessing of any cloud services. However, resource constraint nature of mobile devices makes this task more challenging. In this paper, we propose a new secure and lightweight mobile user authentication scheme for mobile cloud computing, based on cryptographic hash, bitwise XOR, and fuzzy extractor functions. Through informal security analysis and rigorous formal security analysis using random oracle model, it has been demonstrated that the proposed scheme is secure against possible well-known passive and active attacks and also provides user anonymity. Moreover, we provide formal security verification through ProVerif 1.93 simulation for the proposed scheme. Also, we have done authentication proof of our proposed scheme using the Burrows-Abadi-Needham logic. Since the proposed scheme does not exploit any resource constrained cryptosystem, it has the lowest computation cost in compare to existing related schemes. Furthermore, the proposed scheme does not involve registration center in the authentication process, for which it is having lowest communication cost compared with existing related schemes.

An efficient fine grained access control scheme based on attributes for enterprise class applications

Fine-grained access control is used to assign unique access privilege to a particular user for accessing any particular enterprise class application for which he/she is authorized. The existing mechanisms for restricting access of users to resources are mostly static and not fine grained. Those are not well-suited for the enterprise class applications where information access is dynamic and ad-hoc in nature. As a result, we need to design an effective fine grained access as well as authorization control scheme to control access to objects by evaluating rules against the set of attributes given both for the users and application objects. In this paper, we propose a new fine grained access and authorization control scheme based on attributes which is suitable for large enterprise class applications. The strengths of our proposed scheme based on attributes are that it provides fine grained access control with its authorization architecture and policy formulation based on attribute based access tree. In comparison with the role based access control (RBAC) approach, in this scenario there is no need to explicitly define any roles. Here, based on user access tree any user can get access to any particular application with full granularity.

On the Design of Fine Grained Access Control With User Authentication Scheme for Telecare Medicine Information Systems

A telecare medicine information system (TMIS) for health-care delivery service requires information exchange among multiple IT systems, where different types of users with different access privileges are involved. In TMIS, users generally communicate via public channels. Hence, authentication is essential to provide access to the genuine users. However, access rights for the correct information and resources for different services to the genuine users can be provided with the help of efficient user access control mechanism. The existing user authentication protocols designed for TMIS only provide authentication, but for this kind of application, it is required that the authorized users should also have unique access privilege to access specific data. This paper puts forwards a new fine grained access control with user authentication scheme for TMIS. We present the formal security analysis using both the widely accepted real-or-random model and Burrows-Abadi–Needham logic. The proposed scheme supports user anonymity, forward secrecy, and efficient password change without contacting the remote server. In addition, the proposed scheme is comparable with respect to communication and computation costs as compared with other related schemes proposed in TMIS. Moreover, better tradeoff among security and functionality features, and communication and computation costs makes the proposed scheme suitable and practical for telecare medicine environments as compared with other existing related schemes.

A survey on user access control in wireless sensor networks with formal security verification

User access control provides the permission to impose different access privileges for different types of authenticated users for accessing the sensing information directly from the sensor nodes inside a wireless sensor network (WSN). Until now, there have been ample number of user access control schemes proposed in the literature, and each scheme has its own merits and demerits. In this paper, we identify all the functionality features and security requirements, which must be satisfied for an ideal user access control scheme. We present and discuss the recently proposed important user access control schemes available so far in the literature. We critically analyse the energy, communication, computational overheads requirement, functionality and security analysis of the existing schemes. Further, we perform the formal security analysis of existing schemes using the widely-accepted automated validation of internet security protocols and applications (AVISPA) tool. All the existing schemes have some limitations. Hence, we feel that there is a strong need to design an ideal efficient user access control scheme in future, which should meet all the security requirements and achieve all the functionality features.