Skip to main content

Advertisement

Energy-efficient and secure mobile node reauthentication scheme for mobile wireless sensor networks

Article metrics

  • 380 Accesses

Abstract

Mobile wireless sensor networks (MWSNs) are a relatively new type of WSN where the sensor nodes are mobile. Compared to static WSNs, MWSNs provide many advantages, but their mobility introduces the problem of frequent reauthentication. Several mobile node reauthentication schemes based on symmetric key cryptography have been proposed to efficiently handle frequent reauthentication. However, due to security weaknesses such as unconditional forwarding or low-compromise resilience, these schemes do not satisfy the security requirements of MWSNs. In this paper, we propose an energy-efficient and secure mobile node reauthentication scheme (ESMR) for MWSNs that satisfies the security requirements of MWSNs by addressing the security weaknesses of previous studies. ESMR prevents unconditional forwarding by allowing a foreign cluster head to authenticate mobile nodes, providing high-compromise resilience because it limits the use of cryptographic keys for different purposes. Security analysis shows that ESMR meets security requirements and can prevent relevant security attacks. Performance evaluation shows that ESMR is suitable for multi-hop communication environment, where the number of hops between the mobile node and cluster head is two or more. Specifically, ESMR requires less than 6% increased total energy consumption and 3% increased reauthentication latency compared with previous studies; hence, it introduces negligible performance overhead. Considering both performance and security aspects, ESMR also can be applied to single-hop communication environment.

Introduction

With the development of the internet of things (IoT), wireless sensor networks (WSNs) are attracting significant attention as a fundamental technology in the IoT. WSNs consist of many sensor nodes that collect data from their surrounding environments and send them to a base station in a multi-hop fashion. Mobile WSNs (MWSNs) are a new type of WSN in which sensor nodes are mobile. By supporting mobility, they can achieve better network performance than traditional static WSNs. Recent studies [1, 2] have shown that MWSNs not only extend network lifetime, but also improve connectivity and coverage. MWSNs also support more types of applications than static WSNs in the following fields: patient monitoring [3], animal monitoring and tracking [4], and object monitoring [5].

Although MWSNs provide many advantages compared to static WSNs, the underlying sensor mobility introduces the problem of frequent reauthentication. Many MWSN applications, such as battlefield surveillance, habitat monitoring, and healthcare, require secure communications, and authentication is an essential first step for secure communication. In MWSNs, sensor nodes continuously change their positions, causing frequent communication link and network topology changes [6, 7]. Consequently, authentication is repeatedly required to establish secure communications whenever the communication link changes. Such frequent reauthentication can cause significant energy consumption for resource-constrained sensor nodes, and it is important to efficiently handle communication and computation overheads. Although there have been many studies to support mobility in existing internet services, they are not applicable to MWSNs due to resource constraints of the sensor node [8]. Therefore, lightweight security mechanisms that explicitly consider sensor mobility are required to handle frequent reauthentication in MWSNs.

Several mobile node reauthentication schemes for MWSNs have been proposed to efficiently handle frequent reauthentication based on symmetric key cryptography [911], which can provide lightweight reauthentication mechanisms suitable for resource-constrained sensor nodes. However, these schemes generally have significant security weaknesses.

In most applications, the sensor node is placed in a location easily accessible by an adversary; hence, the adversary is more likely to be able capture the sensor node and extract cryptographic secrets. Therefore, any mobile node reauthentication scheme should provide high-compromise resilience, where the compromised node reveals no information about links it is not directly involved with. However, Han et al.’s schemes [9, 10] do not provide high-compromise resilience. If even a single-cluster head is captured, other nodes that do not share pairwise keys with the compromised cluster head can be affected, i.e., an adversary can compromise pairwise keys of other nodes that are not directly involved with the compromised cluster head.

Adversaries can also eavesdrop on the radio frequencies of MWSNs due to the open nature of wireless communication, and alter or spoof messages to launch denial of service (DoS) attacks or drain receiver resources. Authentication to provide the assurance of identity of the communicating node is essential to prevent such attacks. However, Jiang et al.’s scheme [11] allows a foreign cluster head to unconditionally forward mobile nodes’ reauthentication requests to the home cluster head without preliminary verification, which could be used to launch DoS attacks on the home cluster head.

In this paper, we propose an energy-efficient and secure mobile node reauthentication scheme (ESMR) for MWSNs. ESMR focuses on satisfying the security requirements of MWSNs by addressing the security weaknesses of the existing mobile node reauthentication schemes [911]. ESMR uses two additional keys (key derivation key (KDK) and authentication key (AK)) in addition to the pairwise key to prevent unconditional forwarding. ESMR also provides high -compromise resilience because it limits the use of the KDK and AK for different purposes. Each cluster head has its own KDK that it shares as a group key with neighboring cluster heads. During initial authentication, the home cluster head generates an AK for a mobile node for the next authentication by using its KDK. When the mobile node moves to a new location and initiates the reauthentication procedure with a foreign cluster head, the foreign cluster head can authenticate the mobile node by using the AK. Consequently, unconditional forwarding is prevented. The KDK is only used to generate AKs, and AKs are only used for authenticating mobile nodes. Thus, the compromised cluster head does not affect other nodes that do not share pairwise keys with the compromised cluster head. Security analysis shows that by addressing the security weaknesses of the existing schemes, ESMR meets security requirements of MWSNs and can prevent relevant security attacks. The main contributions of this work can be described as follows:

  • We show the security weaknesses of existing mobile node reauthentication schemes based on symmetric key cryptography [911].

  • We propose ESMR, which satisfies the security requirements of MWSNs by addressing the security weaknesses of existing mobile node reauthentication schemes.

  • The security of ESMR is formally verified by using the automated validation of internet security protocols and applications (AVISPA) tool [12].

  • Simulations are conducted using OMNeT++ with the INET framework 3.6.3 to evaluate the performance of ESMR in terms of energy consumption and reauthentication latency.

The remainder of this paper is organized as follows. Section 2 discusses related works and their problems. Section 3 briefly reviews existing mobile node reauthentication schemes [911] and discusses identified security weaknesses. Section 4 provides an overview of ESMR, and Section 5 provides the details. Section 6 analyzes the security of ESMR. Section 7 evaluates the performance of ESMR. Finally, Section 8 summarizes and concludes the paper.

Related works

Mobile node reauthentication schemes for MWSNs can be classified into two types according to their encryption techniques: symmetric key cryptography schemes [911, 1315] and public key cryptography schemes [1619]. Symmetric key cryptography schemes can be further classified into two types: post-deployment key establishment schemes [911, 13] and hybrid schemes that use both random key pre-distribution and post-deployment key establishment mechanisms [14, 15].

Symmetric key cryptography schemes

Han et al. proposed two ticket-based schemes [9, 10]. In [9], each cluster head has its own ticket generation key (TGK) that is used to generate tickets, which is shared as a group key with neighboring cluster heads. When a mobile node moves to a new location and initiates the reauthentication procedure, the mobile node and foreign cluster head authenticate each other and establish a pairwise key using the ticket. However, this scheme may not work properly in situations where sensor nodes are irregularly distributed and mobile nodes move between non-neighboring cluster heads.

Therefore, an improved ticket-based scheme was proposed [10] that utilizes the neighboring cluster head list (NCL) for reauthentication. Two non-neighboring cluster heads compare their NCLs to find a common neighboring cluster head. Then reauthentication can be performed through the common neighboring cluster head even if two cluster heads are not neighbors.

The main disadvantage of these schemes is that communication overhead is concentrated in mobile nodes, because the mobile nodes directly transfer the information required for reauthentication, e.g., tickets and NCLs. The schemes also do not provide high-compromise resilience, since each cluster head shares its TGK as a group key with neighboring cluster heads. Therefore, multiple TGKs are exposed if even a single-cluster head is captured. An adversary can then obtain secret information included in all generated tickets using the exposed TGKs and compromise multiple nodes’ communication security using secret information obtained from the tickets.

In [13], Bilal and Kang proposed a ticket-based authentication suite that supports multiple secure connections. The authentication suite consists of two mobile node reauthentication protocol, SRP1, and SRP2, which support multiple secure connections between the mobile node and multiple cluster heads. In SRP1 and SRP2, the mobile node and foreign cluster head can authenticate each other directly using the ticket. However, SRP1 and SRP2 have the same disadvantage as [9] and [10], in which the communication overhead is concentrated in the mobile node. Moreover, since SRP2 requires the involvement of the base station, there is a problem that the reauthentication latency is long.

To reduce the communication overhead of mobile nodes, Jiang et al. [11] proposed a mobile node reauthentication scheme without using tickets. In the scheme, a foreign cluster head forwards the reauthentication request of a mobile node to the home cluster head. The home cluster head then authenticates the request on behalf of the foreign cluster head. Since the information required for reauthentication is exchanged between the foreign and home cluster head, the communication overhead in mobile nodes is reduced. However, the scheme has a security weakness called unconditional forwarding. Since there are no shared secrets between the foreign cluster head and mobile node, foreign cluster heads cannot authenticate reauthentication requests of mobile nodes and unconditionally forward reauthentication requests to the home cluster head. This unconditional forwarding can be lead to DoS attacks on the home cluster head.

The previous schemes use only the post-deployment key establishment mechanism, whereas hybrid schemes [14, 15] use both random key pre-distribution and post-deployment key establishment mechanisms. In these schemes, by default, two nodes authenticate each other and establish a pairwise key based on existing random key pre-distribution schemes [20, 21]. For random key pre-distribution schemes, a set of keys are randomly chosen from a large key pool and pre-stored in each sensor node. During the key discovery phase, two nodes exchange pre-stored key identifiers to find a common key. They use the post-deployment key establishment scheme if two nodes do not share a common key to establish a pairwise key with the help of the base station.

The main disadvantage of hybrid scheme is that they require a minimum network density for the random key pre-distribution mechanism. Although two nodes that do not share a common key can establish a pairwise key using the post-deployment key scheme, multi-hop communication with the base station incurs longer communication delay and consumes more energy as hop distance between the mobile node and base station increases.

Public key cryptography schemes

In [16], Gandino et al. proposed an authentication and key establishment scheme based on public key cryptography for mobile and static WSNs. In the scheme, authentication tables are used to reduce communication and computational overhead due to the verification of digital certificate. The authentication table stores information necessary for a node to authenticate the other nodes in the network and is distributed to each node before deployment. In the key establishment phase, two nodes can authenticate each other’s public keys directly using the authentication table instead of the digital certificate. However, there is a problem that the sensor node generates a pairwise key by performing public key encryption and decryption operations which cause a high-computation overhead. Especially, the computation overhead of the mobile node becomes more severe because the mobile node generates a new pairwise key every time reauthentication is performed.

With the development of elliptic curve cryptography (ECC) optimization techniques, several ECC-based mobile node reauthentication schemes have been proposed [1719]. Zhang et al. [17] used the elliptic curve digital signature algorithm and elliptic curve Diffie-Hellman key agreement to dynamically generate pairwise keys. However, the scheme is not suitable for large-scale WSNs because of the overhead required for certificate management.

Seo et al. [18] proposed an ECC-based scheme without certificates to overcome this limitation using pairing-free certificateless hybrid signcryption scheme (CL-HSC) to dynamically provide both mobile node authentication and key agreement. The properties of the CL-HSC ensure that a pairwise key can be generated without requiring expensive pairing operations or certificate exchange. However, the scheme still requires expensive ECC point multiplications for mobile nodes to generate long-term pairwise keys, i.e., mobile nodes must perform multiple expensive ECC multiplications repeatedly whenever they move and are connected to a new cluster head.

Omar et al. [19] proposed a trusted third party based mobile node reauthentication scheme using ECC. In the scheme, when a mobile node wants to join a new cluster, it sends a join request message, including its public key, to a foreign cluster head. Upon receiving the message, the foreign cluster head requests the base station, which is a trusted third party, to authenticate the mobile node. Since the base station performs verification of the public key, there is no computation overhead of the sensor node due to the expensive ECC multiplication. However, the longer the hops distance between the cluster head and the base station, the longer the re-authentication latency becomes.

Analysis of post-deployment schemes

This section briefly reviews existing schemes [911] and highlights their security weaknesses.

Han et al.’s schemes [9, 10] use tickets for mobile node reauthentication, and have the same security weakness because they have almost the same reauthentication process. We focus on the mobile node reauthentication process based on [9]. Each cluster head has its own ticket generation key (TGK) that it shares with neighboring cluster heads. In the initial authentication, the home cluster head CHA generates ticket T for the next reauthentication as follows using its ticket generation key \(TGK_{CH_{A}}\):

$$ \begin{aligned} &T = (t,w)\\ &t = E(K_{TGK_{CH_{A}}}, TS||R_{1}||K_{MN-CH_{A}})\\ &w = MAC(K_{TGK_{CH_{A}}}, ID_{MN}||t) \end{aligned} $$
(1)

where R1 is a random number generated by the mobile node MN and \(K_{MN-CH_{A}}\) is a pairwise key between MN and CHA.

When MN moves to a new location and receives the HELLO message from the foreign cluster head CHB, it launches the reauthentication process by sending following reauthentication request to CHB:

$$ \begin{aligned} &MN \rightarrow CH_{B}:ID_{MN} || ID_{CH_{B}} || t || w || v_{1}\\ &v_{1} = MAC(K_{M-{CH_{A}}}, ID_{MN} || ID_{CH_{B}} || t || w || v_{0}) \end{aligned} $$
(2)

Since CHB is a neighboring cluster head of CHA, it also has the TGK of CHA. Therefore, CHB can verify w, and obtain R1 and \(K_{MN-CH_{A}}\) by decrypting t. CHB then authenticates MN by verifying v1 using \(K_{MN-CH_{A}}\) and generates a pairwise key with MN as follows:

$$ K_{MN-CH_{B}} = KDF(R_{1}||R_{0}) $$
(3)

where R0 is a random number generated by CHB.

CHB finally generates a new ticket T, in the same way that CHA did in (1) using its TGK and sends following message to MN:

$$ \begin{aligned} &CH_{B} \rightarrow MN: ID_{CH_{B}} || ID_{MN} || u_{3} || v_{3}\\ &u_{3} = E(K_{MN-CH_{A}}, R_{0} || v_{2} || T')\\ &v_{2} = H(K_{MN-CH_{B}}||R_{0})\\ &v_{3} = MAC(K_{MN-CH_{A}}, ID_{CH_{B}} || ID_{MN} || u_{3}) \end{aligned} $$
(4)

Upon receiving the message from CHB, MN verifies v3 and obtains R0 using \(K_{MN-CH_{A}}\). MN then generates \(K_{MN-CH_{B}}\) in the same way that CHB did in (3) and finally authenticates CHB by verifying v2 using \(K_{MN-CH_{B}}\).

Assume that cluster head CHC is another neighboring cluster head of CHA, but CHC and CHB are not neighbors. If an adversary captures CHC and extracts \(TGK_{CH_{A}}\) from it, the adversary can obtain R1 and \(K_{MN-CH_{A}}\) by decrypting t included in T using \(TGK_{CH_{A}}\), as shown in (1). The adversary can then decrypt u3, included in the message in (4), using \(K_{MN-CH_{A}}\) to obtain R0. The adversary can finally compromise \(K_{MN-CH_{B}}\) by directly generating \(K_{MN-CH_{B}}\) using R1 and R0, as shown in (1). Consequently, the adversary can compromise communication security between MN and CHB not directly involved with the compromised cluster head. This problem is more serious because each cluster head has multiple TGKs, including TGKs of the neighboring cluster head and its own TGK. Thus, an adversary can compromise communication security for a number of nodes by compromising a single-cluster head.

On the other hand, Jiang et al.’s scheme [11] does not use tickets to reduce communication overhead of the mobile node. In the scheme, reauthentication process is proceeded with the help of the home cluster head, CHA, rather than using a ticket. When MN wants to launch the reauthentication process, it sends following reauthentication request to the foreign cluster head CHB:

$$ \begin{aligned} &MN \rightarrow CH_{B}: ID_{MN} || ID_{CH_{A}} || t_{1} ||MAC_{1}\\ &MAC_{1} = MAC(K_{MN-CH_{A}}, ID_{MN} || t_{1} || H(I)) \end{aligned} $$
(5)

where \(ID_{CH_{A}}\) is the identity of CHA, t1 is a timestamp, \(K_{MN-CH_{A}}\) is a pairwise key between MN and CHA, and H(I) is a hashed random number I shared between MN and CHA.

Upon receiving the reauthentication request from MN, CHB checks \(ID_{CH_{A}}\) included in the request and finds that the home cluster head of MN is CHA. CHB then forwards the reauthentication request of MN to CHA:

$$ \begin{aligned} &CH_{B} \rightarrow CH_{A}: ID_{MN} || t_{2} || t_{1} || MAC_{1} || MAC_{2}\\ &MAC_{2} = MAC(K_{CH_{B}-CH_{A}}, ID_{MN} || t_{2} || t_{1} || MAC_{1}) \end{aligned} $$
(6)

where t2 is a timestamp and \(K_{CH_{B}-CH_{A}}\) is a pairwise key between CHB and CHA. After receiving the message from CHB, CHA verifies MAC1 using \(K_{MN-CH_{A}}\) and H(I) and authenticates MN on behalf of CHB.

In the above scheme, CHB cannot verify validity of the reauthentication request of MN in (5), because there is no shared secret between CHB and MN. Consequently, CHB unconditionally forwards the reauthentication request of MN as shown in (6). This unconditional forwarding allows DoS attacks on CHA through neighboring cluster heads of CHA, because an adversary can easily alter or spoof eavesdropped messages in MWSNs.

Overview of ESMR

In this paper, we propose an energy-efficient and secure mobile node reauthentication scheme (ESMR) for MWSNs. ESMR supports mutual authentication and key establishment between mobile nodes and cluster heads. ESMR is based on Jiang et al.’s scheme [11], which has the lowest computation and communication overheads for mobile nodes among existing schemes, and falls into the post-deployment key establishment scheme category. Figure 1 presents an overview of ESMR.

Fig. 1
figure1

Overview of ESMR

Each cluster head in ESMR has its own key derivation key (KDK) to generate the authentication keys (AKs) for mobile nodes. Prior to network operation, each cluster head shares its KDK as a group key with neighboring cluster heads (phase 0). During initial authentication (phase 1), the home cluster head CHA, that a mobile node MN first connects after deployment, generates an AK for the mobile node by using its KDK for the next authentication. MN initiates the reauthentication procedure, when it moves to a new location and connects to a foreign cluster head CHB. During reauthentication (phase 2), CHB generates an AK using the KDK of CHA and authenticates MN.

ESMR addresses the security weaknesses of schemes proposed by Han et al. [9, 10] and Jiang et al. [11]. First, ESMR prevents unconditional forwarding by allowing foreign cluster heads to authenticate mobile nodes. Second, ESMR provides high-compromise resilience by limiting the use of the KDK and AK for different purposes: the KDK is only used to generate AKs, and AKs are only used for authenticating mobile nodes. Table 1 provides the major notations used in this paper.

Table 1 Notations

Network model

Following mobility-aware medium access control protocols for WSNs [22, 23], we consider a heterogeneous sensor network, consisting of a base station, cluster heads, and sensor nodes, as shown in Fig. 2. There are N1 and N2 cluster heads and sensor nodes, respectively, with where N1<<N2, and hence the total number of nodes in the network = N1+N2.

Fig. 2
figure2

Heterogeneous sensor network

Cluster heads are high-end sensor nodes with more resources in terms of computational power, storage, and battery life than the sensor nodes. The communication range of a cluster head is also larger than that of a sensor node. Cluster heads compose a stationary backbone network and periodically broadcast lightweight beacon messages to inform nodes of their presence. Considering the wide communication range of cluster heads, we assume that a foreign cluster head is a neighboring cluster head to the home cluster head.

Sensor nodes act as cluster members and can be stationary or mobile. A sensor node initiates the reauthentication procedure with a foreign cluster head when it moves to a new location and receives a beacon message from the foreign cluster head. Since the communication range of the sensor node is smaller than that of a cluster head, stationary nodes relay mobile node messages to cluster heads.

Adversary model

We assume that mobile nodes and cluster heads can be attacked passively or actively. Because of the open nature of wireless communication channels, an adversary can easily perform passive attacks, such as eavesdropping and traffic analysis, to gather information without being detected. In active attacks, an adversary may inject, intercept, or replay messages to disrupt network functionality or degrade network performance. We also assume that mobile nodes and cluster heads can be captured by an adversary. Because of the unattended nature of WSNs, nodes can also be physically captured by an adversary. Once a node is captured, all its stored secret information can be revealed to an adversary. An adversary can then utilize this secret information to perform the impersonation attack or compromise communication security. General security mechanisms, such as authentication and encryption, cannot prevent such insider attacks. However, secure reauthentication schemes should minimize insider attacks.

Details of ESMR

ESMR consists of three phases: the distribution of KDKs, node initial authentication, and node reauthentication. For simplicity of explanation, we describe ESMR based on Fig. 1.

Phase 0: distribution of KDKs

Each cluster head has its own KDK to generate AKs for mobile nodes. Prior to network operation, each cluster head shares its KDK as a group key with neighboring cluster heads. We assume that each cluster head has established pairwise keys with neighboring cluster heads after deployment. This can be accomplished with the help of the base station in a similar way to Han et al.’s scheme [9]. Each cluster head then uses the pairwise key to securely distribute its KDK to neighboring cluster heads. For example, when CHA wants to share \(KDK_{CH_{A}}\) with CHB, it computes e0 and v0, and then sends the following message to CHB with current timestamp TS0:

$$\begin{aligned} &CH_{A} \rightarrow CH_{B}:ID_{CH_{A}}||ID_{CH_{B}}||TS_{0}||e_{0}||v_{0}\\ &e_{0} = E(K_{CH_{A}-CH_{B}}, KDK_{CH_{A}})\\ &v_{0} = MAC(K_{CH_{A}-CH_{B}}, ID_{CH_{A}}||ID_{CH_{B}}||TS_{0}||e_{0}) \end{aligned} $$

The reason for sharing the KDK as a group key is that it is difficult to predict the movement of mobile node. To use a pairwise key between two cluster heads to generate AKs, we have to accurately predict the network cluster head the mobile node will connect to after movement. However, existing movement estimation techniques are inaccurate or require additional special hardware [24]. For example, although calculating an angle of arrival incurs no additional costs, is error prone, and energy inefficient. On the other hand, although global positioning systems can measure precise and absolute coordinates, they require additional expensive hardware.

Phase 1: node initial authentication

Initial authentication is performed when MN joins the network for the first time after deployment. Let CHA be the home cluster head that MN first connects to after deployment. We assume that MN has been authenticated by CHA with the help of the base station in a similar way to Han et al.’s schemes [9, 10] or Jiang et al.’s scheme [11]. After being authenticated by CHA, MN shares information with CHA, including a hashed value H(I) of a random number I, a random number NMN, and a pairwise key \(K_{CH_{A}-MN}\). CHA also generates AKMN using its own KDK for reauthentication and passes it to MN:

$$ AK_{MN} = f(KDK_{CH_{A}}, ID_{MN}) $$

Phase 2: node reauthentication

Each cluster head CHi periodically broadcasts beacon messages with current timestamp TS1 to inform nodes of its presence:

$$ CH_{i} \rightarrow *: ID_{CH_{i}} || TS_{1} $$

When MN moves to a new location and receives a beacon message from a foreign cluster head CHB, it initiates the reauthentication procedure with CHB, as shown in Fig. 3:

  • MN computes v1 and v2, and sends the message “1” with current timestamp TS2 to CHB to rejoin the network:

    $$ \begin{aligned} &MN \rightarrow CH_{B}: ID_{MN}||ID_{CH_{A}}||TS_{2}||v_{1}||v_{2}\\ &v_{1} = MAC(K_{MN-CH_{A}}, ID_{MN}||ID_{CH_{A}}||H(I))\\ &v_{2} = MAC(AK_{MN}, ID_{MN}||ID_{CH_{A}}||TS_{2}||TS_{1}||v_{1}) \end{aligned} $$
    Fig. 3
    figure3

    Overview of node reauthentication phase

  • Upon receiving the message “1,” CHB generates AKMN using \(KDK_{CH_{A}}\) and IDMN:

    $$ AK_{MN} = f(KDK_{CH_{A}}, ID_{MN}) $$

    CHB then verifies v2 using AKMN and authenticates MN. CHB also checks whether or not TS2 exceeds the specified time limit. If the result is valid, CHB computes v3 and sends the message “2” with current timestamp TS3 to CHA:

    $$ \begin{aligned} &CH_{B} \rightarrow CH_{A}: ID_{MN}||TS_{3}||v_{1}||v_{3}\\ &v_{3} = MAC(K_{CH_{A}-CH_{B}}, ID_{MN}||TS_{3}||v_{1}) \end{aligned} $$

    Since AKMN is only used to authenticate MN, the foreign cluster head CHB must ask the home cluster head CHA for the information required to generate a pairwise key \(K_{MN-CH_{B}}\) by sending the message “2.”

  • After receiving the message “2,” CHA verifies v3 and v1 using \(K_{CH_{A}-CH_{B}}\) and \(K_{MN-CH_{A}}\), respectively, and checks whether or not TS3 exceeds the specified time limit. If the result is valid, CHA computes e1, which includes the information required to generate a pairwise key \(K_{MN-CH_{B}}\), and v4. CHA then sends the message “3” with current timestamp TS4 to CHB:

    $$ \begin{aligned} &CH_{A} \rightarrow CH_{B}: TS_{4}||e_{1}||v_{4}\\ &e_{1} = E(K_{CH_{A}-CH_{B}}, H(I)||N_{MN})\\ &v_{4} = MAC(K_{CH_{A}-CH_{B}}, TS_{4}||e_{1}) \end{aligned} $$
  • Upon receiving the message “3,” CHB verifies v4 using \(K_{CH_{A}-CH_{B}}\) and checks whether or not TS4 exceeds the specified time limit. If the result is valid, CHB obtains H(I) and NMN by decrypting e1. CHB then generates a random number \(N_{CH_{B}}\) and computes pairwise key \(K_{MN-CH_{B}}\):

    $$ K_{MN-CH_{B}} = H(H(I)||N_{MN}||N_{CH_{B}}) $$

    For the next reauthentication, CHB also generates a new AK \(AK^{\prime }_{MN}\):

    $$ AK'_{MN} = f(KDK_{CH_{B}}, ID_{MN}) $$

    CHB then computes h1, e2, and v5, and sends the message “4” with current timestamp TS5 to MN:

    $$ \begin{aligned} &CH_{B} \rightarrow MN: TS_{5}||h_{1}||e_{2}||v_{5}\\ &h_{1} = H(N_{MN}) \oplus N_{CH_{B}}\\ &e_{2} = E(K_{MN-CH_{B}}, AK'_{MN})\\ &v_{5} = MAC(K_{MN-CH_{B}}, TS_{5}||h_{1}||e_{2}) \end{aligned} $$
  • When MN receives the message “4” from CHB, MN obtains \(N_{CH_{B}}\) from h1 and computes a pairwise key \(K_{MN-CH_{B}}\) in the same way as CHB. MN then verifies v5 using this key and checks whether or not TS5 exceeds the specified time limit. If the result is valid, MN obtains \(AK^{\prime }_{MN}\) by decrypting e2.

After completing the reauthentication phase, CHB updates H(I) and NMN as H(I) and \(N^{\prime }_{MN}\), respectively, for the next reauthentication, and sends them to MN during the communication process.

Security analysis

In this section, the security of ESMR is both formally and informally analyzed. First, we formally verified ESMR by modeling it using AVISPA tool [12]. Second, we conducted an informal security analysis of ESMR and confirmed that it meets security requirements and can prevent relevant security attacks.

Formal verification using AVISPA

AVISPA is a push-button tool that is widely used by many academic researchers to automatically validate various kinds of security protocols. The architecture of AVISPA is illustrated in Fig. 4.

Fig. 4
figure4

AVISPA architecture

In AVISPA, a security protocol is specified using a role-based formal language called a high-level protocol specification language (HLPSL). The HLPSL2IF translator translates the HLPSL specification into an intermediate format (IF). The IF specification is then validated by any of four back-end tools: OFMC, CL-AtSe, SATMC, and TA4SP under the Dolev-Yao intruder model [25]. Using these back-end tools, we can validate two kinds of security goals: secrecy and authentication. The secrecy goal is used to validate the confidentiality of information. In AVISPA, the secrecy goal is modeled using the goal predicate secret(T,id,{A,B}), which indicates that the value of term T is a secret shared only between agents A and B. The label id is used to identify the goal. The authentication goal is used to check whether or not two participants agree on a certain value in the current session. In AVISPA, the authentication goal is modeled using the goal predicates witness(B,A,id,T) and request(A,B,id,T) (for strong authentication) or wrequest(A,B,id,T) (for weak authentication). These predicates indicate that agent A authenticates agent B on some information T. The label id is used to identify the goal. The difference between strong and weak authentications is that weak authentication precludes replay attacks, but strong authentication does not. In this section, we briefly describe how we modeled ESMR in HLPSL and present the formal verification results of ESMR.

HLPSL specification of ESMR

Among the three phases of ESMR, the reauthentication phase, which is the main target phase of this study, was modeled and verified. We modeled a mobile node MN as role_MN, home cluster head CHA as role_CH_A, and foreign cluster head CHB as role_CH_B. Code block 1 presents the roles we modeled in the HLPSL. For the keyed message authentication code, we utilized a hash function by adding the symmetric key as one of the inputs. For example, v1 is modeled as MAC1:=MAC(M.H(Im).Kma), where Kma is the pairwise key \(K_{MN-CH_{A}}\) between MN and CHA, and MAC(·) is a hash function called MAC.

In the HLPSL specification, three authentication and two secrecy goals are defined. For authentication goals, the mutual authentication between MN and CHB, and the authentication of CHA on MN are defined as follows:

  1. (1)

    Upon receiving the message “1” from MN, CHB authenticates MN through v2. We use the label b_m_v2 to identify the authentication goal. To verify the authentication goal, we add the witness and request predicates for the label b_m_v2 to the roles of MN and CHB, respectively.

  2. (2)

    Upon receiving the message “2” from CHB, CHA authenticates MN through v1. We use the label a_m_v1 to identify the authentication goal. To verify the authentication goal, we add the witness and wrequest predicates for the label a_m_v1 to the roles of MN and CHA, respectively. Because CHB checks the freshness of MN’s message and prevents the replay attack, CHA only needs to perform weak authentication on MN.

  3. (3)

    Upon receiving the message “5” from CHB, MN authenticates CHB using \(K_{MN-CH_{B}}\). We use the label m_b_kmb to identify the goal. To verify the authentication goal, we add the witness and request predicates for the label m_b_kmb to the roles of CHB and MN, respectively.

For secrecy goals, the secrecy of the pairwise key \(K_{MN-CH_{B}}\) and the secrecy of the authentication key \(AK^{\prime }_{MN}\) are defined as follows:

  1. (1)

    The pairwise key \(K_{MN-CH_{B}}\) should be only known to MN and CHB. We use the label sec_kmb to identify the secrecy goal. To verify the secrecy of \(K_{MN-CH_{B}}\), we add the secret predicate for the label sec_kmb to the role CHB, where \(K_{MN-CH_{B}}\) is used.

  2. (2)

    The authentication key \(AK^{\prime }_{MN}\), which is newly generated by CHB, should only be known to MN, CHA, and CHB. We use the label sec_akm2 to identify the secrecy goal. To verify the secrecy goal, we add the secret predicate for the label sec_akm2 to the role B, where \(AK^{\prime }_{MN}\) is generated.

Code block 2 presents the session and environment we modeled in the HLPSL. The environment section contains intruder knowledge and a composition of sessions. Because of the complexity of our model, we only defined two parallel sessions. Finally, we defined the goal facts to verify the three authentication goals and two secrecy goals outlined above.

Formal verification results

Figure 5 presents the formal verification results of our model. In ESMR, an exclusive-OR (XOR) operation is used. Among the four back-end tools, only OFMC and CL-AtSe support algebraic properties of operators, such as XOR operators and exponential operators. Therefore, two back-end tools, namely, OFMC and CL-AtSe, were used to verify our model. Figure 5a, b presents the formal verification results under OFMC and CL-AtSe, respectively. We confirmed that ESMR is safe under OFMC and CL-AtSe. Specifically, ESMR securely provides mutual authentication and pairwise key establishment between MN and CHB, while preventing the replay attack. ESMR also prevents unconditional forwarding, which can used to launch DoS attacks on CHA, because CHB can authenticate MN.

Fig. 5
figure5

Formal verification results. a OFMC b CL-AtSe

Informal security analysis

We informally analyzed the security of ESMR in terms of satisfying security requirements and preventing relevant security attacks under the adversary model described in Section 4.2. Table 2 compares the security of ESMR with schemes proposed by Han et al. [9, 10] and Jiang et al. [11].

Table 2 Security comparison between ESMR and related schemes

Mutual authentication ESMR supports mutual authentication between mobile nodes and cluster heads. In ESMR, CHB authenticates mobile node MN by verifying v2 using AKMN. Since CHB is one of the neighbors of CHA, it has \(KDK_{CH_{A}}\) and can compute AKMN. When CHA receives the message “2” from CHB, it also authenticates MN by verifying v1 using \(K_{MN-CH_{A}}\) and H(I). If one of neighbors of CHA is captured, KDKA is exposed to the adversary. The adversary can then utilize the exposed KDKA to make an illegal node to bypass the authentication of CHB. However, because CHA authenticates the illegal node again using \(K_{MN-CH_{A}}\) and H(I), the illegal node cannot join the network even if it bypasses the authentication of CHB. MN authenticates CHB using NMN and H(I). When MN receives the message “4” from CHB, it first obtains \(N_{CH_{B}}\) from h1 and computes \(K_{MN-CH_{B}}\) using H(I), NMN, and \(N_{CH_{B}}\). MN then verifies v5 using \(K_{MN-CH_{B}}\) and H(I). Thus, ESMR satisfies the mutual authentication.

Key freshness In ESMR, a new pairwise key is generated whenever MN moves and is connected to a new cluster head. MN and CHB generate a pairwise key \(K_{MN-CH_{B}}\) using H(I), NMN, and \(N_{CH_{B}}\). Since H(I) and NMN are updated after reauthentication is completed and \(N_{CH_{B}}\) is freshly generated for each session, a new pairwise key is generated for each session. Thus, ESMR satisfies key freshness.

Replay attack prevention In ESMR, all messages contain timestamps to prevent replay attacks. Thus, the network is assumed to be loosely synchronized. If the timestamp of a received message exceeds a specified time limit, it is determined to be a potential replay attack and the message is dropped. Since a new pairwise key is generated each session, this effectively prevents the replay attack.

Outsider DoS attack prevention DoS attacks can be launched by inside adversary and outside adversary. The inside adversary can launch DoS attacks by capturing the mobile node or cluster head, and replicating them. Since the replicated nodes have cryptographic materials such as secret keys, general security mechanisms such as authentication and encryption cannot prevent and detect insider DoS attacks. Thus, all the four schemes are vulnerable against insider DoS attacks.

Authentication is the first step to detect and prevent DoS attacks from outside adversary. However, in Jiang et al.’s scheme [11], since there are no shared secrets between foreign cluster heads and mobile nodes, a foreign cluster head cannot verify the reauthentication request of a mobile node and unconditionally forwards it to the home cluster head. This leads to DoS attacks on the home cluster head. In contrast, ESMR can prevent unconditional forwarding, thus preventing potential DoS attacks based on unconditional forwarding. In ESMR, the message “1,” sent by MN to CHB, contains the message authentication code v2 generated using AKMN. Because CHB is one of neighbors of CHA, it can compute AKMN using \(KDK_{CH_{A}}\) and IDMN. CHB then verifies v2 using AKMN and authenticates MN. Thus, ESMR prevent DoS attacks based on unconditional forwarding by allowing the foreign cluster head to authenticate the mobile node directly.

Compromise resilience It refers that even if a node is captured by an adversary, the compromised node reveals no information about links it is not directly involved with. Compromise resilience is high if an adversary cannot deduce the cryptographic secrets of any other nodes not directly involved with the compromised node. However, if even a single-cluster head is captured in Han et al.’s schemes [9, 10], multiple TGKs are exposed to the adversary. The adversary can then obtain the secret information included in all tickets generated using the exposed TGKs and compromise the communication security for multiple nodes. Although ESMR uses the KDK as a group key in a similar way to the TGK in Han et al.’s schemes, the KDK is only used to generate AK, which are only used by CHB to authenticate mobile nodes. Therefore, even if a cluster head is captured and multiple KDKs are exposed to the adversary, an adversary cannot obtain any pairwise keys other than those between the compromised cluster head and mobile node. Thus, ESMR provides higher-compromise resilience than Han et al.’s schemes.

Forward security It refers that even if a node is captured and its current secrets are leaked, an adversary cannot decrypt any data collected and encrypted before the compromise. In ESMR, the pairwise key between MN and CHB is generated using freshly generated random numbers for each reauthentication; hence, pairwise keys are independent of each other. In other words, even if an adversary obtains the current pairwise key by compromising MN, the adversary cannot derive the previous pairwise key. When a cluster head is captured, multiple KDKs are exposed to the adversary. However, the KDK is only used to generate AKs used for mobile node reauthentication. Therefore, even if an adversary obtains the KDK by compromising the cluster head, the adversary cannot derive any pairwise keys. Thus, ESMR satisfies forward security.

In contrast, Han et al.’s schemes [9, 10] do not satisfy the forward security. They employ ticket for reauthentication, containing the previous pairwise key encrypted with the TGK. Therefore, if an adversary obtains the TGK by capturing the cluster head, the adversary can obtain the previous pairwise key from the ticket and decrypt any previous messages encrypted using that key.

Performance evaluation

We evaluated the performance of ESMR by comparing it with schemes proposed by Han et al. [9] and Jiang et al. [11] in terms of energy consumption and reauthentication latency. We also analyzed the performance of ESMR under DoS attacks based on unconditional forwarding by comparing it with Jiang et al.’s scheme [11] in terms of reauthentication latency and packet delivery ratio.

Evaluation methodology

The performance of the three schemes have been evaluated by means of simulation experiments. Simulations were performed by using the OMNeT++ simulator with INET framework version 3.6.3 to measure energy consumption and reauthentication latency. For the simulation, we considered the situation where a mobile node has moved to a new location and initiates the reauthentication procedures with a foreign cluster head.

The simulation sets up IEEE 802.15.4 using the IEEE 802.15.4 narrow band network interface card module provided by the INET framework and Tmote sky datasheet [26]. The data transmission speed was set to 250 kbps and the receiver sensitivity was set to − 95 dBm. The transmission power of the mobile node and cluster head were set to − 10 dBm and 0 dBm, respectively. The mobile node and cluster head had communication ranges of 30 m and 100 m, respectively, measured by the INET framework. The simulation used static routing, the simplest form of routing. Message size was calculated based on the following base parameter settings: ID of 2 bytes, MAC of 4 bytes, timestamp of 8 bytes, random number of 8 bytes, and key size of 16 bytes. It is also assumed that encryption does not change the message size.

Energy consumption analysis result and discussion

Because all the three schemes use symmetric key cryptography, there is no significant difference in energy consumption due to computations. Therefore, only energy consumption arising from communication was measured and compared. Since communication is generally the major energy consumption, this comparison is sufficient to investigate energy efficiencies of the three schemes. Based on the Tmote sky datasheet [26], the receiving current consumptions for the mobile node and cluster head were all set to 19.7 mA and the transmitting current consumptions for them were set to 11.2 and 17.4 mA, respectively. The simulation was conducted for five scenarios where the number of hops (n) between the mobile node and cluster head varies from one to five.

Figure 6 presents comparisons of the total energy consumption for a single reauthentication based on the number of hops (n) between the mobile node and cluster head. The total energy consumption is calculated as the sum of the energy consumed by all nodes participating in the reauthentication process.

Fig. 6
figure6

Total energy consumption for a single reauthentication

When n=1, ESMR has the greatest total energy consumption among the three schemes. ESMR has the same reauthentication process as Jiang et al.’s scheme, but has a larger total message size. Consequently, ESMR incurs 3% more total energy consumption than Jiang et al.’s scheme. In Han et al.’s scheme, the mobile node and cluster head authenticate each other and establish a pairwise key using a ticket without the help of other nodes. In contrast, in ESMR, the information required for reauthentication is exchanged between the foreign cluster head and home cluster head. Consequently, ESMR incurs 16% more total energy consumption than Han et al.’s scheme.

However, when n≥2, Han et al.’s scheme has the greatest total energy consumption among the three schemes. The message size that the mobile node sends to the cluster head is larger than for Jiang et al.’s scheme and ESMR by at least 30 bytes. Hence, the energy consumption of Han et al.’s stationary node, which relays the mobile node’s message to the cluster head, is larger than for Jiang et al.’s scheme and ESMR. Consequently, Han et al.’s scheme has greater total energy consumption than Jiang et al.’s scheme and ESMR. ESMR also incurs up to 6% more total energy consumption than Jiang et al.’s scheme when n≥2, because ESMR has the same reauthentication process as Jiang et al.’s scheme, but a larger total message size.

Thus, ESMR is suitable for multi-hop communication environment in terms of energy consumption, where the number of hops between the mobile node and cluster head is two or more. Specifically, ESMR has only up to 6% increase in total energy consumption compared with existing schemes, which is negligible.

Reauthentication latency analysis result and discussion

Since the CC2420 featured by Tmote sky provides hardware support for AES-128, the computational delays caused by encryption and decryption are very small and were not considered. For example, the time required to encrypt 16 bytes is 449.203 μs for Tmote sky using CC2420 hardware encryption [27]. Therefore, only reauthentication latency as a result of communication was measured. Five scenarios were considered for the simulation where the number of hops (n) between the mobile node and cluster head varies from one to five. Simulations were conducted 100 times per scenario for each scheme.

Figure 7 compares reauthentication latency when n=1. Average reauthentication latencies of Han et al.’s scheme, Jiang et al.’s scheme, and ESMR were 10.4 ms, 11.8 ms, and 12.2 ms, respectively. ESMR has the longest average reauthentication latency since it requires the same number of messages as Jiang et al.’s scheme, but has larger total message size. Thus, ESMR has 3% longer average reauthentication latency than Jiang et al.’s scheme. ESMR also requires communication between cluster heads to exchange the information required for reauthentication. In contrast, Han et al.’s scheme does not require communication between cluster heads because the mobile node and cluster head authenticate each other and establish pairwise keys using the ticket. Consequently, ESMR has 16% longer average reauthentication latency than Han et al.’s scheme. However, the actual difference in average reauthentication latency between ESMR and Han et al.’s scheme is very small at 1.8 ms. Moreover, since average reauthentication latency for all the three schemes is less than 13 ms, the three schemes are sufficiently fast.

Fig. 7
figure7

Reauthentication latency when number of hops n=1

Figure 8 compares reauthentication latency when n=5. Average reauthentication latencies of Han et al.’s scheme, Jiang et al.’s scheme, and ESMR were 39.6 ms, 25.4 ms, and 26.2 ms, respectively. Han et al.’s scheme has the longest reauthentication latency since the message size that mobile nodes send to cluster heads is larger than for Jiang et al.’s scheme and ESMR. Han et al.’s scheme also requires an additional message for reauthentication compared with Jiang et al.’s scheme and ESMR; hence, reauthentication latency of a stationary node that relays a mobile node’s message to a cluster head is longer than for Jiang et al.’s scheme and ESMR. ESMR has 3% longer average reauthentication latency than Jiang et al.’s scheme because although ESMR requires the same number of messages for reauthentication, it has a larger total message size than Jiang et al.’s scheme.

Fig. 8
figure8

Reauthentication latency when n=5

Figure 9 compares average reauthentication latency based on the number of hops (n) between the mobile node and cluster head. Han et al.’s scheme has the shortest reauthentication latency when n=1, but the longest when n≥2. ESMR has slightly longer reauthentication latency than Jiang et al.’s scheme regardless of n due to the larger message size. However, the actual difference is very small which is less than 0.9 ms. Thus, Jiang et al.’s scheme and ESMR have similar reauthentication latency regardless of n.

Fig. 9
figure9

Average reauthentication latency

Thus, in terms of reauthentication latency, ESMR is suitable for both single-hop and multi-hop communication environments. Specifically, when n = 1, ESMR has a maximum increase in the average reauthentication latency of 1.8 ms compared with existing schemes, but it is fast enough because the actual average reauthentication latency is less than 13 ms, like the existing schemes.

Performance analysis under DoS attacks based on unconditional forwarding

We considered a scenario in which outside adversary sends a huge amount of spoofed or altered mobile nodes’ reauthentication requests to neighboring cluster heads of a home cluster head in order to attempt DoS attacks based on unconditional forwarding on the home cluster head. We also assumed that each adversary node sends the messages only to one of neighboring cluster heads of the home cluster head except for the foreign cluster head. Hop distance between the mobile node and home cluster head was set to 1, and message transmission interval of adversary nodes was set to 10 ms. Three cases were considered for the simulation where the number of adversary nodes (k) varies from one to three. Simulations were conducted 500 times per case for Jiang et al.’s scheme [11] and ESMR.

Figure 10 compares packet delivery ratio under DoS attacks based on unconditional forwarding according to the number of adversary nodes (k). The packet delivery ratio of ESMR was 100% regardless of k. On the other hand, the packet delivery ratio of Jiang et al.’s scheme decreases from 100 to 11% as k increases from 0 to 3.

Fig. 10
figure10

Packet delivery ratio under DoS attacks based on unconditional forwarding

Figure 11 compares average reauthentication latency under DoS attacks based on unconditional forwarding according to the number of adversary nodes (k). The average reauthentication latency of ESMR was approximately 12 ms regardless of k. On the other hand, the average reauthentication latency of Jiang et al.’s scheme increases from 11.8 ms to 24 ms as k increases from 0 to 3. Although the packet delivery ratio of Jiang et al.’s scheme was 100% when k=1, the average reauthentication latency was 20.2 ms which is 28.5% longer than for ESMR.

Fig. 11
figure11

Average reauthentication latency under DoS attacks based on unconditional forwarding

Thus, ESMR can effectively prevent DoS attacks based on unconditional forwarding on the home cluster head because it can prevent unconditional forwarding itself by allowing the neighboring cluster heads to verify validity of the spoofed or altered reauthentication requests, i.e., the neighboring cluster heads do not forward invalid reauthentication requests to the home cluster head unlike Jiang et al.’s scheme.

Conclusion

Several mobile node reauthentication schemes based on symmetric key cryptography have been proposed to efficiently handle frequent reauthentication [911]. However, we found that Han et al.’s schemes [9, 10] do not provide high-compromise resilience and Jiang et al.’s scheme [11] have a problem of unconditional forwarding which can be used to launch DoS attack on the home cluster head.

In this paper, we proposed the energy-efficient and secure mobile node reauthentication (ESMR) for MWSNs, which satisfies the security requirements of MWSNs by addressing the security weaknesses of the existing schemes [911]. Security analysis verified that ESMR meets the security requirements of MWSNs and can prevent relevant security attacks. ESMR is suitable for multi-hop communication environment, but ESMR can be applied to single-hop communication environment. ESMR requires less than 16% increased total energy consumption when the number of hops between the mobile node and cluster head is one, but ESMR is fast enough because the average reauthentication latency is less than 13 ms, like the existing schemes. Moreover, ESMR meets the security requirements of MWSNs by addressing the security weaknesses of the existing scheme. Thus, ESMR can provide secure and fast mobile node reauthentication with slightly increased total energy consumption for single-hop communication environment.

Abbreviations

AES:

Advanced encryption standard

AK:

Authentication key

AVISPA:

Automated validation of internet security protocols and applications

CL-AtSe:

CL-based attacker searcher

CL-HSC:

Certificateless hybrid signcryption scheme

DoS:

Denial of service

ECC:

Elliptic curve cryptography

HLPSL:

High-level protocol specification language

IF:

Intermediate form

IoT:

Internet of things

KDK:

Key derivation key

MWSNs:

Mobile wireless sensor networks

NCL:

Neighboring cluster head list

OFMC:

On-the-fly model-checker

OF:

Output format

SATMC:

SAT-based model-checker

TA4SP:

Tree automata-based protocol analyzer

TGK:

Ticket generation key

WSNs:

Wireless sensor networks

XOR:

Exclusive-OR

References

  1. 1

    X. Wang, S. Han, Y. Wu, X. Wang, Coverage and energy consumption control in mobile heterogeneous wireless sensor networks. IEEE Trans. Autom. Control.58(4), 975–988 (2013).

  2. 2

    Y. Yang, M. I. Fonoage, M. Cardei, Improving network lifetime with mobile wireless sensor networks. Comput. Commun.33(4), 409–419 (2010).

  3. 3

    O. Chipara, C. Lu, T. C. Bailey, G. -C. Roman, in Proceedings of the 8th ACM Conference on Embedded Networked Sensor Systems. SenSys ’10. Reliable clinical monitoring using wireless sensor networks: Experiences in a step-down hospital unit (ACMNew York, 2010), pp. 155–168.

  4. 4

    S. Ehsan, K. Bradford, M. Brugger, B. Hamdaoui, Y. Kovchegov, D. Johnson, M. Louhaichi, Design and analysis of delay-tolerant sensor networks for monitoring and tracking free-roaming animals. IEEE Trans. Wirel. Commun.11(3), 1220–1227 (2012).

  5. 5

    M. Li, Y. Liu, Underground coal mine monitoring with wireless sensor networks. ACM Trans. Sens. Netw. (TOSN). 5(2), 10 (2009).

  6. 6

    C. Zhu, L. Shu, T. Hara, L. Wang, S. Nishio, L. T. Yang, A survey on communication and data management issues in mobile sensor networks. Wirel. Commun. Mob. Com.14(1), 19–36 (2014).

  7. 7

    A. Ghosal, S. Halder, in Cooperative Robots and Sensor Networks 2015. Security in mobile wireless sensor networks: Attacks and defenses (Springer International PublishingCham, 2015), pp. 185–205.

  8. 8

    A. Achour, L. Deru, J. C. Deprez, Mobility management for wireless sensor networks a state-of-the-art. Procedia Comput. Sci.52:, 1101–1107 (2015).

  9. 9

    K. Han, K. Kim, T. Shon, Untraceable mobile node authentication in wsn. Sensors. 10(5), 4410–4429 (2010).

  10. 10

    K. Han, T. Shon, K. Kim, Efficient mobile sensor authentication in smart home and wpan. IEEE Trans. Consum. Electron.56(2), 591–596 (2010).

  11. 11

    S. Jiang, J. Zhang, J. Miao, C. Zhou, A privacy-preserving reauthentication scheme for mobile wireless sensor networks. Int. J. Distrib. Sens. Netw.9(5), 913782 (2013).

  12. 12

    A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuellar, P. H. Drielsma, P. C. Heám, O. Kouchnarenko, J. Mantovani, S. Mödersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Viganò, L. Vigneron, in Computer Aided Verification. The avispa tool for the automated validation of internet security protocols and applications (SpringerBerlin, Heidelberg, 2005), pp. 281–285.

  13. 13

    M. Bilal, S. -G. Kang, An authentication protocol for future sensor networks. Sensors. 17(5), 979 (2017).

  14. 14

    Y. Qiu, J. Zhou, J. Baek, J. Lopez, Authentication and key establishment in dynamic wireless sensor networks. Sensors. 10(4), 3718–3731 (2010).

  15. 15

    S. H. Erfani, H. H. S. Javadi, A. M. Rahmani, A dynamic key management scheme for dynamic wireless sensor networks. Secur. Commun. Netw.8(6), 1040–1049 (2015).

  16. 16

    F. Gandino, C. Celozzi, M. Rebaudengo, A key management scheme for mobile wireless sensor networks. Appl. Sci.7(5), 490 (2017).

  17. 17

    X. Zhang, J. He, Q. Wei, Eddk: Energy-efficient distributed deterministic key management for wireless sensor networks. EURASIP J. Wirel. Commun. Netw.2011:, 1–11 (2011).

  18. 18

    S. -H. Seo, J. Won, S. Sultana, E. Bertino, Effective key management in dynamic wireless sensor networks. IEEE Trans. Inf. Forensic. Secur.10(2), 371–383 (2015).

  19. 19

    M. Omar, I. Belalouache, S. Amrane, B. Abbache, Efficient and energy-aware key management framework for dynamic sensor networks. Comput. Electr. Eng.72:, 990–1005 (2018).

  20. 20

    H. Chan, A. Perrig, D. Song, in 2003 Symposium on Security and Privacy. Random key predistribution schemes for sensor networks (IEEEBerkeley, 2003), pp. 197–213.

  21. 21

    L. Eschenauer, V. D. Gligor, in Proceedings of the 9th ACM Conference on Computer and Communications Security. CCS ’02. A key-management scheme for distributed sensor networks (ACMNew York, 2002), pp. 41–47.

  22. 22

    A. Gonga, O. Landsiedel, M. Johansson, in 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS). MobiSense: Power-efficient micro-mobility in wireless sensor networks (IEEEBarcelona, 2011), pp. 1–8.

  23. 23

    M. Nabi, M. Blagojevic, M. Geilen, T. Basten, T. Hendriks, in 2010 7th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON). Mcmac: An optimized medium access control protocol for mobile clusters in wireless sensor networks (IEEEBoston, 2010), pp. 1–9.

  24. 24

    Q. Dong, W. Dargie, A survey on mobility and mobility-aware mac protocols in wireless sensor networks. IEEE Commun. Surv. Tutor.15(1), 88–100 (2013).

  25. 25

    D. Dolev, A. Yao, On the security of public key protocols. IEEE Trans. Inf. Theory. 29(2), 198–208 (1983).

  26. 26

    Tmote Sky Datasheet (2006). http://www.eecs.harvard.edu/~konrad/projects/shimmer/references/tmote-sky-datasheet.pdf. Accessed 23 Jan 2018.

  27. 27

    M. Healy, T. Newe, E. Lewis, in Smart Sensors and Sensing Technology. Analysis of hardware encryption versus software encryption on wireless sensor network motes (SpringerBerlin, Heidelberg, 2008), pp. 3–14.

Download references

Acknowledgements

This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education (NRF-2019R1I1A1A01062743).

Funding

This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education (NRF-2019R1I1A1A01062743).

Availability of data and materials

Data sharing is not applicable to this article as no datasets were generated or analyzed during the current study.

Author information

BK proposed the main concept, conducted formal verification and simulations, analyzed results, and wrote the manuscript. JS contributed to revising the manuscript and fine-tuning the proposed scheme. Both authors read and approved the final manuscript.

Correspondence to BoSung Kim.

Ethics declarations

Competing interests

The authors declare that they have no competing interests.

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Kim, B., Song, J. Energy-efficient and secure mobile node reauthentication scheme for mobile wireless sensor networks. J Wireless Com Network 2019, 155 (2019) doi:10.1186/s13638-019-1470-9

Download citation

Keywords

  • Wireless sensor networks
  • Mobile wireless sensor networks
  • Mobile sensor node
  • Security
  • Authentication
  • Key agreement
  • Multi-hop communication