A Provably Secure Three-Factor Authentication Protocol for Wireless Sensor Networks

Wu, Tsu-Yang; Yang, Lei; Lee, Zhiyuan; Chu, Shu-Chuan; Kumari, Saru; Kumar, Sachin

doi:https://doi.org/10.1155/2021/5537018

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Conclusion Data Availability Conflicts of Interest References Copyright Related Articles

Special Issue

Security, Trust and Privacy in Internet of Things

View this Special Issue

Research Article | Open Access

Volume 2021 | Article ID 5537018 | https://doi.org/10.1155/2021/5537018

A Provably Secure Three-Factor Authentication Protocol for Wireless Sensor Networks

Tsu-Yang Wu,¹Lei Yang,¹Zhiyuan Lee,¹Shu-Chuan Chu,¹Saru Kumari,²and Sachin Kumar³

Academic Editor: Mattin Pirouz Nia

Received27 Jan 2021

Revised12 Mar 2021

Accepted01 Apr 2021

Published16 Apr 2021

Abstract

The wireless sensor network is a network composed of sensor nodes self-organizing through the application of wireless communication technology. The application of wireless sensor networks (WSNs) requires high security, but the transmission of sensitive data may be exposed to the adversary. Therefore, to guarantee the security of information transmission, researchers propose numerous security authentication protocols. Recently, Wu et al. proposed a new three-factor authentication protocol for WSNs. However, we find that their protocol cannot resist key compromise impersonation attacks and known session-specific temporary information attacks. Meanwhile, it also violates perfect forward secrecy and anonymity. To overcome the proposed attacks, this paper proposes an enhanced protocol in which the security is verified by the formal analysis and informal analysis, Burross-Abadii-Needham (BAN) logic, and ProVerif tools. The comparison of security and performance proves that our protocol has higher security and lower computational overhead.

1. Introduction

With the development of artificial intelligence technologies [1–3], the application of sensors has become more common, and the demand for high-end sensors is also increasing day by day. Sensors have developed from wired sensors to today’s wireless sensors, and wireless sensors are the most common category in daily applications. The wireless sensor network [4, 5] is a self-organizing network formed by multiple functional nodes through wireless communication. These functional nodes include a large number of sensor nodes and gateway nodes. Sensor nodes perceive, collect, process, and transmit the information of the perceived object through the scope covered by the wireless sensor network.

Wireless body area network [6] usually installs sensors on clothes or attached to the human body and can also be implanted into the skin to monitor the user’s physical activities and the state of body functions. The physical health data monitored by the sensors are sent to the cloud server for storage and analysis through the Internet of Things (IoTs). Users can view these data through the Internet and understand the physical condition, to achieve the purpose of early treatment of illnesses and reduce the number of deaths due to diseases. Wireless sensors are used in the growth of crops to monitor environmental factors such as humidity, temperature, and light that affect crop growth. The data monitored by the sensors are sent to the gateway node, which can send the data to the user to understand the growth status of crops, achieve the harvesting effect, and increase the income of farmers. The data collected by wireless sensor networks, whether used in military, medical, or other environments, is sensitive and private [7–13], so it is important to establish a secure authentication mechanism. Figure 1 shows a typical architecture in the wireless sensor network.

In most authentication mechanisms of the wireless sensor networks, there are three components: user, sensor node, and gateway node. This paper will adopt such a structure, after the user logs in to the network, the data in the sensor are obtained through the gateway, and message authentication and key exchange are completed in this process. Since WSN is an open network, only using the password as a factor for encryption authentication will lead to a large number of vulnerabilities. In 2009, Das [14] proposed a protocol for encryption and authentication in wireless sensor network environments with a password and smart card. In 2010, Khan and Alghathbar [15] considered that in the protocol [14], users could not update their passwords and would be subject to internal privilege attacks. To solve these security vulnerabilities, they improved the protocol based on [14]. Chen and Shih [16] believed that [14] had security flaws in mutual authentication. To solve these flaws, they proposed a mutual authentication protocol that could be robust in wireless sensor networks. Vaidya et al. [17] found that Das’s protocol [14] could be attacked by stolen smart card attacks, password guessing attacks, and other attacks, so Vaidya et al. improved a two-factor authentication protocol in the WSN environment. In 2016, Vaidya et al. [18] believed that [14–16] would be subject to stolen smart card attacks and sensor impersonation attacks and proposed two-factor authentication based on the key agreement in WSNs. Kim et al. [19] pointed out that [18] cannot resist gateway node bypass attacks and user impersonation attacks and eliminated these security flaws by improving the scheme. With the rapid development of WSNs, more and more two-factor schemes have been proposed in the wireless sensor network environments [20–23].

To solve the security vulnerabilities in two-factor authentication (such as stolen smart card attacks and password guessing attacks), biometric data is added as the third factor to the authentication scheme of the wireless sensor network. In 2010, Yuan et al. [24] found that Wong et al.’s dynamic authentication scheme [25] was vulnerable to the threat of the same ID and the stolen-verifier attack. They proposed a scheme based on biometric user authentication in the wireless sensor network environment. In 2011, Yoon and Yoo [26] found that Yuan et al.’s scheme [24] would be subject to an insider attack and impersonation attack and also had message integrity problems. Then, they proposed a wireless sensor network authentication scheme based on the smart card and biometric without the password. In 2013, Althobaiti et al. [27] pointed out that Yoon et al.’s scheme [26] would be subject to denial of service attacks and proposed an efficient authentication protocol based on biometric for WSNs. In 2015, Das [28] proposed a three-factor user authentication scheme for distributed WSNs. In 2017, Das [29] also proposed a new user authentication scheme based on biometrics. In the same year, Maurya and Sastry [30] considered that [29] would be attacked by a stolen smart card and proposed efficient user authentication protocols for WSNs and the IoTs. In 2018, Wu et al. [31] believed that both [28, 29] had security vulnerabilities such as offline password guessing attacks, user impersonation attacks, and violation of perfect forward security and then proposed an improved three-factor scheme. In the same year, Das et al. [32] proposed an authentication scheme based on biometrics to protect user privacy in the cloud environment. Then, Ryu et al. [33] pointed out that [31] could not provide user anonymity and was also subject to user impersonation attacks. In 2019, Hussain and Chaudhry [34] found that [32] would be subject to the smart card stolen attacks and traceability attacks and could not provide perfect forward security. In the same year, Chen et al. [35] proposed an improved three-factor authentication scheme under the medical wireless sensor network.

Recently, Wu et al. [36] believed that [32, 35] were attacked by the off-line password guessing attacks. Therefore, they proposed a new three-factor authentication protocol for wireless sensor networks with the concept of the Internet of Things and claimed that the protocol has higher security advantages. However, we found that their protocol cannot resist key compromise impersonation attacks, violates perfect forward security, cannot provide anonymity, and cannot resist known session-specific temporary information attacks. This paper presents an improved three-factor authentication protocol for provable security. Through the formal analysis in the Real-Or-Random (ROR) model and the informal analysis, the security of the protocol is proved. Further, we also prove the security through BAN logic and ProVerif tools. The comparison of security and performance proves that the improved protocol has higher security and lower computational overhead.

The framework of the rest of this paper is as follows. In the second and third sections, we give a brief review and cryptanalysis of the protocol proposed by Wu et al. Section 4 describes the improved protocol in detail. Section 5 is the security proof of the improved protocol. Section 6 is the comparison of performance and security. Section 7 is the summary of the whole paper.

2. Review of Wu et al.’s Protocol

Wu et al.’s protocol [36] mainly includes two phases: registration and authentication and key exchange. The symbols and descriptions used in this paper are shown in Table 1.

2.1. Registration

Sensor Node Registration. Sensor selects its own identity and sends to gateway node . Then, selects as the master key and computes . Finally, sends to .

User Registration. User selects his own and sends it to the system administrator . Then, checks whether exists in its database. If it exists, reject the request. Otherwise, selects and computes , . The values are stored in a smart card SC and is stored in SA’s database. Finally, sends SC to . Upon receiving the smart card, enters his , , selects , and computes , , , , and . Then, stores to SC and deletes from SC. Note that, all communications in this phase are based on a secure channel.

2.2. Authentication and Key Exchange

inserts SC and enters , , and . Then, the smart card selects , and computes , , , , , , , , , . Finally, sends to .

first checks whether is valid. If it times out, the request is terminated. Otherwise, calculates , , and then searches for in its database. If it is not found, terminates. Otherwise, computes , , , and verifies . If the verification holds, selects and calculates , , and . Finally, sends to .

first checks whether is valid. If it times out, the communication is terminated. Otherwise, calculates and verifies . If the verification holds, selects , and computes , , and . Finally, sends to .

first checks whether is valid. If it times out, the communication is terminated. Otherwise, calculates , and verifies . If the verification holds, selects , and computes , , , and . Finally, sends to .

first checks whether is valid. If it times out, the communication is terminated. Otherwise, calculates , , , , and verifies . If the verification holds, computes and stores to the smart card and deletes the old .

After finish the above steps, , , and can establish a session to communicate. Note that, and are used in the next section.

3. Cryptanalysis of Wu et al.’s Protocol

In this section, we found that Wu et al.’s protocol [36] is subject to key compromise impersonation attacks and known session-specific temporary information attacks. Meanwhile, their protocol violates perfect forward secrecy and anonymity.

Here, we define the capabilities of adversary according to the literature [29, 35, 37]. (1)Messages transmitted over public channels can be eavesdropped, intercepted, modified, and replayed by (2) may try to guess the user’s password and identity in polynomial time(3) may successfully steal the user’s SC such that some important parameters can be obtained by (4) may obtain the long-term key of each entity

Note that stealing the smart card and obtaining the long-term key cannot be performed at the same time in our proposed following attacks.

3.1. Key Compromise Impersonation Attacks

Key compromise impersonation attacks [38] mean that adversary knows the long-term key of one entity and tries to impersonate the other entity. Here, we assume that obtains the long-term private key of . After intercepting , can recover , , , , , , and .

In the following, we show that can impersonate to establish a session key with by the above values. (1) intercepts and selects a random number and timestamp . Then, computes , , and sends to (2) checks whether is valid. If it times out, the communication is terminated. Otherwise, calculates , , and verifies . The following steps are similar to the authentication phase in Subsection 2.2 except . Then, sends to (3) checks whether is valid. If it times out, the communication is terminated. Otherwise, calculates = , , , , and verifies . It is easy to see that the result is true

Thus, believes that he can establish a session key with (impersonated by ).

3.2. Violating Perfect Forward Secrecy and Anonymity

By the similar attack approach in Subsection 3.1, suppose that gets and intercepts , . Then, can recover and , where , , . In other words, Wu et al.’s protocol violates perfect forward secrecy and anonymity.

3.3. Known Session-Specific Temporary Information Attacks

Here, assume that the adversary gets the temporary value and intercepts . Then, can recover the current session key , where . Furthermore, can compute update values and by intercepting , , and , where .

In the next section, may intercept messages , , and to recover , . The session key can be computed by . Meanwhile, the newest updated values , can be computed. Thus, under a known session-specific temporary information attack approach, we can conclude that Wu et al.’s protocol not only violates “perfect forward secrecy” but also not provides “backward secrecy.”

4. Improved Protocol

In order to fix our proposed security flaws of Wu et al.’s protocol [36], an enhanced protocol is present.

4.1. Registration

Sensor Node Registration. selects , and sends to via a secure channel. Then, calculates , , and stores in its database. Finally, sends to . After receiving , computes and stores in its memory.

User Registration. selects , and inputs his to compute and , where . Then, sends to via a secure channel. After receiving , checks whether exits its database. If so, deleting the relevant records in the database and reregister. Otherwise, selects and computes , , and . Then, stores in and sends to via a secure channel. Meanwhile, is stored in ’s database. After receiving , stores in .

The sensor node registration phase and the user registration phase are shown in Figure 2.

4.2. Authentication and Key Exchange

inserts and enters , , and . Then, can compute , , , to check whether is equal to . If the verification holds, generates , , and computes , , , , . Finally, sends to .

Upon receiving , first checks whether is valid. If the times out, the communication is terminated. Otherwise, according to finds the corresponding in its database and computes , . Then, checks whether equals to . If not, the session is terminated. Otherwise, computes , and verifies . If the verification holds, generates , and computes , , , . Finally, sends to .

Upon receiving , first checks whether is valid. If the times out, the communication is terminated. Otherwise, computes , and verifies . If the verification holds, generates , and computes , , . Finally, sends to .

Upon receiving , first checks whether is valid. If times out, the communication is terminated. Otherwise, computes , and verifies . If the verification holds, generates and computes , . Finally, sends to .

Upon receiving , first checks whether is valid. If times out, the communication is terminated. Otherwise, computes , , and verifies . If the verification holds, is set as a session key used to communicate between , , and .

The authentication and key exchange phase is shown in Figure 3.

5. Proof of Security

5.1. Correctness by BAN Logic

In this subsection, we use BAN logic to show the correctness of our improved protocol. As far as the proposed protocol is concerned, we need to prove that , , and share a session key through rigorous logical analysis. The symbols and rules used for BAN logic are referred to [39–41].

5.1.1. Rules

(i) (Message meaning (M-M) rule): (ii) (Nonce verification (N-V) rule): (iii) (Jurisdiction rule): (iv) (Session key (S-K) rule):

5.1.2. Goals

(i): (ii): (iii): (iv): (v):(vi):(vii):

5.1.3. Idealize the Communication Messages

(i).(ii).(iii).(iv).(v)

5.1.4. Initial Assumptions

(i)(ii)(iii)(iv)(v)(vi)(vii)(viii)(ix)(x)(xi)(xii)(xiii)(xiv)(xv)(xvi)(xvii)(xviii)(xix)(xx)(xxi)(xxii)(xxiii)(xxiv)(xxv)(xxvi)

5.1.5. The Proof of our Proposed Protocol via BAN Logic

By , we have and further Base on , , and (Jurisdiction rule), we can obtain According to , it implies . By , , and (M-M rule), it implies . By , , and (N-V rule), we can obtain According to , , and (Jurisdiction rule), it implies According to , we have . By , , and (M-M rule), it implies . By , , and (N-V rule), we can obtain According to , , and (Jurisdiction rule), it implies

By , we have and further Base on , , and (Jurisdiction rule), we can obtain By , , and (S-K rule), it implies According to , we have . Base on , , and (M-M rule), it implies . By , and (N-V rule), we can obtain According to , , and (Jurisdiction rule), it implies Base on , , and (S-K rule), we have According to , we have . By , , and (M-M rule), it implies By , , and (N-V rule), we can obtain Base on , , and (Jurisdiction rule), it implies Since , is obtained. According to , , and (S-K rule), we can obtain .

By , we have and further . Base on , , and (M-M rule), we can obtain . By , and (N-V rule), it implies . Base on , and (Jurisdiction rule), we can obtain . According to , , and , it implies . Base on , , and (S-K rule), we can obtain . According to , , and (S-K rule), it implies .

By , we have Base on , , and (S-K rule), we can obtain According to , we have Base on , , and (M-M rule), it implies . By , , and (N-V rule), we can obtain . According to , , and (Jurisdiction rule), it implies .

By , we have Base on, , and (M-M rule), it implies . By , , and (N-V rule), we can obtain . Base on , , and (Jurisdiction rule), it implies . According to and , we can obtain . According to and , we can obtain .

5.2. Formal Security Analysis

In this section, we perform a formal security analysis of the improved protocol in ROR model [42–48]. The proposed protocol involves three entities, , , and . We use , and to represent the th instance of , the th instance of , and the th instance of , respectively. Here, we define that adversary has the ability to initiate the following query. Note that, . (i)𝐸𝑥𝑒𝑐𝑢𝑡𝑒(): if executes this query, it can obtain an entire communication record on the public channel(ii)𝑒𝑛𝑑(, 𝑀): if executes this query, it can send to and receive the response from (iii): if executes this query, it can input to get its hash value(iv): if executes this query, it can get secret values of one party, such as some parameter stored in the smart card, long-term secret key, or temporary information(v): if executes this query, it flips a coin . If , then can get the correct session key; if , gets a random string of the same length as the session key

Theorem 1. In the ROR model, assume that can make , , , , and queries. Then, the advantage of to break the proposed protocol in polynomial time is , where is the number of times to execute queries, is the number of times to execute queries, and are two constants [49], and is the bits of biological information.

Proof. We prove this theorem by following game sequences to . is defined by the probability that succeeds in , which is the probability that . The detailed simulations of queries in real attacks are shown in Tables 2 and 3. The details are as follows.

Flip to start the game. is a game played without any queries. Therefore, we can get the probability of successfully breaking as

The difference between and is that adds the query. In , just gets messages , , , and . After is over, queries the session key through , but , and are all confidential to . Therefore, the probability of and is equal, that is,

The difference between and is that adds the query. According to Zipf’s law [49], we can get

The difference between and is that adds the query and deletes the query. According to the birthday paradox, we can get

In this game, we discuss the security of the session key in two cases. The first is to obtain the long-term private key of to verify the perfect forward security; the second is to get temporary information to verify whether the known session-specific temporary information attacks can be resisted. (1)Perfect forward security. uses to try to get the private key of or uses or to try to get a secret value in the registration phase(2)Known session-specific temporary information attacks. uses either or or to try to obtain the temporary information of the corresponding party

In both cases, can only compute the session key through Send and Hash queries. For the first case, if only knows the private key of , or a secret value of or in the registration phase, it cannot get the temporary information , and in . For the second case, we assume that gets , but and are kept secret. Similarly, if or is leaked, the session key cannot be calculated. Therefore, we have

In this game, uses to get the parameters stored in the and attempts to launch the stolen smart card attacks and the offline password guessing attacks. Suppose gets according to , and computes , , until . However, , , and are all confidential to . The probability that can guess the biological information of the bits is [50]. In Zipf’s law [49], the probability of guessing the password is more than 0.5 when . Therefore, we get where and are constants depending on the size of the password.

The purpose of this game is to verify whether it can resist impersonation attacks. The difference between and is that when initiates query to guess the session key, the game is terminated. Therefore, we have

Since the probability of success and failure is equal, the probability of successfully guessing the session key is

According to formulas (1) to (8), we can get

Thus, we have .

5.3. Informal Security Analysis

5.3.1. Replay Attacks

The replay attacks are to send the sent message repeatedly, to launch some other attacks to interfere with normal communication. First, if is replayed, the session key cannot be successfully established between the user and the sensor, because the message cannot be validated by , and further, because each round and will be refreshed. So, let us see what happens when are replayed? If is replayed, the sensor passes the verification, and the same session key is established as the previous round, but the user will not verify this message because or will be updated every round. If or is replayed, the user will not pass the verification, and the session will be terminated for the same reason as that of . Therefore, our improved protocol is resistant to replay attacks.

5.3.2. Privileged-Insider Attacks

In this paper, we specify that privileged insiders only have access to the content stored in the gateway database. In other words, privileged insiders can get , but to calculate sensitive information such as and , they also need to obtain private information such as and gateway key , while . Therefore, our improved protocol is resistant to privileged-insider attacks.

5.3.3. Three-Factor Secrecy

The three factors are password, smart card, and biometric information. According to the previous analysis, and are the key parameters for launching an attack to compute the session key. Now, let get any two of the three factors. (1)Password and smart card. Even if knows the password and can extract the parameters from , he cannot be able to calculate and for any attack(2)Password and biometrics. If gets the password and biometrics and wants to compute , he needs to know and . However, is stored on a smart card(3)Biometrics and smart card. After obtains the biometric and smart card, he/she needs to know the information about and to calculate , so cannot compute

Therefore, our protocol provides three-factor secrecy.

5.3.4. User Anonymity

The real identity of the user only appears in the registration phase, as well as the authentication phase. However, in the authentication phase, the user enters his/her identity only when he/she logs in. During the authentication process, is always protecting the user’s identity. Therefore, our protocol provides anonymity.

5.4. ProVerif

ProVerif [30, 32, 50–53] is a formal simulation tool for automatic verification of cryptographic protocols developed by Bruno Blanchet and based on the Dolev-Yao model. It can describe various cryptographic primitives such as public-key cryptography, shared key cryptography, and hash function, and the syntax used is easy to master. In this paper, we use the ProVerif tool to verify whether the proposed protocol has vulnerabilities. If there are vulnerabilities, the ProVerif tool will return an attack sequence. The specific operation is as follows.

Our protocol involves three parties communicating with the user, sensor, and gateway, in addition to using two channels, an encrypted channel and a public channel. The symbols, functions, and related definitions involved in ProVerif are described in Figure 4(a).

(a) Definitions

(b) Events and queries

The proposed protocol involves 6 events, namely, UserStarted(), UserAuthed(), SensorAcGWN(), GWNAcUser(), GWNAcSensor(), and UserAcGWN(), which, respectively, indicate that the user starts authentication, the user completes the authentication, the sensor completes the authentication to the gateway, the gateway completes the authentication to the user, the gateway completes the authentication to the sensor, and the user completes the authentication to the gateway. For the security of the proposed protocol, ProVerif will verify the user anonymity, the security of the session key, and the reasonableness of the authentication process. Figure 4(b) shows these events and queries.

Figure 5(a) shows the operations performed by the user and the sensor in the ProVerif. Figure 5(b) shows the operation of the gateway in the ProVerif. Figure 5(c) shows the results obtained after using the ProVerif tool to complete the verification. According to Figure 5(c), it is obvious that the proposed protocol can provide user anonymity and session key security, while the authentication process is executed in sequence.

(a) Process

(b) Process

(c) Results

6. Performance Comparison

In this section, we analyze the security and performance efficiency of the advanced protocol with that of [32, 35, 36].

6.1. Security Comparison

In Table 4, we demonstrate the security comparison. It is easy to see that our protocol is secure against well-known attacks. Das et al.’s protocol [32] cannot resist offline password guessing attacks and stolen smart card attacks. Meanwhile, their protocol does not provide perfect forward security and user anonymity. Although Chen et al.’s protocol [35] satisfies the last three vulnerabilities A5, A8, and A9, it still cannot resist the offline password guessing attacks. Wu et al.’s protocol [36] can resist offline password guessing attacks, but it is vulnerable to known session-specific temporary information attacks, impersonation attacks, and cannot provide perfect forward security and user anonymity.

6.2. Computational Cost Comparison

The performance is analyzed from the computation cost of protocols. Because the computational cost of XOR and join operations is too small, it can be ignored in comparison. Here, compare the consumption of login authentication and the key exchange phase. represents the time to execute a fuzzy extraction function. represents the time to perform a hash operation. represents the time to perform the symmetric encryption/decryption operation. Table 5 shows the computational cost comparison. The results show that the fuzzy extraction function is used once in the total computational cost of each protocol. In addition, Das et al.’s protocol [32], Wu et al.’s protocol [36], and our protocol all use hash operations. However, our protocol has the least number of hash operations. Chen et al.’s protocol [35] not only performed 18 hashing operations but also performed four symmetric encryption/decryption operations, consuming 4. As we all know, the cost of symmetric encryption/decryption operation is very higher than the cost of hash operation. In other words, our improved protocol has a lower computational cost and provides higher security than previous protocols.

6.3. Communication Cost Comparison

The performance is analyzed from the communication cost of protocols. We accept that the random number and identity are 160 bits, hash operation and the length of the ciphertext for symmetric encryption are 256 bits, and the timestamp is 32 bits.

In Das et al.’s protocol [32], the messages in the login and authentication phase are , , and , where is an identity, belong to random strings, are hash values, and are timestamps. The total communication cost of [32] is 1824 bits.

In Chen et al.’s protocol [35], the messages in the login and authentication phase are , , and , where are ciphertexts, are random strings, and is a hash value. The total communication cost of [35] is 1248 bits.

In Wu et al.’s protocol [36], the messages in the authentication phase are , , , and , where are identities, are random strings, are hash values, and are timestamps. The total communication cost of [36] is 2912 bits.

In our protocol, the messages in the authentication phase are , , , and , where are random strings, are hash values, and are timestamps. The total communication cost of our protocol is 2944 bits. The communication cost comparison is shown in Table 6.

According to Table 6, we can see that the number of rounds of Das et al.’s and Chen et al.’s protocol is less than the one of Wu et al.’s and our protocol. It is obvious that the communication cost of the first two protocols is lower. However, in Table 5, it can be seen that the computational costs of the first two protocols are relatively high. Although our protocol has a slightly higher communication cost than [36], the efficiency in practical application is almost the same. Furthermore, in Table 4, Wu et al.’s protocol [36] cannot resist known session-specific temporary information attacks and impersonation attacks and cannot provide perfect forward security and user anonymity.

7. Conclusion

In this paper, we have described the protocol of Wu et al. and found that their protocol was unable to resist known session-specific temporary information attacks, violated perfect forward and backward security, and could not provide user anonymity. In order to solve the vulnerabilities, we proposed a provably secure three-factor authentication protocol, which is proved to be secure by formal and informal security analysis, and the BAN logic, and the ProVerif tool. Finally, through the comparison of performance and security, our protocol can better ensure security and efficiency. In future work, we will work to further improve the security and performance of protocols in wireless sensors.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare no conflict of interest.

References

Z. Meng, J.-S. Pan, and K.-K. Tseng, “Pade: an enhanced differential evolution algorithm with novel control parameter adaptation schemes for numerical optimization,” Knowledge-Based Systems, vol. 168, pp. 80–99, 2019.
View at: Publisher Site | Google Scholar
X. Xue, C. Yang, C. Jiang, P.-W. Tsai, G. Mao, and H. Zhu, “Optimizing ontology alignment through linkage learning on entity correspondences,” Complexity, vol. 2021, Article ID 5574732, 12 pages, 2021.
View at: Publisher Site | Google Scholar
J.-S. Pan, N. Liu, S.-C. Chu, and T. Lai, “An efficient surrogate-assisted hybrid optimization algorithm for expensive optimization problems,” Information Sciences, vol. 561, pp. 304–325, 2021.
View at: Publisher Site | Google Scholar
X. Xue, X. Wu, C. Jiang, G. Mao, and H. Zhu, “Integrating sensor ontologies with global and local alignment extractions,” Wireless Communications and Mobile Computing, vol. 2021, Article ID 6625184, 10 pages, 2021.
View at: Publisher Site | Google Scholar
J. Zhang, H. Nian, X. Ye, X. Ji, and Y. He, “A spatial correlation based partial coverage scheduling scheme in wireless sensor networks,” Journal of Network Intelligence, vol. 5, no. 2, pp. 34–43, 2020.
View at: Google Scholar
Z. Wang, L. Gong, J. Yang, and X. Zhang, “Cloud-assisted elliptic curve password authenticated key exchange protocol for wearable healthcare monitoring system,” Concurrency and Computation: Practice and Experience, article e5734, 2020.
View at: Publisher Site | Google Scholar
Y. Wang, Y. Liu, H. Ma, Q. Ma, and Q. Ding, “The research of identity authentication based on multiple biometrics fusion in complex interactive environment,” Journal of Network Intelligence, vol. 4, no. 4, pp. 124–139, 2019.
View at: Google Scholar
W. Zeng and J. Zhang, “Leakage-resilient and lightweight authenticated key exchange for e-health,” in 2020 6th International Conference on Information Management (ICIM), pp. 162–166, London, UK, 2020.
View at: Google Scholar
J. M.-T. Wu, G. Srivastava, A. Jolfaei, P. Fournier-Viger, and J. C.-W. Lin, “Hiding sensitive information in ehealth datasets,” Future Generation Computer Systems, vol. 117, pp. 169–180, 2020.
View at: Publisher Site | Google Scholar
H. Xiong, Y. Zhao, Y. Hou et al., “Heterogeneous signcryption with equality test for IIoT environment,” IEEE Internet of Things Journal, p. 1, 2020.
View at: Publisher Site | Google Scholar
H. Xiong, Y. Wu, C. Jin, and S. Kumari, “Efficient and privacy preserving authentication protocol for heterogeneous systems in IIoT,” IEEE Internet of Things Journal, vol. 7, no. 12, pp. 11713–11724, 2020.
View at: Publisher Site | Google Scholar
J.-S. Pan, X.-X. Sun, S.-C. Chu, A. Abraham, and B. Yan, “Digital watermarking with improved sms applied for qr code,” Engineering Applications of Artificial Intelligence, vol. 97, p. 104049, 2021.
View at: Publisher Site | Google Scholar
T.-Y. Wu, T. Wang, Y.-Q. Lee, W. Zheng, S. Kumari, and S. Kumar, “Improved authenticated key agreement scheme for fog-driven IoT healthcare system,” Security and Communication Networks, vol. 2021, Article ID 6658041, 16 pages, 2021.
View at: Publisher Site | Google Scholar
M. L. Das, “Two-factor user authentication in wireless sensor networks,” IEEE Transactions on Wireless Communications, vol. 8, no. 3, pp. 1086–1090, 2009.
View at: Publisher Site | Google Scholar
M. K. Khan and K. Alghathbar, “Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’,” Sensors, vol. 10, no. 3, pp. 2450–2459, 2010.
View at: Publisher Site | Google Scholar
T.-H. Chen and W.-K. Shih, “A robust mutual authentication protocol for wireless sensor networks,” ETRI Journal, vol. 32, no. 5, pp. 704–712, 2010.
View at: Publisher Site | Google Scholar
B. Vaidya, D. Makrakis, and H. T. Mouftah, “Improved two-factor user authentication in wireless sensor networks,” in 2010 IEEE 6th International Conference on Wireless and Mobile Computing, Networking and Communications, pp. 600–606, Niagara Falls, ON, Canada, 2010.
View at: Google Scholar
B. Vaidya, D. Makrakis, and H. Mouftah, “Two-factor mutual authentication with key agreement in wireless sensor networks,” Security and Communication Networks, vol. 9, no. 2, 183 pages, 2016.
View at: Publisher Site | Google Scholar
J. Kim, D. Lee, W. Jeon, Y. Lee, and D. Won, “Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks,” Sensors, vol. 14, no. 4, pp. 6443–6462, 2014.
View at: Publisher Site | Google Scholar
H.-F. Huang, Y.-F. Chang, and C.-H. Liu, “Enhancement of two-factor user authentication in wireless sensor networks,” in 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 27–30, Darmstadt, Germany, 2010.
View at: Google Scholar
P. Kumar, M. Sain, and H. J. Lee, “An efficient two-factor user authentication framework for wireless sensor networks,” in 13th International Conference on Advanced Communication Technology (ICACT2011), pp. 574–578, Gangwon, Korea (South), 2011.
View at: Google Scholar
F. Wang, Y. Zhang, Y. Xu, L. Wu, and B. Diao, “A dos-resilient enhanced two-factor user authentication scheme in wireless sensor networks,” in 2014 International Conference on Computing, Networking and Communications (ICNC), pp. 1096–1102, Honolulu, HI, USA, 2014.
View at: Google Scholar
S. Shin and T. Kwon, “Two-factor authenticated key agreement supporting unlinkability in 5g-integrated wireless sensor networks,” IEEE Access, vol. 6, pp. 11229–11241, 2018.
View at: Publisher Site | Google Scholar
J. Yuan, C. Jiang, and Z. Jiang, “A biometric-based user authentication for wireless sensor networks,” Wuhan University Journal of Natural Sciences, vol. 15, no. 3, pp. 272–276, 2010.
View at: Publisher Site | Google Scholar
K. H. Wong, Y. Zheng, J. Cao, and S. Wang, “A dynamic user authentication scheme for wireless sensor networks,” in IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC’06), vol. 1, p. 8, Taichung, Taiwan, 2006.
View at: Google Scholar
E.-J. Yoon and K.-Y. Yoo, “A new biometric-based user authentication scheme without using password for wireless sensor networks,” in 2011 IEEE 20th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 279–284, Paris, France, 2011.
View at: Google Scholar
O. Althobaiti, M. Al-Rodhaan, and A. Al-Dhelaan, “An efficient biometric authentication protocol for wireless sensor networks,” International Journal of Distributed Sensor Networks, vol. 9, no. 5, Article ID 407971, 2013.
View at: Publisher Site | Google Scholar
A. K. Das, “A secure and efficient user anonymity-preserving Three-Factor authentication protocol for large-scale distributed wireless sensor networks,” Wireless Personal Communications, vol. 82, no. 3, pp. 1377–1404, 2015.
View at: Publisher Site | Google Scholar
A. K. Das, “A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor,” International Journal of Communication Systems, vol. 30, no. 1, article e2933, 2017.
View at: Publisher Site | Google Scholar
A. K. Maurya and V. N. Sastry, “Fuzzy extractor and elliptic curve based efficient user authentication protocol for wireless sensor networks and internet of things,” Information, vol. 8, no. 4, p. 136, 2017.
View at: Publisher Site | Google Scholar
F. Wu, L. Xu, S. Kumari, and X. Li, “An improved and provably secure three-factor user authentication scheme for wireless sensor networks,” Peer-to-Peer Networking and Applications, vol. 11, no. 1, pp. 1–20, 2018.
View at: Publisher Site | Google Scholar
A. K. Das, M. Wazid, N. Kumar, A. V. Vasilakos, and J. J. Rodrigues, “Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment,” IEEE Internet of Things Journal, vol. 5, no. 6, pp. 4900–4913, 2018.
View at: Publisher Site | Google Scholar
J. Ryu, H. Lee, H. Kim, and D. Won, “Secure and efficient three-factor protocol for wireless sensor networks,” Sensors, vol. 18, no. 12, p. 4481, 2018.
View at: Publisher Site | Google Scholar
S. Hussain and S. A. Chaudhry, “Comments on “biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment”,” IEEE Internet of Things Journal, vol. 6, no. 6, pp. 10936–10940, 2019.
View at: Publisher Site | Google Scholar
Y. Chen, Y. Ge, Y. Wang, and Z. Zeng, “An improved three-factor user authentication and key agreement scheme for wireless medical sensor networks,” IEEE Access, vol. 7, pp. 85440–85451, 2019.
View at: Publisher Site | Google Scholar
F. Wu, X. Li, L. Xu, P. Vijayakumar, and N. Kumar, “A novel three-actor authentication protocol for wireless sensor networks with IoT notion,” IEEE Systems Journal, vol. 15, pp. 1120–1129, 2020.
View at: Publisher Site | Google Scholar
M. F. Ayub, S. Shamshad, K. Mahmood, S. H. Islam, R. M. Parizi, and K.-K. R. Choo, “A provably secure two-factor authentication scheme for USB storage devices,” IEEE Transactions on Consumer Electronics, vol. 66, no. 4, pp. 396–405, 2020.
View at: Publisher Site | Google Scholar
B. A. Alzahrani, S. A. Chaudhry, A. Barnawi, A. Al-Barakati, and T. Shon, “An anonymous device to device authentication protocol using ECC and self certified public keys usable in internet of things based autonomous devices,” Electronics, vol. 9, no. 3, p. 520, 2020.
View at: Publisher Site | Google Scholar
M. Burrows, M. Abadi, and R. M. Needham, “A logic of authentication,” Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences, vol. 426, no. 1871, pp. 233–271, 1989.
View at: Google Scholar
R. Madhusudhan, M. Hegde, and I. Memon, “A secure and enhanced elliptic curve cryptography-based dynamic authentication scheme using smart card,” International Journal of Communication Systems, vol. 31, no. 11, 2018.
View at: Google Scholar
T.-Y. Wu, Z. Lee, L. Yang, J.-N. Luo, and R. Tso, “Provably secure authentication key exchange scheme using fog nodes in vehicular ad hoc networks,” The Journal of Supercomputing, 2021.
View at: Publisher Site | Google Scholar
O. Goldreich and S. Halevi, “The random oracle methodology, revisited,” in Proc. 30th ACM Symp. Theory of Computing, pp. 209–218, Dallas, TX, USA, 1998.
View at: Google Scholar
K.-H. Wang, C.-M. Chen, W. Fang, and T.-Y. Wu, “A secure authentication scheme for internet of things,” Pervasive and Mobile Computing, vol. 42, pp. 15–26, 2017.
View at: Publisher Site | Google Scholar
C.-T. Li, T.-Y. Wu, C.-L. Chen, C.-C. Lee, and C.-M. Chen, “An efficient user authentication and user anonymity scheme with provably security for IoT-based medical care system,” Sensors, vol. 17, no. 7, p. 1482, 2017.
View at: Publisher Site | Google Scholar
S. Banerjee, V. Odelu, A. K. Das et al., “A provably secure and lightweight anonymous user authenticated session key exchange scheme for internet of things deployment,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8739–8752, 2019.
View at: Publisher Site | Google Scholar
D. Abbasinezhad-Mood, S. M. Mazinani, M. Nikooghadam, and A. O. Sharif, “Efficient provably-secure dynamic ID-based authenticated key agreement scheme with enhanced security provision,” IEEE Transactions on Dependable and Secure Computing, p. 1, 2020.
View at: Publisher Site | Google Scholar
J.-C. Hsu, Y.-S. Jheng, S. M. M. Rahman, and R. Tso, “Password-based authenticated key exchange from lattices for client server model,” Journal of Computer Security and Data Forensics, vol. 1, no. 1, pp. 1–17, 2021.
View at: Google Scholar
T.-Y. Wu, Y.-Q. Lee, C.-M. Chen, Y. Tian, and N. A. Al-Nabhan, “An enhanced pairing-based authentication scheme for smart grid communications,” Journal of Ambient Intelligence and Humanized Computing, 2021.
View at: Publisher Site | Google Scholar
D. Wang, H. Cheng, P. Wang, X. Huang, and G. Jian, “Zipf’s law in passwords,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 11, pp. 2776–2791, 2017.
View at: Publisher Site | Google Scholar
V. Odelu, A. K. Das, and A. Goswami, “A secure biometrics-based multi-server authentication protocol using smart cards,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 9, pp. 1953–1966, 2015.
View at: Publisher Site | Google Scholar
B. Blanchet, B. Smyth, V. Cheval, and M. Sylvestre, “ProVerif 2.02 pl1: automatic cryptographic protocol verifier,” User Manual and Tutorial, 2020, https://prosecco.gforge.inria.fr/personal/bblanche/proverif/manual.pdf.
View at: Google Scholar
T.-Y. Wu, Z. Lee, M. S. Obaidat, S. Kumari, S. Kumar, and C.-M. Chen, “An authenticated key exchange protocol for multi-server architecture in 5G networks,” IEEE Access, vol. 8, pp. 28096–28108, 2020.
View at: Publisher Site | Google Scholar
T.-Y. Wu, L. Yang, Z. Lee, C.-M. Chen, J.-S. Pan, and S. H. Lslam, “Improved ECC-based three-factor multiserver authentication scheme,” Security and Communication Networks, vol. 2021, Article ID 6627956, 14 pages, 2021.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 Tsu-Yang Wu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1210

Downloads

947

Citations