A Survey: Authentication Protocols for Wireless ...

3 downloads 0 Views 591KB Size Report
Replay attack: is an unauthorized storing and retransmission of Information to mislead the receiver into unauthorized processes such as duplicate transaction, ...
A Survey: Authentication Protocols for Wireless Sensor Network in the Internet of Things; Keys and Attacks Doaa Alrababah, Esraa Al-Shammari, Areej Alsuht Princess Sumaya University for Technology Amman, Jordan [email protected], [email protected], [email protected]

Abstract— Internet of things (IoT) is a new technology that enables things in a specific environment to communicate with each other over the internet. Objects need to communicate wirelessly with each other, so IoT includes wireless sensor networks (WSN), radio frequency identification (RFID), near field communication (NFC), and many to facilitate the communication process. WSN is a network of connected nodes use sensors to collect and share data between each other. In order to build heterogeneity IoT environments, Wireless Sensor Networks should be established to monitor and record activities of connected things. Standard security protocols are used to provide a seamless and secure connection in Wireless Sensor Networks, especially authentication and access control of nodes. In this paper, the importance of security issues within IoT-WSN environment highlighted, by providing a description of some existing authentication protocols used in wireless sensor network. Additionally, classifies the chosen protocols according to types of the secret key used to achieve their goals and types of attack that each protocol can prohibit in the network. The result presents common attacks in WSN resisted by some chosen protocols. This research considered a base for other researchers in Wireless Sensor Network and Internet of Things field. Keywords—IoT; WSN; Protocols; Authentication; Attacks.

I.

INTRODUCTION

With the upcoming Internet of Things (IoT), Wireless Sensor Network (WSN), and the growing development in smart things, the integration between them is essential. Therefore, to build an environment that allows remote access, communication and exchange data, and services [1]. A strong integration should depend on a procedure to ensure the secrecy, integrity, and authenticity, to allow these smart things to communicate with each other. WSN is one of the important networks in (IoT), which contains many nodes with unique characteristics and constraints deployed in a harsh distant environment. The main functions of these nodes are detecting changes in the surrounded environment, collecting and recording data (i.e. temperature, humidity, pressure) [2-4]. The world is a trend to use these small devices in many applications, hence, led the researchers to look for practical solutions to adopt nodes in the IoT paradigm [5].

The need for security issues related to IoT increasing rapidly due to the existence of the evolving technology. Strong and reliable protocols should be built to achieve the security requirements triad CIA (Confidentiality, Integrity, and Authentication) [6]. Authentication protocols exist to ensure the authenticity of each node present in a particular system so that the accessing to the network and obtaining information is applicable [7]. The usage of the authentication protocol should mitigate network attacks; therefore, a protocol must be lightweight to be compatible with the limitations of WSN [8]. Nodes become a legal node when the authentication protocol gives it a credential to access the network and exchange data. These protocols protect the data that the nodes gather it from being compromised or attacked by malicious software. The contribution of this research is to provide a description of the nineteen chosen authentication protocols used in WSN that can be deployed in IoT environment. Additionally, this research compared between chosen protocols in term of types of the secret key used in each protocol and types of attack that the protocol can mitigate. As a result of this paper and after classifying protocols, the most four attacks protected by chosen protocol are Forgery, Replay, Masquerading and Malicious attacks. This provides an indication for the researcher to pay more attention to other types of attack. The rest of this paper is organized as follows: literature review in section II. Section III will describe the security issues and challenges. Then, the comparison between chosen authentication protocols in section IV. The results present in section V. Finally, the conclusion presents in section VI. II.

LITERATURE REVIEW

Internet of things (IoT) has been proposed by Kevin Ashton in 1999, which allows things to communicate with humans or with each other [9]. In term of the integration between the Internet of Things (IoT) and Wireless Sensor Network (WSN), some researchers describe their approaches based on topologies which are used to satisfy the idea of sensing data and environmental incidents [10], their Efficiency [11], or reducing overhead [12]. In addition to that, there are other researchers interested in both field together and they provide

a survey that discussed, classified and compared the protocols that used, these approaches are organized as follows: In [13], five authentication protocols were presented and compared in terms of encryption, freshness (CTR), overhead, MAC used, key agreement, and release year. In [14], two factors authentication protocols related to WSN have been described. They present fifteen protocols and compared them according to twelve security issues like key agreement, dynamic node addition, mutual authentication, user anonymity, and impersonation attack resilience. In [15], some authentication protocols are classified in terms of management of key between nodes based on key-sharing probability, if it is deterministic or probabilistic. Then they compared them according to scalability, processing lead, communication lead, storage lead, and numbers and type of keys. In [16], the authentication issues and challenges that affected in WSN have been discussed. These related issues based on node deployment and procedure. Besides that, they present some of the existing authentication protocols that are used in WSN. Also, they discuss briefly the type of attacks and outlined the best solution for some vulnerable protocols. In [17], some authentication protocols i.e. SPINS, LEAP, and ZigBee are compared depending on security architecture in terms of encryption, overhead, MAC that is used, freshness and other characteristics. In [18], three protocols compared and analyzed depending on some security issues such as node authentication, resilience, node revocation, and scalability. In addition to that, some key management authentication protocols are classified depending on some characteristics like Self-enforcing Protocols, Arbitrated Keying Protocols and Pre-distribution Protocols. In [19] some security communication protocols are studied. The main features of these protocols presented and classified according to IoT network layers. While the authors in [20] specified and classified the security requirements and protocols according to the asymmetric key and symmetric key. This paper compares between some authentication protocols used in WSN in the context of IoT based on the protocol mechanism, the attacks prevented by each protocol, and types of secret key used. III.

SECURITY ISSUES AND CHALANGES

In this section, the security challenges are presented and discussed in term of WSN, then some related attacks are clarified. Increased rapidly with the advances in information technologies, and the appearance of IoT environment that embed smart things; WSN, RFID and so on. These challenges add massive burdens for researchers, which they should treat them, to provide a secure environment for such smart things to communicate and exchange data. Some of these challenges depend on the architecture of the smart things itself i.e. WSN, and others depend on the outsider, like network architecture, threats, and attacks, or depend on surrounding environment requirements [16]. In the case of the architecture of WSN, each node deployed in the network has limitation despite their widely spread, like

power, processor, memory, and communication, which led the researcher to try to use a suitable mechanism to provide the security services to the network [21]. The security services that should be found in each network are:  Authentication: to ensure that no illegal one can grant the network.  Integrity: being sure that no one can modify the data and only members can see it.  Confidentiality: only legal and authorized one can access, watch and control the data in the network.  Non-repudiation: grantee that all members in the network can’t deny their responsibility.  Availability: the network should be available whenever the user needs.  Access control: controlling the accessibility of each end user in the network [22-23]. On the other hand, the network architecture designer should take into consideration such nodes and their characteristics to embed it and use their functionalities of sensing and collecting sensitive data about the environment [24]. According to information importance and sensitivity in WSNs, an unauthorized user tries to reach the data in such networks in an illegal way for different reasons. Some important types of attack in WSN discussed, as follows [25]: 1. Masquerading attack: the attacker tries to use the identity of the authorized member in the network 2. Man-in-the-middle attacks (MITM): the attacker tries to sniff and capture the messages sent between two members of the network, and can impersonate one of these two members to send or replay messages. 3. Forgery attack: routing attacks happen when the attacker captures any sending message, therefore, use these messages to modify, edit or share it with another malicious attacker, and then resend it to fake the receiver who is the real sender. 4. Replay attack: is an unauthorized storing and retransmission of Information to mislead the receiver into unauthorized processes such as duplicate transaction, and false identification. IV.

COMPARISON BETWEEN EXISTING AUTHENTICATION PROTOCOLS

In this section the selected authentication protocols presented and summarized according to their mechanisms, then a brief comparison based on types of secret keys used, and discussed some attacks prevented by each protocol. The authors in [26] proposed an enhancement identity-based authentication and proxy protocol from their previous work that vulnerable to masquerading attack and malicious attack. The main idea in identity-based encryption is using some strings to generate the public key used in the communication process, which doesn’t need key pre-distribution. This protocol provides a modified limited clustering by using temporary group ID and node ID, which the additional and mobile node can communicate with each other and overhear

the message. Another main function used in this protocols is proxy authentication protocol, basically for additional new static or mobile node by cluster member node. After additional process success, each node can overhear all messages from neighbor node and from the attacker. Using this process reduced the forgery attack. The proposed protocol prevent the network from hello flood attack, wormhole attack, sinkhole attack, location deployment attack and man-in-themiddle MITM attack. For multicasting key establishment, [27] developed two group key establishment protocols for nodes to join the multicasting group, and ensuring the validity of each node as a member of the multicasting group by using an Elliptic Curve Cryptography (ECC) secret key and Elliptic Curve Digital Signature Algorithm (ECDSA), which utilize the public and privet key of the node and verifying the signature. The benefit of using ECDSAs is to mitigate the DoS attack, Man-in-theMiddle (MITM) and replay attack by using random number between initiator and nodes, besides the digital signature. The authors compared between the newly proposed protocols in their scalability, performance and security analysis, and compared them with other related approaches. Additionally, they explain how they can mitigate the security threats. Based on the protocol analysis. The researcher defines the appropriate using for each protocol in the IoT environment. The protocol 2 as they named is more efficient, scalable and appropriate for centralized application in IoT environment. In the other hand, protocol 1 has a great degree of randomness to the key derivation contribution, and suitable for distributed IoT application. LEACH protocol has some vulnerabilities that [28] discussed with the main problems of cluster based communication, by adding secure improvement in LEACH protocols based on building blocks from SPIN protocol. SLEACH is the first version of LEACH use a cryptographic algorithm to prevents outside attackers from being a member of the network, which provides data authentication and data freshness. This protocol has a pre-deployment node to provide each node two authentication keys; master symmetric key shared with the base station and group key between all members in the network. The main goals of designing SLEACH are to prevents the network from outside intruders of being part of network and to implement access control to the network that deploys SLEACH. From the concentrate of the joining node and removing it from the network, [29] proposed a secure clustering algorithm to easily joining in and quitting from the network. The proposed algorithm ensures that the nodes are legitimate, based on a secure telecommunication and authentication technique. The proposed algorithm provides two scenarios, one for joining node, and second for anomalous node quitting from the network. In joining process, the node sending a request message to the base station to join the network, the base station search to find the nearest cluster head. The node joins the network, by using a secret key selected by the network to encrypt the communication between node and cluster head. In

the other case, the cluster head detects the abnormal node and delete it from the network, and broadcast a message to all members with the base station to inform them that the node removed from the network. The proposed algorithms improve their efficiency and security by detecting and removing a malicious node from the network. In [12], the authors proposed a platform and security protocol for WSN-IP. The proposed project designed a sensor node and gateway hardware and software, which can be used in any application services, whether public or private. The proposed project implemented a lightweight SSL protocol, which located between TCP/IP stack and the Application layer, with hashing function i.e. SHA1, MD5 and RC4 for data encryption, ICMP for echo request/reply messages, ECDHECDSA for key exchange. Although of designing a bootstrapping and network prefix mechanism for autoconfiguration the IPv6 node into the network, the SNAIL protocol provides many security services that needed in a tiny device, like authentication, integrity, privacy, access control, and non-repudiation. According to all security services that the SSNAIL provides, the protocol suitable for application that required more integrity and secrecy in gathering and exchanging data, like military, healthcare. Depend in two-factor user authentication, the author in [30] proposed a one-way authentication protocol for WSN that use two-factor user authentication to ensure the authenticity of the communication. This proposed protocol takes into consideration some security requirements to improve the authenticity, availability, and integrity of the data for WSN i.e. guessing compromised node, impersonation nodes, and user authentication. The main function of this protocol is that the gateway nodes are responsible for giving a credential to the node that requests to join the system, by generating a secret key and send the personalized smart card to the user in a secure communication. The author compared this protocol with some existing protocols in security and efficiency of each one. This protocol proves the security by provides a method to detect Node compromise attack, Replay attack, Guessing attack, Stolen-verifier attack and login-Id threat. Besides that, the proposed protocol efficient than other related. In term of anonymity, [31] proposed an authentication protocol for resource- constraint devices that applied distributed IoT application. The proposed algorithm consists of four main component: Authentication Cloud Server (ACS), Cluster Head, Home IoT Server (HIoTS) and Edge device. The CAS provides a secure communication link between two HIoTS, end user and HIoTS and helping them to authenticate each other, by giving a credential when they establish a communication between them. Accordingly, if the edge device and cluster head need to communicate and authenticating each other they registered in the HIoTS to get security credential. Besides that, the HIoTS is responsible for the authenticating node that moves from one cluster to other or from network to other. The proposed algorithm has three phases that explain the main function of it, the register phase

that is the first phase, responsible for issuing a security credential through a secure channel. Then in phase two, they design an anonymity authentication protocol, to ensure that each node can move from one position into other in the intercluster. The last phase describes the movement node from one cluster to another one in the same network. This proposed algorithm aims to achieve the anonymity and un-traceability for the nodes, resist from forgery attack and cloning attack and reducing the computation and communication cost. The proposed algorithm has important security properties for securing WSN i.e. mutual authentication, sensor anonymity and un-traceability, scalability and resistant from cloning, impersonating, forgery and replay attacks. In [11] mutual authentication and key establishment protocols are proposed to realize more security in WSN. The proposed key protocol uses a symmetric session key between sensor node, Gateway Node GWN, and user. The paper analyzes and compares the proposed protocol with other proposed protocols, the result shows that the proposed protocol can decrease computation, energy, and communication cost more than other protocol. This proposed protocol provides protection against many types of attacks such as man in the middle attack, stolen smart card attack, DoS attack, replay attack, and GWN bypass attack. The authors in [32] proposed a modified version of TESLA protocol called TESLA-based authentication protocol. TESLA is a protocol for authentication used in the broadcast network, TESLA Have some limitation in scalability. Later two versions of TESLA are proposed. The first version is μTESLA, which proposed for WSN, and it decreases the energy consumption, but cannot prevent DoS attack. The second version is TESLA++, which proposed for VANET, although it has prevention against DoS attack, it cannot be used for WSN because it consumes high power. The proposed protocol TESLA-based protocol designed to treat with weaknesses in the previous two versions to be suitable for WSN and VANET. TESLA-based provide protection against both computational DoS attack, and memory-based DoS attack with less consuming in power. The proposed protocol uses symmetric key, and provide tow-level key chain in place of one-level key chain. Another approach in [33], extends the 6LoWPAN adaptation layer to include two proposed headers, Encapsulation Security Payload (ESP) and IPsec’s Authentication Header (AH) to provide more secure packets transmission in WSN over the internet. ESP used for authentication, integration, and confidentiality while AH used for authentication and integration. ESP provides encryption for the payload of IP but AH cannot. AH and ESP give a protection against replay attacks. AES technique is used for encryption and authentication in both AH and ESP, which uses a symmetric key. While the authors in [34] Use the security petri net model to analyze and verify the security of some security protocols used in WSN, the security protocols included in this analysis is a combination of TinySec and LEAP protocols. TinySec

provides authentication and semantically secure encryption for packets but does not support keying process, so it’s combined with another protocol like LEAP. LEAP supports keying process by using four encryption keys for each node: group key shared by all members in the network, pairwise key to communicate with another node, individual key to sharing with a base station, and cluster key shared with neighbor nodes. The result of analyses approves that the combination of TinySec and LEAP protocols unable to prevent man in the middle attack, so an enhanced version of protocol is proposed. Additionally, the authors in [35] propose a protocol i.e. SAKES for authentication and key establishment in machineto-machine M2M communication combined with 6LoWPAN. The proposed authentication protocol used to check the identity of each device in the network and authenticate it. After the authentication process, the key establishment process is starting to establish a session key to enable node to communicate with internet server without needing to connect with router or gateway. The proposed protocol uses two types of keys pairwise key and asymmetric key. The proposed protocol is analyzed and shows its ability to protect four types of attacks, Dos attack, replay attack, sinkhole attack, and wormhole attack. The authors in [36], presents some security issues related to healthcare remote monitoring over internet using sensors. In addition, a security protocol for authentication and key management proposed to ensure more reliable, confident, and private data. The proposed protocol uses symmetric and pairwise keys to realize more security, each node generates its key, so sniffing attack is prevented. There are other attacks prevented by this proposed protocol including replay attack, impersonate attack, data modification, and eavesdropping. In [37], a new and simple secure routing architecture of IPbased sensor nodes has been provided, to be convened to the large number of working entities in the IoT. The objective is to build trusted channel by mutual authentication and key exchange protocol between the sensor node and the router during the communicating of nodes them self. LISP methodology comes to make replacement between the used IP addresses by Endpoint ID (EIDs) namespace and the Routing Locators (RLOCs), by using some mapping protocols. The mapping protocols work in two stages, registration stage and resolving stage. In the registration stage, the Map Server (MS) use an authoritative LISP-Capable Router to map the Endpoint ID (EIDs) to the Routing Locators (RLOCs) and replicate this change in the database. In [38], a heterogeneous online/offline signcryption (HOOSC) has been deployed, to establish a secure link between a sensor node and a remote server in IoT. The motivation is to use two particular infrastructures public key infrastructure (PKI) and identity-based cryptography (IBC). The purpose is to allow the sensor node to send cipher text to the host server on the internet smoothly. (HOOSC) use IBC to allow the sensor node to send a message to the server in PKI, and this done in two phases online and offline, using five

algorithms ( IBC-KG, PKI-KG, Off-Signcrypt, On-Signcrypt, and Unsigncrypt. In [8], the contribution of this protocol was to design a set of rules in two phases, to support the distributed WSN for authentication purposes in the community of IoT. This design considered the lightweight characteristics, heterogeneity, and mobility of the distributed WSN components. It is applicable to implement inside or outside the network, so in both cases, they must obtain their identities from agreed and common authority to avoid any security threats. The proposed authentication protocol located at the application layer protocol. It used Elliptic Curve Qu-Vanstone (ECQV) implicit certificate protocol and Elliptic Curve DiffieHellman (ECDH) key exchange protocol. It consists of two stages, registration phase and, an authentication phase. Registration stage: it is to provide each entity with own cryptographic credentials, to allow them to authenticate each other in the second stage. The external trusted part like the certificate authority (CA distribute valid implicit certificate and cryptographic requirements to do the authentication. This paper [39] proposed an authentication biometric-based technique to meet the nature of the heterogeneity of the entities in the network related to the internet of things (HWSN). This protocol based on the stored biometric templates pattern that is used to check the identity of the users in the network. It’s established a symmetric shared session key between the server and the node in a trusted way. It allows them to keep their credentials for another to use it in the future communications without adding any additional conditions. The proposed mechanism obtains helpful characteristics like no need for synchronized clocks, keep the computation and communication process low cost and energy, and nonrepudiation and mutual authentication. This done by using SHA-1 hashing and AES algorithms for encryption and decryption by following five phases: pre-deployment, Registration, login, authentication, and password change. Another approach in [40], proposed a BSN-Care protocol to cover some of the security requirements for the integrated health care systems with IoT based on body sensor network (BSN). The concept of this approach is to allow the server to distribute credentials for the coordinators in a secure manner. Also, to help them to authenticate each other by using the lightweight anonymous authentication protocol. This protocol consists of two phases to complete the expected tasks, registration and authentication phases. The main advantages of using this protocol are to achieve prosperities of mutual authentication, secure localization, anonymity and reduce computation process. Also, the authors in [41] present the first and complete twofactor authentication protocol for the IoT paradigms. They used the popular cryptographic algorithms (RSA) based on UDP/IPv6 for Low power Wireless Personal Area Networks (6LoWPANs). This protocol implemented based on a standard security protocol between transport and the application layers which adds more security features since it deals with the network layer protocol IPsec. In addition to

that, several algorithms have been used for authentication as ECC to check the identity of the remote server and network client. This technique depends on the DTLS record header that contains the message content like the version of the used protocol, handshake details and the length of the record. V.

RESULTS

In this section, the results of the classification between authentication protocols according to the attacks and types of the secret key used in each protocol are shown in table 1, table 2 respectively. Then according to classification result, the most four attacks protected by chosen protocols are discussed i.e. Malicious, replay, masquerading and forgery attacks. These main attacks that solved in some chosen authentication protocols are as follows: The replay attack: As shown in Table 1, the replay attack has been prevented by most of the chosen protocols in different ways and techniques. Some protocols use the Message Authentication Code (MAC) hashes to prevent an attacker from modifying, deleting, altering, or inserting messages. The MAC consists of some identity information about the sender of message [33, 35]. While [11] uses asymmetric encryption to prevent the replay attack, by using the public and private keys, besides of symmetric encryption, which uses one secret key that shared in a secret manner. In addition to that, each node in the network generates its own key, and the outside entity cannot directly communicate with nodes, but it communicates with the server. Other protocols use time stamp included in messages between two parties that consist of time in when the message has been submitted. Once the message received, the receiver part checks the time stamp, if it is valid then the communication will be completed [36]. Masquerading Attack: The attacker can capture the node and masquerading it as a legitimate node, then causes more serious attacks like DoS, forgery and replay attacks. Some protocols depend on dynamic login ID with a time stamp. If the attacker tries to log in again, it should re-compute the dynamic login with a new time stamp that depends on the hashing of a pairwise key [30]. Otherwise, if the networks depend on sharing a key between cluster head and nodes, then this protocols can mitigate the masquerading attack because the attacker can’t communicate with other nodes if the secret key that shared between the two nodes is missing [31, 11]. The forgery attack: In [37] some calculations have been proceeded to give the proposed authentication protocol more flexibility and robustness. The calculations require the secret key of the sender A and the secret key of the receiver B. This becomes more complicated to the attacker and will mitigate the forgery attack. Because it is impossible to gain the resulted values without having the keys. While in the [40], the proposed approach is used to defending against any forgery attack. Because if any intruder tries to modify or intercept any message to be authentic to the server, he should achieve two conditions: a valid request message and an accurate serial number. This can be done by selecting the latest serial numbers and strong knowledge of the secret key that shared.

Simply the attacker can complete his goal if he has the secret key and the serial number. The approach in [12] contains SNAIL stack which has a record protocol to keep message integrity. The proposed protocol implement ECC algorithm for message encryption and MD5 for hashing after encapsulating it. The previous processes have been done to prevent any adversary to eavesdropping or conduct any forgery attack. The malicious attack: if the node has been captured physically, some of the mentioned protocols mitigate such type of attack to ensure that all nodes are a legitimate member of the network. Tamper- resistant is a component equipped in sensor node to store a sensitive data. Therefore if the intruder captured the node he can’t be able to obtain the data from the node [30]. The Cluster Head (CH) plays an important role in mitigation such attacks, by using time parameter t, the CH checks the communication every T time, if the node sends a correct information in time it will be considered as a trusted node. Otherwise, it will be removed from the network. Additionally, each node can overhear the messages from all nodes, and if the malicious node tries to send a message to the CH, the original node overhears the message and send an alert message to the CH [26, 29]. There are other techniques that used the cryptographic system to mitigate the malicious attack, by using a secret key shared between nodes, CH, and the base station. The malicious node can be detected and removed from the network when the attacker tries to capture it, and send a message without knowing the secret key [27]. Using Message Authentication Code (MAC) that puts on the message shared between nodes and CH will mitigate the malicious attack by keeping the message freshness [8]. Table (1): The Attacks Classification Table Attacks MITM , Sinkhole, Masquerading DoS, Sinkhole, Replay Stolen Identifier/ Verifier Stolen Identifier/ Verifier Forgery Stolen Identifier/ Verifier, Replay, Masquerading Forgery, Masquerading DoS, MITM, Stolen Identifier/ Verifier, Replay, Masquerading DoS Replay MITM DoS, Wormhole, Sinkhole, Replay Replay, Masquerading Forgery, MITM, Replay Forgery Forgery DoS, Stolen Identifier/ Verifier, Replay, Masquerading Forgery, Replay DoS

Approaches 26 27 28 29 12 30 31 11 32 33 34 35 36 37 38 8 39 40 41

Table (2): Types of Secret Key Used Classification Table

Type of Secret Key Used Symmetric key Asymmetric key

VI.

Approaches 28, 29, 30, 11, 32, 33, 34, 35, 36, 37, 38, 39, 40 26, 27, 28, 12, 31, 32, 34, 35, 36, 37, 38, 8, 41

CONCLUSION AND FUTURE WORK

Day after day, WSN becomes widely used for many important applications, which need to communicate and exchange data in a secure manner, especially if these applications are internet based. In order to establish a secure communication over nonsecure channel, a strong and reliable protocols are needed in WSN to ensure the security grantee between sensor nodes like integrity, access control and authenticity …etc. Authentication protocols implemented to provide mechanism to protect the network against malicious node and many types of attacks (like replay attack, DoS attack …etc) by giving a credential to all members to access and exchange data. There are many existing authentication protocols proposed to prevent such attacks in WSN in the context of IoT. In this paper, some of these protocols discussed and compared according to the types of the secret key that are used and their prevention against attacks. The result of the classification shows that the main four common attacks prevented from the chosen protocols are: forgery, replay, masquerading and malicious attacks. Also, shows how each protocol mitigates such attacks. In addition to that, the result shows the secret keys (symmetric and asymmetric key) that are used by chosen protocols to provide more security and robustness. To the best of our knowledge, this paper becomes a step forward for other researchers that interest in IoT and WSN fields together, in order to choose the useful protocols according to their needs. Furthermore, to achieving more security the researcher can deploy more than one of the mentioned protocols. The next step after this work is to compare between these selected protocols according to its complexity. Furthermore, adds more authentication protocols not mentioned in this work and discuss them in the context of security issues. REFERENCES [1] C. Alcaraz, P. Najera, J. Lopez, and R. Roman, “Wireless sensor networks and the Internet of things: Do we need a complete integration?,” 1st International Workshop on the Security of the Internet of Things (SecIoT10),IEEE, Tokyo (Japan),2010. [2] Pathan, A. S. K., Lee, H.-W. and Hong, C. S. (2006) “Security in wireless sensor networks: Issues and challenges”, Phoenix Park, 20 February 2006. Institute of Electrical & Electronics Engineers (IEEE). pp. 1043–1048. [3] Ullah, T. Mehmood, M. Habib, and M. Ibrahim, “SPINS: Security Protocols for Sensor Networks,” in Proceedings of International Conference on Machine Learning and Computing (ICMLC 2009), 2009. [4] Shio Kumar Singh, M.P. Singh, and D.K. Singh, “Routing Protocols in Wireless Sensor Networks – A Survey” International Journal of Computer Science and Engineering Survey (IJCSES), November 2011, Vol. 1, issue no. 2, pp. 63-83.

[5] W. Stallings, L. Brown, M. Bauer, and M. Howard, “COMPUTER SECURITY PRINCIPLES AND PRACTICE” Second edition, second ed. PEARSON, 2013. [6] Stallings, W. and Brown, L. (2011) “Computer security: Principles and practice” (2nd edition) (Stallings). [7] “Internet of Things: Wireless Sensor Network”, International Electrotechnical Commission IEC, White Paper, 2014-11-01. [8] Pawani, P., C, S., Pranaw, K., Andrei, G. and Mika, Y. “Two-phase authentication protocol for wireless sensor networks in distributed IoT applications”, Istanbul, 6 April 2014. Wireless Communications and Networking Conference (WCNC), 2014 IEEE: IEEE. pp. 2728–2733. [9] K. A, G. K, and A. A, “Simulation and analysis of authentication protocols for mobile Internet of things (MIoT),” in Parallel, Distributed and Grid Computing (PDGC), 2014 International Conference on, Solan: IEEE, 2013, pp. 423–428. [10] N. Yasin and G.-P. Emiliano, “Internet of things a proposed secured network topology,” in Irish Signals & Systems Conference 2014 and 2014 China-Ireland International Conference on Information and Communications Technologies (ISSC 2014/CIICT 2014). 25th IET, Limerick: IET, 2014, pp. 274–279. [11] S. Mrudula, K. L. Narayana, and V. C. Sekhar, “An energy efficient temporal credential based mutual authentication protocol for WSN,” in Ecofriendly Computing and Communication Systems (ICECCS), 2014 3rd International Conference on, Mangalore: IEEE, 2014, pp. 73–78. [12] J. Wooyoung, H. Sungmin, H. Minkeun, K. Young-Joo, and K. Daeyoung, “SSL-Based lightweight security of iP-based wireless sensor networks,” inAdvanced Information Networking and Applications Workshops, 2009. WAINA ’09. International Conference on, Bradford: IEEE, 2009, pp. 1112–1117. [13] B. D and N. T, “A survey of authentication mechanisms: Authentication for ad-hoc wireless sensor networks,” in Sensors Applications Symposium, 2007. SAS ’07. IEEE, San Diego, CA: IEEE, 2007, pp. 1–6. [14] K. Sharanjeet and K. P, “A survey on two-factor user authentication protocols in wireless sensor networks,” in Advance Computing Conference (IACC), 2015 IEEE International, Banglore: IEEE, 2013, pp. 1077–1081. [15] S. Ould Amara, R. Beghdad, and M. Oussalah, “Securing wireless sensor networks: A survey,” EDPACS, vol. 47, no. 2, pp. 6–29, Feb. 2013. [16] S. Patil, V. Kumar, S. Singha, and R. Jamil, “A survey on authentication techniques for wireless sensor networks,” International Journal of Applied Engineering Research, vol. 7, no. 11, 2012. [17] B. D and N. T, “Security protocols for use with wireless sensor networks: A survey of security architectures,” in Wireless and Mobile Communications, 2007. ICWMC ’07. Third International Conference on, Guadeloupe: IEEE, 2007, p. 54. [18] R. Rautray and I. Sarangi, “A Survey on authentication protocols for wireless sensor network,” International Journal of Engineering Science and Technology, vol. 3, no. 5, 2011. [19] G. Jorge, M. Edmundo, and S. S. Jorge, “Security for the Internet of things: A survey of existing protocols and open research issues,” Communications Surveys & Tutorials, IEEE, vol. 17, no. 3, pp. 1294–1312, 2015. [20] K. T. Nguyen, M. Laurent, and N. Oualha, “Survey on secure communication protocols for the Internet of things,” Ad Hoc Networks, vol. 32, pp. 17–31, Sep. 2015. [21] C. M. Medaglia and A. Serbanati, “An overview of privacy and security issues in the Internet of things,” The Internet of Things, Springer New York, pp. 389–395, 2010. [22] W. Stallings and S. WILLIAM, “Cryptography and network security: Principles and practices,” 4th ed. India: Dorling Kindersley Pvt, 2006. [23] D. Sridharan and T. Kavitha, “Security vulnerabilities in wireless sensor networks: A survey,” Journal of information Assurance and Security 5.1, vol. 1, no. 5, pp. 31–44, 2010. [24] G. V. C and H. G. P, “Industrial wireless sensor networks: Challenges, design principles, and technical approaches,” Industrial Electronics, IEEE Transactions on, vol. 56, no. 10, pp. 4258–4265, 2009. [25] T.-G. Lupu, “Main types of attacks in wireless sensor networks,” World Scientific and Engineering Academy and Society (WSEAS), vol. 9, pp. 180– 185, 2009.

[26] S.-H. Na, K.-J. Kim, M. M. Hassan, and E. Huh, “Identity-based secure protocol protocol for wireless sensor network,” in Information Technology, Culture and Human 2009, Seoul, Korea, 2009, ResearchGate, 2009, vol. 403, pp. 555–560. [27] P. Pawani, B. An, S. Corinna, G. Andrei, Y. Mika, and S. Burkhard, “Group key establishment for enabling secure Multicast communication in wireless sensor networks deployed for IoT applications,” in Access, IEEE, vol. 3, IEEE, 2015, pp. 1503–1511. [28] A. C. Ferreira, M. A. Vilaça, L. B. Oliveira, E. Habib, H. C. Wong, and A. A. Loureiro, “On the security of cluster-based communication protocols for wireless sensor networks,” Networking-ICN, Springer Berlin Heidelberg, vol. 3420, pp. 449–458, 2005. [29] H. Xiangdong and Z. Yuhan, “Research on security mechanism of nodes joining in and quitting from WSN,” in Circuits, Communications and System (PACCS), 2011 Third Pacific-Asia Conference on, Wuhan: IEEE, 2011, pp. 1–4. [30] D. M. Lal, “Two-factor user authentication in wireless sensor networks,” Wireless Communications, IEEE Transactions on, vol. 8, no. 3, pp. 1086–1090, Mar. 2009. [31] G. Prosanta and T. Hwang, “Untraceable sensor movement in distributed IoT infrastructure,” Sensors Journal, IEEE, vol. 15, no. 9, pp. 5340–5348, Sep. 2015. [32] R. Na and H. Yoshiaki, “DoS attack-tolerant TESLA-based broadcast authentication protocol in Internet of things,” Networking (iCOST), 2012 International Conference on Selected Topics in. IEEE, pp. 60–65, 2012. [33] V. Prabhakar and C. Garth, “Implementing IPsec in wireless sensor networks,” in New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, Dubai, IEEE, 2014, pp. 1–5. [34] Y. Guo, X. Liu, and X. Shao, “Formal proof of the security protocol in wireless sensor network based on the Petri net,” in Computational Intelligence and Security (CIS), 2013 9th International Conference on, IEEE, 2013, pp. 668–672. [35] H. H. Redwan, T. G. Akele, M. Ting, T. Lee, Y. Choi, and K.-H. Kim, “SAKES: Secure authentication and key establishment protocol for M2M communication in the iP-based wireless sensor network (6L0WPAN),” in Ubiquitous and Future Networks (ICUFN), 2013 Fifth International Conference on, IEEE, 2013, pp. 246–251. [36] R. Anass, L. Aziza, E. Fatiha, and B. Mohammed, “The Internet of things for healthcare monitoring: Security review and proposed solution,” in Information Science and Technology (CIST), 2014 Third IEEE International Colloquium in, IEEE, 2014, pp. 384–389. [37] R. Ali, L. Aboubaker, and L. Jonathan, “A secure authentication protocol for IP-based wireless sensor communications using the location/ID split protocol (LISP),” in Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, Beijing: IEEE, 2014, pp. 840–845. [38] F. Li and P. Xiong, "Practical secure communication for integrating wireless sensor networks into the Internet of things," Sensors Journal, IEEE, vol. 13, no. 10, pp. 3677–3684, 2013. [39] D. A. K and B. B, “A Biometric-Based user authentication protocol for heterogeneous wireless sensor networks,” Advanced Information Networking and Applications Workshops (WAINA), 2013 27th International Conference on, pp. 291–296, 2013. [40] G. Prosanta and H. Tzonelih, “BSN-Care: A secure IoT-based modern healthcare system using body sensor network,” Sensors Journal, IEEE, vol. pp, no. 99, p. 1, Nov. 2015. [41] K. Thomas, S. C, W. Hu, B. M, and C. Georg, “A DTLS based end-toend security architecture for the Internet of things with two-way authentication,” inLocal Computer Networks Workshops (LCN Workshops), 2012 IEEE 37th Conference on, Clearwater, FL: IEEE, 2012, pp. 956–963.