A Secure and Privacy-Preserving Three-Factor Anonymous Authentication Scheme for Wireless Sensor Networks in Internet of Things

Xie, Qi; Ding, Zixuan; Hu, Bin

doi:https://doi.org/10.1155/2021/4799223

Security and Communication Networks

On this page

Abstract Introduction Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Security, Privacy and Reliability in Cloud-based Internet of Things

View this Special Issue

Research Article | Open Access

Volume 2021 | Article ID 4799223 | https://doi.org/10.1155/2021/4799223

A Secure and Privacy-Preserving Three-Factor Anonymous Authentication Scheme for Wireless Sensor Networks in Internet of Things

Qi Xie,¹Zixuan Ding,¹and Bin Hu¹

Academic Editor: Marimuthu Karuppiah

Received23 Jul 2021

Revised16 Aug 2021

Accepted24 Aug 2021

Published29 Sept 2021

Abstract

The Internet of things is playing more and more important role in smart healthcare, smart grids, and smart transportation, and using wireless sensor network (WSN), we can easily obtain and transmit information. However, the data security and users’ privacy are the biggest challenges for WSN because sensor nodes have low computing power and low storage capacity and are easy to be captured, and wireless networks are vulnerable. In 2021, Shuai et al. proposed a lightweight three-factor anonymous authentication scheme for WSN. However, we found that their protocol is vulnerable to stolen-verifier attack, modification of messages’ attack, and no perfect forward secrecy. Then, a new three-factor anonymous authentication scheme using elliptic curve cryptography (ECC) is proposed. Through informal and formal security analyses, our scheme can resist various known attacks and maintains low computational complexity.

1. Introduction

In recent years, with the rapid development of Internet of things (IoT) technology, wireless sensor networks (WSN) are widely used in medical, military, agriculture, and other fields [1]. A large number of wireless sensor nodes are deployed in the target fields to collect the data in WSN, but sensor nodes have low computing power and low storage capacity and are easy to be captured; on the contrary, compared with the traditional wired network, messages are transmitted through wireless channels, and it may be easily attacked by means of eavesdropping, capture, replay, forgery, and so on. In order to protect the data security and users’ privacy, it is very important to design secure and privacy-preserving authentication and key agreement protocol for WSN in IoT.

Many authentication protocols have been proposed in the past ten years; however, these protocols exist one or more security flaws [2]. In 2013, Li et al. proposed a communication scheme in IoT [3], which provides authentication, integrity, nonrepudiation, and confidentiality. However, this scheme is based on bilinear pairing, so it is hard to be deployed in WSN [4]. In 2014, Turkanović et al. [5] proposed a hash function-based authentication scheme for WSN. Farash et al. [6] pointed out that it suffers from impersonation attack, smart card loss attack, and session key disclosure attack; then, Farash et al. designed a new two-factor authentication (2FA) protocol. Amin and Biswas [7] also showed that Turkanović et al.’s scheme [5] suffers from offline password-guessing attacks and impersonation attacks, and Amin et al. proposed a 2FA protocol for multigateway WSN. Meanwhile, Amin et al. found that, in Farash et al.’s [6] scheme, there exists some security flaws, such as impersonation attack, smart card loss attack, and offline password-guessing attack.

In order to improve the security of authentication protocol, Diffie–Hellman key agreement algorithm, Chebyshev chaotic map [8], and elliptic curve cryptography (ECC) are used to design secure user authentication and key agreement protocol [9, 10]. In 2009, Das [11] proposed an authentication protocol based on ECC for WSN, but their scheme suffers from privilege insider attacks and gateway bypass attacks [12]. Later, Kumar et al. [13] proposed an efficient authentication protocol for WSN. He et al. [14] showed that their scheme suffers from offline password-guessing attack and privilege insider attacks. To overcome these security flaws, they proposed an improved authentication scheme for WSN. Unfortunately, Li et al. [15], Wu et al. [16], and Mir et al. [17] pointed out that He et al.’s scheme is still insecure, and it may suffer from offline password-guessing attack and impersonation attack. Therefore, Li et al. [15] proposed a three-factor authentication (3FA) scheme to overcome these flaws because two-factor authentication (2FA) schemes usually suffer from offline password-guessing attacks [18]. Compared with 2FA schemes, 3FA schemes can improve the security because 3FA schemes use biometrics to avoid password-guessing attacks. Yeh et al. [19] and Chang and Hai [20] proposed 3FA schemes for WSN to resist various known attacks, but these schemes suffer from smart card loss attacks, impersonation attacks, and so on. So, Challa et al. [21] proposed the signature-based authentication scheme to achieve security, but the computation cost is high. In 2021, Tanveer et al. [22] proposed a lightweight user authentication and key exchange scheme for smart home, and Xie et al. [23] designed an ECC-based secure and privacy-protected authentication protocol for smart city. Shuai et al. [24] proposed a 3FA scheme for WSN, which uses a bio-hash function to enhance security.

1.1. Motivations and Contributions

In 2021, Shuai et al. [24] proposed a lightweight 3FA anonymous authentication scheme; however, we pointed out that Shuai et al.’s scheme is vulnerable to stolen-verifier attack, modification of messages attack, and no perfect forward security. To solve these problems, we propose a new 3FA scheme based on ECC and Fuzzy Extractor algorithm. We summarize our contributions as follows:(1)We pointed out that Shuai et al.’s scheme suffers from the stolen-verifier attack, modification of messages attack, and no perfect forward security(2)A new three-factor authentication scheme based on ECC and fuzzy extractor algorithm used for WSNs is proposed(3)We use formal verification tool ProVerif [25] which is based on applied pi calculus to prove the security of the proposed scheme(4)The informal security analysis shows that the proposed scheme can resist various known attacks(5)We evaluate the computational cost of the proposed scheme with some related schemes; the result shows that the proposed scheme has better performance

1.2. Attack Model

Referring to the Dolev-Yao threat model [26], we present the abilities of an adversary as follows:(1) has the ability to eavesdrop on all the messages which are transmitted via an open channel(2) can modify, insert, replay, modify, and reroute the eavesdropped messages(3)If obtains the smart card of the user , he/she can get all the data kept in the smart card(4) can obtain all data stored in sensor node if captures a sensor node(5) maybe an insider attacker

The rest of the paper is as follows. We review the scheme of Shuai et al. in Section 2. Section 3 shows the security analysis of Shuai et al. ’s scheme. We propose the new scheme in Section 4. Sections 5 and 6 present the informal and formal security analyses of the proposed scheme. In Section 7, we exhibit the performance analysis between the proposed scheme and some related schemes. Finally, the paper concludes in Section 8.

2. Review the Shuai et al.’s Scheme

Shuai et al.’s scheme [24] consists of three phases: registration phase, login and authentication phase, and password change phase.

2.1. Registration Phase

The registration phase includes user (may be health professional) registration and medical sensor node registration. The user registration phase is as follows: Step UR1: the user chooses identity and inputs password and fingerprint via the sensor device; the device generates a random number . After that, the device computes and and then sends and the personal credential to GWN via a private channel. Step UR2: once the message is received, GWN generates random numbers , , and and computes , , , and . GWN stores and user’s credential in its memory and stores into a smart card; GWN issues the smart card to via a private channel. Step UR3: once the smart card is received, writes into the smart card. At the end of the user registration phase, the smart card contains .

The registration phase of sensor node is as follows. Step SR1: the medical sensor node chooses identity and sends it to GWN via a private channel. Step SR2: on receiving , GWN first checks the uniqueness of the ; if the is not unique, it refuses the registration request. Otherwise, GWN generates a random number and stores in its memory. Then, GWN transmits to via a private channel. Step SR3: on receiving , stores .

2.2. Login and Authentication Phase

Step LA1: the user inserts the smart card and enters identity , password , and fingerprint . The smart card computes , , , and and checks if and are equal. If not, it terminates the session. Otherwise, proceed to the next step. Step LA2: if the user is legal, the smart card generates a random number and current timestamp ; selects an identity of sensor node ; the smart card computes , , and . Then, sends message to GWN via a public channel. Step LA3: on receiving the message from , GWN checks the time stamp first. GWN gets the current time and compares with if , where is the predefined threshold value, and GWN terminates the session. Otherwise, according to , GWN extracts identity , random number , and of user from the storage table. Then, GWN computes , , , and and compares with . If they are not equal, terminate the session. Otherwise, the user is legal. In addition, GWN generates a timestamp and session key and computes and . Finally, GWN sends the message to the sensor node via an open channel. Step LA4: on receiving the message , gets the current time and compares with . If , terminate the session. Otherwise, computes and . Then, compares with . If they are not equal, terminate the session. Otherwise, generates a timestamp and computes . Finally, updates and sends the message to GWN via an open channel. Step LA5: on receiving the message , GWN gets the current time ; if , compute . Then, GWN compares with . If they are not equal, terminate the session. Otherwise, GWN generates a random number and and computes , , , and . Then, GWN updates , , and with , , and . Finally, GWN sends the message to via an open channel. Step LA6: on receiving the message , gets the current time ; if , compute , , and . Then, compares with . If they are equal, updates and with and and completes the authentication.

2.3. Password Change Phase

Step PC1: the user inserts the smart card and enters identity , password , and fingerprint . The smart card computes , , , and and compares with , which is stored in the smart card. If the values are equal, the smart card allows to enter a new password . Otherwise, it rejects the request for password change. Step PC2: the smart card computes , , and . Step PC3: finally, the smart card deletes and and stores and .

3. Analysis of the Shuai et al.’s Scheme

In this section, we will show that Shuai et al.’s protocol has some security flaws.

3.1. Modification of Messages/Desynchronization Attack

In Shuai et al.’s scheme, updates and sends the message to GWN via an open channel in Step LA5. On receiving the message , GWN gets the current time ; if , compute . If , updates . Suppose an attacker intercepts or changes information , will not update before the session terminated. Therefore, and store different . The sensor node is paralyzed.

The same attack method can be used between and the user . If an attacker intercepts or changes information between Step LA5 and Step LA6, will not update the value of . However, has updated already. Later on, cannot pass the authentication of .

3.2. Stolen-Verifier Attack

In their scheme, stores . is the identity of sensor node ; the random number is generated by for the sensor node .

Assuming that and of each node is known by the attacker , can eavesdrop on via an open channel. By computing , the attacker gets session key and user’s identity .

If attacker knows , he/she can intercept all messages and impersonate any sensor node. After knowing , can forge and send the message to the sensor node , where and . , , and can be randomly generated by the attacker . The sensor node verifies the message by computing and and checks if . There is no doubt that they are equal. Then, the sensor node updates and cannot respond to the legitimate request. Finally, the sensor node is paralyzed.

So, if an attacker can get access to the database, he/she can obtain session key , impersonate sensor nodes, or paralyze sensor nodes.

3.3. No Perfect Forward Security

In Shuai et al.’s scheme, if an attacker obtains the secret random number stored in the sensor node , he/she can get the current session key by computing , where is the identity of and is transmitted via an open channel and can be eavesdropped on by the attacker . The next long-term key is updated by . It is easy for the attacker to eavesdrop next via an open channel; then, the next session key can be computed by . Therefore, the scheme of Shuai et al. cannot provide perfect forward/backward security.

4. Our Proposed Scheme

In this section, we propose a new three-factor anonymous authentication scheme using ECC and fuzzy extractor algorithm. Table 1 shows the notations and intuitive abbreviations mentioned in the proposed scheme.

4.1. System Setup Phase

chooses an elliptic curve defined over , where is a finite field defined over a large prime number . is a generator point on the curve. chooses a secret parameter . computes public key as and publishes , , , and , where and are reproduction and generation algorithm of fuzzy extractor algorithm, respectively. is a hash function.

4.2. User Registration Phase

Step UR1: chooses its and sends to via a private channel. Step UR2: verifies the effectiveness and legitimacy of ; if not, requests to choose a new . Otherwise, computes . stores the information into a smart card (SC) and transmits it to . Step UR3: inserts the SC into a card reader and enters its , , and fingerprint ; the device computes

Then, updates with . Finally, are stored in SC.

4.3. Sensor Node Registration Phase

Step SR1: chooses a unique identity for sensor node and computes . Then, sends to via a private channel. Step SR2: upon receiving , stores them into its memory.

4.4. Login and Authentication Phases

Step LA1: inserts the smart card into the device and inputs the identity and the password and enters the fingerprint . Then, the device calculates If , SC refuses the login request of . Otherwise, go on. Step LA2: creates a random number and computes where is the public key of , is the current timestamp, And sends the message to via a public channel. Step LA3: on receiving , first checks the timestamp. creates the current time ; if , terminate the session. Otherwise, computes If , declines the request. Otherwise, generates the current time and calculates transmits the message to via an open channel. Step LA4: after obtaining the message , checks whether , where is the current timestamp. If not, rejects the session. Otherwise, computes If , terminate the session. Otherwise, generates a random number and the current time and computes sends the message to via an open channel. Step LA5: upon receiving the message , generates the current timestamp and ensures that ; if it is not, reject the session; otherwise, computes If , terminate the session. Otherwise, the authentication is completed. Figure 1 demonstrates the steps of the mutual authentication and the key agreement phase.

5. Informal Security Analysis

In this section, we discuss the possible attacks on the proposed scheme.

5.1. Stolen and Hyphen: Verifier Attack

In our proposed scheme, does not store information related to the verification table. Therefore, there is no stolen-verifier attack against our proposed scheme.

5.2. Offline Password Guessing Attack

In our proposed scheme, , , , and are transmitted via an open channel; even if an attacker eavesdrops on the communication and obtains these messages, he/she cannot guess the password. Because the password and fingerprint are used in login verification and not transmitted openly. Though an attacker obtains the message stored in smart card, where and , he/she cannot verify whether the guessed password is correct without knowing the biometric key .

5.3. Replay Attack

Suppose that an adversary impersonates user and intercepts and replays . The replayed cannot pass the ‘s verification process if the timestamp is invalid. Even if a replay of worked, and gets ; however, the session key , where and is a random number created by . cannot obtain or . Therefore, it is useless to replay .

Suppose that replays ’s messages or sensor nodes’ messages. First, the replayed messages cannot pass the validity verification of the timestamp. In addition, , , and generate new random numbers in a new session, which are used in the verification and generation of the session key. Therefore, our scheme is resistant to replay attacks.

5.4. Forger Attack and Impersonation Attack

Suppose an attacker impersonates the user and sends to , where and ; if the attacker does not have , , and , he/she cannot forge . In other words, the attacker cannot impersonate a user.

If the attacker tries to impersonate and forge , where and , the attacker does not know , so the forged cannot pass the verification of .

If the attacker impersonates the sensor node, he/she cannot forge valid without knowing and .

5.5. Smart Card Loss Attack

Suppose the smart card stolen by an attacker ; can get , where , is the reproduction parameter of the fuzzy extractor algorithm, , is the public key of , and is the base point of the elliptic curve. and are protected by the user’s biometric information and password. Therefore, an attacker cannot get any plaintext information or pass through the verification without knowing , , and .

5.6. Sensor Node Capture Attack

In the proposed scheme, each sensor node stores , where , is the identity of the sensor, and is the base point on the curve. An attacker cannot get even if he/she captures the sensor. In other words, capturing a sensor node cannot influence other sensor nodes. Therefore, the proposed scheme resists sensor capture attacks.

5.7. Known‐Key Attack

The session key , where and are random numbers generated in every session, and the CDH problem is intractable. Therefore, even if an attacker gets session keys, he/she cannot solve the CDH problem.

5.8. Anonymity and Unlinkability

In the authentication phase of the proposed scheme, the user’s identity is contained in the message , where , , and . The user’s identity is protected by ; only the gateway can obtain the user’s real identity. So, our scheme meets the requirement of anonymity. At the same time, because the random number and the timestamp are contained in , which is changed in each session, therefore, our scheme is also unlinkability.

5.9. Perfect Forward Secrecy

In the proposed scheme, the session key . Even if an adversary can know the user’s all secret information and the secret key of GWN, , and , but he/she still cannot compute because of the intractability of the computational Diffie–Hellman (CDH) problem. So, the proposed scheme can achieve perfect forward secrecy.

6. Formal Security Analysis Using ProVerif

ProVerif is a formalized cryptographic protocol verification tool based on the Dolev–Yao model, which can describe various cryptographic primitives. When using the ProVerif tool to validate a cryptographic protocol, the tool will present a corresponding sequence of attacks if the protocol is vulnerable.

As shown in Figure 2, we defined channels, basic types, and functions. The proposed scheme involves 5 events, namely, ULoginPhase(), UAuthenticationPhase(), UserSessionKey(), SNSessionKey(), and GWNAuthentication(). ULoginPhase() indicates the login phase of the user, UAuthenticationPhase() indicates the user sends authentication request, GWNAuthentication() indicates the gateway pass the authentication of the user, SNSessionKey() indicates sensor node agrees on the session key, and UserSessionKey() indicates the user agrees the session key. Figure 3 shows the above events and queries.

The operations of the user, , and sensor node are shown in Figure 4, Figure 5, and Figure 6, respectively. Figure 7 exhibits the main process. According to the result in Figure 8, the proposed scheme can provide security of the session key, the password of the user, and the secret parameter of . Meanwhile, the process of mutual authentication is executed in sequence.

7. Performance Comparison

In this section, we analyze the security and performance comparison between our schemes with some related schemes. Table 2 shows the comparison of attacks/properties of the schemes. Compared with Shuai et al.’s scheme, our scheme is more secure to various known attacks and has some good properties. As shown in Table 3, we can see the comparison of computational cost between the proposed scheme and the related schemes [19–21, 23, 24], where represents hash operation time, is the time of the symmetric encryption/decryption operation, and denotes the time cost of ECC operation. In the environment [18] of Windows 10 64 bit laptop, Intel (R) Core (TM) i5-6300HQ CPU @ 2.30 GHz, 12 GB RAM, we get (millisecond), , and . It can be seen from Table 3 that our scheme takes less time than related schemes. Compared with Shuai et al.’s scheme, our scheme overcomes the problem of Shuai et al.’s scheme, the computation cost is a little more than Shuai et al.’s scheme to achieve the perfect forward secrecy.

8. Conclusion

In this paper, we first pointed out Shuai et al.’s scheme is vulnerable to desynchronization attack, stolen-verifier attack, and no perfect forward security. In addition, we propose a new three-factor authentication using ECC and fuzzy extractor algorithm, which not only defends against the above attacks but also defends other attacks as shown in informal security analysis. We also simulate the proposed scheme for its formal security verification using the ProVerif tool to prove the security. Its performance analysis shows that it has less communication cost than the related schemes, and it can be applied to WSN in IoT. In the future, we will design block chain-based anonymous authentication scheme for WSN in IoT.

Data Availability

The data used to support the findings of the study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This research was supported by the National Key R&D Program of China (Grant no. 2017YFB0802000, URL: http://www.most.gov.cn/) and the National Natural Science Foundation of China (Grant nos. 61702152 and 61702153, URL: http://www.nsfc.gov.cn/).

References

M. T. Lazarescu, “Design of a WSN platform for long-term environmental monitoring for IoT applications,” IEEE Journal on emerging and selected topics in circuits and systems, vol. 3, no. 1, pp. 45–54, 2013.
View at: Publisher Site | Google Scholar
Q. Xie, W. Liu, S. Wang, L. Han, B. Hu, and T. Wu, “Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care,” Journal of Medical Systems, vol. 38, no. 9, 2014.
View at: Publisher Site | Google Scholar
F. Li and P. Xiong, “Practical secure communication for integrating wireless sensor networks into the internet of things,” IEEE Sensors Journal, vol. 13, no. 10, pp. 3677–3684, 2013.
View at: Publisher Site | Google Scholar
W. K. Seah, Z. A. Eu, and H. P. Tan, “Wireless sensor networks powered by ambient energy harvesting (WSN-HEAP)-Survey and challenges,” in Proceedings of the 2009 1st International Conference on Wireless Communication, Vehicular Technology, pp. 1–5, IEEE, Aalborg, Denmark, May 2009.
View at: Publisher Site | Google Scholar
M. Turkanović, B. Brumen, and M. Hölbl, “A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion,” Ad Hoc Networks, vol. 20, pp. 96–112, 2014.
View at: Google Scholar
M. S. Farash, M. Turkanović, S. Kumari, and M. Hölbl, “An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment,” Ad Hoc Networks, vol. 36, pp. 152–176, 2016.
View at: Publisher Site | Google Scholar
R. Amin and G. P. Biswas, “A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks,” Ad Hoc Networks, vol. 36, pp. 58–80, 2016.
View at: Publisher Site | Google Scholar
Q. Xie, J. Zhao, and X. Yu, “Chaotic maps-based three-party password-authenticated key agreement scheme,” Nonlinear Dynamics, vol. 74, no. 4, pp. 1021–1027, 2013.
View at: Publisher Site | Google Scholar
S. A. Chaudhry, “Designing an efficient and secure message exchange protocol for internet of vehicles,” Security and Communication Networks, vol. 2021, Article ID 5554318, 9 pages, 2021.
View at: Publisher Site | Google Scholar
M. Rana, A. Shafiq, I. Altaf et al., “A secure and lightweight authentication scheme for next generation IoT infrastructure,” Computer Communications, vol. 165, pp. 85–96, 2021.
View at: Publisher Site | Google Scholar
M. L. Das, “Two-factor user authentication in wireless sensor networks,” IEEE Transactions on Wireless Communications, vol. 8, no. 3, 2009.
View at: Publisher Site | Google Scholar
M. K. Khan and K. Alghathbar, “Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’,” Sensors, vol. 10, no. 3, pp. 2450–2459, 2010.
View at: Publisher Site | Google Scholar
P. Kumar, S. G. Lee, and H. J. Lee, “E-SAP: efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks,” Sensors, vol. 12, no. 2, pp. 1625–1647, 2012.
View at: Publisher Site | Google Scholar
D. He, N. Kumar, J. Chen, C. C. Lee, N. Chilamkurti, and S. S. Yeo, “Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks,” Multimedia Systems, vol. 21, no. 1, pp. 49–60, 2015.
View at: Publisher Site | Google Scholar
X. Li, J. Niu, S. Kumari, J. Liao, W. Liang, and M. K. Khan, “A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity,” Security and Communication Networks, vol. 9, no. 15, pp. 2643–2655, 2016.
View at: Publisher Site | Google Scholar
F. Wu, L. Xu, S. Kumari, and X. Li, “An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks,” Multimedia Systems, vol. 23, no. 2, pp. 195–205, 2017.
View at: Publisher Site | Google Scholar
O. Mir, J. Munilla, and S. Kumari, “Efficient anonymous authentication with key agreement protocol for wireless medical sensor networks,” Peer-to-Peer Networking and Applications, vol. 10, no. 1, pp. 79–91, 2017.
View at: Publisher Site | Google Scholar
Q. Xie, D. S. Wong, G. Wang, X. Tan, K. Chen, and L. Fang, “Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 6, pp. 1382–1392, 2017.
View at: Publisher Site | Google Scholar
H. L. Yeh, T. H. Chen, P. C. Liu, T. H. Kim, and H. W. Wei, “A secured authentication protocol for wireless sensor networks using elliptic curves cryptography,” Sensors, vol. 11, no. 5, pp. 4767–4779, 2011.
View at: Publisher Site | Google Scholar
C. C. Chang and L. D. Hai, “A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks,” IEEE Transactions on Wireless Communications, vol. 15, pp. 357–366, 2015.
View at: Google Scholar
S. Challa, M. Wazid, A. K. Das et al., “Secure signature-based authenticated key establishment scheme for future IoT applications,” IEEE Access, vol. 5, pp. 3028–3043, 2017.
View at: Publisher Site | Google Scholar
M. Tanveer, G. Abbas, Z. H. Abbas, M. Bilal, A. Mukherjee, and K. S. Kwak, “LAKE-6SH: lightweight user authenticated key exchange for 6LoWPAN-based smart homes,” IEEE Internet of Things Journal, vol. 14, no. 8, pp. 1–14, 2021.
View at: Publisher Site | Google Scholar
Q. Xie, K. Li, X. Tan, L. Han, W. Tang, and B. Hu, “A secure and privacy-preserving authentication protocol for wireless sensor networks in smart city,” EURASIP Journal on Wireless Communications and Networking, vol. 119, no. 1, pp. 1–17, 2021.
View at: Publisher Site | Google Scholar
M. Shuai, N. Yu, H. Wang, L. Xiong, and Y. Li, “A lightweight three-factor Anonymous authentication scheme with privacy protection for personalized healthcare applications,” Journal of Organizational and End User Computing, vol. 33, no. 3, pp. 1–18, 2021.
View at: Publisher Site | Google Scholar
B. Blanchet, “An efficient cryptographic protocol verifier based on prolog rules,” in Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW-14), pp. 82–96, Cape Breton, NS, Canada, June 2014.
View at: Google Scholar
D. Dolev and A. Yao, “On the security of public key protocols,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 Qi Xie et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

851

Downloads

773

Citations