a privacy protection user authentication and key agreement

Research ArticleA Privacy Protection User Authentication andKey Agreement Scheme Tailored for the Internet ofThings Environment PriAuth

Yuwen Chen Joseacute-Fernaacuten Martiacutenez Pedro Castillejo and Lourdes Loacutepez

Departamento de Ingenierıa Telematica y Electronica (DTE) Escuela Tecnica Superior de Ingenierıa y Sistemas de Telecomunicacion(ETSIST) Universidad Politecnica de Madrid (UPM) CNikola Tesla sn 28031 Madrid Spain

Correspondence should be addressed to Yuwen Chen yuwenchenupmes

Received 6 July 2017 Revised 29 October 2017 Accepted 7 November 2017 Published 24 December 2017

Academic Editor Anton Kos

Copyright copy 2017 Yuwen Chen et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

In a wearable sensor-based deployment sensors are placed over the patient to monitor their body health parameters Continuousphysiological information monitored by wearable sensors helps doctors have a better diagnostic and a suitable treatment Whendoctors want to access the patientrsquos sensor data remotely via network the patient will authenticate the identity of the doctor firstand then they will negotiate a key for further communication Many lightweight schemes have been proposed to enable a mutualauthentication and key establishment between the two parties with the help of a gateway node but most of these schemes cannotenable identity confidentiality Besides the shared key is also known by the gateway which means the patientrsquos sensor data could beleaked to the gateway In PriAuth identities are encrypted to guarantee confidentiality Additionally Elliptic Curve DiffiendashHellman(ECDH) key exchange protocol has been adopted to ensure the secrecy of the key avoiding the gateway access to it Besides onlyhash and XOR computations are adopted because of the computability and power constraints of the wearable sensorsThe proposedscheme has been validated by BAN logic and AVISPA and the results show the scheme has been proven as secure

1 Introduction

As sensors become widespread in their usage regardinghealthmonitoring scenarios a significant amount of personalsensitive data like blood pressure pulse or electrocardio-gram readings will be monitored These sensors could beinterconnected to compose a Wireless Body Area Network(WBAN) With different sensors gathering patientrsquos data andcontinually sending these data to doctors or to a remotemonitoring station for further analysis it is necessary tomakesure that these data are transferred confidentially The usualway is to encrypt them first before they are sentThe proposalpresented in this paper named PriAuth aims to help thepatient and the doctor build a shared key for encryptinghealth parameters

Because only appointed doctors are allowed to access thepatientrsquos data the patient and the doctor have to authenticateeach other first A workable way is to introduce a gateway tohelp the patient authenticating the legitimacy of the doctor

and vice versa After authentication the two parties will builda shared key for further communication

When a doctor wants to read patientrsquos data he sendsa request to the patient The patient forwards this requesttogether with his own identification information to thegateway The gateway checks whether the patient and thedoctor are legitimate and if any of them is not regarded assuch then the scheme is aborted Only when they are alllegitimate the gateway sends the authentication result to thepatient Once the patient has become aware of the legitimacyof the doctor he sends the authentication result to the doctoras well Based on the authentication result the patient and thedoctor can build a shared key which is used for encryptingconfidential information sent between them

There are many research results focusing on the authen-tication and key agreement problems while most of themcould ensure the safety of the data this is not enough as thereis also a need to protect privacy

HindawiWireless Communications and Mobile ComputingVolume 2017 Article ID 5290579 17 pageshttpsdoiorg10115520175290579

2 Wireless Communications and Mobile Computing

In the authentication process the patient and the doctorhave to send their identities and some other related infor-mation to the gateway It has to be ensured that the patientrsquosidentity should not be leaked Of course a patient is usuallyunwilling to leak his identity information because if thepatientrsquos identity is leaked the health history and status ofthe patient will be freely available for anyone in the systemregardless of the patient wishes

On the other hand when a doctor sends his identity tothe gateway for authentication we have to make sure thatthe doctorrsquos identity is kept confidential too (eg when anadversary eavesdrops the identity of the doctor and finds outthe doctorrsquos major is dermatology according to the identity ofthe doctor there is a great chance that the patient has a skinrelated problem) Therefore it is also necessary to keep thedoctorrsquos identity confidential in order to protect the privacy ofthe patient In PriAuth Elliptic Curve Cryptography (ECC)is adopted as the method used to protect the identities of thedata transmission participants which is similar to [15ndash21]

After the gateway finishes the authentication process thegateway will send the authentication result to the patient andthe doctor Based on the authentication result the patientand the doctor could build a shared key In some traditionalschemes the gateway could learn the key shared from theauthentication information it gets from the patient and thedoctorThismeans the patientrsquos personal health data could beleaked to the gateway It is necessary to prevent the gatewaylearning this key In PriAuth Elliptic Curve DiffiendashHellman(ECDH) key exchange protocol is adopted to ensure theshared key secrecy between the patient and doctor Besidesonly hash and XOR operations are adopted which is suitablefor the wearable sensors

PriAuth has been validated by BAN logic and AVISPABAN logic is one of the most prevalent methods that helpdetermine whether the exchanged information is trustwor-thy secure against eavesdropping BAN logic is also adoptedto prove the security of the schemes by [22ndash24] AVISPA(Automated Validation of Internet Security Protocols andApplications) is a tool for the automated validation of Internetsecurity-sensitive protocols and applications which has beenwidely adopted by [24ndash26] and so forth

This paper is organized as follows Section 2 is relatedworks Section 3 is the preliminary knowledge In Section 4we introduce PriAuth Section 5 provides the BAN logicvalidation Section 6 includes AVISPA verification Section 7is the security analysis part Section 8 provides a comparisonwith other schemes Section 9 is the validation part Section 10concludes with a summary of the contributions

2 Related Works

In several papers of the researched literature the authors usedifferent acronyms user and sensor are the most commonlyused which equals to doctor and sensor in our schemeThusfrom now on we will use user and sensor instead of doctorand patient DWang and PWang provide overviews of someof the schemes described in [27 28] Farash et al use a singleshared key between all the users or sensors to encrypt the

identities [13] All the sensors use the same key ℎ(119883GWN 1)to encrypt the sensor identity using XORmethodwhere SID119895

is the sensor identity and 1198792 is a timestamp

ESID119895 = SID119895 oplus ℎ (ℎ (119883GWN 1) 1198792) (1)

where ℎ(119883GWN 1) is a key that is shared by all thesensors so malicious or curious sensors could learn theidentity of sensor SID119895 As ESID119895 1198792 are sent via a publicchannel Amalicious or curious sensor with identity SID119896 caneavesdrop sensor SID119895 to get ESID119895 1198792 In order to get thesensor id SID119895 SID119896 could decrypt ESID119895 using the same keyℎ(119883GWN 1)

ESID119895 oplus ℎ (ℎ (119883GWN 1) 1198792)= SID119895 oplus ℎ (ℎ (119883GWN 1) 1198792)

oplus ℎ (ℎ (119883GWN 1) 1198792) = SID119895(2)

Lu et al use a random identity TID119894 to protect identityprivacy [10] But as the identity is a fixed value a user couldbe tracked by an adversary Schemes [29ndash32] use a similarmethod but all these procedures are prone to suffer fromtractability attack

In scheme proposed by Wu et al every time the gatewaygives a newPIDnewMU for the user [4] But in this case there isa potential loss of synchronization problem if the adversaryblocks the PIDnewMU from being sent to the user then thetwo parties may lose their synchronization Das et al protectthe identity of the user by generating a new masked identityevery time in a similar way but this scheme suffers from lossof synchronization problem too [33]

Jung et al use the similar method with the scheme [13]of Farash et al [6] The key to encrypt the identity of a singleuser is the same for all the users This scheme has the sameproblem that has been discussed What a user sends to thegateway node is as follows DID119894 = ℎ(ID119894 1198771) 119896 = ℎ(DID119894 Vlowast 1198791) 119860 119894 = 119864119896(DID119894 1198771 1198791) so other users could learnDID119894 by decrypting 119860 119894 with the same key Vlowast Besides thisscheme has the same inner side attacker problem a detailedanalysis is shown in Section 74

Rabin cryptosystem with quadratic residue problem isused to encrypt a message [11 34] Assume 119899 = 119901119902 where119901 and 119902 are two large primes If 119910 = 1199092 mod 119899 has a solutionthat is there exists a square root for 119910 then 119910 is calleda quadratic residue mod119899 The set of all quadratic residuenumbers in [1 119899minus1] is denoted byQR119899The quadratic residueproblem states that for 119910 isin QR119899 it is hard to find 119909 withoutthe knowledge of 119901 and 119902 due to the difficulty of factoring 119899[35] this is a kind of public-key encryption method

Chatterjee and Das provide a similar methodology ofprotecting the identity of the user They use the ECC basedpublic key methods [15] Besides they try to combine theauthentication scheme with an attributed based access con-trol scheme He et al use a similar method while they useexponentiation operations instead [36]

We summarize some of them in Table 1 From the table itcan be inferred that privacy is a problem that has not drawnenough attention from the researchers In some schemes

Wireless Communications and Mobile Computing 3

Table 1 Comparison of protection of privacy

Schemes Sensor anonymity User anonymity Shared key privacyChoi et al [1] times times radicShi and Gong [2] times times radicChang and Le [3 Scheme 1] times times timesChang and Le [3 Scheme 2] times times radicWu et al [4] radic times radicDas et al [5] radic times radicJung et al [6] radic times timesFan et al [7] times times timesAmin and Biswas [8] times times timesNam et al [9] times times radicLu et al [10] radic radic timesZhao et al [11] radic times timesHou et al [12] times times timesFarash et al [13] times times timesTurkanovic et al [14] times times timesPriAuth radic radic radic

all the users share the same key to encrypt their identitiesthis means the encrypted identity could be decrypted by amalicious or curious user using the same key [5 6 10 13]Some of the schemes fail to enable the anonymity of theuser or sensor such as [37ndash39] We adopt the ECC basedmethod to enable the anonymity which is similar to [15ndash21] because ldquoECC requires smaller keys compared to non-ECC cryptography (based on plain Galois fields) to provideequivalent securityrdquo [40] The gateway has a public key thatis known by every user all the identities are encrypted byan XOR method with a new key which is generated fromgatewayrsquos public key before the identities are sent to thegateway Thus only the gateway could learn the identities

As for the shared key between user and sensor in someschemes the gateway knows the shared key in schemes[6ndash8 11ndash14] while in some others the gateway does notknow the key they use DiffiendashHellman (DH) anonymous keyagreement protocol to build the shared key [1 2 4 5 9 30]As we have discussed the gateway is not allowed to knowthe shared key in order to prevent a curious gateway fromeavesdropping the sensor data

3 Preliminary

Elliptic Curve Cryptography (ECC) is a public-key cryptog-raphy approach based on the algebraic structure of ellipticcurves over finite fields For current cryptographic purposesan elliptic curve is a plane curve over a finite field (rather thanthe real numbers) which consists of the points satisfying thefollowing

1199102 = 1199093 + 119886119909 + 119887 (3)

In order to use ECC all parties must agree on all thedomain parameters of the elliptic curve 119901 119886 119887 119866 119899 ℎ

119865(119901) the finite field over 119901 where 119901 is a prime andrepresents the size of the finite field

(119886 119887) the parameters of elliptic curves1199102 = 1199093+119886119909+119887over 119865(119901)119866(119909119901 119910119901) generator point but 119866 = 0119899 the order of the base point 119866ℎ cofactor an integer ℎ = 119865(119901)119899

Elliptic Curve DiffiendashHellman (ECDH) is an anonymouskey agreement protocol that allows two parties each hasan elliptic curve based public private key pair to establisha shared secret over an insecure channel Suppose Alicewants to establish a shared key with Bob but the channelavailable for them is not safe Initially the domain parameters(119901 119886 119887 119866 119899 ℎ) must be agreed upon Also each party musthave a key pair suitable for elliptic curve cryptographyconsisting of a private key 119889 (a randomly selected integer inthe interval [1 119899minus1]) and a public key119876 (where119876 = 119889119866 thatis the result of adding 119866 together 119889 times)

Alicersquos private key and public key are (119889119860 119876119860) Bobrsquos keypair is (119889119861 119876119861) Alice computes 119889119860119876119861 while Bob computes119889119861119876119860 So the shared key between them is 119889119860119876119861 = 119889119861119876119860because

119889119860119876119861 = 119889119860119889119861119866 = 119889119861119889119860119866 = 119889119861119876119860 (4)

4 Privacy Enhanced Scheme PriAuth

The structure model of our scheme is depicted in Figure 1A gateway is introduced to help user and sensor authenticateeach other We suppose this gateway is trustworthy

41 Symbols Used in the PriAuth Before the scheme beginsGWN (gateway node) generates the parameters for ECCencryption (119901 119886 119887 119866 119899 ℎ) After that GWN generates itspublic-key pair (119889119892 119876119892) besides GWNgenerates a secret key119883GWN The symbols are summarized in Table 2


User GatewaySensor

Figure 1 The structure of the model

Table 2 Symbols used in the PriAuth

Symbols MeaningGWN Gateway node119880119894 The 119894th user119878119895 The 119895th sensor nodeID119894 The 119894th userrsquos identitySID119895 The 119895th sensorrsquos identity String connector connect two strings togetheroplus XOR operation119883GWN GWNrsquos secret value master key119883GWN-119878119895 Shared key between 119878119895 and GWN(119889119892 119876119892) The private key and public key of GWN119866 The generator of ECCSK SK1015840 Shared key between user 119880119894 and 1198781198951198791 1198792 Timestampℎ Hash function

42 Registration Phase of the Sensor The registration mes-sages of the sensor in registration phase are sent via thepublic channel Sensor 119878119895 conducts the following steps forregistration

(1) It creates a random number 119903119895 and gets the timestamp1198791

(2) It covers its password with 119903119895 119872119873119895 = 119903119895 oplus 119883GWN-119878119895and generates a hash value 119872119875119895 = ℎ(119883GWN-119878119895 119903119895 SID119895 1198791)

(3) It sends SID119895119872119875119895119872119873119895 1198791 to GWN via a publicchannel

After GWN receives 119878119895rsquos registration messageSID119895119872119875119895119872119873119895 1198791 GWN has to check the freshness ofthemessage by1198791 if themessage is not fresh GWNabandonsthe message Then GWN computes 1199031015840119895 = 119872119873119895 oplus 119883GWN-119878119895 GWN checks if 119872119875119895 equals ℎ(119883GWN-119878119895 1199031015840119895 SID119895 1198791)If they are not equal GWN abandons the message GWNcontinues the sensor registration phase in the followingsteps The registration phase is described in Table 3

(1) GWN computes 119909119895 = ℎ(SID119895 119883GWN) 119890119895 = 119909119895 oplusℎ(SID119895 119883GWN-119878119895)

(2) GWN gets the timestamp 1198792 and gets the hash value119891119895 = ℎ(119909119895 119883GWN-119878119895 1198792)

(3) GWN sends 119890119895 119891119895 1198792 119901 119886 119887 119866 119899 ℎ 119876119892 to sensor119878119895

After receiving the message 119878119895 first checks the freshnessof1198792 then computes 119909119895 = 119890119895oplusℎ(SID119895 119883GWN-119878119895) and checks

if 119891119895 = ℎ(119909119895 119883GWN-119878119895 1198792) if they are equal 119878119895 stores119909119895 119901 119886 119887 119866 119899 ℎ 119876119892 in its memory

43 Registration Phase of the User User119880119894 chooses a randomnumber 119903119894 and computes 119872119875119894 = ℎ(119903119894 ID119894 PW119894) 119880119894 thensends ID119894119872119875119894 to GWN via a secure channel

After receiving the user registration message ID119894119872119875119894GWN computes 119889119894 = ℎ(ID119894 119883GWN) 119891119894 = 119889119894 oplus119872119875119894 FinallyGWN sends 119891119894 119901 119886 119887 119866 119899 ℎ 119876119892 to 119880119894

After receiving 119891119894 119901 119886 119887 119866 119899 ℎ 119876119892 119880119894 inserts the pre-viously selected random nonce 119903119894 into it now what in thesmart card is 119872119875119894 119891119894 119903119894 119901 119886 119887 119866 119899 ℎ 119876119892 The registrationphase is described in Table 4

44 Login and Authentication Phase If user 119880119894 wants toaccess a sensorrsquos data119880119894 has to login firstThis login process iscompleted by the smart card SC A user inserts his smart cardSC into a card reader and inputs his identity ID1015840

119894 and passwordPW1015840

119894 SC computes a temporary version 1198721198751015840119894 = ℎ(119903119894 ID1015840

119894 PW1015840

119894 ) using the inserted PW1015840119894 ID

1015840119894 and the stored value 119903119894

Then SC compares 1198721198751015840119894 with 119872119875119894 in the smart card If they

are equal SC acknowledges the legitimacy of 119880119894After user 119880119894 passes through the verification then SC

prepares for the authentication process SC computes 119889119894 =119891119894 oplus 1198721198751015840

119894 using 1198721198751015840119894 in login phase SC chooses a random

number 1198961 isin [1 119899 minus 1] and gets the timestamp 1198791 SC thencomputes the following data

119860 = 1198961 sdot 119866119870119906119892 = ℎ(1198791 1198961 sdot 119876119892)1198721 = (ID119894 SID119895) oplus 119870119906119892

1198722 = ℎ(119860 1198721 119889119894 1198791)Then SC sends Message 1 = 11986011987211198722 1198791 to sensor 119878119895

via a public channelAfter receiving 11986011987211198722 1198791 from 119880119894 sensor 119878119895 first

checks the freshness of 1198791 and 119878119895 abandons the message if 1198791

is not fresh and otherwise goes to the next step 119878119895 chooses arandom number 1198962 isin [1 119899 minus 1] and gets the timestamp 1198792 119878119895then computes the following data

119861 = 1198962 sdot 1198661198723 = ℎ(119861 1198722 119909119895 1198792)

119878119895 sends Message 2 = 11986011987211198722 1198791 1198611198723 1198792 to GWNvia a public channel

After receiving the message 11986011987211198722 1198791 1198611198723 1198792GWN first checks the freshness of 1198791 and 1198792 if 1198791 or 1198792

is not fresh GWN abandons the message otherwise GWNcompletes the following steps

(1) GWN computes1198701015840119906119892 = ℎ(1198791 119889119892 sdot 119860)

(2) GWN gets ID1015840119894 and SID1015840

119895 by (ID1015840119894 SID1015840

119895) = 1198721 oplus 1198701015840119906119892

(3) GWN computes 1198891015840119894 by 1198891015840

119894 = ℎ(ID1015840119894 119883GWN)

(4) GWN computes 1199091015840119895 by 1199091015840

119895 = ℎ(SID1015840119895 119883GWN)


Table 3 Registration phase of the sensor

Sensor Gateway

SID119895 119883GWN-119878119895master key 119883GWN

for each sensor stores SID119895 119883GWN-119878119895

random number 119903119895gets timestamp 1198791

119872119873119895 = 119903119895 oplus 119883GWN-119878119895

119872119875119895 = ℎ(119883GWN-119878119895 119903119895 SID119895 1198791)SID119895 119872119875119895 119872119873119895 1198791997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr checks if 1198791 is fresh1199031015840119895 = 119872119873119895 oplus 119883GWN-119878119895

119872119875119895 = ℎ (119883GWN-119878119895 119903119895 SID119895 1198791)gets timestamp 1198792

119909119895 = ℎ (SID119895 119883GWN)119890119895 = 119909119895 oplus ℎ (SID119895 119883GWN-119878119895)119891119895 = ℎ (119909119895 119883GWN-119878119895 1198792)

checks if 1198792 is fresh119909119895 = 119890119895 oplus ℎ(SID119895 119883GWN-119878119895 )119890119895 119891119895 1198792 119901119886119887119866119899ℎ119876119892larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

119891119895 = ℎ(119909119895 119883GWN-119878119895 1198792)stores 119909119895 119901 119886 119887 119866 119899 ℎ 119876119892

Table 4 Registration phase of the user

User GatewayID119894PW119894 master key 119883GWN

random number 119903119894119872119875119894 = ℎ(119903119894 ID119894 PW119894)ID119894 119872119875119894997888997888997888997888997888997888997888rarr 119889119894 = ℎ(ID119894 119883GWN)119891119894 = 119889119894 oplus 119872119875119894

inserts into the smart card119872119875119894 119891119894 119903119894 119901 119886 119887 119866 119899 ℎ 119876119892

119891119894 119901119886119887119866119899ℎ119876119892larr997888997888997888997888997888997888997888997888997888997888997888997888

(5) GWN uses 1198891015840119894 1198601198721 and 1198791 to check if 1198722 = ℎ(119860

1198721 1198891015840119894 1198791) If they are equal the procedure goes to

next step otherwise it terminates here(6) GWN uses 1199091015840

119895 1198611198722 and 1198792 to check if 1198723 = ℎ(119861 1198722 1199091015840

119895 1198792) If they are equal the procedure goesto next step otherwise it terminates here

(7) GWN calculates the following messages1198724 = ℎ(119860 119909119895 1198723 119861 1198792)1198725 = ℎ(119861 119889119894 1198722 119860 1198791)

(8) GWN sends Message 3 = 11987241198725 to sensor 119878119895After receiving the message 11987241198725 sensor 119878119895 does the

following calculations

(1) 119878119895 uses 119860 getting from user to checks if 1198724 = ℎ(119860 119909119895 1198723 119861 1198792) If they are equal the proceduregoes to next step otherwise it terminates here

(2) 119878119895 calculates the shared key SK between 119880119894 and 119878119895SK = ℎ(1198962 sdot 119860) = ℎ(1198961 sdot 1198962 sdot 119866)

(3) 119878119895 sends Message 4 = 1198611198725 to user 119880119894

After 119880119894 receives the message 1198611198725 119880119894 goes to thefollowing steps The whole process is in Table 5

(1) 119880119894 uses 119861 getting from 119878119895 to check if 1198725 = ℎ(119861 119889119894 1198722 119860 1198791) if they are equal the procedure goes tonext step otherwise it terminates here

(2) 119880119894 calculates the shared key SK1015840 between 119880119894 and 119878119895SK1015840 = ℎ(1198961 sdot 119861) = ℎ(1198961 sdot 1198962 sdot 119866)

45 Password Change Phase If a user wants to change hispassword he has to be authenticated by the smart card firstWe state the password change process in Table 6 which is asummary of the steps

(1) A user 119880119894 inserts his smart card SC into a card readerand inputs their identity and password ID119894PW119894

(2) SC computes ℎ(119903119894 ID119894 PW119894) using password ID119894PW119894 and the stored 119903119894

(3) SC compares ℎ(119903119894 ID119894 PW119894) with the storedversion of 119872119875119894 in the smart card if they are equalSC acknowledges the legitimacy of user 119880119894


Table 5 Login and authentication phase

User Sensor GatewayID119894PW119894 119889119894 SID119895 119909119895 119889119892 119876119892

User inserts SC into terminalUser input ID1015840

119894 and PW1015840119894

SC1198721198751015840119894 = ℎ(119903119894 ID1015840

119894 PW1015840119894 )

SC 119889119894 = 119891119894 oplus 1198721198751015840119894

SC random 1198961 119860 = 1198961 sdot 119866SC gets timestamp 1198791

SC 119870119906119892 = ℎ(1198791 1198961 sdot 119876119892)SC1198721 = (ID119894 SID119895) oplus 119870119906119892

SC1198722 = ℎ(119860 1198721 119889119894 1198791) checks the freshness of 1198791

1198601198721 1198722 1198791997888997888997888997888997888997888997888997888997888997888rarr random 1198962 119861 = 1198962 sdot 119866gets timestamp 1198792

1198723 = ℎ (119861 1198722 119909119895 1198792) checks the freshness of 1198791 1198792

1198601198721 1198722 1198791 1198611198723 1198792997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr 1198701015840119906119892 = ℎ(1198791 119889119892 sdot 119860)

(ID1015840119894 SID1015840

119895) = 1198721 oplus 1198701015840119906119892

1198891015840119894 = ℎ (ID1015840

119894 119883GWN)1199091015840119895 = ℎ (SID1015840

119895 119883GWN)checks if1198722 = ℎ(119860 1198721 1198891015840

119894 1198791)checks if1198723 = ℎ(119861 1198722 1199091015840

119895 1198792)1198724 = ℎ (119860 119909119895 1198723 119861 1198792)1198725 = ℎ (119861 119889119894 1198722 119860 1198791)

checks if 1198724 = ℎ(119860 119909119895 1198723 119861 1198792)SK = ℎ (1198962 sdot 119860) = ℎ(1198961 sdot 1198962 sdot 119866)

1198724 1198725larr997888997888997888997888997888997888Checks if1198725 = ℎ(119861 119889119894 1198722 119860 1198791)SK1015840 = ℎ (1198961 sdot 119861) = ℎ (1198961 sdot 1198962 sdot 119866)

1198611198725larr997888997888997888997888997888

Table 6 Password change phase of the user

UserUser inserts SC into terminalUser inserts ID119894 and PW119894

SC check if 119872119875119894 = ℎ(119903119894 ID119894 PW119894)SC 119889119894 = 119891119894 oplus 119872119875119894

User inputs a new password PW1015840119894

SC1198721198751015840119894 = ℎ(119903119894 ID119894 PW1015840

119894 )SC 1198911015840

119894 = 119889119894 oplus 1198721198751015840119894

SC changes 119891119894 with 1198911015840119894

(4) SC computes 119889119894 = 119891119894 oplus119872119875119894 using the stored values 119891119894and the user password119872119875119894

(5) User 119880119894 inputs the new password PW1015840119894

(6) SC uses this new PW1015840119894 to update the stored version of

119891119894 with 1198911015840119894 = 119889119894 oplus 1198721198751015840

119894

5 Security Analysis Using BAN Logic

51 Some Basic Knowledge of BAN Logic A security analysisof PriAuth using Burrows-Abadi-Needham logic (BAN logic)[41] is conducted in this part With the help of BAN logic

Table 7 Symbols of BAN logic

Symbol Meaning119875 |equiv 119883 119875 believes119883119875 ⊲ 119883 119875 seesreceives 119883119875 |sim 119883 119875 once said119883 (or 119875 sent119883)119875 |rArr 119883 119875 controls119883(119883) 119883 is fresh119875 119896larrrarr 119876 119875 and 119876 communicate using shared key119870119896997888rarrQ 119870 is the public key of 119876119883119896 Message119883 is encrypted by 119870119883119896minus1 Message119883 is encrypted by private key 119870

we can determine whether the exchanged information istrustworthy and secure against eavesdropping First somesymbols and primary postulates used in BAN logic aredescribed in Tables 7 and 8

52ThePremise and Proof Goals of PriAuth 119880119894 119878119895 andGWNare used as the user sensor and the gateway SupposeGWN istrustworthy if GWN believes that119880119894 has said message119883 andGWN believes that119883 is fresh GWNwould send119883 to 119878119895 If 119878119895believes119883 is fresh and 119878119895 believes GWN once said119883 then 119878119895believes 119880119894 said 119883 This could be translated into BAN logic


Table 8 Some primary BAN logic postulates

Rule BAN Logic form

⊲ rule119875 |equiv 119896997888rarr 119875 119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119875 119896larrrarr 119876119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119896997888rarr 119876119875 ⊲ 119883119896minus1

119875 ⊲ 119883|sim introduction rule

119875 |equiv 119896997888rarr 119876 119875 ⊲ 119883119896minus1119875 |equiv 119876 |sim 119883

119875 |equiv 119875 119896larrrarr 119876119875 ⊲ 119883119896119875 |equiv 119876 |sim 119883

|sim elimination rule 119875 |equiv (119883) 119875 |equiv 119876 |sim 119883119875 |equiv 119876 |equiv 119883

()-introduction 119875 creates 119883119875 |equiv 119883

Jurisdiction or control rule 119875 |equiv 119876 997907rArr 119883 119875 |equiv 119876 |equiv 119883119875 |equiv 119883

119896larrrarr introduction rule 119875 |equiv (119896) 119875 |equiv 119876 |equiv 119883119875 |equiv 119875 119896larrrarr 119876

Freshness rule 119875 |equiv (119883)119875 |equiv (119883 119884)

Elimination of multipart messages rule 119875 |equiv 119876 |sim (119883 119884)119875 |equiv 119876 |sim 119883 119875 |equiv 119876 |equiv (119883 119884)

119875 |equiv 119876 |equiv 119883 119875 |equiv (119883 119884)119875 |equiv 119883 119875 ⊲ (119883 119884)

119875 ⊲ 119883 119875 |equiv (119883 119884)119875 |equiv (119883)

like (postulate A) According to the ldquo|sim elimination rulerdquo(postulate A) could be simplified as (postulate B) It is thesame as the message that sensor 119878119895 sends to GWN If GWNbelieves 119878119895 once said another message 119883 (the same notion is

used for simplification) and GWN believes119883 is fresh GWNwould send 119883 to 119880119894 If 119880119894 believes 119883 is fresh and 119880119894 believesGWN once said 119883 then 119880119894 believes 119878119895 said 119883 In the sameway we can get (postulate C)

GWN |equiv (119883) GWN |equiv 119880119894 |sim 119883 119878119895 |equiv (119883) 119878119895 |equiv GWN |sim 119883119878119895 |equiv 119880119894 |sim 119883 (postulate A)

GWN |equiv 119880119894 |equiv 119883 119878119895 |equiv GWN |equiv 119883119878119895 |equiv 119880119894 |sim 119883 (postulate B)

GWN |equiv 119878119895 |equiv 119883119880119894 |equiv GWN |equiv 119883119880119894 |equiv 119878119895 |sim 119883 (postulate C)

The proof goals of PriAuth in BAN logic form are in theway described below These goals could ensure 119880119894 and 119878119895 toagree on a shared key SK

(1) 119880119894 |equiv 119880119894

SKlarrrarr 119878119895(2) 119878119895 |equiv 119880119894

SKlarrrarr 119878119895(5)

53 Preparation for Proof Before the proof begins messageshave to be transformed into an idealized form the messagesof PriAuth in idealized form in BAN logic are given in Table 9(119870119906119892 = ℎ(1198791 1198961 sdot 119876119892)) At the same time some assumptionshave to be made so (postulate B) and (postulate C) areincluded as assumptions A11 and A12 The assumptions arelisted in Table 10

54 The Proof of PriAuth The whole proof of the proposalis in Appendix A It has been divided into 3 parts related toMessage 2Message 3 andMessage 4 separatelyThe two goals

of the scheme are proved at theMessage 3 andMessage 4Theproof results show that PriAuth is secured under BAN logic

6 AVISPA Verification

AVISPA (Automated Validation of Internet Security Proto-cols andApplications) is ldquoa push-button tool for the automatedvalidation of Internet security-sensitive protocols and applica-tionsrdquo [42] Recently many papers have used this method asa way to authenticate their protocols like [24ndash26] HLPSL(High Level Protocols Specification Language) is a role-basedlanguage that is used to describe security protocols andspecifying their intended security properties as well as a setof tools to formally validate them We write the protocol inHLPSL and test the protocol The code is in Appendix B Thegoal of PriAuth is to create a key that is shared by a user anda sensor The validation result of the protocol is in Table 11Considering all these testing activities it could be concludedthat our protocol is safe PriAuth can protect the privacy ofthe user identity sensor identity and the key between the userand sensor


Table 9 The idealization form of the message

Message Flow Idealized form

1 119880119894 997888rarr 119878119895 119860 ID119894 SID119895119870119906119892 119860 ID119894 SID119895119870119906119892 1198791119889119894

11987912 119878119895 997888rarr GWN 119860 ID119894 SID119895119870119906119892 119860 ID119894 SID119895119870119906119892 1198791

119889119894

1198791 119861 1198611198722 1198792119909119895 11987923 GWN 997888rarr 119878119895 1198601198723 119861 1198792119909119895 1198611198722 119860 11987911198891198944 119878119895 997888rarr 119880119894 119861 1198611198722 119860 1198791119889119894

Table 10 Some assumptions

Number AssumptionsA1 GWN |equiv (119860)A2 GWN |equiv (119861)A3 119878119895 |equiv (119860)A4 119880119894 |equiv (119861)A5 119880119894 |equiv GWN

119889119894larrrarr 119880119894

A6 GWN |equiv GWN119889119894larrrarr 119880119894

A7 119880119894 |equiv GWN119870119906119892larr997888rarr 119880119894

A8 GWN |equiv GWN119870119906119892larr997888rarr 119880119894

A9 119878119895 |equiv GWN119909119895larrrarr 119878119895


A11GWN |equiv 119880119894 |equiv 119883 119878119895 |equiv GWN |equiv 119883

119878119895 |equiv 119880119894 |sim 119883A12

GWN |equiv 119878119895 |equiv 119883119880119894 |equiv GWN |equiv 119883119880119894 |equiv 119878119895 |sim 119883

A13 119878119895 |equiv 119880119894 997907rArr 119860A14 119880119894 |equiv 119878119895 997907rArr 119861

7 Security and Privacy Analysis

In this section we conduct a security comparison of theschemes that has been depicted as Table 12 For the schemein [3] we only consider the second situation

71 Traceability Protection Traceability means the adversarycan track a user or a sensor according to their identities ormasked identities like in the scheme [5 10 29ndash32]Once somefixed information about the identities is used in a schemethen this scheme could probably be tracked by an adversaryOne possible solution is to update theirmasked identity everytime like in the schemes shown in [4 7] But these kinds ofsolutions are vulnerable to loss of synchronization attack

72 Synchronization Loss Attack In order to protect theidentity of the user the gateway will generate a new identityfor themwhen it is requested [4] But if an adversary preventsthis new identity from being received by the user the usercould not update his old identity while the gateway hasupdated its stored version of the userrsquos identityWhen the userlogs in for the next time this legitimate userwill not be treatedas a legal one anymore A similar problemexists in the scheme[7]

73 Malicious Sensor Attack Like in scheme [13] the gatewayonly checks the legitimacy of a sensor If the sensor is alegitimate one the gateway will reply some key informationto the sensor but the gateway does not check if the sensoris the one that the user wants to talk to So a legitimate butmalicious sensor could launch an attack

When a user sends a request message 119872111987221198723 1198791to a sensor an inner side legitimate sensor can intercept thismessage to generate its own 1198721015840

411987210158405ESID1015840

119895 11987910158402 and send

this message to the gateway as the gateway only checks thelegitimacy of the sensorTherefore this inner side sensor willdefinitely be treated as a legal sensor The gateway will send1198721015840

6119872101584071198721015840

811987210158409 1198791015840

3 to the sensor Afterwards the sensorwill be able to send 1198721015840

6119872101584081198721015840

10 11987910158403 1198791015840

4 to the user and itwill be treated as a legal sensor by the user but the user willnot check if this is the sensor he wants to talk to In this waythe sensor could send false data to the user

74 Inside User Attack In scheme [6] all the users share a keyVlowast so there is a potential riskThemessage a gateway sends tothe user is 119863119894 = 119864119896(DID119894 SID119899 SK 1198771 1198794) where 119896 =ℎ(DID119894 Vlowast 1198794) in which DID119894 and 1198794 are public messageand Vlowast is shared by all the legitimate users This means anylegitimate user could decrypt119863119894 to get the shared key SK

75 User Impersonation Attack In scheme [1] when a userasks to access a sensorrsquos data he could send his request1198721 =ID119906 ID119878119899

119883 119879119906 120572 120596 to the sensor1198831015840 = 119903119906 times 119875119883 = 119903119906 times 119870119906120596 = ℎ (ID119906 ℎ (ID119878119899

ℎ (119883 oplus 119884)) 119879119906) 120572 = ℎ (ID119906 ID119878119899

119883 1198831015840 119879119906 120596)

(6)

ID119906 119870119906 119875 and ID119878119899are sent publicly 119903119906 is a random

number generated by the user whereas 119879119906 is a timestampOnly ℎ(119883 oplus 119884) is regarded as secret information between theuser and the gateway ℎ(119883 oplus 119884) is shared by all the usersother legitimate users say a legitimate user with ID1015840

119906 couldeasily generate a request the same as 1198721 and then ID1015840

119906 willbe treated as ID119906 by the gateway

8 Comparison

81 Computational Performance Thenormalway to computethe execution time of the protocol is to calculate protocolrsquos


Table 11 Simulation results

CL-AtSe back-end OFMCSUMMARY OFMCSAFE Version of 20060213

SUMMARYDETAILS SAFEBOUNDED NUMBER OF SESSIONS DETAILS

TYPED MODEL BOUNDED NUMBER OF SESSIONSPROTOCOL

PROTOCOLhomeiotdevavispaavispa-11testsuiteresultsusgif

homeiotdevavispaavispa-11testsuiteresultsusgif GOALGOAL as specified

As Specified BACKENDOFMC

BACKEND COMMENTSCL-AtSe STATISTICS

parseTime 000 sSTATISTICS searchTime 005 s

Analysed 14 states visitedNodes 24 nodesReachable 4 states depth 4 pliesTranslation 000 secondsComputation 000 seconds

Table 12 Security feature comparison

Security feature [1] [3 Scheme 2] [7] [9] PriAuthUser anonymity times times radic radic radicSensor anonymity times times times times radicShared key privacy radic radic radic radic radicTraceability of user times times radic radic radicTraceability of sensor times times times times radicLoss of synchronization radic radic times radic radicMalicious sensor attack radic radic radic radic radicUser impersonation attack times radic radic radic radicSensor impersonation attack radic radic radic radic radicReplay attack radic radic times radic radicInside user attack radic radic radic radic radic

computational costs of different operations and the opera-tionsrsquo execution time is measured by simulation [3ndash14] Theexecution time of XOR operation is very small compared toan elliptic curve point multiplication or hash operation weneglect it when computing the time approximately [3] Weuse the famous MIRACL++ Library [43] (example code canbe found at [44]) The experiment is conducted in VisualC++ 2017 on a 64-bit Windows 7 operating system 35 GHzprocessor 8 GB memory The hash function is the SHA-1the symmetric encryptiondecryption function is AES witha 128-bit long key of the MR PCFB1 form (using one stringto encrypt another string the same hash function is calledto get the hashed form of the key string) The elliptic curveencryption scheme is ECC-160 The results are shown in

Table 13 119879mac is the time for HMAC with SHA-1 operationaccording to [9] 119879mac asymp 119879119867 The final result is in Table 14

82 Communication Performance The sum of each variablelength in bytes which a sensor node and a gateway nodeneed while performing authentication process is calculatedfor comparison of the communication cost The identity orpassword is 8-byte long [13] The sizes of the general hashfunctionrsquos output and timestamp are 20 bytes and 4 bytesrespectively [45] The random point of ECC-160 is 20 bytesThe result is shown in Table 15 The byte length of the AESencryption result is treated as byte length of the original datafor approximation


Table 13 Computation time of different operations

Operations Time Experiment times119879119867 one way hash function 00394ms 1000000TED symmetric encryptiondecryption 05728ms 100000119879MUL scalar multiplication in ECC-160 366ms 2733

9 Validation

LifeWear project intends to improve the quality of human lifeby using wearable equipment and applications for everydayuse [46] The main objective of LifeWear is the developmentof modern physiological monitoring to inspect human healthparameters like blood pressure pulse or the electrocar-diogram of a patient in different environments With real-time data of these health parameters medical staffs can takeactions instantly which can greatly improve the quality of atreatment

Since medical parameters are sent from patients to med-ical staffs data security and patientrsquos privacy are a must Inorder to ensure the data confidentiality all the data must beencrypted before they are sent The proposed scheme helpsthe patients and medical staff building a shared key This keywill be used to encrypt the health parameters of the patient Inorder to protect the privacy of the patient all the identities areencrypted before they are sent as well Since wearable sensorshave only limited computability we introduce a gateway toprovide the patients and medical staff the shared key to beused in the system

LifeWear project alsomakes use of a middleware solutionable to hide heterogeneity and interoperability problemThismiddleware is composed of four abstraction layers related tothe functionalities covered in each of them namely hardwareabstraction layer low and high services cross-layer servicesand service composition platform

The hardware abstraction layer includes the IoT hardwareplatform the operating system and the networking stackIt offers an easy way to port the solution to other hard-ware platforms The low and high service layers define thesoftware components needed to abstract the underlying net-work heterogeneity thus providing an integrated distributedenvironment to simplify programming tasks by means of aset of generic services along with an access point to themanagement functions of the sensor network services Theupper layer is the service composition platform designed tobuild applications using services offered by the lower layersThe cross-layer services are offered to both high and low levelservices in order to provide inner service composition Theproposal presented in this paper (PriAuth) has been deployedas a service inside this layer The security service can be usedby the upper layer (service composition) to compose newlysecured services based on the services presented in the lowerlayers

The architecture has been deployed over a commercialIoT node solution called SunSPOT platform manufacturedby Oracle Main characteristics of SunSPOT hardware plat-form are as follows

(a) Processor ARM 920T CPU (400MHz 32 bits)

(b) Memory 1Mb RAM 8Mb Flash memory

(c) Network Chipcon 2420 radio with integratedantenna (IEEE 802154 at 24GHz)

(d) Data USB interface mini-USB connector

(e) Power supply 36 V rechargeable 750mAh Li-Ionbattery

10 Conclusions

Privacy will be a big concern as more and more IoTequipment is applied into the medical scenarios In thispaper we propose an authentication and key agreementscheme tailored for Wireless Sensor Networks We focuson the privacy problems during the authentication processOur scheme not only ensures the security of the data butalso protects the identity privacy of the users and sensorsThe shared key between the user and sensor is built bymeans of the Elliptic Curve DiffiendashHellman method whichcould ensure forward privacy The proposed scheme hasbeen verified with BAN logic and AVISPA which are thetwo most commonly used tools to validate the security ofthe communication scheme Simulation results show thatour scheme is feasible and secure Furthermore experimentresults show that our scheme is comparable with the relatedworks in terms of computation cost and more efficient incommunication cost

As part of our work in the LifeWear project we focuson privacy problems during the authentication and keyestablishment processes In future we will paymore attentionto authentication scheme without the help of the gateway

Appendix

A The Proof of PriAuth Using BAN Logic

The proof starts at Message 2 From Message 2 onwards wecan prove that GWN believes 119880119894 once said 119860 and GWNbelieves 119878119895 once said 119861

(1) According to Message 2 we get

GWN ⊲ 119860 ID119894 SID119895119870119906119892

119860 ID119894 SID119895119870119906119892 1198791119889119894

1198791 119861 1198611198722 1198792119909119895 1198792 (A1)


Table14C

ompu

tatio

ncostof

thelogin

andauthentic

ation

Schemes

User

Sensor

Gatew

ayTo

tal

Total(ms)

Choietal[1]

7119879 119867+3

119879 MUL

4119879 119867+2

119879 MUL

4119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551

ChangandLe

[3Schem

e2]

7119879 119867+2

119879 MUL

5119879 119867+2

119879 MUL

9119879 11986721119879

119867+4

119879 MUL

154674

Fanetal[7]

13119879119867+2

119879 MUL

4119879 119867+2

119879 MUL

14119879119867

31119879119867+4

119879 MUL

158614

Nam

etal[9]

3119879 119867+1

119879 119864119863+1

119879 mac+3

119879 MUL

1119879 119867+2

119879 mac+2

119879 MUL

2119879 119867+2

119879 119864119863+3

119879 mac+1

119879 MUL

6119879 119867+3

119879 119864119863+6

119879 mac+6

119879 MUL

2415

12PriAuth

5119879 119867+3

119879 MUL

3119879 119867+2

119879 MUL

7119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551


Table 15 Communication comparison

Schemes M1 M2 M3 M4 Total bytes Comparedlowast

Choi et al [1] 80 124 44 68 316 +64Chang and Le [3 Scheme 2] 64 84 64 44 256 +4Fan et al [7] 128 68 60 100 356 +104Nam et al [9] 52 104 40 56 252 0PriAuth 64 108 40 40 252 0119862119900119898119901119886119903119890119889lowast means compared with our scheme M1 M2 M3 and M4 mean Messages 1 2 3 and 4

(2) According to (A1) and ldquolsquorsquo-elimination rulerdquo

GWN ⊲ 119860 ID119894 SID119895119870119906119892 SID119895 1198791119889119894

(A2)

GWN ⊲ 1198611198722 1198792119909119895 (A3)

(3) According to (A2) A6 and ldquo|sim introduction rulerdquo

GWN |equiv 119880119894 |sim 119860 ID119894 SID119895119870119906119892 SID119895 1198791 (A4)


GWN |equiv 119878119895 |sim 1198611198722 1198792 (A5)


GWN |equiv 119880119894 |sim 119860 (A6)


GWN |equiv 119878119895 |sim 119861 (A7)

(7) According to A1 (A6) and ldquo|sim elimination rulerdquo

GWN |equiv 119880119894 |equiv 119860 (A8)


GWN |equiv 119878119895 |equiv 119861 (A9)

The following content is the analysis of Message 3 Fromit we can prove that 119878119895 believes GWN believes 119860 Based onassumption A11 we can get that 119878119895 believes119880119894 believes119860 thisprocess is shown at (A10)sim(A17) Equations (A18)sim(A20)prove the first goal of the scheme

(9) Based on Message 3

119878119895 ⊲ 1198601198723 119861 1198792119909119895 1198611198722 119860 1198791119889119894 (A10)


119878119895 ⊲ 1198601198723 119861 1198792119909119895 (A11)


119878119895 |equiv GWN |sim 1198601198723 119861 1198792 (A12)


119878119895 |equiv GWN |sim 119860 (A13)


119878119895 |equiv GWN |equiv 119860 (A14)

(14) According to A11 (A8) (A14) we get

119878119895 |equiv 119880119894 |sim 119860 (A15)


119878119895 |equiv 119880119894 |equiv 119860 (A16)

(16) According to A13 (A16) and ldquojurisdiction or controlrulerdquo

119878119895 |equiv 119860 (A17)

(17) As 1198962 is randomly created by 119878119895 according to ldquo()-introductionrdquo

119878119895 |equiv (1198962) (A18)

(18) According to (A18) A3 A5 and ldquo()-promotionrulerdquo

119878119895 |equiv (SK) SK = ℎ (1198962 sdot 119860) (A19)

(19) According to (A19) (A17) and ldquo 119896larrrarr introductionrulerdquo

119878119895 |equiv 119878119895 SKlarrrarr 119880119894 (A20)

The following is the analysis of Message 4 where it isproven that 119880119894 believes GWN and believes 119861 based onassumption A12 so we can infer that119880119894 believes 119878119895 believes 119861this procedure is shown at (A21)sim(A28) Equations (A29)sim(A31) prove the first goal of the scheme Until now the twogoals of the scheme have been proved at (A20) and (A31) soit can be claimed that this protocol is feasible and safe


119880119894 ⊲ 119861 1198611198722 119860 1198791119889119894 (A21)


role user (Ui Sj GW agentKdi symmetric keyKug symmetric keyH hash funcP textSND USRCV US channel (dy))

played by Uidef=

local State natT1K1NaNbSIDjIDiSK textconst user sensor sksc user idprotocol idinit Statefl 0transition(1) State = 0 RCV US(start)=|gtState fl 2 T1 fl new()

K1 fl new() Na fl exp(PK1) SND US(Na

xor((IDiSIDj)Kug)

H(Naxor((IDiSIDj)Kug)KdiT1)

T1) secret(IDisc user idUiGW) secret(IDisc sensor idUiGW)

(2) State = 2 RCV US(NbH(NbKdiH(Naxor((IDiSIDj)Kug)KdiT1)NaT1))=|gt

State fl 4 SK flH(exp(NbK1)) witness(UiSjuser sensor skSK) request(UiSjuser sensor skSK)

end role

Box 1


119880119894 ⊲ 1198611198722 119860 1198791119889119894 (A22)


119880119894 |equiv GWN |sim 1198611198722 119860 1198791 (A23)


119880119894 |equiv 119878119895 |sim 119861 (A24)


119880119894 |equiv GWN |equiv 119861 (A25)

(25) According to A12 (A9) and (A25) we get

119880119894 |equiv 119878119895 |sim 119861 (A26)


119880119894 |equiv 119878119895 |equiv 119861 (A27)


119880119894 |equiv 119861 (A28)


119880119894 |equiv (1198961) (A29)





B The HLPSL Code for PriAuth

The ECC public-key pair of the gateway is (119889119892 119876119892) At thebeginning of this protocol usage every user generates arandom number 1198961 isin [1 119899 minus 1] and calculates 119860 = 1198961 sdot 119866so we could treat (1198961 119860) as the ECC key pair of this user andwe send119860 to the gateway Now the two parties could calculatea shared key 1198961 sdot 119876119892 = 119889119892 sdot 119860 Thus at the beginning of thescheme we declare 119870119906119892 = ℎ(1198791 1198961 sdot 119876119892) to be a symmetrickey between the two

For the role of the user see Box 1 For the role of thesensor see Box 2 For the role of the gateway see Box 3


role sensor (Ui Sj GW agentKxj symmetric keyH hash funcP textSND USRCV USSND SGRCV SG channel(dy))

played by Sjdef=

local State natT1T2K2 NaNbSK textYXZ messageconst user sensor skprotocol idinit Statefl 1transition(1) State = 1 RCV US(NaYZT1) =|gt

State fl 3 T2 fl new() K2 fl new() Nb fl exp(PK2) SND SG( Na

Y

Z

T1

Nb

H(NbZKxjT2)

T2 )(2) State = 2 RCV SG( H(NaKxjH(NbZKxjT2)T2)

X ) =|gtState fl 4 SK flH(exp(NaK2))

witness(SjUiuser sensor skSK) request(SjUiuser sensor skSK) SND US(Nb

X)end role

Box 2

role gateway (Ui Sj GW agentKdi Kxj symmetric keyKug symmetric keyH hash funcSND SG RCV SG channel(dy))

played by GWdef=local State natT1T2NaNbIDiSIDj textconst sk User gwnsk sensor gwnsc sensor idsc user idprotocol idinit Statefl 5transition(1) State = 5 RCV SG( Na

xor((IDiSIDj)Kug)


T1

Nb

H(NbH(Naxor((IDiSIDj)Kug)KdiT1)KxjT2)

T2) =|gtState fl 7 SND SG(

H(NaKxjH(NbH(Naxor((IDiSIDj)Kug)KdiT1)KxjT2)T2)H(NbKdiH(Naxor((IDiSIDj)Kug)KdiT1)NaT1)

) secret(IDisc user idUiGW) secret(SIDjsc sensor idUiGW)

end role

Box 3


role session(Ui Sj GW agentKdi Kxj Kug symmetric keyH hash funcP text)

def=local SSURSU

SSGRSGSUSRUSSGSRGSchannel(dy)

compositionuser(UiSjGWKdiKugHPSUSRUS)

sensor(UiSjGWKxjHPSSGRSGSSURSU) gateway(UiSjGWKdiKxjKugHSGSRGS)

end role

Box 4

role environment()def=const ui sj gw agent

kdi kxj kug kig kiig symmetric keyuser sensor sk protocol idh hash funcp text

intruder knowledge=ui sj gw kig kiig h pcomposition

session(uisjgw kdikxjkughp) session(ui igw kdikigkughp) session( isjgw kigkxjkiighp)

end role

Box 5

goal Confidentiality (G12)secrecy of sc sensor idsc user id

Message authentication (G2)authentication on user sensor skend goal

Box 6

For the role of the session see Box 4 For the role of theenvironment see Box 5

The role of the goal is divided into two parts Thefirst part is the ldquosecrecy of sc sensor idsc user idrdquo thismeans we want to keep the identity of the user and sensorconfidential between them and the gateway The second partldquoauthentication on user sensor skrdquo means the authentica-tion of the shared key between a user and a sensor (seeBox 6)

Conflicts of Interest

The authors declare no conflicts of interest

Authorsrsquo Contributions

All the authors have contributed equally to this work

Acknowledgments

The work presented in this paper has been supported bythe LifeWear Project (funded by the Spanish Ministry ofIndustry Energy and Tourism with Reference TSI-010400-2010-100) The work has also been supported by the ChineseScholarship Council (CSC) with File no 201507040027

References

[1] Y Choi D Lee and J Kim ldquoSecurity enhanced user authentica-tion protocol for wireless sensor networks using elliptic curvescryptographyrdquo Sensors vol 14 no 6 pp 10081ndash10106 2014

[2] W B Shi and P Gong ldquoA new user authentication protocolfor wireless sensor networks using elliptic curves cryptographyrdquoInternational Journal of Distributed Sensor Networks vol 2013Article ID 730831 7 pages 2013

[3] C-C Chang and H-D Le ldquoA Provably secure efficient andflexible authentication scheme for ad hoc wireless sensornetworksrdquo IEEE Transactions on Wireless Communications vol15 no 1 pp 357ndash366 2016

[4] F Wu et al ldquoA Novel and provably secure authentication andkey agreement scheme with user anonymity for global mobilitynetworksrdquo Security and Communication Networks vol 9 no 16pp 3527ndash3542 2016

[5] A K Das et al ldquoProvably secure user authentication and keyagreement scheme for wireless sensor networksrdquo Security andCommunication Networks vol 9 no 16 pp 3670ndash3687 2016

[6] J Jung J Kim Y Choi and D Won ldquoAn anonymous userauthentication and key agreement scheme based on a symmet-ric cryptosystem in wireless sensor networksrdquo Sensors vol 16no 8 article 1299 2016

[7] W Fan et al ldquoA privacy-preserving and provable user authenti-cation scheme for wireless sensor networks based on internet ofthings securityrdquo Journal of Ambient Intelligence and HumanizedComputing pp 1ndash16 2016

[8] R Amin and G Biswas ldquoA secure light weight scheme foruser authentication and key agreement in multi-gateway basedwireless sensor networksrdquo Ad Hoc Networks vol 36 part 1 pp58ndash80 2016

[9] J Nam M Kim J Paik Y Lee and D Won ldquoA provably-secure ECC-based authentication scheme for wireless sensornetworksrdquo Sensors vol 14 no 11 pp 21023ndash21044 2014

[10] Y Lu L Li H Peng and Y Yang ldquoAn energy efficientmutual authentication and key agreement scheme preservinganonymity for wireless sensor networksrdquo Sensors vol 16 no 6p 837 2016

[11] D Zhao H Peng L Li and Y Yang ldquoA secure and effectiveanonymous authentication scheme for roaming service inglobal mobility networksrdquo Wireless Personal Communicationsvol 78 no 1 pp 247ndash269 2014

[12] J L Hou et al ldquoNovel Authentication Schemes for IoT BasedHealthcare Systems Novel Authentication Schemes for IoT


Based Healthcare Systemsrdquo International Journal of DistributedSensor Networks Article ID e183659 2015

[13] M S Farash M Turkanovic S Kumari and M Holbl ldquoAnefficient user authentication and key agreement scheme forheterogeneous wireless sensor network tailored for the Internetof Things environmentrdquo Ad Hoc Networks vol 36 pp 152ndash1762016

[14] M Turkanovic B Brumen and M Holbl ldquoA novel userauthentication and key agreement scheme for heterogeneous adhoc wireless sensor networks based on the Internet of Thingsnotionrdquo Ad Hoc Networks vol 20 pp 96ndash112 2014

[15] S Chatterjee andAKDas ldquoAn effective ECC-based user accesscontrol scheme with attribute-based encryption for wirelesssensor networksrdquo Security and Communication Networks vol8 no 9 pp 1752ndash1771 2015

[16] D Mishra A K Das and S Mukhopadhyay ldquoA secure andefficient ECC-based user anonymity-preserving session initi-ation authentication protocol using smart cardrdquo Peer-to-PeerNetworking and Applications vol 9 no 1 pp 171ndash192 2016

[17] Q Jiang N Kumar J Ma J Shen D He and N ChilamkurtildquoA privacy-aware two-factor authentication protocol basedon elliptic curve cryptography for wireless sensor networksrdquoInternational Journal of Network Management vol 27 no 3Article ID e1937 2017

[18] Q Jiang J Ma F Wei Y Tian J Shen and Y Yang ldquoAnuntraceable temporal-credential-based two-factor authentica-tion scheme using ECC for wireless sensor networksrdquo Journalof Network and Computer Applications vol 76 pp 37ndash48 2016

[19] J Nam K-K R Choo S Han M Kim J Paik and DWon ldquoEfficient and anonymous two-factor user authenticationin wireless sensor networks achieving user anonymity withlightweight sensor computationrdquo PLoS ONE vol 10 no 4Article ID e0116709 2015

[20] J Moon H Yang Y Lee and D Won ldquoImprovement of userauthentication scheme preserving uniqueness and anonymityfor connected health carerdquo in Proceedings of the 11th Interna-tional Conference on Ubiquitous Information Management andCommunication (IMCOM rsquo17) Japan January 2017

[21] A G Reddy A K Das E-J Yoon and K-Y Yoo ldquoA secureanonymous authentication protocol for mobile services onelliptic curve cryptographyrdquo IEEE Access vol 4 pp 4394ndash44072016

[22] N Saxena B J Choi and R Lu ldquoAuthentication and authoriza-tion scheme for various user roles and devices in smart gridrdquoIEEE Transactions on Information Forensics and Security vol 11no 5 pp 907ndash921 2016

[23] H Ning H Liu and L T Yang ldquoAggregated-proof basedhierarchical authentication scheme for the internet of thingsrdquoIEEE Transactions on Parallel and Distributed Systems vol 26no 3 pp 657ndash667 2015

[24] V Odelu A K Das and A Goswami ldquoA secure biometrics-based multi-server authentication protocol using smart cardsrdquoIEEE Transactions on Information Forensics and Security vol 10no 9 pp 1953ndash1966 2015

[25] A Rossi S Pierre and S Krishnan ldquoSecure route optimizationfor MIPv6 using enhanced CGA and DNSSECrdquo IEEE SystemsJournal vol 7 no 3 pp 351ndash362 2013

[26] V Odelu A K Das and A Goswami ldquoSEAP secure andefficient authentication protocol for NFC applications usingpseudonymsrdquo IEEE Transactions on Consumer Electronics vol62 no 1 pp 30ndash38 2016

[27] D Wang and P Wang ldquoUnderstanding security failures oftwo-factor authentication schemes for real-time applications inhierarchical wireless sensor networksrdquo Ad Hoc Networks vol20 pp 1ndash15 2014

[28] D Wang and P Wang ldquoOn the anonymity of two-factorauthentication schemes for wireless sensor networks attacksprinciple and solutionsrdquo Computer Networks vol 73 pp 41ndash572014

[29] P Kumar A Gurtov M Ylianttila S-G Lee and H J LeeldquoA strong authentication scheme with user privacy for wirelesssensor networksrdquo ETRI Journal vol 35 no 5 pp 889ndash899 2013

[30] M K Khan and S Kumari ldquoAn improved user authenticationprotocol for healthcare services via wireless medical sensornetworksrdquo International Journal of Distributed Sensor Networksvol 2014 Article ID 347169 10 pages 2014

[31] J Moon Y Choi J Jung and D Won ldquoAn improvementof robust biometrics-based authentication and key agreementscheme formulti-server environments using smart cardsrdquo PLoSONE vol 10 no 12 Article ID e0145263 2015

[32] M Alizadeh et al ldquoCryptanalysis and improvement of a securepassword authentication mechanism for seamless handoverrdquoPLOS One vol 10 no 11 Article ID e0142716 2015

[33] A K Das A K Sutrala V Odelu and A Goswami ldquoA securesmartcard-based anonymous user authentication scheme forhealthcare applications using wireless medical sensor net-worksrdquoWireless Pers Commun pp 1ndash35 2016

[34] Q Jiang S Zeadally J Ma and D He ldquoLightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networksrdquo IEEE Access vol 5 pp3376ndash3392 2017

[35] K H Rosen Elementary number theory and its applicationsAddison-Wesley Publishing Company Advanced Book Pro-gram Reading MA Second edition 1988

[36] D He N Kumar M K Khan and J-H Lee ldquoAnonymous two-factor authentication for consumer roaming service in globalmobility networksrdquo IEEE Transactions on Consumer Electronicsvol 59 no 4 pp 811ndash817 2013

[37] A K Das P Sharma S Chatterjee and J K Sing ldquoA dynamicpassword-based user authentication scheme for hierarchicalwireless sensor networksrdquo Journal of Network and ComputerApplications vol 35 no 5 pp 1646ndash1656 2012

[38] A Das ldquoA secure and effective biometric-based user authen-tication scheme for wireless sensor networks using smart cardand fuzzy extractorrdquo International Journal of CommunicationSystems vol 30 no 1 Article ID e2933 2017

[39] Y Chung S Choi Y S Lee N Park andDWon ldquoAn enhancedlightweight anonymous authentication scheme for a scalablelocalization roaming service in wireless sensor networksrdquo Sen-sors vol 16 no 10 article 1653 2016

[40] Commercial National Security Algorithm Suite and QuantumComputing FAQ US National Security Agency January 2016

[41] M BurrowsM Abad andM Needham ldquoA logic of authentica-tionrdquo Proceedings of the Royal Society A Mathematical Physicaland Engineering Sciences vol 426 no 1871 pp 233ndash271 1989

[42] A Armando D Basin Y Boichut et al ldquoThe AVISPA toolfor the automated validation of internet security protocolsand applicationsrdquo in Computer Aided Verification InternationalConference on Computer Aided Verification vol 3576 pp 281ndash285 Springer Berlin Germany 2005

[43] 2017 httpswwwmiraclcom[44] 2017 httpsgithubcommiraclMIRACL


[45] D He S Zeadally B Xu and X Huang ldquoAn efficient identity-based conditional privacy-preserving authentication schemefor vehicular ad hoc networksrdquo IEEE Transactions on Informa-tion Forensics and Security vol 10 no 12 pp 2681ndash2691 2015

[46] J Rodrıguez-Molina J-F Martınez P Castillejo and L LopezldquoCombining wireless sensor networks and semantic middle-ware for an internet of things-based sportsmanwoman mon-itoring applicationrdquo Sensors vol 13 no 2 pp 1787ndash1835 2013

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of


International Journal of

RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal of

Volume 201

Submit your manuscripts athttpswwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



In the authentication process the patient and the doctorhave to send their identities and some other related infor-mation to the gateway It has to be ensured that the patientrsquosidentity should not be leaked Of course a patient is usuallyunwilling to leak his identity information because if thepatientrsquos identity is leaked the health history and status ofthe patient will be freely available for anyone in the systemregardless of the patient wishes

On the other hand when a doctor sends his identity tothe gateway for authentication we have to make sure thatthe doctorrsquos identity is kept confidential too (eg when anadversary eavesdrops the identity of the doctor and finds outthe doctorrsquos major is dermatology according to the identity ofthe doctor there is a great chance that the patient has a skinrelated problem) Therefore it is also necessary to keep thedoctorrsquos identity confidential in order to protect the privacy ofthe patient In PriAuth Elliptic Curve Cryptography (ECC)is adopted as the method used to protect the identities of thedata transmission participants which is similar to [15ndash21]

After the gateway finishes the authentication process thegateway will send the authentication result to the patient andthe doctor Based on the authentication result the patientand the doctor could build a shared key In some traditionalschemes the gateway could learn the key shared from theauthentication information it gets from the patient and thedoctorThismeans the patientrsquos personal health data could beleaked to the gateway It is necessary to prevent the gatewaylearning this key In PriAuth Elliptic Curve DiffiendashHellman(ECDH) key exchange protocol is adopted to ensure theshared key secrecy between the patient and doctor Besidesonly hash and XOR operations are adopted which is suitablefor the wearable sensors

PriAuth has been validated by BAN logic and AVISPABAN logic is one of the most prevalent methods that helpdetermine whether the exchanged information is trustwor-thy secure against eavesdropping BAN logic is also adoptedto prove the security of the schemes by [22ndash24] AVISPA(Automated Validation of Internet Security Protocols andApplications) is a tool for the automated validation of Internetsecurity-sensitive protocols and applications which has beenwidely adopted by [24ndash26] and so forth

This paper is organized as follows Section 2 is relatedworks Section 3 is the preliminary knowledge In Section 4we introduce PriAuth Section 5 provides the BAN logicvalidation Section 6 includes AVISPA verification Section 7is the security analysis part Section 8 provides a comparisonwith other schemes Section 9 is the validation part Section 10concludes with a summary of the contributions

2 Related Works

In several papers of the researched literature the authors usedifferent acronyms user and sensor are the most commonlyused which equals to doctor and sensor in our schemeThusfrom now on we will use user and sensor instead of doctorand patient DWang and PWang provide overviews of someof the schemes described in [27 28] Farash et al use a singleshared key between all the users or sensors to encrypt the

identities [13] All the sensors use the same key ℎ(119883GWN 1)to encrypt the sensor identity using XORmethodwhere SID119895

is the sensor identity and 1198792 is a timestamp

ESID119895 = SID119895 oplus ℎ (ℎ (119883GWN 1) 1198792) (1)

where ℎ(119883GWN 1) is a key that is shared by all thesensors so malicious or curious sensors could learn theidentity of sensor SID119895 As ESID119895 1198792 are sent via a publicchannel Amalicious or curious sensor with identity SID119896 caneavesdrop sensor SID119895 to get ESID119895 1198792 In order to get thesensor id SID119895 SID119896 could decrypt ESID119895 using the same keyℎ(119883GWN 1)

ESID119895 oplus ℎ (ℎ (119883GWN 1) 1198792)= SID119895 oplus ℎ (ℎ (119883GWN 1) 1198792)

oplus ℎ (ℎ (119883GWN 1) 1198792) = SID119895(2)

Lu et al use a random identity TID119894 to protect identityprivacy [10] But as the identity is a fixed value a user couldbe tracked by an adversary Schemes [29ndash32] use a similarmethod but all these procedures are prone to suffer fromtractability attack

In scheme proposed by Wu et al every time the gatewaygives a newPIDnewMU for the user [4] But in this case there isa potential loss of synchronization problem if the adversaryblocks the PIDnewMU from being sent to the user then thetwo parties may lose their synchronization Das et al protectthe identity of the user by generating a new masked identityevery time in a similar way but this scheme suffers from lossof synchronization problem too [33]

Jung et al use the similar method with the scheme [13]of Farash et al [6] The key to encrypt the identity of a singleuser is the same for all the users This scheme has the sameproblem that has been discussed What a user sends to thegateway node is as follows DID119894 = ℎ(ID119894 1198771) 119896 = ℎ(DID119894 Vlowast 1198791) 119860 119894 = 119864119896(DID119894 1198771 1198791) so other users could learnDID119894 by decrypting 119860 119894 with the same key Vlowast Besides thisscheme has the same inner side attacker problem a detailedanalysis is shown in Section 74

Rabin cryptosystem with quadratic residue problem isused to encrypt a message [11 34] Assume 119899 = 119901119902 where119901 and 119902 are two large primes If 119910 = 1199092 mod 119899 has a solutionthat is there exists a square root for 119910 then 119910 is calleda quadratic residue mod119899 The set of all quadratic residuenumbers in [1 119899minus1] is denoted byQR119899The quadratic residueproblem states that for 119910 isin QR119899 it is hard to find 119909 withoutthe knowledge of 119901 and 119902 due to the difficulty of factoring 119899[35] this is a kind of public-key encryption method

Chatterjee and Das provide a similar methodology ofprotecting the identity of the user They use the ECC basedpublic key methods [15] Besides they try to combine theauthentication scheme with an attributed based access con-trol scheme He et al use a similar method while they useexponentiation operations instead [36]

We summarize some of them in Table 1 From the table itcan be inferred that privacy is a problem that has not drawnenough attention from the researchers In some schemes






3 Preliminary


1199102 = 1199093 + 119886119909 + 119887 (3)






119889119860119876119861 = 119889119860119889119861119866 = 119889119861119889119860119866 = 119889119861119876119860 (4)





User GatewaySensor




















119894 PW1015840













119861 = 1198962 sdot 1198661198723 = ℎ(119861 1198722 119909119895 1198792)






119895 by (ID1015840119894 SID1015840

119895) = 1198721 oplus 1198701015840119906119892

(3) GWN computes 1198891015840119894 by 1198891015840

119894 = ℎ(ID1015840119894 119883GWN)

(4) GWN computes 1199091015840119895 by 1199091015840

119895 = ℎ(SID1015840119895 119883GWN)



Sensor Gateway




119872119873119895 = 119903119895 oplus 119883GWN-119878119895





119891119895 = ℎ(119909119895 119883GWN-119878119895 1198792)stores 119909119895 119901 119886 119887 119866 119899 ℎ 119876119892





119891119894 119901119886119887119866119899ℎ119876119892larr997888997888997888997888997888997888997888997888997888997888997888997888




119895 1198611198722 and 1198792 to check if 1198723 = ℎ(119861 1198722 1199091015840



















119894 and PW1015840119894

SC1198721198751015840119894 = ℎ(119903119894 ID1015840

119894 PW1015840119894 )

SC 119889119894 = 119891119894 oplus 1198721198751015840119894






1198601198721 1198722 1198791 1198611198723 1198792997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr 1198701015840119906119892 = ℎ(1198791 119889119892 sdot 119860)

(ID1015840119894 SID1015840

119895) = 1198721 oplus 1198701015840119906119892

1198891015840119894 = ℎ (ID1015840

119894 119883GWN)1199091015840119895 = ℎ (SID1015840

119895 119883GWN)checks if1198722 = ℎ(119860 1198721 1198891015840

119894 1198791)checks if1198723 = ℎ(119861 1198722 1199091015840

119895 1198792)1198724 = ℎ (119860 119909119895 1198723 119861 1198792)1198725 = ℎ (119861 119889119894 1198722 119860 1198791)



1198611198725larr997888997888997888997888997888





SC1198721198751015840119894 = ℎ(119903119894 ID119894 PW1015840

119894 )SC 1198911015840

119894 = 119889119894 oplus 1198721198751015840119894

SC changes 119891119894 with 1198911015840119894




119891119894 with 1198911015840119894 = 119889119894 oplus 1198721198751015840

119894









Rule BAN Logic form

⊲ rule119875 |equiv 119896997888rarr 119875 119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119875 119896larrrarr 119876119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119896997888rarr 119876119875 ⊲ 119883119896minus1











119875 ⊲ 119883 119875 |equiv (119883 119884)119875 |equiv (119883)







(1) 119880119894 |equiv 119880119894


SKlarrrarr 119878119895(5)









1 119880119894 997888rarr 119878119895 119860 ID119894 SID119895119870119906119892 119860 ID119894 SID119895119870119906119892 1198791119889119894


119889119894

1198791 119861 1198611198722 1198792119909119895 11987923 GWN 997888rarr 119878119895 1198601198723 119861 1198792119909119895 1198611198722 119860 11987911198891198944 119878119895 997888rarr 119880119894 119861 1198611198722 119860 1198791119889119894



119889119894larrrarr 119880119894







119878119895 |equiv 119880119894 |sim 119883A12









411987210158405ESID1015840

119895 11987910158402 and send


6119872101584071198721015840

811987210158409 1198791015840


6119872101584081198721015840

10 11987910158403 1198791015840





ℎ (119883 oplus 119884)) 119879119906) 120572 = ℎ (ID119906 ID119878119899

119883 1198831015840 119879119906 120596)

(6)





8 Comparison





















9 Validation











10 Conclusions



Appendix




GWN ⊲ 119860 ID119894 SID119895119870119906119892

119860 ID119894 SID119895119870119906119892 1198791119889119894

1198791 119861 1198611198722 1198792119909119895 1198792 (A1)


Table14C

ompu

tatio

ncostof

thelogin

andauthentic

ation

Schemes

User

Sensor

Gatew

ayTo

tal

Total(ms)

Choietal[1]

7119879 119867+3

119879 MUL

4119879 119867+2

119879 MUL

4119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551

ChangandLe

[3Schem

e2]

7119879 119867+2

119879 MUL

5119879 119867+2

119879 MUL

9119879 11986721119879

119867+4

119879 MUL

154674

Fanetal[7]

13119879119867+2

119879 MUL

4119879 119867+2

119879 MUL

14119879119867

31119879119867+4

119879 MUL

158614

Nam

etal[9]

3119879 119867+1

119879 119864119863+1

119879 mac+3

119879 MUL

1119879 119867+2

119879 mac+2

119879 MUL

2119879 119867+2

119879 119864119863+3

119879 mac+1

119879 MUL

6119879 119867+3

119879 119864119863+6

119879 mac+6

119879 MUL

2415

12PriAuth

5119879 119867+3

119879 MUL

3119879 119867+2

119879 MUL

7119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551






GWN ⊲ 119860 ID119894 SID119895119870119906119892 SID119895 1198791119889119894

(A2)

GWN ⊲ 1198611198722 1198792119909119895 (A3)




GWN |equiv 119878119895 |sim 1198611198722 1198792 (A5)


GWN |equiv 119880119894 |sim 119860 (A6)


GWN |equiv 119878119895 |sim 119861 (A7)


GWN |equiv 119880119894 |equiv 119860 (A8)


GWN |equiv 119878119895 |equiv 119861 (A9)



119878119895 ⊲ 1198601198723 119861 1198792119909119895 1198611198722 119860 1198791119889119894 (A10)


119878119895 ⊲ 1198601198723 119861 1198792119909119895 (A11)


119878119895 |equiv GWN |sim 1198601198723 119861 1198792 (A12)


119878119895 |equiv GWN |sim 119860 (A13)


119878119895 |equiv GWN |equiv 119860 (A14)


119878119895 |equiv 119880119894 |sim 119860 (A15)


119878119895 |equiv 119880119894 |equiv 119860 (A16)


119878119895 |equiv 119860 (A17)


119878119895 |equiv (1198962) (A18)







119880119894 ⊲ 119861 1198611198722 119860 1198791119889119894 (A21)



played by Uidef=



xor((IDiSIDj)Kug)





end role

Box 1


119880119894 ⊲ 1198611198722 119860 1198791119889119894 (A22)


119880119894 |equiv GWN |sim 1198611198722 119860 1198791 (A23)


119880119894 |equiv 119878119895 |sim 119861 (A24)


119880119894 |equiv GWN |equiv 119861 (A25)


119880119894 |equiv 119878119895 |sim 119861 (A26)


119880119894 |equiv 119878119895 |equiv 119861 (A27)


119880119894 |equiv 119861 (A28)


119880119894 |equiv (1198961) (A29)










played by Sjdef=



Y

Z

T1

Nb

H(NbZKxjT2)




X)end role

Box 2



xor((IDiSIDj)Kug)


T1

Nb





end role

Box 3



def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation














3 Preliminary


1199102 = 1199093 + 119886119909 + 119887 (3)






119889119860119876119861 = 119889119860119889119861119866 = 119889119861119889119860119866 = 119889119861119876119860 (4)





User GatewaySensor




















119894 PW1015840













119861 = 1198962 sdot 1198661198723 = ℎ(119861 1198722 119909119895 1198792)






119895 by (ID1015840119894 SID1015840

119895) = 1198721 oplus 1198701015840119906119892

(3) GWN computes 1198891015840119894 by 1198891015840

119894 = ℎ(ID1015840119894 119883GWN)

(4) GWN computes 1199091015840119895 by 1199091015840

119895 = ℎ(SID1015840119895 119883GWN)



Sensor Gateway




119872119873119895 = 119903119895 oplus 119883GWN-119878119895





119891119895 = ℎ(119909119895 119883GWN-119878119895 1198792)stores 119909119895 119901 119886 119887 119866 119899 ℎ 119876119892





119891119894 119901119886119887119866119899ℎ119876119892larr997888997888997888997888997888997888997888997888997888997888997888997888




119895 1198611198722 and 1198792 to check if 1198723 = ℎ(119861 1198722 1199091015840



















119894 and PW1015840119894

SC1198721198751015840119894 = ℎ(119903119894 ID1015840

119894 PW1015840119894 )

SC 119889119894 = 119891119894 oplus 1198721198751015840119894






1198601198721 1198722 1198791 1198611198723 1198792997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr 1198701015840119906119892 = ℎ(1198791 119889119892 sdot 119860)

(ID1015840119894 SID1015840

119895) = 1198721 oplus 1198701015840119906119892

1198891015840119894 = ℎ (ID1015840

119894 119883GWN)1199091015840119895 = ℎ (SID1015840

119895 119883GWN)checks if1198722 = ℎ(119860 1198721 1198891015840

119894 1198791)checks if1198723 = ℎ(119861 1198722 1199091015840

119895 1198792)1198724 = ℎ (119860 119909119895 1198723 119861 1198792)1198725 = ℎ (119861 119889119894 1198722 119860 1198791)



1198611198725larr997888997888997888997888997888





SC1198721198751015840119894 = ℎ(119903119894 ID119894 PW1015840

119894 )SC 1198911015840

119894 = 119889119894 oplus 1198721198751015840119894

SC changes 119891119894 with 1198911015840119894




119891119894 with 1198911015840119894 = 119889119894 oplus 1198721198751015840

119894









Rule BAN Logic form

⊲ rule119875 |equiv 119896997888rarr 119875 119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119875 119896larrrarr 119876119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119896997888rarr 119876119875 ⊲ 119883119896minus1











119875 ⊲ 119883 119875 |equiv (119883 119884)119875 |equiv (119883)







(1) 119880119894 |equiv 119880119894


SKlarrrarr 119878119895(5)









1 119880119894 997888rarr 119878119895 119860 ID119894 SID119895119870119906119892 119860 ID119894 SID119895119870119906119892 1198791119889119894


119889119894

1198791 119861 1198611198722 1198792119909119895 11987923 GWN 997888rarr 119878119895 1198601198723 119861 1198792119909119895 1198611198722 119860 11987911198891198944 119878119895 997888rarr 119880119894 119861 1198611198722 119860 1198791119889119894



119889119894larrrarr 119880119894







119878119895 |equiv 119880119894 |sim 119883A12









411987210158405ESID1015840

119895 11987910158402 and send


6119872101584071198721015840

811987210158409 1198791015840


6119872101584081198721015840

10 11987910158403 1198791015840





ℎ (119883 oplus 119884)) 119879119906) 120572 = ℎ (ID119906 ID119878119899

119883 1198831015840 119879119906 120596)

(6)





8 Comparison





















9 Validation











10 Conclusions



Appendix




GWN ⊲ 119860 ID119894 SID119895119870119906119892

119860 ID119894 SID119895119870119906119892 1198791119889119894

1198791 119861 1198611198722 1198792119909119895 1198792 (A1)


Table14C

ompu

tatio

ncostof

thelogin

andauthentic

ation

Schemes

User

Sensor

Gatew

ayTo

tal

Total(ms)

Choietal[1]

7119879 119867+3

119879 MUL

4119879 119867+2

119879 MUL

4119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551

ChangandLe

[3Schem

e2]

7119879 119867+2

119879 MUL

5119879 119867+2

119879 MUL

9119879 11986721119879

119867+4

119879 MUL

154674

Fanetal[7]

13119879119867+2

119879 MUL

4119879 119867+2

119879 MUL

14119879119867

31119879119867+4

119879 MUL

158614

Nam

etal[9]

3119879 119867+1

119879 119864119863+1

119879 mac+3

119879 MUL

1119879 119867+2

119879 mac+2

119879 MUL

2119879 119867+2

119879 119864119863+3

119879 mac+1

119879 MUL

6119879 119867+3

119879 119864119863+6

119879 mac+6

119879 MUL

2415

12PriAuth

5119879 119867+3

119879 MUL

3119879 119867+2

119879 MUL

7119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551






GWN ⊲ 119860 ID119894 SID119895119870119906119892 SID119895 1198791119889119894

(A2)

GWN ⊲ 1198611198722 1198792119909119895 (A3)




GWN |equiv 119878119895 |sim 1198611198722 1198792 (A5)


GWN |equiv 119880119894 |sim 119860 (A6)


GWN |equiv 119878119895 |sim 119861 (A7)


GWN |equiv 119880119894 |equiv 119860 (A8)


GWN |equiv 119878119895 |equiv 119861 (A9)



119878119895 ⊲ 1198601198723 119861 1198792119909119895 1198611198722 119860 1198791119889119894 (A10)


119878119895 ⊲ 1198601198723 119861 1198792119909119895 (A11)


119878119895 |equiv GWN |sim 1198601198723 119861 1198792 (A12)


119878119895 |equiv GWN |sim 119860 (A13)


119878119895 |equiv GWN |equiv 119860 (A14)


119878119895 |equiv 119880119894 |sim 119860 (A15)


119878119895 |equiv 119880119894 |equiv 119860 (A16)


119878119895 |equiv 119860 (A17)


119878119895 |equiv (1198962) (A18)







119880119894 ⊲ 119861 1198611198722 119860 1198791119889119894 (A21)



played by Uidef=



xor((IDiSIDj)Kug)





end role

Box 1


119880119894 ⊲ 1198611198722 119860 1198791119889119894 (A22)


119880119894 |equiv GWN |sim 1198611198722 119860 1198791 (A23)


119880119894 |equiv 119878119895 |sim 119861 (A24)


119880119894 |equiv GWN |equiv 119861 (A25)


119880119894 |equiv 119878119895 |sim 119861 (A26)


119880119894 |equiv 119878119895 |equiv 119861 (A27)


119880119894 |equiv 119861 (A28)


119880119894 |equiv (1198961) (A29)










played by Sjdef=



Y

Z

T1

Nb

H(NbZKxjT2)




X)end role

Box 2



xor((IDiSIDj)Kug)


T1

Nb





end role

Box 3



def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










User GatewaySensor




















119894 PW1015840













119861 = 1198962 sdot 1198661198723 = ℎ(119861 1198722 119909119895 1198792)






119895 by (ID1015840119894 SID1015840

119895) = 1198721 oplus 1198701015840119906119892

(3) GWN computes 1198891015840119894 by 1198891015840

119894 = ℎ(ID1015840119894 119883GWN)

(4) GWN computes 1199091015840119895 by 1199091015840

119895 = ℎ(SID1015840119895 119883GWN)



Sensor Gateway




119872119873119895 = 119903119895 oplus 119883GWN-119878119895





119891119895 = ℎ(119909119895 119883GWN-119878119895 1198792)stores 119909119895 119901 119886 119887 119866 119899 ℎ 119876119892





119891119894 119901119886119887119866119899ℎ119876119892larr997888997888997888997888997888997888997888997888997888997888997888997888




119895 1198611198722 and 1198792 to check if 1198723 = ℎ(119861 1198722 1199091015840



















119894 and PW1015840119894

SC1198721198751015840119894 = ℎ(119903119894 ID1015840

119894 PW1015840119894 )

SC 119889119894 = 119891119894 oplus 1198721198751015840119894






1198601198721 1198722 1198791 1198611198723 1198792997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr 1198701015840119906119892 = ℎ(1198791 119889119892 sdot 119860)

(ID1015840119894 SID1015840

119895) = 1198721 oplus 1198701015840119906119892

1198891015840119894 = ℎ (ID1015840

119894 119883GWN)1199091015840119895 = ℎ (SID1015840

119895 119883GWN)checks if1198722 = ℎ(119860 1198721 1198891015840

119894 1198791)checks if1198723 = ℎ(119861 1198722 1199091015840

119895 1198792)1198724 = ℎ (119860 119909119895 1198723 119861 1198792)1198725 = ℎ (119861 119889119894 1198722 119860 1198791)



1198611198725larr997888997888997888997888997888





SC1198721198751015840119894 = ℎ(119903119894 ID119894 PW1015840

119894 )SC 1198911015840

119894 = 119889119894 oplus 1198721198751015840119894

SC changes 119891119894 with 1198911015840119894




119891119894 with 1198911015840119894 = 119889119894 oplus 1198721198751015840

119894









Rule BAN Logic form

⊲ rule119875 |equiv 119896997888rarr 119875 119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119875 119896larrrarr 119876119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119896997888rarr 119876119875 ⊲ 119883119896minus1











119875 ⊲ 119883 119875 |equiv (119883 119884)119875 |equiv (119883)







(1) 119880119894 |equiv 119880119894


SKlarrrarr 119878119895(5)









1 119880119894 997888rarr 119878119895 119860 ID119894 SID119895119870119906119892 119860 ID119894 SID119895119870119906119892 1198791119889119894


119889119894

1198791 119861 1198611198722 1198792119909119895 11987923 GWN 997888rarr 119878119895 1198601198723 119861 1198792119909119895 1198611198722 119860 11987911198891198944 119878119895 997888rarr 119880119894 119861 1198611198722 119860 1198791119889119894



119889119894larrrarr 119880119894







119878119895 |equiv 119880119894 |sim 119883A12









411987210158405ESID1015840

119895 11987910158402 and send


6119872101584071198721015840

811987210158409 1198791015840


6119872101584081198721015840

10 11987910158403 1198791015840





ℎ (119883 oplus 119884)) 119879119906) 120572 = ℎ (ID119906 ID119878119899

119883 1198831015840 119879119906 120596)

(6)





8 Comparison





















9 Validation











10 Conclusions



Appendix




GWN ⊲ 119860 ID119894 SID119895119870119906119892

119860 ID119894 SID119895119870119906119892 1198791119889119894

1198791 119861 1198611198722 1198792119909119895 1198792 (A1)


Table14C

ompu

tatio

ncostof

thelogin

andauthentic

ation

Schemes

User

Sensor

Gatew

ayTo

tal

Total(ms)

Choietal[1]

7119879 119867+3

119879 MUL

4119879 119867+2

119879 MUL

4119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551

ChangandLe

[3Schem

e2]

7119879 119867+2

119879 MUL

5119879 119867+2

119879 MUL

9119879 11986721119879

119867+4

119879 MUL

154674

Fanetal[7]

13119879119867+2

119879 MUL

4119879 119867+2

119879 MUL

14119879119867

31119879119867+4

119879 MUL

158614

Nam

etal[9]

3119879 119867+1

119879 119864119863+1

119879 mac+3

119879 MUL

1119879 119867+2

119879 mac+2

119879 MUL

2119879 119867+2

119879 119864119863+3

119879 mac+1

119879 MUL

6119879 119867+3

119879 119864119863+6

119879 mac+6

119879 MUL

2415

12PriAuth

5119879 119867+3

119879 MUL

3119879 119867+2

119879 MUL

7119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551






GWN ⊲ 119860 ID119894 SID119895119870119906119892 SID119895 1198791119889119894

(A2)

GWN ⊲ 1198611198722 1198792119909119895 (A3)




GWN |equiv 119878119895 |sim 1198611198722 1198792 (A5)


GWN |equiv 119880119894 |sim 119860 (A6)


GWN |equiv 119878119895 |sim 119861 (A7)


GWN |equiv 119880119894 |equiv 119860 (A8)


GWN |equiv 119878119895 |equiv 119861 (A9)



119878119895 ⊲ 1198601198723 119861 1198792119909119895 1198611198722 119860 1198791119889119894 (A10)


119878119895 ⊲ 1198601198723 119861 1198792119909119895 (A11)


119878119895 |equiv GWN |sim 1198601198723 119861 1198792 (A12)


119878119895 |equiv GWN |sim 119860 (A13)


119878119895 |equiv GWN |equiv 119860 (A14)


119878119895 |equiv 119880119894 |sim 119860 (A15)


119878119895 |equiv 119880119894 |equiv 119860 (A16)


119878119895 |equiv 119860 (A17)


119878119895 |equiv (1198962) (A18)







119880119894 ⊲ 119861 1198611198722 119860 1198791119889119894 (A21)



played by Uidef=



xor((IDiSIDj)Kug)





end role

Box 1


119880119894 ⊲ 1198611198722 119860 1198791119889119894 (A22)


119880119894 |equiv GWN |sim 1198611198722 119860 1198791 (A23)


119880119894 |equiv 119878119895 |sim 119861 (A24)


119880119894 |equiv GWN |equiv 119861 (A25)


119880119894 |equiv 119878119895 |sim 119861 (A26)


119880119894 |equiv 119878119895 |equiv 119861 (A27)


119880119894 |equiv 119861 (A28)


119880119894 |equiv (1198961) (A29)










played by Sjdef=



Y

Z

T1

Nb

H(NbZKxjT2)




X)end role

Box 2



xor((IDiSIDj)Kug)


T1

Nb





end role

Box 3



def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











Sensor Gateway




119872119873119895 = 119903119895 oplus 119883GWN-119878119895





119891119895 = ℎ(119909119895 119883GWN-119878119895 1198792)stores 119909119895 119901 119886 119887 119866 119899 ℎ 119876119892





119891119894 119901119886119887119866119899ℎ119876119892larr997888997888997888997888997888997888997888997888997888997888997888997888




119895 1198611198722 and 1198792 to check if 1198723 = ℎ(119861 1198722 1199091015840



















119894 and PW1015840119894

SC1198721198751015840119894 = ℎ(119903119894 ID1015840

119894 PW1015840119894 )

SC 119889119894 = 119891119894 oplus 1198721198751015840119894






1198601198721 1198722 1198791 1198611198723 1198792997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr 1198701015840119906119892 = ℎ(1198791 119889119892 sdot 119860)

(ID1015840119894 SID1015840

119895) = 1198721 oplus 1198701015840119906119892

1198891015840119894 = ℎ (ID1015840

119894 119883GWN)1199091015840119895 = ℎ (SID1015840

119895 119883GWN)checks if1198722 = ℎ(119860 1198721 1198891015840

119894 1198791)checks if1198723 = ℎ(119861 1198722 1199091015840

119895 1198792)1198724 = ℎ (119860 119909119895 1198723 119861 1198792)1198725 = ℎ (119861 119889119894 1198722 119860 1198791)



1198611198725larr997888997888997888997888997888





SC1198721198751015840119894 = ℎ(119903119894 ID119894 PW1015840

119894 )SC 1198911015840

119894 = 119889119894 oplus 1198721198751015840119894

SC changes 119891119894 with 1198911015840119894




119891119894 with 1198911015840119894 = 119889119894 oplus 1198721198751015840

119894









Rule BAN Logic form

⊲ rule119875 |equiv 119896997888rarr 119875 119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119875 119896larrrarr 119876119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119896997888rarr 119876119875 ⊲ 119883119896minus1











119875 ⊲ 119883 119875 |equiv (119883 119884)119875 |equiv (119883)







(1) 119880119894 |equiv 119880119894


SKlarrrarr 119878119895(5)









1 119880119894 997888rarr 119878119895 119860 ID119894 SID119895119870119906119892 119860 ID119894 SID119895119870119906119892 1198791119889119894


119889119894

1198791 119861 1198611198722 1198792119909119895 11987923 GWN 997888rarr 119878119895 1198601198723 119861 1198792119909119895 1198611198722 119860 11987911198891198944 119878119895 997888rarr 119880119894 119861 1198611198722 119860 1198791119889119894



119889119894larrrarr 119880119894







119878119895 |equiv 119880119894 |sim 119883A12









411987210158405ESID1015840

119895 11987910158402 and send


6119872101584071198721015840

811987210158409 1198791015840


6119872101584081198721015840

10 11987910158403 1198791015840





ℎ (119883 oplus 119884)) 119879119906) 120572 = ℎ (ID119906 ID119878119899

119883 1198831015840 119879119906 120596)

(6)





8 Comparison





















9 Validation











10 Conclusions



Appendix




GWN ⊲ 119860 ID119894 SID119895119870119906119892

119860 ID119894 SID119895119870119906119892 1198791119889119894

1198791 119861 1198611198722 1198792119909119895 1198792 (A1)


Table14C

ompu

tatio

ncostof

thelogin

andauthentic

ation

Schemes

User

Sensor

Gatew

ayTo

tal

Total(ms)

Choietal[1]

7119879 119867+3

119879 MUL

4119879 119867+2

119879 MUL

4119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551

ChangandLe

[3Schem

e2]

7119879 119867+2

119879 MUL

5119879 119867+2

119879 MUL

9119879 11986721119879

119867+4

119879 MUL

154674

Fanetal[7]

13119879119867+2

119879 MUL

4119879 119867+2

119879 MUL

14119879119867

31119879119867+4

119879 MUL

158614

Nam

etal[9]

3119879 119867+1

119879 119864119863+1

119879 mac+3

119879 MUL

1119879 119867+2

119879 mac+2

119879 MUL

2119879 119867+2

119879 119864119863+3

119879 mac+1

119879 MUL

6119879 119867+3

119879 119864119863+6

119879 mac+6

119879 MUL

2415

12PriAuth

5119879 119867+3

119879 MUL

3119879 119867+2

119879 MUL

7119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551






GWN ⊲ 119860 ID119894 SID119895119870119906119892 SID119895 1198791119889119894

(A2)

GWN ⊲ 1198611198722 1198792119909119895 (A3)




GWN |equiv 119878119895 |sim 1198611198722 1198792 (A5)


GWN |equiv 119880119894 |sim 119860 (A6)


GWN |equiv 119878119895 |sim 119861 (A7)


GWN |equiv 119880119894 |equiv 119860 (A8)


GWN |equiv 119878119895 |equiv 119861 (A9)



119878119895 ⊲ 1198601198723 119861 1198792119909119895 1198611198722 119860 1198791119889119894 (A10)


119878119895 ⊲ 1198601198723 119861 1198792119909119895 (A11)


119878119895 |equiv GWN |sim 1198601198723 119861 1198792 (A12)


119878119895 |equiv GWN |sim 119860 (A13)


119878119895 |equiv GWN |equiv 119860 (A14)


119878119895 |equiv 119880119894 |sim 119860 (A15)


119878119895 |equiv 119880119894 |equiv 119860 (A16)


119878119895 |equiv 119860 (A17)


119878119895 |equiv (1198962) (A18)







119880119894 ⊲ 119861 1198611198722 119860 1198791119889119894 (A21)



played by Uidef=



xor((IDiSIDj)Kug)





end role

Box 1


119880119894 ⊲ 1198611198722 119860 1198791119889119894 (A22)


119880119894 |equiv GWN |sim 1198611198722 119860 1198791 (A23)


119880119894 |equiv 119878119895 |sim 119861 (A24)


119880119894 |equiv GWN |equiv 119861 (A25)


119880119894 |equiv 119878119895 |sim 119861 (A26)


119880119894 |equiv 119878119895 |equiv 119861 (A27)


119880119894 |equiv 119861 (A28)


119880119894 |equiv (1198961) (A29)










played by Sjdef=



Y

Z

T1

Nb

H(NbZKxjT2)




X)end role

Box 2



xor((IDiSIDj)Kug)


T1

Nb





end role

Box 3



def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation













119894 and PW1015840119894

SC1198721198751015840119894 = ℎ(119903119894 ID1015840

119894 PW1015840119894 )

SC 119889119894 = 119891119894 oplus 1198721198751015840119894






1198601198721 1198722 1198791 1198611198723 1198792997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr 1198701015840119906119892 = ℎ(1198791 119889119892 sdot 119860)

(ID1015840119894 SID1015840

119895) = 1198721 oplus 1198701015840119906119892

1198891015840119894 = ℎ (ID1015840

119894 119883GWN)1199091015840119895 = ℎ (SID1015840

119895 119883GWN)checks if1198722 = ℎ(119860 1198721 1198891015840

119894 1198791)checks if1198723 = ℎ(119861 1198722 1199091015840

119895 1198792)1198724 = ℎ (119860 119909119895 1198723 119861 1198792)1198725 = ℎ (119861 119889119894 1198722 119860 1198791)



1198611198725larr997888997888997888997888997888





SC1198721198751015840119894 = ℎ(119903119894 ID119894 PW1015840

119894 )SC 1198911015840

119894 = 119889119894 oplus 1198721198751015840119894

SC changes 119891119894 with 1198911015840119894




119891119894 with 1198911015840119894 = 119889119894 oplus 1198721198751015840

119894









Rule BAN Logic form

⊲ rule119875 |equiv 119896997888rarr 119875 119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119875 119896larrrarr 119876119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119896997888rarr 119876119875 ⊲ 119883119896minus1











119875 ⊲ 119883 119875 |equiv (119883 119884)119875 |equiv (119883)







(1) 119880119894 |equiv 119880119894


SKlarrrarr 119878119895(5)









1 119880119894 997888rarr 119878119895 119860 ID119894 SID119895119870119906119892 119860 ID119894 SID119895119870119906119892 1198791119889119894


119889119894

1198791 119861 1198611198722 1198792119909119895 11987923 GWN 997888rarr 119878119895 1198601198723 119861 1198792119909119895 1198611198722 119860 11987911198891198944 119878119895 997888rarr 119880119894 119861 1198611198722 119860 1198791119889119894



119889119894larrrarr 119880119894







119878119895 |equiv 119880119894 |sim 119883A12









411987210158405ESID1015840

119895 11987910158402 and send


6119872101584071198721015840

811987210158409 1198791015840


6119872101584081198721015840

10 11987910158403 1198791015840





ℎ (119883 oplus 119884)) 119879119906) 120572 = ℎ (ID119906 ID119878119899

119883 1198831015840 119879119906 120596)

(6)





8 Comparison





















9 Validation











10 Conclusions



Appendix




GWN ⊲ 119860 ID119894 SID119895119870119906119892

119860 ID119894 SID119895119870119906119892 1198791119889119894

1198791 119861 1198611198722 1198792119909119895 1198792 (A1)


Table14C

ompu

tatio

ncostof

thelogin

andauthentic

ation

Schemes

User

Sensor

Gatew

ayTo

tal

Total(ms)

Choietal[1]

7119879 119867+3

119879 MUL

4119879 119867+2

119879 MUL

4119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551

ChangandLe

[3Schem

e2]

7119879 119867+2

119879 MUL

5119879 119867+2

119879 MUL

9119879 11986721119879

119867+4

119879 MUL

154674

Fanetal[7]

13119879119867+2

119879 MUL

4119879 119867+2

119879 MUL

14119879119867

31119879119867+4

119879 MUL

158614

Nam

etal[9]

3119879 119867+1

119879 119864119863+1

119879 mac+3

119879 MUL

1119879 119867+2

119879 mac+2

119879 MUL

2119879 119867+2

119879 119864119863+3

119879 mac+1

119879 MUL

6119879 119867+3

119879 119864119863+6

119879 mac+6

119879 MUL

2415

12PriAuth

5119879 119867+3

119879 MUL

3119879 119867+2

119879 MUL

7119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551






GWN ⊲ 119860 ID119894 SID119895119870119906119892 SID119895 1198791119889119894

(A2)

GWN ⊲ 1198611198722 1198792119909119895 (A3)




GWN |equiv 119878119895 |sim 1198611198722 1198792 (A5)


GWN |equiv 119880119894 |sim 119860 (A6)


GWN |equiv 119878119895 |sim 119861 (A7)


GWN |equiv 119880119894 |equiv 119860 (A8)


GWN |equiv 119878119895 |equiv 119861 (A9)



119878119895 ⊲ 1198601198723 119861 1198792119909119895 1198611198722 119860 1198791119889119894 (A10)


119878119895 ⊲ 1198601198723 119861 1198792119909119895 (A11)


119878119895 |equiv GWN |sim 1198601198723 119861 1198792 (A12)


119878119895 |equiv GWN |sim 119860 (A13)


119878119895 |equiv GWN |equiv 119860 (A14)


119878119895 |equiv 119880119894 |sim 119860 (A15)


119878119895 |equiv 119880119894 |equiv 119860 (A16)


119878119895 |equiv 119860 (A17)


119878119895 |equiv (1198962) (A18)







119880119894 ⊲ 119861 1198611198722 119860 1198791119889119894 (A21)



played by Uidef=



xor((IDiSIDj)Kug)





end role

Box 1


119880119894 ⊲ 1198611198722 119860 1198791119889119894 (A22)


119880119894 |equiv GWN |sim 1198611198722 119860 1198791 (A23)


119880119894 |equiv 119878119895 |sim 119861 (A24)


119880119894 |equiv GWN |equiv 119861 (A25)


119880119894 |equiv 119878119895 |sim 119861 (A26)


119880119894 |equiv 119878119895 |equiv 119861 (A27)


119880119894 |equiv 119861 (A28)


119880119894 |equiv (1198961) (A29)










played by Sjdef=



Y

Z

T1

Nb

H(NbZKxjT2)




X)end role

Box 2



xor((IDiSIDj)Kug)


T1

Nb





end role

Box 3



def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











Rule BAN Logic form

⊲ rule119875 |equiv 119896997888rarr 119875 119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119875 119896larrrarr 119876119875 ⊲ 119883119896

119875 ⊲ 119883 119875 |equiv 119896997888rarr 119876119875 ⊲ 119883119896minus1











119875 ⊲ 119883 119875 |equiv (119883 119884)119875 |equiv (119883)







(1) 119880119894 |equiv 119880119894


SKlarrrarr 119878119895(5)









1 119880119894 997888rarr 119878119895 119860 ID119894 SID119895119870119906119892 119860 ID119894 SID119895119870119906119892 1198791119889119894


119889119894

1198791 119861 1198611198722 1198792119909119895 11987923 GWN 997888rarr 119878119895 1198601198723 119861 1198792119909119895 1198611198722 119860 11987911198891198944 119878119895 997888rarr 119880119894 119861 1198611198722 119860 1198791119889119894



119889119894larrrarr 119880119894







119878119895 |equiv 119880119894 |sim 119883A12









411987210158405ESID1015840

119895 11987910158402 and send


6119872101584071198721015840

811987210158409 1198791015840


6119872101584081198721015840

10 11987910158403 1198791015840





ℎ (119883 oplus 119884)) 119879119906) 120572 = ℎ (ID119906 ID119878119899

119883 1198831015840 119879119906 120596)

(6)





8 Comparison





















9 Validation











10 Conclusions



Appendix




GWN ⊲ 119860 ID119894 SID119895119870119906119892

119860 ID119894 SID119895119870119906119892 1198791119889119894

1198791 119861 1198611198722 1198792119909119895 1198792 (A1)


Table14C

ompu

tatio

ncostof

thelogin

andauthentic

ation

Schemes

User

Sensor

Gatew

ayTo

tal

Total(ms)

Choietal[1]

7119879 119867+3

119879 MUL

4119879 119867+2

119879 MUL

4119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551

ChangandLe

[3Schem

e2]

7119879 119867+2

119879 MUL

5119879 119867+2

119879 MUL

9119879 11986721119879

119867+4

119879 MUL

154674

Fanetal[7]

13119879119867+2

119879 MUL

4119879 119867+2

119879 MUL

14119879119867

31119879119867+4

119879 MUL

158614

Nam

etal[9]

3119879 119867+1

119879 119864119863+1

119879 mac+3

119879 MUL

1119879 119867+2

119879 mac+2

119879 MUL

2119879 119867+2

119879 119864119863+3

119879 mac+1

119879 MUL

6119879 119867+3

119879 119864119863+6

119879 mac+6

119879 MUL

2415

12PriAuth

5119879 119867+3

119879 MUL

3119879 119867+2

119879 MUL

7119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551






GWN ⊲ 119860 ID119894 SID119895119870119906119892 SID119895 1198791119889119894

(A2)

GWN ⊲ 1198611198722 1198792119909119895 (A3)




GWN |equiv 119878119895 |sim 1198611198722 1198792 (A5)


GWN |equiv 119880119894 |sim 119860 (A6)


GWN |equiv 119878119895 |sim 119861 (A7)


GWN |equiv 119880119894 |equiv 119860 (A8)


GWN |equiv 119878119895 |equiv 119861 (A9)



119878119895 ⊲ 1198601198723 119861 1198792119909119895 1198611198722 119860 1198791119889119894 (A10)


119878119895 ⊲ 1198601198723 119861 1198792119909119895 (A11)


119878119895 |equiv GWN |sim 1198601198723 119861 1198792 (A12)


119878119895 |equiv GWN |sim 119860 (A13)


119878119895 |equiv GWN |equiv 119860 (A14)


119878119895 |equiv 119880119894 |sim 119860 (A15)


119878119895 |equiv 119880119894 |equiv 119860 (A16)


119878119895 |equiv 119860 (A17)


119878119895 |equiv (1198962) (A18)







119880119894 ⊲ 119861 1198611198722 119860 1198791119889119894 (A21)



played by Uidef=



xor((IDiSIDj)Kug)





end role

Box 1


119880119894 ⊲ 1198611198722 119860 1198791119889119894 (A22)


119880119894 |equiv GWN |sim 1198611198722 119860 1198791 (A23)


119880119894 |equiv 119878119895 |sim 119861 (A24)


119880119894 |equiv GWN |equiv 119861 (A25)


119880119894 |equiv 119878119895 |sim 119861 (A26)


119880119894 |equiv 119878119895 |equiv 119861 (A27)


119880119894 |equiv 119861 (A28)


119880119894 |equiv (1198961) (A29)










played by Sjdef=



Y

Z

T1

Nb

H(NbZKxjT2)




X)end role

Box 2



xor((IDiSIDj)Kug)


T1

Nb





end role

Box 3



def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation












1 119880119894 997888rarr 119878119895 119860 ID119894 SID119895119870119906119892 119860 ID119894 SID119895119870119906119892 1198791119889119894


119889119894

1198791 119861 1198611198722 1198792119909119895 11987923 GWN 997888rarr 119878119895 1198601198723 119861 1198792119909119895 1198611198722 119860 11987911198891198944 119878119895 997888rarr 119880119894 119861 1198611198722 119860 1198791119889119894



119889119894larrrarr 119880119894







119878119895 |equiv 119880119894 |sim 119883A12









411987210158405ESID1015840

119895 11987910158402 and send


6119872101584071198721015840

811987210158409 1198791015840


6119872101584081198721015840

10 11987910158403 1198791015840





ℎ (119883 oplus 119884)) 119879119906) 120572 = ℎ (ID119906 ID119878119899

119883 1198831015840 119879119906 120596)

(6)





8 Comparison





















9 Validation











10 Conclusions



Appendix




GWN ⊲ 119860 ID119894 SID119895119870119906119892

119860 ID119894 SID119895119870119906119892 1198791119889119894

1198791 119861 1198611198722 1198792119909119895 1198792 (A1)


Table14C

ompu

tatio

ncostof

thelogin

andauthentic

ation

Schemes

User

Sensor

Gatew

ayTo

tal

Total(ms)

Choietal[1]

7119879 119867+3

119879 MUL

4119879 119867+2

119879 MUL

4119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551

ChangandLe

[3Schem

e2]

7119879 119867+2

119879 MUL

5119879 119867+2

119879 MUL

9119879 11986721119879

119867+4

119879 MUL

154674

Fanetal[7]

13119879119867+2

119879 MUL

4119879 119867+2

119879 MUL

14119879119867

31119879119867+4

119879 MUL

158614

Nam

etal[9]

3119879 119867+1

119879 119864119863+1

119879 mac+3

119879 MUL

1119879 119867+2

119879 mac+2

119879 MUL

2119879 119867+2

119879 119864119863+3

119879 mac+1

119879 MUL

6119879 119867+3

119879 119864119863+6

119879 mac+6

119879 MUL

2415

12PriAuth

5119879 119867+3

119879 MUL

3119879 119867+2

119879 MUL

7119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551






GWN ⊲ 119860 ID119894 SID119895119870119906119892 SID119895 1198791119889119894

(A2)

GWN ⊲ 1198611198722 1198792119909119895 (A3)




GWN |equiv 119878119895 |sim 1198611198722 1198792 (A5)


GWN |equiv 119880119894 |sim 119860 (A6)


GWN |equiv 119878119895 |sim 119861 (A7)


GWN |equiv 119880119894 |equiv 119860 (A8)


GWN |equiv 119878119895 |equiv 119861 (A9)



119878119895 ⊲ 1198601198723 119861 1198792119909119895 1198611198722 119860 1198791119889119894 (A10)


119878119895 ⊲ 1198601198723 119861 1198792119909119895 (A11)


119878119895 |equiv GWN |sim 1198601198723 119861 1198792 (A12)


119878119895 |equiv GWN |sim 119860 (A13)


119878119895 |equiv GWN |equiv 119860 (A14)


119878119895 |equiv 119880119894 |sim 119860 (A15)


119878119895 |equiv 119880119894 |equiv 119860 (A16)


119878119895 |equiv 119860 (A17)


119878119895 |equiv (1198962) (A18)







119880119894 ⊲ 119861 1198611198722 119860 1198791119889119894 (A21)



played by Uidef=



xor((IDiSIDj)Kug)





end role

Box 1


119880119894 ⊲ 1198611198722 119860 1198791119889119894 (A22)


119880119894 |equiv GWN |sim 1198611198722 119860 1198791 (A23)


119880119894 |equiv 119878119895 |sim 119861 (A24)


119880119894 |equiv GWN |equiv 119861 (A25)


119880119894 |equiv 119878119895 |sim 119861 (A26)


119880119894 |equiv 119878119895 |equiv 119861 (A27)


119880119894 |equiv 119861 (A28)


119880119894 |equiv (1198961) (A29)










played by Sjdef=



Y

Z

T1

Nb

H(NbZKxjT2)




X)end role

Box 2



xor((IDiSIDj)Kug)


T1

Nb





end role

Box 3



def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation




























9 Validation











10 Conclusions



Appendix




GWN ⊲ 119860 ID119894 SID119895119870119906119892

119860 ID119894 SID119895119870119906119892 1198791119889119894

1198791 119861 1198611198722 1198792119909119895 1198792 (A1)


Table14C

ompu

tatio

ncostof

thelogin

andauthentic

ation

Schemes

User

Sensor

Gatew

ayTo

tal

Total(ms)

Choietal[1]

7119879 119867+3

119879 MUL

4119879 119867+2

119879 MUL

4119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551

ChangandLe

[3Schem

e2]

7119879 119867+2

119879 MUL

5119879 119867+2

119879 MUL

9119879 11986721119879

119867+4

119879 MUL

154674

Fanetal[7]

13119879119867+2

119879 MUL

4119879 119867+2

119879 MUL

14119879119867

31119879119867+4

119879 MUL

158614

Nam

etal[9]

3119879 119867+1

119879 119864119863+1

119879 mac+3

119879 MUL

1119879 119867+2

119879 mac+2

119879 MUL

2119879 119867+2

119879 119864119863+3

119879 mac+1

119879 MUL

6119879 119867+3

119879 119864119863+6

119879 mac+6

119879 MUL

2415

12PriAuth

5119879 119867+3

119879 MUL

3119879 119867+2

119879 MUL

7119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551






GWN ⊲ 119860 ID119894 SID119895119870119906119892 SID119895 1198791119889119894

(A2)

GWN ⊲ 1198611198722 1198792119909119895 (A3)




GWN |equiv 119878119895 |sim 1198611198722 1198792 (A5)


GWN |equiv 119880119894 |sim 119860 (A6)


GWN |equiv 119878119895 |sim 119861 (A7)


GWN |equiv 119880119894 |equiv 119860 (A8)


GWN |equiv 119878119895 |equiv 119861 (A9)



119878119895 ⊲ 1198601198723 119861 1198792119909119895 1198611198722 119860 1198791119889119894 (A10)


119878119895 ⊲ 1198601198723 119861 1198792119909119895 (A11)


119878119895 |equiv GWN |sim 1198601198723 119861 1198792 (A12)


119878119895 |equiv GWN |sim 119860 (A13)


119878119895 |equiv GWN |equiv 119860 (A14)


119878119895 |equiv 119880119894 |sim 119860 (A15)


119878119895 |equiv 119880119894 |equiv 119860 (A16)


119878119895 |equiv 119860 (A17)


119878119895 |equiv (1198962) (A18)







119880119894 ⊲ 119861 1198611198722 119860 1198791119889119894 (A21)



played by Uidef=



xor((IDiSIDj)Kug)





end role

Box 1


119880119894 ⊲ 1198611198722 119860 1198791119889119894 (A22)


119880119894 |equiv GWN |sim 1198611198722 119860 1198791 (A23)


119880119894 |equiv 119878119895 |sim 119861 (A24)


119880119894 |equiv GWN |equiv 119861 (A25)


119880119894 |equiv 119878119895 |sim 119861 (A26)


119880119894 |equiv 119878119895 |equiv 119861 (A27)


119880119894 |equiv 119861 (A28)


119880119894 |equiv (1198961) (A29)










played by Sjdef=



Y

Z

T1

Nb

H(NbZKxjT2)




X)end role

Box 2



xor((IDiSIDj)Kug)


T1

Nb





end role

Box 3



def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










Table14C

ompu

tatio

ncostof

thelogin

andauthentic

ation

Schemes

User

Sensor

Gatew

ayTo

tal

Total(ms)

Choietal[1]

7119879 119867+3

119879 MUL

4119879 119867+2

119879 MUL

4119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551

ChangandLe

[3Schem

e2]

7119879 119867+2

119879 MUL

5119879 119867+2

119879 MUL

9119879 11986721119879

119867+4

119879 MUL

154674

Fanetal[7]

13119879119867+2

119879 MUL

4119879 119867+2

119879 MUL

14119879119867

31119879119867+4

119879 MUL

158614

Nam

etal[9]

3119879 119867+1

119879 119864119863+1

119879 mac+3

119879 MUL

1119879 119867+2

119879 mac+2

119879 MUL

2119879 119867+2

119879 119864119863+3

119879 mac+1

119879 MUL

6119879 119867+3

119879 119864119863+6

119879 mac+6

119879 MUL

2415

12PriAuth

5119879 119867+3

119879 MUL

3119879 119867+2

119879 MUL

7119879 119867+1

119879 MUL

15119879119867+6

119879 MUL

22551






GWN ⊲ 119860 ID119894 SID119895119870119906119892 SID119895 1198791119889119894

(A2)

GWN ⊲ 1198611198722 1198792119909119895 (A3)




GWN |equiv 119878119895 |sim 1198611198722 1198792 (A5)


GWN |equiv 119880119894 |sim 119860 (A6)


GWN |equiv 119878119895 |sim 119861 (A7)


GWN |equiv 119880119894 |equiv 119860 (A8)


GWN |equiv 119878119895 |equiv 119861 (A9)



119878119895 ⊲ 1198601198723 119861 1198792119909119895 1198611198722 119860 1198791119889119894 (A10)


119878119895 ⊲ 1198601198723 119861 1198792119909119895 (A11)


119878119895 |equiv GWN |sim 1198601198723 119861 1198792 (A12)


119878119895 |equiv GWN |sim 119860 (A13)


119878119895 |equiv GWN |equiv 119860 (A14)


119878119895 |equiv 119880119894 |sim 119860 (A15)


119878119895 |equiv 119880119894 |equiv 119860 (A16)


119878119895 |equiv 119860 (A17)


119878119895 |equiv (1198962) (A18)







119880119894 ⊲ 119861 1198611198722 119860 1198791119889119894 (A21)



played by Uidef=



xor((IDiSIDj)Kug)





end role

Box 1


119880119894 ⊲ 1198611198722 119860 1198791119889119894 (A22)


119880119894 |equiv GWN |sim 1198611198722 119860 1198791 (A23)


119880119894 |equiv 119878119895 |sim 119861 (A24)


119880119894 |equiv GWN |equiv 119861 (A25)


119880119894 |equiv 119878119895 |sim 119861 (A26)


119880119894 |equiv 119878119895 |equiv 119861 (A27)


119880119894 |equiv 119861 (A28)


119880119894 |equiv (1198961) (A29)










played by Sjdef=



Y

Z

T1

Nb

H(NbZKxjT2)




X)end role

Box 2



xor((IDiSIDj)Kug)


T1

Nb





end role

Box 3



def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation














GWN ⊲ 119860 ID119894 SID119895119870119906119892 SID119895 1198791119889119894

(A2)

GWN ⊲ 1198611198722 1198792119909119895 (A3)




GWN |equiv 119878119895 |sim 1198611198722 1198792 (A5)


GWN |equiv 119880119894 |sim 119860 (A6)


GWN |equiv 119878119895 |sim 119861 (A7)


GWN |equiv 119880119894 |equiv 119860 (A8)


GWN |equiv 119878119895 |equiv 119861 (A9)



119878119895 ⊲ 1198601198723 119861 1198792119909119895 1198611198722 119860 1198791119889119894 (A10)


119878119895 ⊲ 1198601198723 119861 1198792119909119895 (A11)


119878119895 |equiv GWN |sim 1198601198723 119861 1198792 (A12)


119878119895 |equiv GWN |sim 119860 (A13)


119878119895 |equiv GWN |equiv 119860 (A14)


119878119895 |equiv 119880119894 |sim 119860 (A15)


119878119895 |equiv 119880119894 |equiv 119860 (A16)


119878119895 |equiv 119860 (A17)


119878119895 |equiv (1198962) (A18)







119880119894 ⊲ 119861 1198611198722 119860 1198791119889119894 (A21)



played by Uidef=



xor((IDiSIDj)Kug)





end role

Box 1


119880119894 ⊲ 1198611198722 119860 1198791119889119894 (A22)


119880119894 |equiv GWN |sim 1198611198722 119860 1198791 (A23)


119880119894 |equiv 119878119895 |sim 119861 (A24)


119880119894 |equiv GWN |equiv 119861 (A25)


119880119894 |equiv 119878119895 |sim 119861 (A26)


119880119894 |equiv 119878119895 |equiv 119861 (A27)


119880119894 |equiv 119861 (A28)


119880119894 |equiv (1198961) (A29)










played by Sjdef=



Y

Z

T1

Nb

H(NbZKxjT2)




X)end role

Box 2



xor((IDiSIDj)Kug)


T1

Nb





end role

Box 3



def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











played by Uidef=



xor((IDiSIDj)Kug)





end role

Box 1


119880119894 ⊲ 1198611198722 119860 1198791119889119894 (A22)


119880119894 |equiv GWN |sim 1198611198722 119860 1198791 (A23)


119880119894 |equiv 119878119895 |sim 119861 (A24)


119880119894 |equiv GWN |equiv 119861 (A25)


119880119894 |equiv 119878119895 |sim 119861 (A26)


119880119894 |equiv 119878119895 |equiv 119861 (A27)


119880119894 |equiv 119861 (A28)


119880119894 |equiv (1198961) (A29)










played by Sjdef=



Y

Z

T1

Nb

H(NbZKxjT2)




X)end role

Box 2



xor((IDiSIDj)Kug)


T1

Nb





end role

Box 3



def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











played by Sjdef=



Y

Z

T1

Nb

H(NbZKxjT2)




X)end role

Box 2



xor((IDiSIDj)Kug)


T1

Nb





end role

Box 3



def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











def=local SSURSU




end role

Box 4





end role

Box 5



Box 6







Acknowledgments


References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation













































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









a privacy protection user authentication and key agreement

Documents