You are currently viewing a new version of our website. To view the old version click .
MDPIMDPI
Search all articles
Sensors
Download PDF
  • Article
  • Open Access

19 June 2023

Enhancing Security in ZigBee Wireless Sensor Networks: A New Approach and Mutual Authentication Scheme for D2D Communication

,
,
,
,
and
1
Computer Science Department, Faculty of Computers and Information, Kafrelsheikh University, Kafrelsheikh 33516, Egypt
2
Information Technology Department, Faculty of Computers and Artificial Intelligence, Damietta University, Damietta 34519, Egypt
3
Computer Science Department, Faculty of Computers and Information, South Valley University, Qena 83523, Egypt
4
Faculty of Industry and Energy Technology, New Assiut Technological University (N.A.T.U.), New Assiut City 71684, Egypt
Sensors2023, 23(12), 5703;https://doi.org/10.3390/s23125703
This article belongs to the Collection Wireless Sensor Networks towards the Internet of Things
Version Notes
Order Reprints

Abstract

The latest version of ZigBee offers improvements in various aspects, including its low power consumption, flexibility, and cost-effective deployment. However, the challenges persist, as the upgraded protocol continues to suffer from a wide range of security weaknesses. Constrained wireless sensor network devices cannot use standard security protocols such as asymmetric cryptography mechanisms, which are resource-intensive and unsuitable for wireless sensor networks. ZigBee uses the Advanced Encryption Standard (AES), which is the best recommended symmetric key block cipher for securing data of sensitive networks and applications. However, AES is expected to be vulnerable to some attacks in the near future. Moreover, symmetric cryptosystems have key management and authentication issues. To address these concerns in wireless sensor networks, particularly in ZigBee communications, in this paper, we propose a mutual authentication scheme that can dynamically update the secret key value of device-to-trust center (D2TC) and device-to-device (D2D) communications. In addition, the suggested solution improves the cryptographic strength of ZigBee communications by improving the encryption process of a regular AES without the need for asymmetric cryptography. To achieve that, we use a secure one-way hash function operation when D2TC and D2D mutually authenticate each other, along with bitwise exclusive OR operations to enhance cryptography. Once authentication is accomplished, the ZigBee-based participants can mutually agree upon a shared session key and exchange a secure value. This secure value is then integrated with the sensed data from the devices and utilized as input for regular AES encryption. By adopting this technique, the encrypted data gains robust protection against potential cryptanalysis attacks. Finally, a comparative analysis is conducted to illustrate how the proposed scheme effectively maintains efficiency in comparison to eight competitive schemes. This analysis evaluates the scheme’s performance across various factors, including security features, communication, and computational cost.

1. Introduction

Wireless sensor networks are recognized as a vital component of IoT, representing an emerging technology with wide-ranging applications across various fields. With their implementation advancing rapidly, the importance of ensuring security becomes increasingly paramount. IoT has moved beyond its early stages and is actively reshaping our perception of the Internet from a static entity into a fully integrated and dynamic network of the future. ZigBee, Z-Wave, 6LoWPAN, and LoRa are among the communication technologies employed within the realm of IoT. The IoT industry has witnessed a significant increase in adoption, especially in ZigBee communication, which has attracted the attention of research communities to examine the security challenges faced by IoT [1]. ZigBee technology is a wireless sensor network based on the IEEE 802.15.4 standard that provides low-rate, low-power, and low-cost connectivity for various applications, including industrial automation, intelligent control, and medical health. Despite its numerous advantages, ZigBee technology encounters various challenges, including restrictions on device computing, limited memory space, and constrained energy consumption. These limitations make it impractical to use traditional security mechanisms such as asymmetric cryptography. Hence, there is a need to conduct further research in this area and increase research efforts to develop alternative security solutions.
The cryptanalytic strength of a cipher against mathematical and algebraic attacks is closely related to the length of the key material. Selecting the appropriate key length is a delicate process that involves balancing security and performance requirements. Various recommendations are available for different cryptographic ciphers and operations [2,3,4]. The National Institute of Standards and Technology (NIST) has published a report stating that all versions of the AES are expected to remain secure beyond 2030 [5,6]. In a previous report by the National Security Agency (NSA) in the IETF, symmetric ciphers with a key size of 256 bits or more were projected to remain secure until 2245 [7]. Therefore, the current version of AES requires alternative solutions to strengthen its security.
The researchers proposed several hybrid encryption techniques, which incorporate encryption schemes of two symmetric keys or both symmetric and asymmetric encryption methods. These techniques offer superior security compared with single encryption models that use public or private keys. Although many techniques that combine cryptographic algorithms are available on the market and claim to enhance data security, they may not be suitable for the constraints of wireless sensor networks.
In addition to enhancing the encryption process of ZigBee, it is essential to implement authentication and authorization measures to secure the network infrastructure. Using one-way authentication cannot guarantee security for both parties in communication. Instead, mutual authentication, where both parties are authenticated before transmission, is an effective solution to this issue. Deploying and managing robust authentication mechanisms in IoT infrastructures is considerably more challenging because of restrictions on wireless sensor devices. The literature has presented various authentication schemes to create a secure and reliable communication infrastructure for ZigBee wireless sensor networks, such as [8,9,10]. Although these mechanisms have resolved the security and privacy issues of resource-constrained networks such as ZigBee, some of these methods come with relatively higher costs of communication and computation. Additionally, several methods utilize the real identity of devices for communication, potentially establishing connections between previous and future transactions under the same identity. This compromises privacy and makes authentication more complex.
The motivation of this research lies in addressing the security weaknesses of ZigBee, improving cryptographic strength, and ensuring secure communication without the drawbacks of resource-intensive asymmetric cryptography and key management/authentication issues. The symmetric key block cipher AES currently used in ZigBee may become vulnerable in the future. Moreover, symmetric cryptosystems pose challenges related to key management and authentication. Most existing approaches involve hybrid schemes, combining symmetric and asymmetric cryptography, or using symmetric cryptography with additional costs. The proposed scheme is symmetric cryptography-based and introduces the use of secure one-way hash functions and bitwise exclusive OR operations during mutual authentication and encryption. This enables D2D via a TC to establish a shared session key and exchange a secure value, which is integrated with sensed data for regular AES encryption. The objective is to provide robust protection against cryptanalysis attacks, offer a mutual authentication solution with the unlinkability and untraceability of ZigBee devices’ communication, and maintain efficiency compared with other schemes.
To this end, in this paper, we propose a method for enhancing AES-based cryptography to address the aforementioned security challenges. Additionally, we present a mutual authentication and privacy scheme that enables each device in the ZigBee network to establish secure D2TC and D2D communication sessions. Our suggested approach achieves diverse security properties, such as anonymity and traceability, alongside the critical dual attributes of confidentiality and integrity.
To summarize our contribution:
  • Key distribution in the original version of ZigBee has serious weaknesses since keys are transmitted over the air or preinstalled onto devices in an insecure manner. Additionally, all nodes share the same key, which puts the entire network at risk if a single node is compromised. Our solution addresses these shortcomings by utilizing a one-time-use session key and a secure adynamic array of bits to secure communication between two nodes, ensuring they cannot be used for future communications.
  • We introduce a novel mutual authentication approach for ZigBee wireless sensor networks.
  • This paper proposes a solution to strengthen the encryption between D2TC and D2D communication in ZigBee wireless sensor networks.
  • The proposed approach achieves protection against various attacks by relying on simple operations rather than computationally expensive cryptographic operations.
The paper is structured as follows: Section 2 presents a brief literature review concerning schemes related to the proposed solution. Then, in Section 3 we provide a breakdown of the fundamental components necessary for understanding the security framework of ZigBee and the network model. Section 4 provides a detailed description of the proposed mutual authentication scheme and encryption process, including its phases and working mechanism, followed by an informal security analysis in the subsequent section. Section 5 presents a detailed analysis of the results obtained by comparing the proposed mutual authentication scheme with existing schemes. Finally, the paper concludes with some closing remarks.

3. ZigBee Network Architecture

Within this section, we present a summary of both the ZigBee security architecture and the network model utilized in this paper.

3.1. Security Architecture

ZigBee is an economical wireless sensor network with a low power-consumption design, consisting of four layers. The initial two layers, the physical (PHY) layer and the media access control (MAC) layer, are responsible for the fundamental functions of the physical radio and facilitate communication between two devices within a single-hop connection. These layers comply with the IEEE 802.15.4 standard. Additionally, the network (NWK) layer is incorporated to handle tasks such as packet routing and address management. Finally, at the topmost layer, the application (APL) layer defines the node’s role within the network and ensures the establishment and maintenance of secure links between nodes [21,22,23].
ZigBee PRO and ZigBee represent two feature sets available within the ZigBee framework. ZigBee PRO is designed to support larger networks with over a thousand devices while maintaining low power consumption, making it a widely accepted specification. One notable and innovative aspect of ZigBee PRO is its inclusion of green power, enabling the seamless integration of energy harvesting devices that operate without the need for external power supplies [24].
Within the ZigBee protocol, three key types serve security purposes: (1) The network key, also known as the NWK key, is a master key that is shared among all devices within a ZigBee network. It enables network-wide encryption and decryption capabilities. The NWK key is established and distributed to all devices during the network initialization phase. (2) The link key is an exclusive key shared between two devices in a ZigBee network, ensuring secure communication specifically between those devices. Derived from the NWK key, link keys are frequently used for encryption and decryption purposes in pairwise communication. (3) The master key is a high-level key in a ZigBee network, playing a crucial role in secure provisioning and key establishment. During the initial setup phase, the master key guarantees the secure distribution of the network key, facilitating the establishment of trust between devices. These key types have critical roles in securing communication, providing authentication, and safeguarding data privacy within ZigBee networks.
To ensure system confidentiality, ZigBee technology implements the AES 128-bit algorithm within the MAC layer. AES is a symmetric block cipher algorithm used for encrypting data. While numerous applications currently utilize the AES algorithm to secure their systems against data disclosure, NIST researchers have predicted the potential vulnerability of the AES 128-bit encryption algorithm by 2036 due to rapid advancements in computing technology [7,17]. ZigBee technology incorporates the enhanced CCM* mode to ensure both confidentiality and integrity. This advanced version of CCM provides robust security features, including defense against replay attacks. In the following section, we outline our suggested solution to rectify the mentioned weaknesses.

3.2. Network Model

The ZigBee network topology consists of three main types: star topology, tree topology, and mesh topology. Star or mesh topologies are commonly used as the primary architecture in ZigBee networks [25]. In mesh networks, as shown in Figure 1, TC assumes the role of both routing traffic and managing devices on the network. End devices can communicate with the network through the TC.
Figure 1. ZigBee network model.
The TC is responsible for managing information about each device and initiating and maintaining the network, since it is aware of all devices within its network. During initialization, authentication through the TC is required for each ZigBee device, and all communication between devices must go through the TC to establish a session encryption key and for authentication purposes. Consequently, every ZigBee network must have a TC. ZigBee devices typically interact with the physical world or with other devices present in the network. Our approach employs the method presented in Section 4.2 and Section 4.3 for authentication of both TC2D and D2D. Additionally, encryption takes place using the AES algorithm with a key length of 128 bits, as demonstrated in Section 4.4.

4. Proposed Solution

Our proposed solution consists of two primary stages. The first stage is the device authentication and key agreement phase, which includes three sub-phases: (i) offline phase, (ii) authentication phase, and (iii) communication phase. The second stage involves strengthening the cryptography based on AES by utilizing a secure value exchanged in the first stage to enhance the cryptography of exchanged data in the ZigBee network. We provide a detailed description of both stages below, and we use the notations presented in Table 1 to describe our solution throughout the paper.
Table 1. Description of Notations.

4.1. Offline Phase

To establish secure D2TC and D2D communication in ZigBee networks, every device (Di) is required to register its master key and identity ID with the relevant TC during an offline phase to prevent unauthorized devices from gaining access. Only devices that have been registered in the offline phase are permitted to initiate a communication session.

4.2. Device Authentication Phase

In this section, D2TC authentication process is described. During the offline phase, if a device (Di) has participated, its ID address should be available in the authenticated devices list that is stored in the TC’s memory. If the ID matches one from the stored list, the requesting device (Di) will receive an encrypted message to begin the communication process. In our proposed solution, we prioritize the security and protection of ZigBee devices’ real identities (IDs) by ensuring that they are never transmitted in plain text. This is achieved by exclusively utilizing dynamic IDs during both the authentication and communication phases. The steps in this phase are explained below and summarized in Figure 2.
Figure 2. A detailed description of D1 and D2 registration and authentication phase.
Step1: Device to trust center
The device D1 generates three parameters, namely, KD1, CTRD1, and RAD1. KD1 is the key that will be used for encrypting the exchanged data with D1. The counter CTRD1 is incremented with each message. RAD1 is a random array of bytes equal to the block size used in AES. The device D1 creates a dynamic identity DIDD1 = h(IDD1, CTRD1) that changes for every session. This method ensures that the DIDD1 is unique in every session and can only be traced by the TC. Then D1 concatenates IDD1, KD1, CTRD1, and RAD1 and calculates the hash value, HD1 = h(CTRD1, (IDD1∥KD1∥CTRD1∥RAD1)). This ensures that HD1 is computed based on two dynamic values, enabling the detection of attacks even if one of the values is compromised. Finally, D1 encrypts (IDD1, KD1, CTRD1, RAD1) using the KTC and sends the message {IDTC, DIDD1, HD1, (IDD1, KD1, CTRD1, RAD1)_KTC } to the TC.
Step 2: Trust center to device
After receiving the message, the TC decrypts it using KTC, looks up IDD1, and subsequently carries out a validation process. Then, TC calculates the hash value of *HD1 and DIDD1 and proceeds to compare them against the received HD1 and DIDD1 for verification. The TC stores D1 information, KD1, CTRD1, DIDD1, and RAD1 in its database. Then, the TC increments CTRD1 by 1. Next, it concatenates the (DIDD1∥IDTC). After that, the TC computes the hash value, HTC1 = h(CTRD1, (DIDD1∥IDTC)). Then, the TC sends the message to D1. Finally, the TC increments CTRD1 again by 1 and computes for the upcoming session DIDD1 = h(IDD1, CTRD1). On the other side, D1 computes both the hash value and dynamic identity of D1. Then, it verifies whether these values match those received from the TC. When a match is identified, it signifies the accurate validation of the message’s integrity. Finally, D1 updates the CTRD1 value and the new dynamic identity for the upcoming session. At the end of this stage, as explained in steps 1 and 2, both D1 and the TC authenticate each other, and the parameters (IDD1, CTRD1, DIDD1, and RAD1) are securely sent between D1 and TC. The second stage describes the communication among devices. We assume that the ZigBee device D1 wants to communicate as a sender with the ZigBee device D2 as a receiver.

4.3. D2D Communication Phase

In this section, we discuss the D2D communication phase, during which a device verifies the identity of one or more devices. Once verified, the devices establish a shared key and a secure array of bits that can be employed later to establish an encrypted communication channel. The following steps discuss the communication process in this phase.
Step 1: Device (D1) to device (D2)
The device D1 sends a request to establish communication with an authenticated device D2. The message contains the device’s dynamic identity DIDD1, the identity of trust center IDTC, and the identity of the second device IDD2 encrypted using KD1. Then, the D1 computes the hash value of those parameters and CTRD1, HD1 = h (CTRD1, (IDTC∥DIDD1∥(IDD2)_kTC).
Step 2: Device (D2) to trust center
After constructing its message using the same method, device D2 forwards both the information it received from D1 and its own information to the trust center, requesting a temporary session key.
Step 3: Trust center authentication
The messages received by TC from D2 are validated by reconstructing HD1 and HD2 with KD1, KD2, CTRD1, and CTRD2 for the corresponding stored DIDD1 and DIDD2. The comparison of the hash value computed at TC, HTC for both D1 and D2, and matching with HD1 and HD2 confirms the message is authentic, as only D1 and D2 have access to KD1, KD2, CTRD1, and CTRD2. In addition, they have the ability to construct a valid message.
Step 4: Trust center to device (1) and trust center to device (D2)
TC creates the session key KSD12 and random array of bits RAD12, and subsequently sends them to D1 and D2 in an encrypted form using KD1 and KD2, respectively.
Step 5: Devices (D1 and D2) authentication
After receiving the encrypted information, D1 and D2 retrieve the secret session key using their respective private keys KD1 and KD2. The presence of CTRD1 and CTRD2 in the received message assures both devices that the message is new. At this stage, both devices can communicate securely utilizing the session key KSD12. Figure 2 provides a summary of the steps outlined in the preceding explanation.
Remark: We assume that the generated random array of bytes that will be used to strength the cryptography of AES will be used in the encryption process at the point that the devices need to send sensed data to the TC or other devices in the ZigBee network. The steps of this phase are explained below and are summarized in Figure 3.
Figure 3. A detailed description of D1 and D2 registration phase.

4.4. Encryption Based on AES

The main idea involves producing a random array of bits that matches the block size used in AES. This array will be combined with newly produced data by the ZigBee device, and the resulting output will serve as input for a standard AES. By doing so, the array will be refreshed with each message transmission between D2TC or D2D in the ZigBee network, ensuring that it remains unique for each session and can only be accessed by the two parties involved in the communication. The updated array, i.e., the previous array merged with the data generated by the ZigBee device, will be stored in both the device and the TC to be utilized in the encryption process of the subsequent message exchange between the two parties. This technique makes it difficult to perform cryptanalysis on the encrypted messages. The randomly generated array, which is updated with each sensed data, can offer protection against cryptanalysis attacks, even if the symmetric key is breached. The following figure summarizes our encryption solution (Figure 4).
Figure 4. Encryption in proposed solution based on AES.
In our solution, the sensed data of the ZigBee device will be divided into blocks of size 128 bits. Then, the random generated array will be merged with each block and the output of this step will be used as input to the regular AES 128/CCM algorithm. Since the data are encrypted, the device will send the message to the receiver device in the ZigBee network and update the array as follows: RA = Ln. On the other side, the receiver device will decrypt the message based on the pre-shared symmetric key and RA, then recalculate RA and store it in its database for the upcoming session. In the following section, we explain how the session symmetric key and RA are exchanged and updated, in addition to the process of device authentication and communication.

5. Security and Performance Analysis

In these subsections, we validate the security of our proposed approach through informal security analysis and static performance assessment.

5.1. Informal Security Analysis

This section provides a comprehensive analysis of potential attacks and their prevention strategies in the proposed approach.

5.1.1. Access Control

Maintaining control and access restrictions is crucial to prevent potential attacks resulting from unauthorized network access. Our proposed solution involves the trust center authenticating devices that intend to join the network. During initialization, the trust center permits access solely to the device that possesses the master key and the pre-stored device identity. Subsequently, the trust center sends its key (KTC) to the device, encrypted with the master key, and initiates the authentication process to generate a new device key.

5.1.2. Eavesdropping Attack

Messages exchanged between the trust center and the device during the authentication phase are susceptible to interception by attackers. However, our approach addresses this vulnerability by employing symmetric encryption to encrypt the message, which we have strengthened further by modifying the standard AES algorithm. Additionally, we leverage dynamic identities that change with each session, making it challenging for the attacker to establish a connection between the message and a particular device.

5.1.3. Replay Attacks

To prevent replay attacks, our solution employs different random numbers in each session during message exchanges. An eavesdropper’s attempts to impersonate the trust center and replay previous responses are prevented by this approach. Our approach effectively mitigates replay attacks as the device rejects messages containing a non-fresh nonce that does not match the nonce in the request message.

5.1.4. Anonymity and Un-Traceability

To prevent the attacker from linking an identity to a particular device and tracing specific messages to a given device, our solution utilizes a unique random number selected by the device in each session to compute the dynamic identity of the device. Furthermore, we ensure that sensitive data, such as the real identity of a device, are always encrypted. As a result, using random values such as CTR and RA for computing dynamic identity and hash functions ensures the preservation of anonymity for all messages transmitted via public channels by the device or the trust center. Moreover, if the same device sends two or more authentication messages, the ability of the attacker to determine whether these messages originate from the same device is eliminated. Consequently, there is no possibility of linking the device to different sessions, which enhances the anonymity of our proposed approach and thwarts the attacker’s ability to trace devices through message interception.
Table 2 summarizes the security attacks addressed by our proposed approach. Additionally, a comparative analysis of the proposed approach and existing approaches based on various security features is presented in Table 3.
Table 2. Security attack analysis.
Table 3. Analysis of the security parameters.

5.2. Static Performance Assessment

This section focuses on analyzing the efficiency and overhead of the proposed approach with regards to its communication overhead and storage requirements. Our approach not only offers numerous security features to protect against potential attacks on wireless sensor networks, namely the ZigBee network, but also incurs a reasonable computational cost, making it suitable for communication and storage-constrained wireless sensor networks.

5.2.1. Computation Cost

In Table 4, we provide a summary of the computation cost analysis, where we compare our proposed approach to other related solutions based on the computational cost of hash and XOR operations. From Table 4, it can clearly be seen that our approach required 20 hash operations, which is less than some solutions. Furthermore, unlike all other solutions, our approach does not involve any XOR operations. Our analysis demonstrates that our proposed approach is computationally efficient, making it suitable for wireless sensor devices with limited resources, such as ZigBee devices.
Table 4. Comparison of the computation cost.

5.2.2. Communication Cost

Along with computational costs, communication costs are also a crucial consideration in authentication schemes for wireless sensor networks, as they determine the bandwidth necessary for transmitting packets during authentication. Our approach employs SHA-1 as the hash function with an output size of 160 bits. Additionally, DIDD, CTR, RAD, KD, and IDD are set to 160, 160, 128, 128, and 16 bits, respectively, while IDTC is 16 bits long.
When transmitting (D → TC), D sends a tuple consisting of {IDTC, DIDD1, HD1, (IDD1, KD1, CTRD1, RAD1)_KTC}. The size of this transmitted tuple is calculated as ((3 × 160) +(2 × 16) + (2 × 128)) = 768 bits. In contrast, when transmitting (TC → D), TC sends a tuple of {IDTC, DIDD1, *HD1} with a size of ((2 × 16) + 160) = 192 bits. In the case of transmitting (D1→ D2), D1 sends a tuple of {IDTC, DIDD1, HD1} with a size of (16 + (2 × 160)) = 336 bits. Following that, (D2→ TC) of the same size = 336 bit. Finally, during transmission (TC→ D1), TC sends a tuple of {IDTC, DIDD1, HD1, (DIDD1, KSD12, RAD12)_KD1} with a size of (16 + (3 × 160) + (2 × 128)) = 752 bits, which is also the same size for the transmission (TC→ D2) = 752 bits. As a result, the total communication cost is 3136 bits.
The communication cost analysis presented in Table 5 demonstrates that the proposed approach has a lower cost compared with other approaches [26,27,28,29,30], and a higher cost than approach [18]. However, our approach incorporates an additional parameter, a secret array of 128 bits, to enhance the cryptography, which is not utilized in [16] and provides advantages to our approach.
Table 5. Comparison of the communication cost.

6. Conclusions

In this paper, we propose a mutual authentication and key agreement approach for ZigBee wireless sensor networks. ZigBee devices are known for their low-power, low-cost, and lightweight characteristics. To optimize energy efficiency, we have exclusively employed hash functions for mutual authentication between D2TC and D2D, along with bitwise exclusive OR operations to enhance cryptography. Moreover, our approach uses the dynamic identity of the devices to preserve anonymity, while providing confidentiality, integrity, and untraceability properties. Through an informal security analysis, we have verified the resilience of our approach against commonly encountered attacks. Additionally, our approach’s efficiency was evaluated through a comparative analysis, comparing it with other relevant solutions.
In our future work, we aim to extend the protocol to handle cases where a ZigBee device switches from one network to another. Furthermore, we intend to investigate scenarios where multiple ZigBee TCs exist within the network. We aim to experimentally investigate and evaluate the performance overhead for those cases and conduct a formal security analysis using BAN logic, the ROR model, and the AVISPA tool [18].

Author Contributions

Conceptualization, M.I.I.; Methodology, A.A.; Software, S.M.M.; Validation, A.S.; Formal analysis, A.A. and S.M.M.; Resources, H.E.; Writing—original draft, M.A. and H.E.; Writing—review & editing, M.I.I.; Funding acquisition, M.A. All authors have read and agreed to the published version of the manuscript.

Funding

This work was supported by Researchers Supporting Project number RSPD2023R636, King Saud University, Riyadh, Saudi Arabia.

Data Availability Statement

The data that support the findings of this study are available on request from the corresponding author.

Conflicts of Interest

The authors declare that they have no conflict of interest to report regarding the present study.

References

  1. Orfanos, V.A.; Kaminaris, S.D.; Papageorgas, P.; Piromalis, D.; Kandris, D. A Comprehensive Review of IoT Networking Technologies for Smart Home Automation Applications. J. Sens. Actuator Netw. 2023, 12, 30. [Google Scholar] [CrossRef]
  2. D.SPA.16 Rev. 1.0, IST-2002-507932 ECRYPT; Yearly Report on Algorithms and Keysizes (2005). European Network of Excellence in Cryptology. 2006.
  3. Traore, M. Analyse des biais de RNG pour les mécanismes cryptographiques et applications industrielles. In Cryptographie et Sécurité [cs.CR]; Université Grenoble Alpes: Saint-Martin-d’Hères, France, 2022; p. 190. [Google Scholar]
  4. Cryptographic Key Length Recommendations. Available online: http://www.keylength.com (accessed on 1 January 2020).
  5. FIPS 197; Advanced Encryption Standard (AES). National Institute of Standards and Technologies: St. Andrews, SC, USA, 2001.
  6. NIST Special Publication 800-57 Draft; Recommendation for KeyManagement. National Institute of Standards and Technologies: St. Andrews, SC, USA, 2006.
  7. NIST Special Publication 800-67 Version1; Recommendation for the Triple DataEncryption Algorithm (TDEA) Block Cipher. National Institute of Standards and Technologies: St. Andrews, SC, USA, 2004.
  8. Lee, J.Y.; Lin, W.C.; Huang, Y.H. A lightweight authentication protocol for internet of things. In Proceedings of the 2014 International Symposium on Next-Generation Electronics (ISNE), Tao-Yuan, Taiwan, 7–10 May 2014; pp. 1–2. [Google Scholar]
  9. Kulkarni, S.; Ghosh, U.; Pasupuleti, H. Considering security for ZigBee protocol using message authentication code. In Proceedings of the 2015 Annual IEEE India Conference (INDICON), New Delhi, India, 17–20 December 2015; pp. 1–6. [Google Scholar]
  10. Zhao, G.; Wang, X.; Si, J.; Long, X.; Hu, T. A novel mutual authentication scheme for internet of things. In Proceedings of the 2011 International Conference on Modelling, Identification and Control (ICMIC), Shanghai, China, 26–29 June 2011; pp. 563–566. [Google Scholar]
  11. Chu, F.; Zhang, R.; Ni, R.; Dai, W. An improved identity authentication scheme for internet of things in heterogeneous networking environments. In Proceedings of the 2013 Sixteenth International Conference on Network-Based Information Systems, Gwangju, Republic of Korea, 4–6 September 2013; pp. 589–593. [Google Scholar]
  12. Gaikwad, P.P.; Gabhane, J.P.; Golait, S.S. 3-level secure Kerberos authentication for smart home systems using IoT. In Proceedings of the 2015 First International Conference on Next Generation Computing Technologies (NGCT), Dehradun, India, 4–5 September 2015; pp. 262–268. [Google Scholar]
  13. Ashibani, Y.; Kauling, D.; Mahmoud, Q.H. A context-aware authentication framework for smart homes. In Proceedings of the 2017 IEEE Thirtieth Canadian Conference on Electrical and Computer Engineering (CCECE), Windsor, ON, Canada, 30 April–3 May 2017; pp. 1–5. [Google Scholar]
  14. Mishra, D.; Vijayakumar, P.; Sureshkumar, V.; Amin, R.; Islam, S.H.; Gope, P. Efficient authentication protocol for secure multimedia communications in IoT-enabled wireless sensor networks. Multimed. Tools Appl. 2018, 77, 18295–18325. [Google Scholar] [CrossRef]
  15. Alshahrani, M.; Traore, I. Secure mutual authentication and automated access control for IoT smart home using cumulative Keyed-hash chain. J. Inf. Secur. Appl. 2019, 45, 156–175. [Google Scholar] [CrossRef]
  16. Chang, C.-C.; Le, H.-D. A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks. IEEE Trans. Wirel. Commun. 2015, 15, 357–366. [Google Scholar] [CrossRef]
  17. Alalak, S.; Ahmed, Z.; Abdullah, A.; Subramiam, S. Aes and ecc mixed for zigBee wireless sensor security. Int. J. Electron. Commun. Eng. 2011, 5, 1224–1228. [Google Scholar]
  18. Mirsaraei, A.G.; Barati, A.; Barati, H. Asecure three factorauthentication scheme for IoT environments. J. Parallel Distrib. Comput. 2022, 169, 87–105. [Google Scholar] [CrossRef]
  19. Gong, B.; Zheng, G.; Waqas, M.; Tu, S.; Chen, S. LCDMA: Lightweight Cross-domain Mutual Identity Authentication Scheme for Internet of Things. IEEE Internet Things J. 2023. [Google Scholar] [CrossRef]
  20. Amor, A.B.; Jebri, S.; Abid, M.; Meddeb, A. A secure lightweight mutual authentication scheme in social industrial IoT environment. J. Supercomput. 2022. [Google Scholar] [CrossRef]
  21. Yang, B. Study on security of wireless sensor network based on ZigBee standard. In Proceedings of the International Conference on Computational Intelligence and Security, Beijing, China, 11–14 December 2009; pp. 426–430. [Google Scholar]
  22. Qianqian, M.; Kejin, B. Security analysis for wireless networks based on ZigBee. In Proceedings of the 2009 International Forum on Information Technology and Applications, Chengdu, China, 15–17 May 2009; pp. 158–160. [Google Scholar]
  23. Misic, J.; Misic, V. Wireless Personal Area Networks: Performance, Interconnections and Security with IEEE, 2008, 802.15.4; John Wiley & Sons Ltd.: Hoboken, NJ, USA, 2008. [Google Scholar]
  24. Varghese, J.M.; Rao, N.; Varghese, V.T. A survey of the state of the art in ZigBee. Int. J. Cybern. Inform. 2015, 4, 145–155. [Google Scholar] [CrossRef]
  25. Haque, K.F.; Abdelgawad, A.; Yelamarthi, K. Comprehensive Performance Analysis of ZigBee Communication: An Experimental Approach with XBee S2C Module. Sensors 2022, 22, 3245. [Google Scholar] [CrossRef] [PubMed]
  26. Amin, R.; Islam, S.H.; Biswas, G.P.; Khan, M.K.; Leng, L.; Kumar, N. Design of an anonymity-preserving three factor authenticated key exchange protocol for wireless sensor networks. Comput. Netw. 2016, 101, 42–62. [Google Scholar] [CrossRef]
  27. Gope, P.; Hwang, T. A realistic lightweight anonymous authen-tication protocol for securing real-time application data access in wireless sensor networks. IEEE Trans. Ind. Electron. 2016, 63, 7124–7132. [Google Scholar] [CrossRef]
  28. Li, X.; Ibrahim, M.H.; Kumari, S.; Sangaiah, A.K.; Gupta, V.; Choo, K.K.R. Anonymous mutual authentication and key agree- ment scheme for wearable sensors in wireless body area net-works. Comput. Netw. 2017, 129, 429–443. [Google Scholar] [CrossRef]
  29. Wu, F.; Li, X.; Xu, L.; Kumari, S.; Karuppiah, M.; Shen, J. A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server. Comput. Electr. Eng. 2017, 63, 168–181. [Google Scholar] [CrossRef]
  30. Ankur, G.; Meenakshi, T.; Jamil, S.T.; Aakar, S. A lightweight anonymous user authentication and key establishment scheme for wearable devices. Comput Netw. 2019, 149, 29–42. [Google Scholar]
  31. Fotouhi, M.; Bayat, M.; Das, A.K.; Far, H.A.N.; Pournaghi, S.M.; Doostari, M. A lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT. Comput. Netw. 2020, 177, 107333. [Google Scholar] [CrossRef]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Article Metrics

Citations

Article Access Statistics

Journal Statistics
Multiple requests from the same IP address are counted as one view.
Download PDF
Forest Fire Smoke Detection Based on Deep Learning Approaches and Unmanned Aerial Vehicle Images
Previous
Performance Evaluation of CentiSpace Navigation Augmentation Experiment Satellites
Next