Received: 29 June 2020 Revised: 21 November 2020 Accepted: 14 January 2021

DOI: 10.1002/dac.4764

RESEARCH ARTICLE

ESS-IBAA: Efficient, short, and secure ID-based

authentication algorithm for wireless sensor network

Shivendu Mishra1 | Ritika Yaduvanshi2 | Kumkum Dubey1 | Prince Rajpoot1

1
Department of Information Technology,
Rajkiya Engineering College, Ambedkar
Nagar, Akbarpur, Uttar Pradesh, India
2
Department of Computer Science and
Engineering, Mahamaya College of
Agricultural Engineering and Technology,
Akbarpur, Uttar Pradesh, India
Correspondence
Shivendu Mishra, Department of
Information Technology, Rajkiya
Engineering College, Ambedkar Nagar,
Akbarpur, UP, India.
Email: Shivendu0584@gmail.com
Summary
Designing an efficient, short, and secure authentication algorithm for
resource-constrained sensor nodes of wireless sensor networks (WSNs) is a
challenging task. Authentication in WSNs is mainly performed by the digital
signature algorithm. In this paper, we propose an efficient, short, and secure
pairing computation-free ID-based authentication algorithm (signature
scheme) ESS-IBAA for WSNs which completely follows the rule of identity-
based cryptosystem. Identity-based schemes, unlike traditional public-key
infrastructure (PKI)-based schemes, remove the need for public-key certificates
for public-key validation. It also removes extra costs associated with the
public-key certificate and traffic management. Further, due to the requirement
of low power and fast authentication, bilinear pairing computation-free
identity-based signature schemes are applicable in WSNs. Keeping this in
mind, ESS-IBAA scheme is proposed, which is pairing computation free and
uses a general cryptographic hash function in the place of a costly map-
to-point hash function. The proposed scheme ESS-IBAA is secure against
existential forgery on adaptive chosen message and ID attack in the random
oracle model under the hardness of the elliptic curve discrete logarithm
problem (ECDLP). Moreover, comparative performance analysis shows that
the proposed scheme ESS-IBAA is much more efficient in both communica-
tion cost and computation cost from the existing related schemes.

KEYWORDS
authentication, elliptic curve cryptography, identity-based digital signature, pairing-free
computation, random oracle model, wireless sensor network

1 | INTRODUCTION

Nowadays, wireless sensor networks (WSNs) are useful in everyday life as they offer economically viable, real-time
monitoring solutions. WSNs can be quickly and easily deployed in hostile environments. It is widely used in a variety of
real-time applications, such as vehicular tracking, habitat monitoring, environment monitoring, military surveillance,
healthcare monitoring, wild animal tracking, cloud-assisted wireless body area network applications, and traffic
monitoring. One recent survey declared soon WSNs will become an intelligent and integral part of daily lives.1–3
In WSNs, communication was categorized as sensor nodes to sensor nodes, sensor nodes to base stations, and base
stations to outside users. This communication takes place wirelessly using radio frequency signals. Due to this, these
communications are not secure. Further, the attacker can modify the sense data or become a legitimate sensor node or

Int J Commun Syst. 2021;e4764. wileyonlinelibrary.com/journal/dac © 2021 John Wiley & Sons Ltd. 1 of 14
https://doi.org/10.1002/dac.4764
2 of 14 MISHRA ET AL.

perform the various active and passive attacks. Sensed data can be protected from various active and passive attacks
using authentication. Moreover, authentication of both information and sensor nodes plays a major role in WSNs for
ensuring that unauthorized one would not be obtained its service fraudulently. Further, in WSNs, applications authen-
tication is mainly performed by a digital signature algorithm. Additionally, in WSNs, applications providing authentic-
ity are quite challenging. Authentication in WSNs required to design an efficient, short, and lightweight signature
algorithm, which demands less computation cost as well as less communication cost. Further, identity-based authenti-
cation schemes without bilinear pairing computation and costly map-to-point hash function could mostly be suitable
for WSN as these schemes are lightweight, power-saving, low communication overhead, and low computation cost.4–7
The environment for the realization of ID-based authentication schemes in the WSNs scenario is depicted in
Figure 1. This scenario represents a static sensor network and includes a powerful base station (BS), a few high-
performance sensors (H-sensor), and many low-performance sensors (L-sensor). Each high-performance sensor in the
network will be used as the cluster head. Further, like the case for general WSNs, we assume that the BS is well protec-
ted, trusted, and powerful enough to perform computationally severe cryptographic operations, and the sensor nodes,
on the other hand, have restricted resources in terms of computation, memory, and battery power. Additionally, the
system parameter param is generated by the BS and is embedded in each sensor node when they are deployed. We also
assume that the master key of the BS is safely stored and the signatures generated by the sensor nodes can be verified
either by sensor nodes themselves or by the BS.8,9
Considering the above scenario in this paper, we propose an efficient, short, and secure ID-based authentication
algorithm (ESS-IBAA) for WSNs without using costly bilinear pairing computation and costly map-to-point hash
function. Further, our scheme's security is based on the elliptic curve discrete logarithm problem (ECDLP) and is much
more efficient in both communication cost and computation cost from similar existing schemes.

1.1 | Our contribution

The main contributions of the proposed efficient, short, and secure ID-based authentication algorithm (ESS-IBAA) for
WSNs are listed below:

1. It is a pairing computation-free authentication algorithm for WSNs over an elliptic curve.

2. It uses a general cryptographic hash function in the place of a costly map-to-point hash function.

FIGURE 1 Scenario of ID-based authentication for WSNs

MISHRA ET AL. 3 of 14

3. Its signature generation time is 9.31 ms, the signature verification time is 15.49 ms, and the total running time is
37.55 ms.
4. Its signature length is the shortest among the existing schemes, that is, 40 bytes.
5. It is used where low communication bandwidth and fast authentication are required.
6. It is secure against existential forgery on adaptive chosen message and ID attack in the random oracle model (ROM)
under the assumption that the ECDLP problem is hard in G.
7. Its performance analysis shows that the proposed scheme is both computational and communicational efficient with
related schemes.

1.2 | Road map of the paper

The remaining of this paper was arranged as follows. The next section described related schemes. In Section 3, impor-
tant applicable preliminaries were described. In Section 4, the ID-based signature algorithm model was described. The
proposed authentication algorithm (ESS-IBAA) was described in Section 5. Section 6 described the security analysis of
the proposed authentication algorithm. Section 7described an efficiency comparison of the proposed authentication
algorithm with related schemes. Finally, Section 8 depicted the conclusion of the paper.

2 | RELATED SCHEMES

Digital signature algorithm is an application of public-key cryptography (PKC). PKC (traditional)-based digital signa-
ture algorithm mainly involves certificate management cost and network overhead. This associated cost of traditional
PKC can be reduced extremely by identity-based cryptography (IBC), introduced by Shamir.10 IBC removes the need
for exchanging public-key certificates, hence reducing the overhead and computational cost associated with public-key
certificate management and also providing moderate security. Further, in this system, the user's unique identity like
Aadhaar number, employee-ID, email-ID, IP address, phone number, and so forth is used to compute their public keys,
and corresponding private keys are computed by a trusted private-key generator (PKG).
Identity-based schemes (cryptography) could mostly be suitable for WSN as these schemes are lightweight, power-
saving, low communication overhead, and low computation cost. Further, initially, mostly bilinear pairing-based
identity-based signature schemes over the elliptic curve are used for authentication in WSN. Some of the bilinear
pairing-based authentication algorithms (schemes) are described in literature.11–22 However, pairing-based authentica-
tion schemes over the elliptic curve are much more secure and efficient than the traditional public-key infrastructure
(PKI)-based authentication scheme23–27 but evolve costly bilinear pairing computation and map-to-point hash function.
Hence, these schemes are less suitable in the case where fast authentication is required like in vehicular ad hoc
network, mobile ad hoc network, and WSNs.28–30
Therefore, researches use pairing-free identity-based signature schemes for WSNs.8,9,30–35 The scheme in Sharma
et al.30 is pairing-free signature scheme for WSNs and better in terms of both computational and communicational costs
from the schemes9,31,35 but does not pursue the very basic nature of IBC; that is, here, the public key of user cannot be
generated directly from user's identity. In the year 2018 to improve security, Sharma and Sharma13 proposed an
identity-based signature scheme using the bilinear map in the ROM and provided the security of the proposed scheme
under the computational Diffie–Hellman problem. In the same year, James et al.14 also proposed an identity-based
signature scheme using bilinear pairings over elliptic curves for signature and message recovery. Schemes13,14 involve
high computational and communicational costs due to bilinear pairing operation. Further in 2018, Bashirpour et al.32
also proposed an efficient identity-based digital signature protocol based on ECDLP and applied proposed protocol
authentication on WSN broadcast. Compared with the above-discussed schemes, the complexity of this scheme is
more efficient.
In 2019 to reduce the computation and communication costs, Rao et al.33 proposed an identity-based directed
signature scheme without using pairings over the elliptic curve. The authors proved the security of the scheme under
ECDLP. Recently in 2020, Yuan et al.8 modified the pairing-free identity-based signature scheme proposed in Sharma
et al.30 The modified scheme followed the nature of IBC with the same computational and communicational costs as of
Sharma et al.30 Additionally, based on the modified pairing-free scheme, authors proposed a key management scheme
for heterogeneous WSNs. Further recently in 2020, Kasyoka et al.34 also proposed an efficient pairing-free broadcast
4 of 14 MISHRA ET AL.

authentication scheme with message recovery for WSNs based on the author's proposed lightweight digital signature
protocol. The digital signature protocol of the scheme34 is most economical in computational cost and communicational
cost than all the schemes discussed above.
Considering the scope of further reduction in communicational cost with the same level of computational cost in
mind, in this paper, we propose an efficient, short, and secure pairing computation-free ID-based authentication
algorithm (ESS-IBAA) that is suitable for implementation on low-power devices such as sensors of WSNs. Our scheme
is based on elliptic curve cryptography (ECC) and cryptographic hash functions, which provides fast message authenti-
cation comparable with the scheme34 with the shortest length signature size (40 bytes) and completely follows the IBC
rule. Further, our scheme is based on ECDLP security and more efficient in both communication cost and computation
cost from existing ID-based signature/authentication schemes.

3 | PRELIMINARIES

The concept of security is an important aspect of any cryptographic system. The security of the proposed ID-based
authentication scheme depends on the standard hard problem over the elliptic curve, that is, ECDLP. This
section illustrates various mathematical notations used, and basic preliminaries, which will be valuable to comprehend
the rest part of the paper. The notations and preliminaries are described as follows.

3.1 | Notations

The notations used throughout this paper are presented in Table 1.

3.2 | Elliptic curve cryptography

ECC is PKC based on the elliptic curve over the finite field.36,37 It offers more security than PKC with a smaller key size.
Let E(Fq) denotes an elliptic curve over a finite field Fq of prime order q, which is defined by the following.

Y 2 modq = ðx 2 + ax + bÞmodq,

where a, b  Fq and (4a3 + 27b2)modq ≠ 0.

TABLE 1 Notations with their meanings

Notations Meanings
Zq∗. The multiplicative group of an integer modulo q
E(Fq) Elliptic curve over finite field Fq
k, s System security parameter and system master secret key, respectively
G Additive cyclic group of order q
P, Pub, BS Generator of G, system public key, and base station, respectively
H1, H2, Pre. Cryptographic hash functions and pre-computation, respectively
Param System public parameter
r mIDi ,h Random integer corresponding to tuples (IDi, m) and hashed message
(concatenation of message m with public key (QIDi ), secret S, and Pub  G),
respectively
SIG(Sig, h) Signature on message m with two tuples (Sig, h) (Zq ∗ , Zq ∗)
ECDLP Elliptic curve discrete logarithm problem
IOT, VANET, MANET Internet of things, vehicular ad hoc network, and mobile ad hoc network, respectively
MISHRA ET AL. 5 of 14

The points of elliptic curve E(Fq) with extra point O (point at infinity) form an additive cyclic group G
[
G = ðx, yÞ : x, y  F q and ðx,yÞE ðF q Þ ða, bÞ fOg:

The following basic operations are performed on this group G:

• point addition, that is, S = P + Q;

• point doubling, that is, S = P + P; and
• point multiplication, that is, S = nP, means S = P + P…: + P(n times).

3.3 | Elliptic curve discrete logarithm problem

This is a standard computational hard problem. It states that for any given two elements X, Y  G s.t. X = aY , it is com-
putationally infeasible to find an integer a  Zq∗.

3.4 | Random oracle model

The concept of the ROM is introduced by Bellare and Rogaway, used to provide security proofs of a cryptographic
algorithm. Typically, it is a hash function that is considered as a black box, which produces a random response (H(m))
for each input message (m). Additionally, it keeps a record of its responses, that is, H(m), and generates thesame
response value, if the same message m is given as input again and again (repeatedly). Further, this model is considered
as a much stronger assumption for hash function.38

4 | M ODEL O F THE ID- BAS ED S I GNATURE ALG ORITHM

ID-based signature algorithm consists of four phases,39,40 illustrated as follows:

• Setup phase: This phase is also known as the public parameter (Param) generation phase. In this phase, the PKG
takes security parameter k as input, and generates the Param, and system's secret (master) key s. Further, the PKG
secretly keeps s and publishes the Param.
• Extract phase: In this phase, the PKG takes user ID, system's master secret s, and the Param as input to generate user
(signer) private key. Additionally, the PKG transfers private key secretly to the corresponding user.
• Signature generation phase: In this phase, a user generates signature (SIG) on a given message (m) by using the
Param and private key corresponding to identity ID.
• Signature verification phase: For a given SIG, ID, and Param, the verifier accepts SIG as valid if it satisfies the verifi-
cation condition. Note that the verifier can use only the Param for the verification.

The stated model of the ID-based signature algorithm is illustrated in Figure 2.

5 | P R O P O S ED E S S - I B A A A L G O R I T H M FO R W S N S

Similar to the stated model of the ID-based signature scheme, the proposed ID-based authentication algorithm
(ESS-IBAA) is illustrated into four phases, namely, system setup phase, key generation phase (Extract phase), signature
generation phase, and signature verification phase. Further, it is also depicted in Figure 3.

• System setup phase: This phase is run by WSNs BS to generates initial system public parameter Param. BS takes k as
input security parameter and master secret s to generate the Param as follows:
6 of 14 MISHRA ET AL.

FIGURE 2 Model of the ID-based signature scheme

FIGURE 3 ESS-IBAA: Proposed authentication algorithm

- BS selects an additive cyclic group G with all elements are the points of an elliptic curve Fq. Additionally, the order
of the group G is prime q, and generator is P.
- BS sets cryptographic hash functions as follows:
H1 : (0, 1)∗ − >Zq∗,
MISHRA ET AL. 7 of 14

H2 : (0, 1)∗ × (0, 1)∗ × G × G − >Zq∗.

- BS selects a random number s  Zq∗ as system's master key and computes system public key: Pub = sP  G.
- BS publishes Param = ðF q , EðF q Þ, G, q, H 1 , H 2 , Pub,PÞ as public parameter and keeps only k, and s secretly.
• Key generation phase: Given a signer (sensor node-i) identity IDi, BS computes public key of sensor node-i (QIDi ) and
corresponding private key (SIDi ) as follows:
- Public key: QIDi = H 1 ðIDi ÞZ q ∗.
- Private key: SIDi = H 1 ðsQIDi ÞZ q ∗.
- BS sends SIDi to the sensor node-i securely. Sensor node-i uses SIDi as its private key corresponding to registered
identity IDi.
- BS further computes C IDi = SIDi PG and makes CIDi as public parameter. Sensor node-i verifies correctness of its
private key SIDi by comparing received parameter CIDi and signer computed CIDi as CIDi = SIDi P.
• Signature generation phase: To produce a valid signature on message m, the sensor node-i (signer) does the
following:
- Signer chooses r mIDi Z q ∗ at random corresponding to tuples (IDi, m} and computes S = r mIDi PG.
- Signer also computes h = H 2 ðmjjQIDi jjSjjPubÞZ q ∗ and Sig = ½SIDi  ðr mIDi + hÞZ q ∗.
- Signer produces a signature SIG(Sig, h)  Zq ∗ ×Zq∗ on the given message m and keeps S as secret.
• Signature verification phase: With the Param and signature SIG(Sig, h), any verifier verifies the validity of signature
SIG on message m as follows:
- Verifier first computes S0 = Sig − 1 CIDi − hP.
- Verifier then accepts the signature SIG(Sig, h) on message m if the following holds on computed h0 , that is,
h0 = H 2 ðmjjQIDi jjS0 jjPubÞ = H 2 ðmjjQIDi jjSjjPubÞ = h.

6 | ANALYSIS OF THE P ROPOSED ESS- IBAA ALG ORITHM

This section proofs the correctness of the verification phase as well as the security of the proposed ID-based signature
algorithm against existential forgery on an adaptive chosen message and ID attack in the ROM under the assumption
that ECDLP problem is hard in G.

6.1 | Correctness of the verification phase

Theorem 1. The correctness of the verification satisfied by the proposed scheme.

Proof. The correctness of the proposed ID-based signature scheme SIG(Sig, h) on message m is satisfied as follows:

Sig − 1 CIDi −hP = ½SIDi  ðr mIDi + hÞ − 1 CIDi − hP

= ½ðr mIDi + hÞ  SIDi C IDi −hP
= ½ðr mIDi + hÞ  SIDi SIDi P −hP
= ½r mIDi + hP −hP
= ðr mIDi ÞP + hP − hP
= r mIDi P
=S
0
)S = S:

From the above derivation, it can be proven that h0 = H 2 ðmjjQIDi jjS0 jjPubÞ = H 2 ðmjjQIDi jjSjjPubÞ = h.
8 of 14 MISHRA ET AL.

6.2 | Security analysis

In this section, we proved that the proposed ID-based ESS-IBAA algorithm (scheme) is secure (unforgeable) in the
ROM, against existential forgery on an adaptive chosen message and ID attack, under the assumption that the ECDLP
problem is hard in G.Definition: The proposed ID-based ESS-IBAA scheme is unforgeable against existential forgery on
an adaptive chosen message and ID attack in the ROM, if in the following game model, there is no probabilistic
polynomial adversary Adv or forger has a non-negligible advantage.41
Game model: This game is played between the challenger (ch) and the adversary (Adv). This game is divided into the
following phases:
Setup phase: In this phase, Ch runs setup phase for Adv and provides the Param for Adv. Ch keeps system master key
s as secret.
Query phase: In this phase, Ch answers the following adaptive queries of Adv.

• Hash query: In this phase, Ch answers the adaptive hash function queries of Adv. Ch returns totally random values
for each queries and keeps a record of its responses, so that it can return the same response, if the same query is
received again and again.
• Extract query: In this phase, Ch provides private keys to Adv for any given ID.
• Signature query: In this phase, Ch provides SIG to Adv for any adaptive chosen message m and identity ID.

Forgery phase: After the above queries, finally, Adv provides (ID∗, m∗, SIG∗) such that

• Adv has never queried for private key corresponding to ID∗ and signature corresponding to (ID∗, m∗).
• SIG∗ is a valid signature on (ID∗, m∗); that is, SIG∗ satisfies the verification condition on (ID∗, m∗).

The advantage to win the above game by Adv is defined as follows:

Advantage to win (Adv) = Probability of (Adv succeeding in the game)

Theorem 2. The proposed ID-based ESS-IBAA scheme is unforgeable against existential forgery on an adaptive chosen
message and ID attack in the ROM under the assumption that the ECDLP problem is hard in G.

Proof. Let us assume by using the above game model; Adv breaks the proposed ID-based signature scheme against
existential forgery on an adaptive chosen message and ID attack in the ROM. Now, based on the queries in the
game model, Adv also solves the ECDLP instance, that is, for given two elements (by Ch) P, Q  G s.t. Q = aP, Adv
finds an integer a  Zq∗. Here, we assume Ch is an ECDLP challenger and Adv is the ECDLP instance breaker
which will interact with Ch as follows:

Setup phase: Ch chooses security parameter k, secret master key s  Zq∗, and runs setup phase to produce the
Param for Adv.
Query phase: Ch answers the queries of Adv and maintains a separate list (L1, L2, L3) for each kind of the queries to
avoid conflicts. Adv adaptively performs the following queries:
Queries on H1: When Adv asks H1 query on tuples (IDi), then Ch checks whether the tuples ðIDi , QIDi Þ exist in L1. If
such tuples exist, then Ch returns QIDi ; otherwise, Ch chooses a random QIDi Z q ∗ and inserts this value into L1 and also
returns to Adv.
Queries on H2: When Adv asks H2 query on tuples ðmi , QIDi , Si ,PubÞ , then Ch checks whether the tuples
ðmi ,QIDi , Si , Pub, hi Þ exist in L2. If such tuples exist, then Ch returns hi; otherwise, Ch chooses a random hi  Zq∗ and
inserts this value into L2 and also returns to Adv.
Queries on extract phase: When Adv asks extract query on tuple (IDi), then Ch checks whether the tuples
ðIDi , CIDi , SIDi Þ exist in L3. If such tuples exist, then it returns SIDi to Adv; otherwise, Ch computes SIDi = H 1 ðsQIDi Þ ,
CIDi = SIDi PG. Further, Ch inserts these values into L3 and also returns SIDi to Adv.
Signature queries: When Adv asks signature query on tuples (mi, IDi), then Ch does the following:

• Ch checks whether IDi = ID∗ , and if it is true, then abort.

• Otherwise, the Ch recovers tuples ðIDi , CIDi ,SIDi Þ, hi = H 2 ðmi jjQIDi jjSi jjPubÞ from L3 and L2, respectively.
MISHRA ET AL. 9 of 14

• Ch computes:
Sig = ½SIDi  ðr mIDi + hi ÞZ q ∗.

Finally, Ch returns SIGi(Sigi, hi) to Adv as a valid signature for tuples (mi, IDi).
Forgery phase: Now by analyzing the above queries, if Adv produces a valid signature (SIG∗) on tuples (m∗, ID∗),
then Adv computes the ECDLP instance as follows.
As Adv produces a valid signature SIG∗(Sig∗, h∗) on tuples (m∗, ID∗), so it must satisfy the verification condition:

Sig∗ − 1 CID∗ −h∗ P = ½SID∗0  ðr mID∗ + h∗ Þ − 1 C ID∗ −h∗ P

= ½ðr mID∗ + h∗ Þ  SID∗0 CID∗ −h∗ P
= ½ðr mID∗ + h∗ Þ  SID∗0 SID∗ P −h∗ P
= ½r mID∗ + h∗ P −h∗ P
= ½r mID∗ P + h∗ P −h∗ P
= r mID∗ P
= S∗0
) S∗0 = S∗,

and from the above derivation, Adv can prove that h∗0 = H 2 ðmjjQIDi jjS∗0 jjPubÞ = H 2 ðmjjQIDi jjS∗jjPubÞ = h∗. As a result,
Adv has been able to successfully verify the condition of the verification. This shall be done if and only if the following
holds:

SID∗ = SID∗0 :

Hence, Adv recovers correctly private key SID∗ from given CID∗  G; that is, solve an instance of the ECDLP.
However, the ECDLP problem is computationally infeasible to break, so our assumption of forging a valid
signature by Adv is proved to be wrong. Hence, based on the intractability assumption of ECDLP, the proposed
ID-based signature scheme is unforgeable against existential forgery on an adaptive chosen message and ID attack in
the ROM.

7 | PERFORMAN CE A N ALY S I S

This section evaluates the performance of the proposed ID-based ESS-IBAA scheme. We use experimental results
performed by the schemes42–44 on MIRACL library45 for the comparative performance analysis (computational time
and communicational cost) of the proposed ID-based ESS-IBAA scheme with related ID-based authentication
schemes.8,13,14,30–34 Table 2 shows the summary of running time calculated for different cryptographic operations by
the schemes42–44 on MIRACL library.45

T A B L E 2 Running time of
Notations Meanings Running time (ms)
cryptographic operations
ML Modular multiplication 0.2325
SM Scalar multiplication in G 6.38
MTP Map-to-point hash function 6.38
PEX Exponentiation in G2 11.20
EX Modular exponentiation in Zq∗ 55.20
PA Point addition in G 0.0279
INV Modular inversion in Zq∗ 2.697
BP Bilinear pairing operation 20.01
10 of 14 MISHRA ET AL.

The full stage computational complexity comparison of the proposed ID-based ESS-IBAA scheme with related ID-
based schemes8,13,14,30–34 is presented in Table 3.

7.1 | Computational time

We use the running time of various cryptographic operations shown in Table 3 to present a comparative analysis of
computational (total running time) time. Table 4 shows the computational time (total running time) comparison of the
proposed ID-based ESS-IBAA scheme with related ID-based schemes8,13,14,30–34 along with signature generation
signature verification, and Total computational complexity.
For the evaluation of computation time represented in Table 4, we follow the simple methods used by previous
studies;28,46 for example, the proposed scheme uses 1SM in setup phase, 1SM in extract phase, 1ML + 1INV + 1SM to
generate signature on message m, and 2SM + 1PA + 1INV in verification phase. Hence, the signature generation time
of the proposed scheme is 0:2325 + 2:697 + 6:38 = 9:31 ms, the signature verification time of the proposed scheme is
(2 × 6.38 + 0.0279 + 2.697)15.49 ms, and the total running time of the proposed scheme is (5 × 6.38 + 2 × 2.697
+ 1 × 0.2325 + 1 × 0.0279)37.55 ms, because the total computational complexity of the proposed scheme is 5SM + 2INV
+ 1ML + 1PA. In the same way using Table 3, the total computational complexity of other schemes is computed. Hence,
we have computed corresponding total running time for other schemes mentioned in Table 4.
The comparative analysis in Table 4 shows that the proposed ID-based ESS-IBAA scheme is computationally more
efficient than related ID-based schemes8,13,14,30–33 and comparable to the computation complexity of scheme.8

TABLE 3 Comparative analysis of computational complexity of the proposed scheme with related schemes8,13,14,30–34

Schemes Setup Extract Sig. generation Sig. verification

31
Debiao et al. (2011) 1SM 1SM + 1ML 1INV + 1SM + 1ML 3SM + 2PA
30
Sharma et al. (2017) 1SM 2SM + 1ML 1SM + 1ML 2SM + 2PA
13
Sharma and Sharma (2018) 1SM 1MTP + 1SM 1BP + 1PEX + 2SM + 2PA 1BP + 1PA + 1PEX + 1ML
James et al. (2018)14 1SM 1SM + 1ML BP + 2SM 2BP + 1SM
32
Bashirpour et al. (2018) 1SM 1SM 2SM + 2ML 2SM + 1ML + 1PA
33
Rao et al. (2019) 1SM 1SM + 1ML 3SM + 2ML + 1PA 4SM + 1INV
34
Kasyoka et al. (2020) 1SM 1INV + 1SM 1SM + 2ML 1SM + 1ML + 1INV
Yuan et al. (2020)8 1SM 1SM + 1ML 1SM + 1ML 3SM + 2PA
Proposed scheme 1SM 1SM 1ML + 1INV + 1SM 2SM + 1PA + 1INV

TABLE 4 Comparative analysis of computational time of the proposed ID-based ESS-IBAA scheme with related schemes8,13,14,30–34

Sig. generation Sig. verification Total running

Schemes time time Total computational complexity time
Debiao et al. (2011)31 9.31 19.20 6SM + 2ML + 1INV + 2PA 41.50
30
Sharma et al. (2017) 6.61 12.82 6SM + 2ML + 2PA 38.80
Sharma and Sharma 44.03 31.47 4SM + 2BP + 1MTP + 3PA + 2PEX 94.64
(2018)13 + 1ML
James et al. (2018)14 32.77 46.40 5SM + 1MTP + 3BP 98.31
32
Bashirpour et al. (2018) 13.23 13.02 6SM + 1PA + 3ML 39.02
33
Rao et al. (2019) 19.63 28.22 9SM + 1INV + 1PA + 3ML 60.84
Kasyoka et al. (2020)34 6.85 9.31 4SM + 2INV + 3ML 31.62
8
Yuan et al. (2020) 6.61 19.17 6SM + 2ML + 2PA 38.80
Proposed scheme 9.31 15.49 5SM+2INV+1ML+1PA 37.55
MISHRA ET AL. 11 of 14

7.2 | Communicational cost

To show the comparative analysis of communicational cost of the proposed ID-based ESS-IBAA scheme with related
ID- based schemes8,13,14,30–34 for the same security level (80 bits), the following parameters are used.

• For bilinear pairing, elliptic curve E 1 : y2 = x 3 + xðmodP1 Þ, pairing e : G1 × G1 − >G2 with generator P1 of
length = 512 bits prime number and group order q1 = 160 bits solinas prime number.
• For ECC, elliptic curve E : y2 = x 3 + ax + bðmodpÞ, additive cyclic group G with generator P of length = 160 bits prime
number and group order q = 160 bits or 20 B (bytes).
• The size of elements in G1 = 512 × 2 = 1024 bits and size of elements in G = 160 × 2 = 320 bits or 40 B.

Based on the above-discussed parameter, we demonstrate in Table 5 comparative analysis of the communicational
cost of the proposed ID-based ESS-IBAA scheme with related ID-based schemes.8,13,14,30–34 For the computation of
Table 5, we follow the method used by Cao et al.28 Now as the proposed ID-based ESS-IBAA scheme signature length =
jZq ∗ j+ jZq ∗ j. Hence, the signature length (SIG(Sig, S)  Zq ∗ ×Zq ∗) of the proposed scheme in bytes = 20 B
+ 20 B = 40 B. Further, as the signature length of Kasyoka et al.34 is =jGj+3jZq ∗ jand this scheme is a message

TABLE 5 Comparative analysis of communicational cost of the proposed ID-based ESS-IBAA scheme with related schemes8,13,14,30–34

Schemes Pairing Signature length Signature length in bytes (B)

Debiao et al. (2011) 31
No 2jGj+ jZq ∗ j 100
Sharma et al. (2017) 30
No 2jGj+ jZq ∗ j 100
Sharma and Sharma (2018) 13
Yes 3jG1j 384
James et al. (2018) 14
Yes jG1j+ jZq ∗ j 128
Bashirpour et al. (2018)32 No 2jGj+ jZq ∗ j 100
Rao et al. (2019)33
No 2jGj+ jZq ∗ j 100
Kasyoka et al. (2020) 34
No jGj+3jZq ∗ j 80
Yuan et al. (2020) 8
No 2jGj+ jZq ∗ j 100
Proposed scheme No jZq ∗ j+ jZq ∗ j 40

FIGURE 4 Bar chart of total computational cost

12 of 14 MISHRA ET AL.

FIGURE 5 Bar chart of total communicational cost

recovery scheme unlike other schemes.8,13,30–33 Hence, it does not require to send a message with a signature. There-
fore, the signature length of Kasyoka et al.34 = (40 + 3 ∗ 20 − 20(msglength)) = 80 B. In the same way as the scheme14
is also a message recovery scheme, so signature length of the scheme14 = 128 + 20 − 20 = 128 B. Further, based on sig-
nature length calculation of the proposed scheme (not a message recovery scheme), the other schemes8,13,30–33 signature
lengths have been computed and mentioned in Table 5. The comparative analysis in Table 5 shows that the proposed
ID-based ESS-IBAA scheme is communicationally more efficient, that is, shortest in signature length than related
ID-based schemes.8,13,14,30–34 At the last, Figures 4 and 5 depict the total computational and communicational costs of
the proposed ID-based ESS-IBAA scheme with related ID-based signature schemes.

8 | C ON C L U S I ON

In this paper, we have proposed an efficient, short, and secure pairing computation-free ID-based authentication
algorithm (ESS-IBAA) over the elliptic curve for WSNs. We have formally analyzed the security of the proposed scheme
ESS-IBAA using a game-based proof technique in the ROM and found that ESS-IBAA is secure against existential
forgery on adaptive chosen message and ID attack under a widely believed hard ECDLP. To the best of our knowledge, this
is the first ID-based authentication scheme having a signature size of 40 bytes with an efficient running time of 37.55 ms.
Further, we have also presented a comparative performance analysis of the proposed scheme with related schemes which
show that the proposed scheme is much more computational and communication efficient than the existing related
identity-based schemes. Moreover, lack of pairing operations and costly map-to-point hash function make ESS-IBAA also
applicable to other resource-constrained application environments like IoT, VANET, MANET, and so forth.

DATA AVAILABILITY STATEMENT

Data sharing is not applicable to this article as no new data were created or analyzed in this study.

ORCID
Shivendu Mishra https://orcid.org/0000-0002-5295-5795

R EF E RE N C E S
1. Akyildiz IF, Su W, Sankarasubramamiam Y, Cayirci E. Survey on sensor network. IEEE Commun Mag. 2002;40:102-114.
2. Li C-T, Lee C-C, Weng C-Y. A secure cloud-assisted wireless body area network in mobile emergency medical care system. J Med Syst.
2016;40:117.
MISHRA ET AL. 13 of 14

3. Ling C-H, Lee C-C, Yang C-C, Hwang M-S. A secure and efficient one-time password authentication scheme for WSN. Int J Netw Sec.
2017;19(2):177-181.
4. Walters JP, Liang Z, Shi W, Chaudhary V. Wireless sensor network security: a survey. Sec Distrib Grid Pervasive Comput. 2006;1:6.
5. Chen X, Makki K, Yen K, Pissinou N. Sensor network security: a survey. IEEE Commun Surv Tutor. 2009;11(2):52-73.
6. Olariu S, Xu Q. Information assurance in wireless sensor networks. In: 19th IEEE International Parallel and Distributed Processing
Symposium. Denver, CO, USA; 2005:5.
7. Hwang M-S, Tang Y-L, Lee C-C. An efficient authentication protocol for GSM networks. In: IEEE/AFCEA EUROCOMM 2000. Munich,
Germany: Information Systems for Enhanced Public Safety and Security (Cat. No.00EX405); 2000:326-329. https://doi.org/10.1109/
EURCOM.2000.874826
8. Yuan E, Wang L, Cheng S, Ao N, Guo Q. A key management scheme based on pairing-free identity based digital signature algorithm for
heterogeneous wireless sensor networks. Sensors. 2020;20(6):1543.
9. Liu JK, Baek J, Zhou J, Yang Y. Efficient online/offline identity-based signature for wireless sensor network. Int J Info Sec. 2010;9(4):
287-296.
10. Shamir A. Identity-Based Cryptosystems and Signature Schemes. In: Blakley GR, Chaum D, eds. Advances in Cryptology. CRYPTO 1984.
Lecture Notes in Computer Science. Vol. 196. Berlin, Heidelberg: Springer; 1985. https://doi.org/10.1007/3-540-39568-7_5
11. Zhang L, Hu Y, Wu Q. Short signature from the bilinear pairing. Information Computing and Applications (ICICA 2010), LNCS. Berlin,
Heidelberg: Springer; 2010:111-118.
12. Yasmin R. An efficient authentication framework for wireless sensor networks. Ph.D. thesis: School of Computer Science College of
Engineering and Physical Sciences, The University of Birminghams; 2012. http://etheses.bham.ac.uk/id/eprint/3774
13. Sharma N, Sharma BK. Identity-based signature scheme using random oracle model. J Comput Math Sci. 2018;9(4):254-263.
14. James S, Gayathri NB, Reddy PV. New and efficient ID-based signature scheme with message recovery using bilinear pairings over
elliptic curves. Int J Pure Appl Math. 2018;120(5):1405-1422.
15. Rahman SMM, El-Khatib K. Private key agreement and secure communication for heterogeneous sensor networks. J Parallel Distrib
Comput. 2010;70(8):858-870.
16. Oliveira LB, Aranha DF, Gouvea CPL, et al. TinyPBC: pairings for authenticated identity-based non-interactive key distribution in
sensor networks. Comput Commun. 2011;34(3):485-493.
17. Shim K-A. CPAS: an efficient conditional privacy-preserving authentication scheme for vehicular sensor networks. IEEE Trans Vehic
Technol. 2012;61(4):1874-1883.
18. Xu S, Mu Y, Susilo W. Efficient authentication scheme for routing in mobile ad hoc networks. Embedded and Ubiquitous Computing
(EUC 2005), LNCS. Berlin, Heidelberg: Springer; 2005:854-863.
19. Xu S, Mu Y, Susilo W. Online/Offline Signatures and Multisignatures for AODV and DSR Routing Security. In: Batten LM, Safavi-
Naini R, eds. Information Security and Privacy. ACISP 2006. Vol. 4058. Berlin, Heidelberg: Springer; 2006. https://doi.org/10.1007/
11780656_9
20. Zhang J, Yang Y, Niu X, Gao S, Chen H, Geng Q. An Improved Secure Identity-Based On-Line/Off-Line Signature Scheme. In: Park JH,
Chen HH, Atiquzzaman M, Lee C, Kim T, Yeo SS, eds. Advances in Information Security and Assurance. ISA 2009. Lecture Notes in
Computer Science. Vol. 5576. Berlin, Heidelberg: Springer; 2009. https://doi.org/10.1007/978-3-642-02617-1_60
21. Ming Y, Wang Y. Improved Identity Based Online/Offline Signature Scheme. In: 7th International Conference on Ubiquitous Intelli-
gence & Computing and 7th International Conference on Autonomic & Trusted Computing. Xi'an, China; 2010:126-131. https://doi.org/10.
1109/UIC-ATC.2010.20
22. Lee, C, Lin, T, Tsai, C. A new authenticated group key agreement in a mobile environment. Ann Telecommun. 2009;64:735-744.
23. Watro RJ, Kong D, Fen Cuti S, Gardiner C, Lynn C, Kruus P. Tinypk: Securing sensor networks with public key technology. In:
Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks. Washington DC USA; 2004:59-64. https://doi.org/10.
1145/1029102.1029113
24. Rivest RL, Shamir A, Adleman LM. A method for obtaining digital signatures and public-key cryptosystems. Commun ACM. 1978;21(2):
120-126.
25. Diffie W, Hellman M. New directions in cryptography. IEEE Trans Info Theory. 1976;22(6):644-654.
26. Wong KHM, Zheng Y, Cao J, Wang S. A dynamic user authentication scheme for wireless sensor networks. In: IEEE International
Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06). Taichung, Taiwan; 2006:8. https://doi.org/10.1109/
SUTC.2006.1636182
27. Das ML. Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun. 2009;8(3):1086-1090.
28. Cao X, Zeng X, Kou W, Hu L. Identity-based anonymous remote authentication for value-added services in mobile networks. IEEE
Trans Vehic Technol. 2009;58(7):3508-3517.
29. Zhao S, Aggarwal A, Frost R, Bai X. A survey of applications of identity-based cryptography in mobile ad-hoc networks. IEEE Commun
Surv Tutor. 2012;14(2):380-400.
30. Sharma G, Bala S, Verma AK. PF-IBS: pairing-free identity based digital signature algorithm for wireless sensor networks. Wirel Personal
Commun. 2017;97:1185-1196.
31. Debiao H, Jianhua C, Jin H. Identity-based digital signature scheme without bilinear pairings. Cryptology ePrint Archive, Report
2011/079. 2011. http://eprint.iacr.org/2011/079/
14 of 14 MISHRA ET AL.

32. Bashirpour H, Bashirpour S, Shamshirband S, Chronopoulos AT. An improved digital signature protocol to multi-user broadcast
authentication based on elliptic curve cryptography in wireless sensor networks (WSNs). Math Comput Appl. 2018;23(2):17.
33. Rao RRVK, Gayathri NB, Reddy PV. Identity-based directed signature scheme without bilinear pairings. J Mech Math Sci. 2019;14(2):
335-353.
34. Kasyoka P, Kimwele, Bandu M. Multi-user broadcast authentication scheme for wireless sensor network based on elliptic curve
cryptography. Eng Rep. 2020;2(7):e12176.
35. Li F, Zhong D, Takagi T. Practical identity-based signature for wireless sensor networks. IEEE Wirel Commun Lett. 2012;1(6):637-640.
36. Koblitz N. Elliptic curve cryptosystem. Math Comput. 1987;48(177):203-209.
37. Miller VS. Use of elliptic curves in cryptography. In: Williams H.C., ed. Proceedings of Advances in Cryptology-CRYPTO' 85. Vol. 218.
Springer, Berlin, Heidelberg: LNCS; 1985:417-426.
38. Bellare M, Rogaway P. Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of First Annual
Conference Computer and Communications Security. Fairfax Virginia USA; 1993:62-73. https://doi.org/10.1145/168588.168596
39. Mishra S, Yaduvanshi R, Rai AK, Singh NP. An ID-based signature scheme from bilinear pairing based on Ex-K-Plus problem. Advanced
Materials Research. Vol. 403. Switzerland: Trans Tech Publications Ltd; 2011:929-934.
40. Mishra S, Sahu RA, Padhye S, Yadav RS. An ID-based signature scheme from bilinear pairing based on k-plus problem. In: 3rd Interna-
tional Conference on Electronics Computer Technology. Kanyakumari, India; 2011:104-107. https://doi.org/10.1109/ICECTECH.2011.
5942060
41. Pointcheval D, Stern J. Security arguments for digital signatures and blind signatures. J Cryptology. 2000;13(3):361-396.
42. Ren K, Zeng K, Lou W, Moran PJ. On broadcast authentication in wireless sensor networks. IEEE Trans Wirel Commun. 2007;6:
4136-4144.
43. Cao X, Kou W, Du X. A pairing-free identity-based authenticated key agreement protocol with minimal message exchanges. Info Sci.
2010;180:2895-2903.
44. Tan S-Y, Heng S-H, Goi B-M. Java Implementation for Pairing-Based Cryptosystems. In: Taniar D, Gervasi O, Murgante B, Pardede E,
Apduhan BO eds. Computational Science and Its Applications - ICCSA 2010. ICCSA 2010. Vol. 6019. Springer, Berlin, Heidelberg: Lecture
Notes in Computer Science; 2010:188-198. https://doi.org/10.1007/978-3-642-12189-0_17
45. Miracl library. Shamus Software Ltd. Available online: https://wwwmiraclcom
46. Li, C, Lee, C, Weng, C. An extended chaotic maps based user authentication and privacy preserving scheme against dos attacks in
pervasive and ubiquitous computing environments. Nonlin Dyn. 2013;74(4):1133-1143.

How to cite this article: Mishra S, Yaduvanshi R, Dubey K, Rajpoot P. ESS-IBAA: Efficient, short, and secure
ID-based authentication algorithm for wireless sensor network. Int J Commun Syst. 2021;e4764. https://doi.org/
10.1002/dac.4764