| In1999, the importance of securing MANETs including their special security needsand challenges were discussed for the first time. This groundbreaking paper triggeredan explosion of research in MANET security. Due to the large number of publishedpapers, we organize the security review in terms of utilized cryptographic primitivesrather than chronologically.The limitations of symmetric key solutions caused by the key distribution problemin MANETs triggered the research on public key solutions. The first papers on publickey solutions focused on the implementation of an on-line CA that issues anddistributes public key certificates within the network in a self-organized manner. Laterthe power and tasks of a CA are distributed to several network nodes using a (k;n)-threshold scheme.Due to their efficient key management and other desirable properties, IBC schemeshave been recently considered for securing MANETs. Those solutions both use aninternal key generation center (KGC). The KGC is emulated using a (k; n)-thresholdscheme, as has been previously proposed for internal CAs in PKIs.In the ID-PKC based scheme, user's public key is derived directly from certainaspects of his identity such as email address which is assumed to be publicly known.A private key is generated by a trusted third party named Private Key Generator(PKG). However, a new inherent problem is brought by this approach, namely the"key escrow" problem since the private key of user is known to the PKG. In order tosolve the key management problem in public key cryptography and "key escrow"problem in identity-based cryptography schemes, certificateless signature scheme isproposed.Group key agreement protocol. Authenticated group key agreement protocolsenable a set of users communicating over an insecure, open network to establish ashared secret called session key and furthermore to be guaranteed that they are indeedsharing this session key with each other (i.e., with their intended partners). Thesession key may be subsequently used to achieve some cryptographic goals such asconfidentiality or data integrity. Authenticated GKA protocols allow two or more users to agree upon session key even in the presence of active adversaries. Theseprotocols are designed to deal with the problem to ensure users in the group settingthat no other principals aside from members of the group can learn any knowledgeabout the session key. Hence, authenticated GKA protocols can provide a naturalsecure mechanism for achieving secure multicasting communication in numerousgroup oriented scenarios such as video conferencing, secure replicated database,collaborative applications and distributed computations. In this paper, we point outthat Zhang et al.'s password-based group key agreement protocol is not authenticatedand easy to be forged or modified. And we give a method that the insider attacker canforce all group members.Authentication Scheme. Since the sensor network may operate in a hostileenvironment such as a military battlefield, security is critical. Access control is anindispensable cryptographic primitive upon which other security primitives are built.A WSN should be smart enough to distinguish legitimate users from illegitimate users,resulting in the problem of user authentication. Benenson et al. first sketched thesecurity issues of user authentication in WSN and introduced the notion ofn-authentication. Later on, a large number of authentication schemes have beenproposed. Recently, Das proposed a two-factor user authentication scheme in WSNs.More recently, Nyang and Lee pointed out that the protocol of Das is vulnerable tooffline password guessing attack, sensor node compromising attack, and does notprotect query response messages by establishing a unique secure channel from sensornode to a user, which is an important way of serving a registered user in a secure andlegitimate way. Consequently, Nyang and Lee proposed their improved two-factorauthentication protocol for WSNs, which attempts to overcome their identifieddiscrepancies in the Das scheme. However, in2010, Khan et al. identify that theDas-scheme is still not secure and vulnerable to several critical security attacks. Inaddition to the problems identified by Nyang and Lee, Khan et al. show that theDas-scheme is defenseless against GW-node by-passing attack, does not providemutual authentication between GW-node and sensor nodes, has the security threat ofinsider attack, and does not have provision for changing or updating passwords ofregistered users. To fix the aforementioned weaknesses of the Das-scheme, theypropose security improvements in their paper. But in this paper, we show that theDas's scheme is not secure against off-line password guessing attack under theassumption that the adversary can obtain the secret information stored in the smartcard. And this assumption is useful to attack the schemes of Nyang and Khan. To overcome the inherent security weakness, we propose an improvement scheme andcompare our scheme with the schemes of Das, Nyang and Khan.Thire-party password-based authentication key exchange. Wireless network hasbrought convenience to people. However, the communication channel could beeavesdropped and the message transmitted could be modified. Impersonation attackscould be mounted in the open environment. Bellovin and Merritt developed atwo-party password-based authentication key exchange (2PAKE) protocol in whichparty authentication and key exchange techniques always are adopted. Two parties incommunication share a password, authenticate each other and obtain a commonephemeral session key. Since then, many2PAKE protocols are proposed. Because2PAKE protocols require each pair to share one password, in order to communicatewith many parties, each party has to remember a larger number of passwords. Muchresearch has been made to generalize2PAKE protocols to3PAKE protocols.3PAKEprotocols can be classified into two categories: with password and without password.Tan proposed an enhanced3PAKE protocol based on Yang et al.'s scheme. Theproposed protocol using Elliptic curve cryptography (ECC) inherits the advantages ofYang et al.'s scheme. He integrated the time stamp and the identities of the senderinto the hash function, the proposed protocol removes the security weaknesses ofYang et al.'s scheme. However Nose point that Tan's3PAKE protocol is susceptibleto impersonation attack and man in the middle attack. In the paper, we analyzed Tan'sprotocol and found the man in the middle attack Nose claimed is based on theimpersonation attack. And we propose an enhanced3PAKE protocol between sensorsand a security manager in a sensor network against impersonation attack and man inthe middle attack.Certificateless signature. Because of this, they have wide range applications likemilitary applications, environmental applications, health applications, homeapplications, and other commercial applications. WSNs are more vulnerable tovarious attacks due to their nature of wireless communication. However, since sensorsusually have very constrained resources in terms of computing, communication,memory and battery power, providing authenticity in WSN poses different challengesthan in traditional network/computer security. This requires lightweight andpower-saving cryptographic algorithms to support WSN security. Xu et al. Present acertificateless signature scheme for mobile wireless cyber-physical systems. In theirscheme, there is only required one pairing operation in the verification phase, andnone in the signing phase. But unfortunately, Zhang et al. analyzed Xu et al.'s certificateless signature scheme and point out their scheme not secure as they claimed.After that several CLS schemes withou pairing was proposed to reduce the costs ofcomputation. In this paper, we propose a new certificateless signature scheme thatdoes not depend on the bilinear pairings and hence, is more efficient than otherschemes. We also provide a security illustration for the scheme based on the DiscreteLogarithm (DL) Assumption.
|
PDF Full Text Request