Abstract
In wireless sensor networks(WSNs), the process that a legal user retrieving the information in real-time from the sensor nodes should be based on mutual authentication among the user, the sensors and the gateway. So security issues have attracted researchers. In 2014, A. K. Das proposed a new three-factor user authentication scheme for WSNs to overcome the disadvantages in Jiang et al.’s two-factor user authentication scheme. However, we find that the scheme has several weaknesses including susceptibility to the off-line guessing attack and the de-synchronization attack and destitution of strong forward security. We also find weaknesses in two three-factor user authentication schemes for WSNs presented by A. K. Das in 2015, containing under the off-line password guessing attack and the user forgery attack. Also, the two schemes lack user anonymity and strong forward security. Then we give an improved three-factor remote authentication scheme for WSNs to eliminate the above weaknesses. To illustrate the security of our scheme, we give a standard formal proof in the random oracle model, a formal verification with ProVerif and the informal analysis of security properties. The results demonstrate that our scheme is robust enough to keep away from various security vulnerabilities. Through the comparison with some other recent schemes, ours is suitable for the application.
Similar content being viewed by others
References
Abdalla M, Izabachene M, Pointcheval D (2008) Anonymous and transparent gateway-based password-authenticated key exchange. Springer, pp 133–148
Althobaiti O, Al-Rodhaan M, Al-Dhelaan A (2013) An efficient biometric authentication protocol for wireless sensor networks. Int J Distrib Sensor Netw 2013
Blanchet B, Allamigeon X, Smyth B Online demo for proverif. http://proverif.rocq.inria.fr/index.php
Bresson E, Chevassut O, Pointcheval D (2003) Security proofs for an efficient password-based key exchange. In: Proceedings of the 10th ACM conference on computer and communications security. ACM, pp 241–250
Chen T H, Shih W K (2010) A robust mutual authentication protocol for wireless sensor networks. Etri J 32(5):704–712
Das A K (2014) Cryptanalysis of an efficient biometric authentication protocol for wireless sensor networks. Springer, pp 1–9
Das AK (2014) A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. In: Peer-to-Peer Netw Appl, pp 1–22. doi:10.1007/s12083-014-0324-9
Das AK (2015) A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. Int J Commun Syst. doi:10.1002/dac.2933
Das AK (2015) A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. In: Wirel Pers Commun, pp 1–28. doi:10.1007/s11277-015-2288-3
Das M L (2009) Two-factor user authentication in wireless sensor networks. IEEE T Wirel Commun 8 (3):1086–1090
Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Advances in cryptology-Eurocrypt 2004. Springer, pp 523–540
Dolev D, Yao A C (1983) On the security of public key protocols. IEEE T Inform Theory 29(2):198–208
Fan C I, Lin Y H (2009) Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE T Inform Forensics Secur 4(4):933–945
Guo P, Wang J, Geng X H, Kim C S, Kim J U (2014) A variable threshold-value authentication architecture for wireless mesh networks. J. Int. Technol. 15(6):929–935
He D, Gao Y, Chan S, Chen C, Bu J (2010) An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc & Sensor Wirel Netw 10(4):361–371
Jiang Q, Ma J, Lu X, Tian Y (2014) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw Appl:1–12. doi:10.1007/s12083-014-0285-z
Kang H, Hori Y, Katashita T, Hagiwara M, Iwamura K (2014) Cryptographie key generation from puf data using efficient fuzzy extractors. In: 2014 16th International conference on advanced communication technology (ICACT). IEEE, pp 23–26
Khan M K, Alghathbar K (2010) Cryptanalysis and security improvements of ’two-factor user authentication in wireless sensor networks’. Sensors 10(3):2450–2459
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in cryptology-CRYPTO 99. Springer, pp 388–397
Kumar P, Lee H J (2011) Cryptanalysis on two user authentication protocols using smart card for wireless sensor networks. In: Wireless advanced (WiAd), 2011. IEEE, pp 241–245
Lee J, Ryu S, Yoo K (2002) Fingerprint-based remote user authentication scheme using smart cards. Electron Lett 38(12):554–555
Li X, Ma J, Wang W, Xiong Y, Zhang J (2013) A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Math Comput Modell 58(1): 85–95
Li X, Niu J, Khan M K, Liao J (2013) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36(5):1365–1371
Li X, Niu J W, Ma J, Wang W D, Liu C L (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 34(1):73–79
Li X, Xiong Y, Ma J, Wang W (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769
Liu Z, Wenger E, Gro β schä dl J (2014) Mote-ecc: Energy-scalable elliptic curve cryptography for wireless-sensor-networks. In: Boureanu I, Owesarski P, Vaudenay S (eds) Applied cryptography and network security, lecture notes in computer science, vol 8479. Springer International Publishing, pp 361–379, DOI 10.1007/978-3-319-07536-5_22
Mangard S, Oswald E, Standaert F X (2011) One for all call for one: Unifying standard differential power analysis attacks. IET Inform Secur 5(2):100–110
Messerges T S, Dabbish E A, Sloan R H (2002) Examining smart-card security under the threat of power analysis attacks. IEEE T Comput 51(5):541–552
Pointcheval D, Zimmer S (2008) Multi-factor authenticated key exchange. In: Applied cryptography and network security. Springer, pp 277–295
Wang D, Wang P (2014) Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw 20:1–15
Watro R, Kong D, Cuti Sf, Gardiner C, Lynn C, Kruus P (2004) Tinypk: Securing sensor networks with public key technology. In: Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks. ACM, pp 59–64
Wu F, Xu L (2013) Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J Med Syst 37(4). doi:10.1007/s10916-013-9958-z
Wu F, Xu L, Kumari S, Li X (2015) A new and secure authentication scheme for wireless sensor networks with formal proof. Peer-to-Peer Netw Appl. doi:10.1007/s12083-015-0404-5
Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Comput Electr Eng 45:274–285
Xu L, Wu F (2014) Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J Med Syst.10.1007/s10916-014-0179-x
Xu L, Wu F (2015) An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity. Secur Commun Netw 8(2):245–260. doi:10.1002/sec.977
Xue K, Ma C, Hong P, Ding R (2013) A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl 36(1):316–323
Yeh H L, Chen T H, Liu P C, Kim T H, Wei H W (2011) A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 11(5):4767–4779
Yoon E J, Yoo K Y (2011) A new biometric-based user authentication scheme without using password for wireless sensor networks. In: 2011 20th IEEE international workshops on enabling technologies: Infrastructure for collaborative enterprises (WETICE). IEEE, pp 279–284
Yuan J, Jiang C, Jiang Z (2010) A biometric-based user authentication for wireless sensor networks. Wuhan Univ J Nat Sci 15(3):272–276
Acknowledgments
This research is supported by Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369, University Distinguished Young Research Talent Training Program of Fujian Province(Year 2016), and the National Natural Science Foundation of China under Grant No. 61300220, and it is also supported by PAPD and CICAEET.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interests
The authors declare that they have no conflict of interest.
Rights and permissions
About this article
Cite this article
Wu, F., Xu, L., Kumari, S. et al. An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw. Appl. 11, 1–20 (2018). https://doi.org/10.1007/s12083-016-0485-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-016-0485-9