|
| Step 1 |
Login phase begins when Ui wants to access the WSN as described in Section 2.2.When Ui sends the authentication request {DIDi, MUi−G, vi, Ti} to GW, Uα eavesdrops on the transmission. |
| Step 2 |
Uα computes the following using xs and {DIDi, MUi−G, vi, Ti}. Tα and Tα′ denote the current timestamp of Tα system, and Tα < Tα′. Uα generates a random nonce RNα. SIDα is created by Uα. |
| yi = RNα ⊕ xs
|
| MG−Sj = h(DIDi∥SIDα∥xs∥Tα) |
|
|
|
|
| MG−Ui = h(DIDi∥MG−Sj∥MUi−G∥xs∥Tα′) |
|
Uα forges the authentication request sent from GW to Ui in authentication-key agreement phase using {yi, wi, MG−Ui, Tα′}. |
| Step 3 |
When Ui receives {yi, wi, MG−Ui, Tα′} from Uα, Ui checks if (TU′ − Tα′) ≤ ΔT, where TU′ is the current timestamp of Ui system. If (TU′ − Tα′) ≤ ΔT, then the next step proceeds; otherwise, this phase is aborted. |
| Step 4 |
The smart card computes the following. |
| RNα = yi ⊕ xs
|
|
|
|
|
| MG−Ui*=h(DIDi∥MG−Sj∥MUi−G∥xs∥Tα′) |
|
The smart card compares MG−Uiwith MG−Ui*. Since MG−Ui=MG−Ui*, Ui regards {yi, wi, MG−Ui,Tα′} as being transmitted from GW. Therefore, Uα can communicate with Ui using the session key Ks = f((DIDi∥RNα), xs). |
|