An Enhanced Three-Factor User Authentication Scheme Using Elliptic Curve Cryptosystem for Wireless Sensor Networks

As an essential part of Internet of Things (IoT), wireless sensor networks (WSNs) have touched every aspect of our lives, such as health monitoring, environmental monitoring and traffic monitoring. However, due to its openness, wireless sensor networks are vulnerable to various security threats. User authentication, as the first fundamental step to protect systems from various attacks, has attracted much attention. Numerous user authentication protocols armed with formal proof are springing up. Recently, two biometric-based schemes were proposed with confidence to be resistant to the known attacks including offline dictionary attack, impersonation attack and so on. However, after a scrutinization of these two schemes, we found them not secure enough as claimed, and then demonstrated that these schemes suffer from various attacks, such as offline dictionary attack, impersonation attack, no user anonymity, no forward secrecy, etc. Furthermore, we proposed an enhanced scheme to overcome the identified weaknesses, and proved its security via Burrows–Abadi–Needham (BAN) logic and the heuristic analysis. Finally, we compared our scheme with other related schemes, and the results showed the superiority of our scheme.

[1]  Ping Wang,et al.  Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks , 2014, Ad Hoc Networks.

[2]  Jian Shen,et al.  Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems , 2018, J. Ambient Intell. Humaniz. Comput..

[3]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[4]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[5]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[6]  Donghoon Lee,et al.  Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2014, Sensors.

[7]  Ping Wang,et al.  On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions , 2014, Comput. Networks.

[8]  Cheng-Chi Lee,et al.  Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices , 2013, IET Comput. Digit. Tech..

[9]  Xiong Li,et al.  A new and secure authentication scheme for wireless sensor networks with formal proof , 2017, Peer-to-Peer Netw. Appl..

[10]  Muhammad Khurram Khan,et al.  Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’ , 2010, Sensors.

[11]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[12]  Muhammad Khurram Khan,et al.  Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks , 2016, Comput. Networks.

[13]  Sherali Zeadally,et al.  Efficient and Anonymous Mobile User Authentication Protocol Using Self-Certified Public Key Cryptography for Multi-Server Architectures , 2016, IEEE Transactions on Information Forensics and Security.

[14]  Luca Veltri,et al.  3AKEP: Triple-authenticated key exchange protocol for peer-to-peer VoIP applications , 2016, Comput. Commun..

[15]  Chuan-Ming Liu,et al.  Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks , 2015, Sensors.

[16]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[17]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[18]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[19]  Riccardo Pecori A comparison analysis of trust-adaptive approaches to deliver signed public keys in P2P systems , 2015, 2015 7th International Conference on New Technologies, Mobility and Security (NTMS).

[20]  Cheng-Chi Lee,et al.  A Secure and Efficient One-time Password Authentication Scheme for WSN , 2017, Int. J. Netw. Secur..

[21]  Ashok Kumar Das,et al.  A dynamic password-based user authentication scheme for hierarchical wireless sensor networks , 2012, J. Netw. Comput. Appl..

[22]  Pardeep Kumar,et al.  RUASN: A Robust User Authentication Framework for Wireless Sensor Networks , 2011, Sensors.

[23]  Ding Wang,et al.  A lightweight password‐based authentication protocol using smart card , 2017, Int. J. Commun. Syst..

[24]  Daojing He,et al.  An efficient and DoS-resistant user authentication scheme for two-tiered wireless sensor networks , 2011, Journal of Zhejiang University SCIENCE C.

[25]  Da-Zhi Sun,et al.  On the security and improvement of a two-factor user authentication scheme in wireless sensor networks , 2012, Personal and Ubiquitous Computing.

[26]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[27]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[28]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[29]  Cheng-Chi Lee,et al.  An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks , 2013, Sensors.

[30]  Cheng-Chi Lee,et al.  Two Attacks on a Two-Factor User Authentication in Wireless Sensor Networks , 2011, Parallel Process. Lett..

[31]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..

[32]  Cheng-Chi Lee,et al.  A two-factor authentication scheme with anonymity for multi-server environments , 2015, Secur. Commun. Networks.

[33]  Kim-Kwang Raymond Choo,et al.  Design of a provably secure biometrics-based multi-cloud-server authentication scheme , 2017, Future Gener. Comput. Syst..

[34]  Sherali Zeadally,et al.  Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks , 2017, IEEE Access.

[35]  Chenyu Wang,et al.  Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card , 2017, Secur. Commun. Networks.

[36]  Cheng-Chi Lee,et al.  An Improved Two-Factor User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curve Cryptography , 2013 .

[37]  Jongho Moon,et al.  Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks , 2017, Sensors.

[38]  Elisa Bertino,et al.  Robust Multi-Factor Authentication for Fragile Communications , 2014, IEEE Transactions on Dependable and Secure Computing.

[39]  Andrei Gurtov,et al.  A Strong Authentication Scheme with User Privacy for Wireless Sensor Networks , 2013 .

[40]  Peilin Hong,et al.  A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks , 2013, J. Netw. Comput. Appl..

[41]  Xiong Li,et al.  Design of a user anonymous password authentication scheme without smart card , 2016, Int. J. Commun. Syst..

[42]  Peng Gong,et al.  A New User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2013, Int. J. Distributed Sens. Networks.

[43]  YoHan Park,et al.  Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks , 2016, Sensors.

[44]  Jianhua Li,et al.  Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2010, IEEE Transactions on Industrial Electronics.