Implementation of Authentication

and Access Control Protocol

for Heterogeneous Network

Vivek Ugale, Swati Suresh Pawar and Yogesh Murlidhar Gaikwad

1 Introduction

Wireless sensor networks (WSN) are centralized infrastructure with multifunctional

sensor nodes connected with each other through wireless medium [1]. Mobile ad hoc
network (MANET) is decentralized with dynamic topology. MANETs are created
as per the requirement of application. Data transmitting is done through low power
sensor nodes without any base station. Sensor nodes work in constraint environment
like low power, low memory, and inferior performance as wireless computing devices
are equipped with various sensors. Size of node is small as they are often deployed
in a critical environment like earthquake, flood-affected areas, war fields [2].
Sensor nodes sense the circumstances and acquire the data, store that data from
different sensors, and simultaneously, they distribute the data continuously to other
nodes in the network whenever there is a request for accessing the data. But this
data acquisition and distribution between sensor nodes or to any user node in WSN
and MANET require some kind of security as the sensor nodes are often deployed
in hostile environment. Due to advancement of technology in communication area,
the data sent over a wireless channel may get exposed to any unauthorized person
who does not carry credentials of data access. So the data authentication and access
control become secure [2].

V. Ugale (B) · S. S. Pawar · Y. M. Gaikwad

Department Electronics and Telecommunication Engineering, SITRC, Nashik, India
e-mail: vivekugale@gmail.com
S. S. Pawar
e-mail: swati19july@gmail.com
Y. M. Gaikwad
e-mail: getyogesh2124@gmail.com

© Springer Nature Singapore Pte Ltd. 2019 1

D. Bhargava and S. Vyas (eds.), Pervasive Computing: A Networking Perspective
and Future Directions, https://doi.org/10.1007/978-981-13-3462-7_1
2 V. Ugale et al.

2 Security Challenges

2.1 Wireless Sensor Networks

A WSN is a network of different sensors interconnected and communicates through

a centralized node generally called as a base station or a sink. Through a sink, sensor
node can send or receive the control information or extract the data from other
network. Sensor node has limited resource than a sink node and has to communicate
with other nodes through a sink node only. Every sensor node acts as a router for the
data which is being disseminated. Sensor nodes can be an optical, acoustic, visual,
magnetic sensor which sense the environment and extract the data from conditions
and that data is sent over the network which ultimately reaches to sink node [1].

2.2 Security Challenges in WSNs

In WSN, sensor nodes come with a very limited memory and storage to store the
code, with less data processing capability, power source in order to make a node as
small as possible. All these constraints put limitation on implementation of security
solution, as security code, which has to be efficient, must be small as sensor nodes
come with very small memory. Following are the security challenges in WSN [1, 3].
Data Confidentiality As data is disseminated wireless between sensor nodes, keep-
ing the access of the data only to the authenticated user becomes very essential task.
So to keep eavesdroppers restricted from accessing the data encryption function is
used which works on a shared secrete key exchange for the communication between
two end users [3].
Data Integrity It ensures the data which is sent by sender is being received by the
end user as it is. It keeps the data form secure from being altered or tempered during
transition from sender to receiver. Data integrity also ensures the freshness of the
data by not delivering the old data packets again [3].
Authentication The process of authentication involves the identification of the origin
of data source. It also ensures the no unauthenticated user tempers the data during
the transition [3].
Key Management It includes the establishment and maintenance of the communi-
cation between two authorized parties by exchanging the key. There are two types
of the key algorithms. Symmetric consists of the two keys: one for sender and one
for receiver, which can be same or be computed by communicating nodes itself.
Asymmetric algorithms involve public key, which is known to everyone and private
key made available to only authorized parties [3].
Security issues also include availability, privacy, secure routing, secure group
management, intrusion detection and secure data aggregation which needs to be
addressed while designing the WSNs [1, 3].
Implementation of Authentication and Access Control Protocol … 3

2.3 Mobile Ad-hoc Network (MANET)

MANETs are formed dynamically between the individual nodes as per requirement
of the communication. Ad hoc network is dynamic, infrastructure less, decentral-
ized, often communicates wireless medium. The application area of ad hoc is very
wide from house hold to military, flood area to earthquake hit areas, medical field as
it is created and maintained by the nodes involved in network itself. But the same
characteristic makes ad hoc a less secure, also deficient of power and memory, as
nodes are mobile, lightweight and heavily depends on other nodes for communica-
tion. Constraint resources put restriction on security algorithms for authentication
and data access. Security challenges of ad hoc networks are as follows [2].
Restricted Power Supply As MANET is a network of mobile nodes, which run
on small batteries, and possess less computational capacity, so heavy computational
security algorithms cannot be implemented as it requires intense computation.
Unreliability Some of the nodes of MANET may ‘misbehave’ due lack of sufficient
power supply.
Decentralized Node Management As MANET does not have any infrastructure,
communication between two nodes is done through other nodes which make MANET
more vulnerable to attacks.
Detection of Attack Due to mobility of nodes, detection of malicious attack in
MANET becomes very challenging especially in large-scale network.
Dynamic Network Topology Routing algorithms, key management, security algo-
rithms implemented for mobile nodes have to adapt to ever-changing conditions like
entering of new node, leaving of nodes in MANET [2].

2.4 Performance parameters in WSN and MANET

Throughput is a measure of the date rate (bits per second) generated during com-
munication established between nodes.
Average Delay is time taken by the packets to reach destination once transmitted by
the source.
Packet Delivery Ratio is ratio of packets deliver to destination to packets sent from
source.
Energy Consumption is energy required by packet for its transmission from source
and reception of packet destination [1, 2, 4].
4 V. Ugale et al.

3 Background

3.1 Elliptical Curve Discrete Logarithm Problem (ECDLP)

The discrete logarithm problem states: Given a multiplicative group G and elements
g, h m G; find an integer n; if it exists, such that gn  hn. This number n is the discrete
logarithm of h to the base g; written more concisely as n  log g(h). In cryptographic
applications, the existence of such an integer n is naturally presumed. Consequently,
the problem is reduced to finding the number n [4].
Brief Review of ENABLE Scheme
ENABLE has been proposed by X. H. Le, S. Lee and et al. which eliminates the
issues concern with symmetric key management such as scalability, key storage, and
pre-distribution of key [5].
Protocol Description
Consider ‘A’ user node wants to access the data from particular node or group of
nodes, firstly sends the request for data access to the corresponding node (Fig. 1).
Upon receiving the request from the first user node, receiving node ‘B’, first
authenticates the identity of that node from key distribution center (KDC), after
confirming the identity of first user, node ‘B’ decides whether to accept or deny the
access [5].
Before starting of the actual data access, the user node, say Alice (A), generates
public key (QA) and private key (kA) using the same ECC parameters with KDC.
KDC generates a certificate of the user’s access list and public key by signing with
its private key (certA  {acA, QA, sign KDC (acA||QA)}. The certificate is then sent
to the user. The user A and sensor S compute a secret key (xA) using ECDH key
exchange protocol [5] (Fig. 2).

Fig. 1 ENABLE protocol

scheme; node ‘A’—user
node; node ‘B’—sensor
node; KDC—key
distribution center
Implementation of Authentication and Access Control Protocol … 5

Fig. 2 ENABLE protocol [5]

Major drawback of ENABLE is it requires online KDC as sensor node commu-

nicates with KDC to authenticate the identity of the Alice node before permitting
the data access to it. Authentication process increases the overhead of the network
substantially [5].

3.2 Review of MAACE Scheme

Different types of medical sensors are deployed in hospital to monitor the patient’s
health information. The communication range of sensors is often small, so all the
data transmitted by sensor is stored at a central point, i.e., mobile terminal or local
servers. The central device aggregates all data from sensor and sends it to the server
at hospital for centralized storage which can be accessed by remote located servers
or users through Internet [6] (Fig. 3).
Network Model Network layer is defined consisting of three layers as shown in
figure, sensor network (SN) layer, coordination network (CN) layer, and data access
(DA) layer [6].
In SN layer, different types of medical sensors like ECG, blood pressure, electro-
cardiogram, heart rate, and oxygen level are deployed at hospitals. These sensors use
either ZigBee (IEEE 802.15.4) or Bluetooth (IEEE 802.15.1) wireless technology
(Fig. 4).
6 V. Ugale et al.

Fig. 3 Typical wireless sensor networks [5]

Coordination Network (CN) Layer In CN layer, a PDA or laptop or a network of

desktops forms a centralized network to collect and analyze the sensor data from SN
layer.
Data Access (DA) Layer This layer consists of database servers from which health
practitioner can access the data remotely. But to give the credentials of accessing the
data, authentication of the data requesting party is done first.

3.3 Mutual Authentication and Access Control Based

on ECC (MAACE)

Every communication starts with the establishment of key between nodes. To meet
scalability requirements for a large number of sensor nodes, a public key management
Implementation of Authentication and Access Control Protocol … 7

Fig. 4 Hierarchical structure of a WSN [5]

scheme based on elliptic curve cryptography (ECC), i.e., MAACE, is used. ECC is
more easy to deploy and scalable than symmetric key.
Key Establishment The main architectural difference between MAACE and
ENABLE is KDC; here, it does not require to be online all the time. Using the
elliptical curve cryptography, KDC generates the public as well as private key for
each node in coordination and data access layer. Each node has ECC key pair which
is used to establish secure communication [6].
Authentication and Access Control For the application of in healthcare area,
MAACE is developed. Considering the medical practitioner at remote distance often
called as Alice node or A needs to access the data from sensor node or data stored
on the central server (Fig. 5).
MAACE includes following steps
1. Alice generates secrete key, i.e., L with the help of session key C and S. Alice
sends secrete key by encrypting it with random number r from KDC, along with
its certificate certA and current timestamp TA.
2. Coordination node C firstly verifies TA, SA, certA, if it authenticates ‘A’, then it
encrypts the secrete key M, TC, and MAC1. C node then sends all of these to S
node.
3. ‘S’ node checks the timestamp TC, MAC1. After authentication, S generates
secrete key M using which it builds MAC2 and then sends it to C.
4. Node C verifies MAC2. If valid, it generates sign SC and sends it to Alice. Node
A verifies the SC, if valid, then S and C are authentic to A [6].
8 V. Ugale et al.

Fig. 5 MAACE protocol [5]

4 Performance Analysis

This section presents the performance evaluation of MAACE and ENABLES pro-
tocol. For simulation of MAACE and ENABLE, network simulator 2 is used and
performance of two protocols is evaluated in terms of average energy, average delay,
throughput, and packet delivery ratio (Fig. 6).
For simulation, nodes of WSN and WLAN are randomly distributed in a 500 m ×
500 m area. The transmission range of nodes is 250 m as two-ray ground is used for
radio propagation model. Transmission and receiving power are 0.02 and 0.01 W,
respectively. Initial energy of the nodes is kept 100 J. Medium access control (MAC)
is used in link layer, and ad hoc distance vector (AODV) is used as routing protocol.
One key distribution center (KDC) is created for generating the keys. By taking
total 100, 200, 300 sensors and coordination nodes, simulation is done for 50, 100,
150, 200 s separately. For each scenario, energy consumption, delay, packet delivery
ratio, and throughput are calculated and then each parameter is averaged for different
scenario.
Implementation of Authentication and Access Control Protocol … 9

Fig. 6 NS-2 simulation windows

Fig. 7 Average energy consumption

4.1 Comparison of Average Energy Consumption

As shown in Fig. 7, the energy consumed by MAACE is reduced as compared to that

of the ENABLE protocol.
10 V. Ugale et al.

Fig. 8 Average delay

Energy consumption in MAACE is 0.0464 and 0.112 mJ in ENABLE for 100

nodes After comparing of the average energy consumption of ENABLE and MAACE,
energy consumption is 58, 17, and 19% less in MAACE protocol as compared to
ENABLE for 100, 200, 300 nodes, respectively.

4.2 Comparison of Delay

After comparing delay of ENABLE and MAACE, delay in MAACE protocol is 33.58,
9.83% less as compared to delay in ENABLE for 100, 200 nodes, respectively. But
delay increases by 2.40% in MAACE as compared to delay in ENABLE for 300
nodes (Fig. 8).

4.3 Comparison of Packet Delivery Ratio

After comparing packet delivery ratio of ENABLE and MAACE for different sim-
ulation time, PDR in MAACE protocol is more than of ENABLE by 84, 60, 142%
for 100, 200, 300 nodes, respectively (Fig. 9).
So, if the number of nodes is 200, then MAACE PDR slightly drops as compared
to PDR if nodes are 100. But, overall PDR ratio of MAACE is almost double than
ENABLE which indicates the efficiency of MAACE.
Implementation of Authentication and Access Control Protocol … 11

Fig. 9 Average packet delivery ratio

Fig. 10 Average throughput

4.4 Comparison of Throughput

After comparing throughput of ENABLE and MAACE for different simulation time,
throughput in MAACE protocol is 184.91, 160.80, and 242.78% of ENABLE for
100, 200, 300 nodes, respectively (Fig. 10).
12 V. Ugale et al.

Table 1 Performance comparison of MAACE and ENABLE for various parameters

Performance parameter No. of nodes MAACE ENABLE
Average energy consumption (in mJ) 100 0.0464 0.112
200 0.1043 0.1271
300 0.1067 0.1326
Average delay (in ms) 100 0.02569 0.03868
200 0.02080 0.02307
300 0.01656 0.01617
Average packet delivery ratio 100 51.8254 95.6957
200 61.4576 98.6482
300 33.8955 82.0279
Average throughput 100 42,079 77,808
200 100,243 161,193
300 83,069 201,676

Throughput of ENABLE shows decline if a number of nodes are 300 as com-

pared to throughput for 200 nodes, but the throughput of MAACE shows continual
improvement as the number of nodes increases.
The values are essential for assessment of the efficiency of the protocol. The energy
consumption of the MAACE protocol is improved as compared to the ENABLE
protocol. The MAACE protocol provides less energy consumption along with the
delay and good packet delivery ratio.

5 Conclusion

MAACE and ENABLE for authentication between nodes of WSN and WLAN imple-
mented using ns-2 platform and performance evaluation is done by simulating 100,
200, 300 nodes separately for simulation time of 50, 100, 150, and 200 s (Table 1).
Results of simulation of MAACE on ns-2.3 showed 17–50% less energy con-
sumption to ENABLE as the number of nodes increases, energy consumption also
increases. Delay occurring in MAACE is 2–33% less as compared to ENABLE;
delay shows continual increment as the number of nodes increases. MAACE shows
far better efficiency to ENABLE, average 84–142% more packet deliver ratio and
throughput is achieved as compared to ENABLE.
MAACE proved to be a secure, lightweight, i.e., energy and delay efficient public
key-based security scheme which ensures the data confidentiality by allowing the
access to the database to the privileged person.
Implementation of Authentication and Access Control Protocol … 13

References

1. Stavroulakis, P., & Stamp, M. (2010). Handbook of information and communication security.
Berlin, Heidelberg: Springer. ISBN 978-3-642-04116-7.
2. Aldabbas, H., & Janicke, H. (2014). Review of security in VANETS and MANETS. Chapter
January 2014. http://www.Researchgate.Net/Publication/268219261.
3. Yang, S.-H. (2014). Wireless sensor networks, signals and communication technology. London:
Springer. https://doi.org/10.1007/978-1-4471-5505-8_9.
4. Xuan Hung, L., et al. (2009). An energy-efficient access control scheme for wireless sensor
networks based on elliptic curve cryptography. Journal of Communications and Networks, 11(6),
599–606.
5. Xuan Hung, L., et al. (2011). An efficient mutual authentication and access control scheme for
wireless sensor networks in healthcare. Journal of Networks, 6(3), 355–364.
6. Lee, Y. S., Alasaarela, E., & Lee, H. J. (2014). Secure key management scheme based on ECC
algorithm for patient’s medical information in healthcare system, ICOIN 2014, 978-1-4799-
3689-2/14/ IEEE.