An AODV Based Multifactor Authentication Scheme for Wireless Sensor Network

Wireless Sensor Network (WSN) is a type of wireless network that is fast getting a lot of attention in scientific and industrial applications, and it is a network of decentralized autonomous standalone sensor devices. However, WSN is easily prone to malicious attacks as anyone can access the server through the node without a proper security authentication. In this paper, we proposed a secure AODV based multi-factor authentication scheme for WSN to mitigate physical attack, offline guessing attack and replay attack. Our proposed scheme is preferred to keep the scheme lightweight while providing enough security that requires smart card, user identity, password, and OTP. Our proposed scheme has relatively lower computational cost with a total of 10Th than the other compared schemes except for Adil et al.’s scheme. However, we have around 8288 bits of authentication overhead due to the nature of packet and the addition of factors. Hence, our scheme is outperformed from computational cost perspective, but the scheme is slightly higher on authentication overhead perspective. In the future, multiple device authentication, implementation of biometric feature can be added to improve the scheme.

On the Security of Smartphone Unlock PINs

In this article, we provide the first comprehensive study of user-chosen four- and six-digit PINs ( n =1705}) collected on smartphones with participants being explicitly primed for device unlocking. We find that against a throttled attacker (with 10, 30, or 100 guesses, matching the smartphone unlock setting), using six-digit PINs instead of four-digit PINs provides little to no increase in security and surprisingly may even decrease security. We also study the effects of blocklists, where a set of “easy to guess” PINs is disallowed during selection. Two such blocklists are in use today by iOS, for four digits (274 PINs) as well as six digits (2,910 PINs). We extracted both blocklists and compared them with six other blocklists, three for each PIN length. In each case, we had a small (four-digit: 27 PINs; six-digit: 29 PINs), a large (four-digit: 2,740 PINs; six-digit: 291,000 PINs), and a placebo blocklist that always excluded the first-choice PIN. For four-digit PINs, we find that the relatively small blocklist in use today by iOS offers little to no benefit against a throttled guessing attack. Security gains are only observed when the blocklist is much larger. In the six-digit case, we were able to reach a similar security level with a smaller blocklist. As the user frustration increases with the blocklists size, developers should employ a blocklist that is as small as possible while ensuring the desired security.Based on our analysis, we recommend that for four-digit PINs a blocklist should contain the 1,000 most popular PINs to provide the best balance between usability and security and for six-digit PINs the 2,000 most popular PINs should be blocked.

Research on Lightweight Mutual Authentication for the Product Authorization Chain

With the development of the globalization economic integration in Internet of Things (IoT), it is very crucial to protect the wireless two-way authentication between users’ intelligent terminals and servers in the product authorization chain. In order to ensure that legitimate users connect to the wireless network correctly, a lightweight wireless mutual authentication scheme for the product authorization chain was proposed contrapose to the security defect of Kaul and Awasthi’s scheme, which easily suffered from offline password guessing attack. The improved scheme uses lightweight hash function and verifies the freshness of messages by using the send packet sequence number instead of timestamp, which can avoid strict clock synchronization between devices, and user passwords can be updated by themselves. Security analysis and cost and efficiency analysis show that the scheme presented in this paper has higher security, lower storage and communication costs, and lower computational complexity.

A Lightweight Three-Factor Authentication and Key Agreement Scheme for Multigateway WSNs in IoT

The Internet of Things (IoT) has built an information bridge between people and the objective world, wherein wireless sensor networks (WSNs) are an important driving force. For applications based on WSN, such as environment monitoring, smart healthcare, user legitimacy authentication, and data security, are always worth exploring. In recent years, many multifactor user authentication schemes for WSNs have been proposed using smart cards, passwords, as well as biometric features. Unfortunately, these schemes are revealed to various vulnerabilities (e.g., password guessing attack, impersonation attack, and replay attack) due to nonuniform security evaluation criteria. Wang et al. put forward 12 pieces of widely accepted evaluation criteria by investigating quantities of relevant literature. In this paper, we first propose a lightweight multifactor authentication protocol for multigateway WSNs using hash functions and XOR operations. Further, BAN logic and BPR model are employed to formally prove the correctness and security of the proposed scheme, and the informal analysis with Wang et al.’s criteria also indicates that it can resist well-known attacks. Finally, performance analysis of the compared schemes is given, and the evaluation results show that only the proposed scheme can satisfy all 12 evaluation criteria and keep efficient among these schemes.

Lightweight Cryptographic Algorithms for Guessing Attack Protection in Complex Internet of Things Applications

As the world keeps advancing, the need for automated interconnected devices has started to gain significance; to cater to the condition, a new concept Internet of Things (IoT) has been introduced that revolves around smart devicesʼ conception. These smart devices using IoT can communicate with each other through a network to attain particular objectives, i.e., automation and intelligent decision making. IoT has enabled the users to divide their household burden with machines as these complex machines look after the environment variables and control their behavior accordingly. As evident, these machines use sensors to collect vital information, which is then the complexity analyzed at a computational node that then smartly controls these devicesʼ operational behaviors. Deep learning-based guessing attack protection algorithms have been enhancing IoT security; however, it still has a critical challenge for the complex industries’ IoT networks. One of the crucial aspects of such systems is the need to have a significant training time for processing a large dataset from the networkʼs previous flow of data. Traditional deep learning approaches include decision trees, logistic regression, and support vector machines. However, it is essential to note that this convenience comes with a price that involves security vulnerabilities as IoT networks are prone to be interfered with by hackers who can access the sensor/communication data and later utilize it for malicious purposes. This paper presents the experimental study of cryptographic algorithms to classify the types of encryption algorithms into the asymmetric and asymmetric encryption algorithm. It presents a deep analysis of AES, DES, 3DES, RSA, and Blowfish based on timing complexity, size, encryption, and decryption performances. It has been assessed in terms of the guessing attack in real-time deep learning complex IoT applications. The assessment has been done using the simulation approach and it has been tested the speed of encryption and decryption of the selected encryption algorithms. For each encryption and decryption, the tests executed the same encryption using the same plaintext for five separate times, and the average time is compared. The key size used for each encryption algorithm is the maximum bytes the cipher can allow. To the comparison, the average time required to compute the algorithm by the three devices is used. For the experimental test, a set of plaintexts is used in the simulation—password-sized text and paragraph-sized text—that achieves target fair results compared to the existing algorithms in real-time deep learning networks for IoT applications.