The Research Of Identity Authentication System On Wireless Sensor Networks

Wireless sensor networks are composed of a large number of wirelesssensor nodes capable of perception, wireless communication andmicro-processing. These nodes are not dependent on fixed communicationnetwork infrastructure support. Through distributed network protocolsand algorithms, they can quickly start and coordinate their operationsto realize their own building and organization on wireless networks.Compared with the AD-HOC, the objects of their self-organizing mechanisms-small, inexpensive, battery-powered, the wireless sensor nodes withwireless communication and monitoring capabilities have limitedprocessing capability, but they are of a much larger scale, and theirdistribution environment is usually the objective physical world.Wireless sensor networks, due to the features of their limitedhardware resources, limited power supply capacity, limited communicationbandwidth, no fixed control centers, network self-organization,multi-hop routing communication, complexity of network topology, andother characteristics, are confronted with more serious security issues.There are many differences between the sensor network securitytechnologies and those of the traditional networks, but they attempt toachieve the same purpose–they both need to address such issues asinformation confidentiality, integrity, message authentication,identity authentication, message freshness, intrusion detection, accesscontrol, etc. The security risks faced by wireless sensor networks include eavesdropping, interception, node capture, collusion attacks, etc. Thesecurity technologies of wireless sensor networks include encryptionalgorithms, security protocols, key management, identity authentication,secure routing, intrusion detection, DOS attack resistance, etc. Thispaper focuses on the identify authentication mechanism applied inwireless sensor networks, and some sections of it are also involves inkey management and DOS attack resistance schemes in the authenticationplan.The purposes of identity authentication are to verify the legalityof the participating subjects like sensor nodes’ identities, useridentities, etc. as well as to verify the authenticity of the informationand its source transmitted between and among the subjects. In atraditional network, the public key infrastructure, through the use andissuance of digital certificates, solves the problem of identityauthentication, but, limited by hardware resources, this method is nowbeyond wireless sensor networks. In wireless sensor networks, identityauthentication methods generally include two ways based on shared keysand public keys. Due to the fact that they constitute a relatively largeburden to the network, they are normally present in the keypre-distribution; based on the public key, the algorithm is simpler, andit is more secure, so it is currently the main authentication method. Themainstream public key authentication methods include elliptic curvecryptography, bilinear mapping, etc. The identity authentication methodsmainly include the two-party authentication and the tripartiteauthentication. The two-party identity authentication is mainly theidentity authentication between nodes; the tripartite identityauthentication includes, based on network modes, identity authenticationbetween nodes, KDC (or base stations) and users, identity authenticationbetween nodes, cluster heads and users, identity authentication between nodes, registered base stations and unregistered base stations, etc.Two-party identity certification:He et al proposed an identity authentication between one node andother nodes-switching authentication, where one node establishes a trustrelationship with the third node after establishing a trust relationshipwith another node. He’s solution can be abbreviated as the SEAHA program.He used the bilinear mapping cryptosystem-a public key cryptography,to ensure the security of the program, and it realized a singlepoint-to-point authentication. In case of large numbers of requests forinformation, it can perform batch handling certification. In terms ofsecurity, the solution attains anonymity as well as withstands majorcommonly-faced attacks in wireless sensor networks. However, there arehidden risks in algorithm itself. When certain conditions are met,adversaries can, through eavesdropping and mathematical calculations,figure out the session key between nodes to pose threats to wireless sensornetworks. Therefore, this paper presents a simple solution to tackle thehidden risks of algorithm in the SEAHA solutions. Based on thecharacteristics of wireless networks, He and others have also presenteda program of distributed re-encoding identity authentication, SDRP.Re-encoding means to upload or update new codes in wireless sensornetworks. It can generally be used for key updates in the key managementareas. In terms of efficiency, thanks to the distributed approach, thisprograms is more efficient than the aforementioned SEAHA, and thealgorithm in this program is also easier. However, due to the littledifference between primary algorithm compositions, there are the sameproblems with SDRP as with SEAHA. Therefore, He et al proposed an improvedscheme, ESDRP, to patch up some of the algorithm loopholes in SDRP. However,analyses have identified some new vulnerabilities in ESDRP due to itsdistributed algorithm, and the loopholes are very difficult to solve. Zhou et al proposed a new identity authentication scheme with addednew nodes. In Zhou’s scheme, when a new node wishes to join the wirelesssensor network, it needs not only to prove its own legitimacy, but alsoto prove that it is a “new” node, which is mainly to resist destructiveinternal attacks, such as the witches and black hole attacks. Therefore,when a “new” node is deployed, it will generate a boot time period, whichis the proof its “newness”. When the “new” node joins the wirelesssensor network, it will use the boot time to prove that it is the “new”node. Moreover, in order to ensure the protocol security and preciseness,Zhou and others take advantages of the elliptic curve cryptography.However, this solution is limited in its resistance to collusion attacks.When an opponent controls an “old node”, it can produce havoc on theentire network-since the program defaults the legitimacy of the “oldnode”. On the basis of Zhou’s program, Huang and others proposed animproved scheme, NACP, to use the hash chain to replace the boot time asthe proof of the “newness”. However, there are hidden risks ofnon-repudiation in information in the NACP program, which can be exploitedby adversaries by using a fake node to join the network. Then, Kim et alproposed a new program, which, by strengthening and mutual authenticationand increasing the hash chain update, makes up problems that exist in theNACP program. However, in case of collusion attacks, this program is stillflawed. Adversaries can, through a compromised node, make an illegal nodeimpersonate a certified legitimate node to communicate with other nodes.Although it can increase security by intensifying the public keycryptosystem in the program, this will undoubtedly increase the burdenon the sensor node.Based on the Oscar program, this paper proposes an identityauthentication program with a new node addition. The program only usesthe symmetric password encryption system and the hash chain to ensure the security of the entire system. It not only resists the general externalattacks, but also has a good defense against such internal attacks as thecollusion attack, and it is of a smaller burden on the system.Tripartite identity authentication:Tang and Wu et al proposed a roaming authentication scheme, EMAS: Whena sensor node leaves its registration area and gets into a non-registeredarea, it needs a base station that covers the non-registered area tocertify its identity legitimacy, so that it can access and use the wirelessnetwork services in this area. The certification program uses ellipticthe curve cryptography to generate a key and uses the ECDLP questions toensure its safety. Only by sending a message and receiving a message canthe sensor node complete the entire roaming authentication steps. However,by collusion attack, the adversary can control a compromised node andcrack the session key. Therefore, strengthening the mutual trustauthentication among the three parties can effectively solve the problem.Based on the EMAS, Chang and Tsai proposed an anonymous roamingauthentication scheme that can be applied to wireless sensor networks,AEMAS. However, in order to reduce the network load, AEMAS has streamlinedthe algorithm, thus creating a new hidden danger. Again, by takingadvantage of collusion attacks, it can break an important secret parameterand then access a lot of confidential information, posing a threat to theentire network. To prevent this new risk, a small change in the algorithmcan resist the aforementioned collusion attacks.Based on the ENABLE program and RUASN program, this paper proposesan identity authentication program with one node, KDC (or base stations)and users, and an identity authentication scheme with one node, clusterheads and users. Both solutions use the elliptic curve cryptography toensure the safety of the system. In addition, they can resist themainstream attacks and they are very defensive against such new attacks as collusion attacks.In future work, we will focus our research on the following areas:1. Development of wireless sensor hardware;2. Advances in computing powers of wireless sensor networks;3. New attack models to wireless sensor networks;4. Feasibility to further simplify algorithm without changing thesystem security;5. Research on new encryption systems applicable to wireless sensornetworks.