Allakany Alaa, Saber Abeer, Mostafa Samih M, Alsabaan Maazen, Ibrahem Mohamed I, Elwahsh Haitham
Computer Science Department, Faculty of Computers and Information, Kafrelsheikh University, Kafrelsheikh 33516, Egypt.
Information Technology Department, Faculty of Computers and Artificial Intelligence, Damietta University, Damietta 34519, Egypt.
Sensors (Basel). 2023 Jun 19;23(12):5703. doi: 10.3390/s23125703.
The latest version of ZigBee offers improvements in various aspects, including its low power consumption, flexibility, and cost-effective deployment. However, the challenges persist, as the upgraded protocol continues to suffer from a wide range of security weaknesses. Constrained wireless sensor network devices cannot use standard security protocols such as asymmetric cryptography mechanisms, which are resource-intensive and unsuitable for wireless sensor networks. ZigBee uses the Advanced Encryption Standard (AES), which is the best recommended symmetric key block cipher for securing data of sensitive networks and applications. However, AES is expected to be vulnerable to some attacks in the near future. Moreover, symmetric cryptosystems have key management and authentication issues. To address these concerns in wireless sensor networks, particularly in ZigBee communications, in this paper, we propose a mutual authentication scheme that can dynamically update the secret key value of device-to-trust center (D2TC) and device-to-device (D2D) communications. In addition, the suggested solution improves the cryptographic strength of ZigBee communications by improving the encryption process of a regular AES without the need for asymmetric cryptography. To achieve that, we use a secure one-way hash function operation when D2TC and D2D mutually authenticate each other, along with bitwise exclusive OR operations to enhance cryptography. Once authentication is accomplished, the ZigBee-based participants can mutually agree upon a shared session key and exchange a secure value. This secure value is then integrated with the sensed data from the devices and utilized as input for regular AES encryption. By adopting this technique, the encrypted data gains robust protection against potential cryptanalysis attacks. Finally, a comparative analysis is conducted to illustrate how the proposed scheme effectively maintains efficiency in comparison to eight competitive schemes. This analysis evaluates the scheme's performance across various factors, including security features, communication, and computational cost.
ZigBee的最新版本在各个方面都有改进,包括低功耗、灵活性和具有成本效益的部署。然而,挑战依然存在,因为升级后的协议仍然存在广泛的安全弱点。受限制的无线传感器网络设备无法使用诸如非对称加密机制等标准安全协议,这些协议资源密集型且不适用于无线传感器网络。ZigBee使用高级加密标准(AES),这是保护敏感网络和应用数据的最佳推荐对称密钥分组密码。然而,预计AES在不久的将来容易受到一些攻击。此外,对称密码系统存在密钥管理和认证问题。为了解决无线传感器网络中的这些问题,特别是在ZigBee通信中,在本文中,我们提出了一种相互认证方案,该方案可以动态更新设备到信任中心(D2TC)和设备到设备(D2D)通信的密钥值。此外,建议的解决方案通过改进常规AES的加密过程来提高ZigBee通信的加密强度,而无需非对称加密。为了实现这一点,当D2TC和D2D相互认证时,我们使用安全的单向哈希函数操作以及按位异或操作来增强加密。一旦认证完成,基于ZigBee的参与者可以就共享会话密钥达成一致并交换安全值。然后,这个安全值与来自设备的感测数据集成,并用作常规AES加密的输入。通过采用这种技术,加密数据获得了针对潜在密码分析攻击的强大保护。最后,进行了比较分析,以说明与八个竞争方案相比,所提出的方案如何有效地保持效率。该分析评估了该方案在各种因素(包括安全功能、通信和计算成本)方面的性能。
