Skip to main content
SpringerLink
Log in

An improved and provably secure three-factor user authentication scheme for wireless sensor networks

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

In wireless sensor networks(WSNs), the process that a legal user retrieving the information in real-time from the sensor nodes should be based on mutual authentication among the user, the sensors and the gateway. So security issues have attracted researchers. In 2014, A. K. Das proposed a new three-factor user authentication scheme for WSNs to overcome the disadvantages in Jiang et al.’s two-factor user authentication scheme. However, we find that the scheme has several weaknesses including susceptibility to the off-line guessing attack and the de-synchronization attack and destitution of strong forward security. We also find weaknesses in two three-factor user authentication schemes for WSNs presented by A. K. Das in 2015, containing under the off-line password guessing attack and the user forgery attack. Also, the two schemes lack user anonymity and strong forward security. Then we give an improved three-factor remote authentication scheme for WSNs to eliminate the above weaknesses. To illustrate the security of our scheme, we give a standard formal proof in the random oracle model, a formal verification with ProVerif and the informal analysis of security properties. The results demonstrate that our scheme is robust enough to keep away from various security vulnerabilities. Through the comparison with some other recent schemes, ours is suitable for the application.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdalla M, Izabachene M, Pointcheval D (2008) Anonymous and transparent gateway-based password-authenticated key exchange. Springer, pp 133–148

  2. Althobaiti O, Al-Rodhaan M, Al-Dhelaan A (2013) An efficient biometric authentication protocol for wireless sensor networks. Int J Distrib Sensor Netw 2013

  3. Blanchet B, Allamigeon X, Smyth B Online demo for proverif. http://proverif.rocq.inria.fr/index.php

  4. Bresson E, Chevassut O, Pointcheval D (2003) Security proofs for an efficient password-based key exchange. In: Proceedings of the 10th ACM conference on computer and communications security. ACM, pp 241–250

  5. Chen T H, Shih W K (2010) A robust mutual authentication protocol for wireless sensor networks. Etri J 32(5):704–712

    Article  Google Scholar 

  6. Das A K (2014) Cryptanalysis of an efficient biometric authentication protocol for wireless sensor networks. Springer, pp 1–9

  7. Das AK (2014) A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. In: Peer-to-Peer Netw Appl, pp 1–22. doi:10.1007/s12083-014-0324-9

  8. Das AK (2015) A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. Int J Commun Syst. doi:10.1002/dac.2933

  9. Das AK (2015) A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. In: Wirel Pers Commun, pp 1–28. doi:10.1007/s11277-015-2288-3

  10. Das M L (2009) Two-factor user authentication in wireless sensor networks. IEEE T Wirel Commun 8 (3):1086–1090

    Article  Google Scholar 

  11. Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Advances in cryptology-Eurocrypt 2004. Springer, pp 523–540

  12. Dolev D, Yao A C (1983) On the security of public key protocols. IEEE T Inform Theory 29(2):198–208

    Article  MathSciNet  MATH  Google Scholar 

  13. Fan C I, Lin Y H (2009) Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE T Inform Forensics Secur 4(4):933–945

    Article  Google Scholar 

  14. Guo P, Wang J, Geng X H, Kim C S, Kim J U (2014) A variable threshold-value authentication architecture for wireless mesh networks. J. Int. Technol. 15(6):929–935

    Google Scholar 

  15. He D, Gao Y, Chan S, Chen C, Bu J (2010) An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc & Sensor Wirel Netw 10(4):361–371

    Google Scholar 

  16. Jiang Q, Ma J, Lu X, Tian Y (2014) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw Appl:1–12. doi:10.1007/s12083-014-0285-z

  17. Kang H, Hori Y, Katashita T, Hagiwara M, Iwamura K (2014) Cryptographie key generation from puf data using efficient fuzzy extractors. In: 2014 16th International conference on advanced communication technology (ICACT). IEEE, pp 23–26

  18. Khan M K, Alghathbar K (2010) Cryptanalysis and security improvements of ’two-factor user authentication in wireless sensor networks’. Sensors 10(3):2450–2459

    Article  Google Scholar 

  19. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in cryptology-CRYPTO 99. Springer, pp 388–397

  20. Kumar P, Lee H J (2011) Cryptanalysis on two user authentication protocols using smart card for wireless sensor networks. In: Wireless advanced (WiAd), 2011. IEEE, pp 241–245

  21. Lee J, Ryu S, Yoo K (2002) Fingerprint-based remote user authentication scheme using smart cards. Electron Lett 38(12):554–555

    Article  Google Scholar 

  22. Li X, Ma J, Wang W, Xiong Y, Zhang J (2013) A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Math Comput Modell 58(1): 85–95

    Article  Google Scholar 

  23. Li X, Niu J, Khan M K, Liao J (2013) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36(5):1365–1371

    Article  Google Scholar 

  24. Li X, Niu J W, Ma J, Wang W D, Liu C L (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 34(1):73–79

    Article  Google Scholar 

  25. Li X, Xiong Y, Ma J, Wang W (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769

    Article  Google Scholar 

  26. Liu Z, Wenger E, Gro β schä dl J (2014) Mote-ecc: Energy-scalable elliptic curve cryptography for wireless-sensor-networks. In: Boureanu I, Owesarski P, Vaudenay S (eds) Applied cryptography and network security, lecture notes in computer science, vol 8479. Springer International Publishing, pp 361–379, DOI 10.1007/978-3-319-07536-5_22

  27. Mangard S, Oswald E, Standaert F X (2011) One for all call for one: Unifying standard differential power analysis attacks. IET Inform Secur 5(2):100–110

    Article  Google Scholar 

  28. Messerges T S, Dabbish E A, Sloan R H (2002) Examining smart-card security under the threat of power analysis attacks. IEEE T Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  29. Pointcheval D, Zimmer S (2008) Multi-factor authenticated key exchange. In: Applied cryptography and network security. Springer, pp 277–295

  30. Wang D, Wang P (2014) Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw 20:1–15

    Article  Google Scholar 

  31. Watro R, Kong D, Cuti Sf, Gardiner C, Lynn C, Kruus P (2004) Tinypk: Securing sensor networks with public key technology. In: Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks. ACM, pp 59–64

  32. Wu F, Xu L (2013) Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J Med Syst 37(4). doi:10.1007/s10916-013-9958-z

  33. Wu F, Xu L, Kumari S, Li X (2015) A new and secure authentication scheme for wireless sensor networks with formal proof. Peer-to-Peer Netw Appl. doi:10.1007/s12083-015-0404-5

  34. Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Comput Electr Eng 45:274–285

    Article  Google Scholar 

  35. Xu L, Wu F (2014) Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J Med Syst.10.1007/s10916-014-0179-x

  36. Xu L, Wu F (2015) An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity. Secur Commun Netw 8(2):245–260. doi:10.1002/sec.977

    Article  MathSciNet  Google Scholar 

  37. Xue K, Ma C, Hong P, Ding R (2013) A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl 36(1):316–323

    Article  Google Scholar 

  38. Yeh H L, Chen T H, Liu P C, Kim T H, Wei H W (2011) A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 11(5):4767–4779

    Article  Google Scholar 

  39. Yoon E J, Yoo K Y (2011) A new biometric-based user authentication scheme without using password for wireless sensor networks. In: 2011 20th IEEE international workshops on enabling technologies: Infrastructure for collaborative enterprises (WETICE). IEEE, pp 279–284

  40. Yuan J, Jiang C, Jiang Z (2010) A biometric-based user authentication for wireless sensor networks. Wuhan Univ J Nat Sci 15(3):272–276

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgments

This research is supported by Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369, University Distinguished Young Research Talent Training Program of Fujian Province(Year 2016), and the National Natural Science Foundation of China under Grant No. 61300220, and it is also supported by PAPD and CICAEET.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Xiamen Institute of Technology, Xiamen, 361021, China

    Fan Wu

  2. School of Information Science and Technology, Xiamen University, Xiamen, 361005, China

    Lili Xu

  3. Department of Mathematics, Chaudhary Charan Singh University, Meerut, 250005, Uttar Pradesh, India

    Saru Kumari

  4. School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, 411201, China

    Xiong Li

  5. Nanjing University of Information Science and Technology, 210044, Nanjing, China

    Xiong Li

Authors
  1. Fan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lili Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fan Wu.

Ethics declarations

Conflict of interests

The authors declare that they have no conflict of interest.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wu, F., Xu, L., Kumari, S. et al. An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw. Appl. 11, 1–20 (2018). https://doi.org/10.1007/s12083-016-0485-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-016-0485-9

Keywords

Search

Navigation