Advertisement

Peer-to-Peer Networking and Applications

, Volume 12, Issue 1, pp 43–59 | Cite as

Lightweight and anonymous three-factor authentication and access control scheme for real-time applications in wireless sensor networks

  • AmirHosein Adavoudi-Jolfaei
  • Maede Ashouri-TaloukiEmail author
  • Seyed Farhad Aghili
Article

Abstract

Wireless sensor networks (WSNs) play an important role and support a variety of real time applications, such as healthcare monitoring, military surveillance, vehicular tracking and, so on. Secure and real time information accessing from the sensor nodes in these applications is very important. Because wireless sensor nodes are limited in computing and communication capabilities and data storage, it is very crucial to design an effective and secure lightweight authentication and key agreement scheme. Recently, Gope et al. proposed a realistic lightweight anonymous authentication scheme in WSNs and claimed that their scheme satisfied all security concerns in these networks. However, we show that in their scheme the adversary can obtain the session key between the user and the sensor node. In order to fix this drawback, we propose an improved three-factor authentication scheme which is more suitable than Gope et al.’s scheme and also provides more desired security properties such as three-factor authentication and access control. Through the informal analysis, we show that our scheme is secure against various known attacks including the attack found in Gope et al.’s scheme. Furthermore, we have demonstrated the validity of our proposed scheme using the BAN logic. As compared with the previous authentication schemes, the proposed scheme is not only more secure but also enough practical and competitive with existing schemes.

Keywords

Wireless sensor networks User anonymity Three-factor authentication Key agreement Access control 

References

  1. 1.
    Amin R, Islam SH, Biswas G, Khan MK, Leng L, Kumar N (2016) Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput Netw 101:42–62CrossRefGoogle Scholar
  2. 2.
    Anastasi G, Conti M, Di Francesco M, Passarella A (2009) Energy conservation in wireless sensor networks: a survey. Ad Hoc Netw 7(3):537–568CrossRefGoogle Scholar
  3. 3.
    Arasteh S, Aghili SF, Mala H (2016) A new lightweight authentication and key agreement protocol for internet of things. In: 2016 13th international iranian society of cryptology conference on information security and cryptology (ISCISC). IEEE, pp 52–59Google Scholar
  4. 4.
    Armando A, Basin D, Boichut Y, Chevalier Y, Compagna L, Cuéllar J, Drielsma PH, Héam PC, Kouchnarenko O, Mantovani J et al (2005) The AVISPA tool for the automated validation of internet security protocols and applications. In: International conference on computer aided verification. Springer, pp 281– 285Google Scholar
  5. 5.
    Blanchet B (2014) Automatic verification of security protocols in the symbolic model: the verifier proverif. In: Foundations of security analysis and design VII. Springer, pp 54–87Google Scholar
  6. 6.
    Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Transactions on Computer Systems (TOCS) 8(1):18–36zbMATHCrossRefGoogle Scholar
  7. 7.
    Chang CC, Le HD (2016) A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366MathSciNetCrossRefGoogle Scholar
  8. 8.
    Chen TH, Shih WK (2010) A robust mutual authentication protocol for wireless sensor networks. ETRI journal 32(5):704–712CrossRefGoogle Scholar
  9. 9.
    Das AK (2015) A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. Int J Commun Syst 30(1):1–25Google Scholar
  10. 10.
    Das AK (2015) A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. Wirel Pers Commun 82(3):1377–1404CrossRefGoogle Scholar
  11. 11.
    Das AK (2016) A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-peer Networking and Applications 9(1):223–244CrossRefGoogle Scholar
  12. 12.
    Das AK, Chatterjee S, Sing JK (2015) A new biometric-based remote user authentication scheme in hierarchical wireless body area sensor networks. Adhoc & Sensor Wireless Networks 28:21–256Google Scholar
  13. 13.
    Das AK, Sharma P, Chatterjee S, Sing JK (2012) A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. J Netw Comput Appl 35(5):1646–1656CrossRefGoogle Scholar
  14. 14.
    Das ML (2009) Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun 8(3):1086–1090CrossRefGoogle Scholar
  15. 15.
    Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654MathSciNetzbMATHCrossRefGoogle Scholar
  16. 16.
    Diffie W, Oorschot PC, Wiener MJ (1992) Authentication and authenticated key exchanges. Des Codes Crypt 2(2):107–125MathSciNetCrossRefGoogle Scholar
  17. 17.
    Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetzbMATHCrossRefGoogle Scholar
  18. 18.
    Ekici E, Gu Y, Bozdag D (2006) Mobility-based communication in wireless sensor networks. IEEE Commun Mag 44(7):56CrossRefGoogle Scholar
  19. 19.
    Fan R, He DJ, Pan XZ et al (2011) An efficient and dos-resistant user authentication scheme for two-tiered wireless sensor networks. Journal of Zhejiang University SCIENCE C 12(7):550–560CrossRefGoogle Scholar
  20. 20.
    Fan R, Ping LD, Fu JQ, Pan XZ (2010) A secure and efficient user authentication protocol for two-tiered wireless sensor networks. In: 2010 second pacific-asia conference on circuits, communications and system (PACCS), vol 1. IEEE, pp 425–428Google Scholar
  21. 21.
    Gong L, Needham R, Yahalom R (1990) Reasoning about belief in cryptographic protocols. In: 1990 IEEE computer society symposium on research in security and privacy, 1990. Proceedings. IEEE, pp 234–248Google Scholar
  22. 22.
    Gope P, Hwang T (2015) A realistic lightweight authentication protocol preserving strong anonymity for securing rfid system. Comput Secur 55:271–280CrossRefGoogle Scholar
  23. 23.
    Gope P, Hwang T (2016) Lightweight and energy-efficient mutual authentication and key agreement scheme with user anonymity for secure communication in global mobility networks. IEEE Syst J 10(4):1370–1379CrossRefGoogle Scholar
  24. 24.
    Gope P, Hwang T (2016) A realistic lightweight anonymous authentication protocol for securing real-time application data access in wireless sensor networks. IEEE Trans Ind Electron 63(11):7124–7132CrossRefGoogle Scholar
  25. 25.
    He D, Gao Y, Chan S, Chen C, Bu J (2010) An enhanced two-factor user authentication scheme in wireless sensor networks. Ad hoc & Sensor Wireless Networks 10(4):361–371Google Scholar
  26. 26.
    He D, Kumar N, Lee JH, Sherratt R (2014) Enhanced three-factor security protocol for consumer usb mass storage devices. IEEE Trans Consum Electron 60(1):30–37CrossRefGoogle Scholar
  27. 27.
    Huang HF, Chang YF, Liu CH (2010) Enhancement of two-factor user authentication in wireless sensor networks. In: 2010 sixth international conference on intelligent information hiding and multimedia signal processing (IIH-MSP). IEEE, pp 27–30Google Scholar
  28. 28.
    Huang X, Xiang Y, Chonka A, Zhou J, Deng RH (2011) A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans Parallel Distrib Syst 22(8):1390–1397CrossRefGoogle Scholar
  29. 29.
    Jiang Q, Ma J, Lu X, Tian Y (2015) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Networking and Applications 8(6):1070–1081CrossRefGoogle Scholar
  30. 30.
    Karl H, Willig A (2007) Protocols and architectures for wireless sensor networks. Wiley, New YorkGoogle Scholar
  31. 31.
    Khan MK, Alghathbar K (2010) Cryptanalysis and security improvements of two-factor user authentication in wireless sensor networks. Sensors 10(3):2450–2459CrossRefGoogle Scholar
  32. 32.
    Kumar P, Choudhury AJ, Sain M, Lee SG, Lee HJ (2011) Ruasn: a robust user authentication framework for wireless sensor networks. Sensors 11(5):5020–5046CrossRefGoogle Scholar
  33. 33.
    Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5CrossRefGoogle Scholar
  34. 34.
    Li X, Niu JW, Ma J, Wang WD, Liu CL (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 34(1):73–79CrossRefGoogle Scholar
  35. 35.
    Lloyd EL, Xue G (2007) Relay node placement in wireless sensor networks. IEEE Trans Comput 56(1):134–138MathSciNetzbMATHCrossRefGoogle Scholar
  36. 36.
    Nyang D, Lee MK (2009) Improvement of das’s two-factor authentication protocol in wireless sensor networks. IACR Cryptology ePrint Archive 2009:631Google Scholar
  37. 37.
    Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inform Sci 269:270–285MathSciNetzbMATHCrossRefGoogle Scholar
  38. 38.
    Qi J, Zhuo M, Jianfeng M, Guangsong L (2012) Security enhancement of robust user authentication framework for wireless sensor networks. China Communications 9(10):103–111Google Scholar
  39. 39.
    Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126MathSciNetzbMATHCrossRefGoogle Scholar
  40. 40.
    Sun DZ, Li JX, Feng ZY, Cao ZF, Xu GQ (2013) On the security and improvement of a two-factor user authentication scheme in wireless sensor networks. Pers Ubiquit Comput 17(5):895–905CrossRefGoogle Scholar
  41. 41.
    Tan Z (2014) A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J Med Syst 38(3):16CrossRefGoogle Scholar
  42. 42.
    Vaidya B, Makrakis D, Mouftah H (2016) Two-factor mutual authentication with key agreement in wireless sensor networks. Security and Communication Networks 9(2):171–183CrossRefGoogle Scholar
  43. 43.
    Vaidya B, Makrakis D, Mouftah HT (2010) Improved two-factor user authentication in wireless sensor networks. In: 2010 IEEE 6th international conference on wireless and mobile computing, networking and communications (wimob). IEEE, pp 600–606Google Scholar
  44. 44.
    Wang CH, Lin CY (2011) An efficient delegation-based roaming payment protocol against denial of service attacks. In: 2011 international conference on electronics, communications and control (ICECC). IEEE, pp 4136–4140Google Scholar
  45. 45.
    Wang D, Wang P (2014) On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions. Comput Netw 73:41–57CrossRefGoogle Scholar
  46. 46.
    Watro R, Kong D, Cuti SF, Gardiner C, Lynn C, Kruus P (2004) Tinypk: securing sensor networks with public key technology. In: Proceedings of the 2nd ACM workshop on security of ad hoc and sensor networks. ACM, pp 59–64Google Scholar
  47. 47.
    Wong KH, Zheng Y, Cao J, Wang S (2006) A dynamic user authentication scheme for wireless sensor networks. In: IEEE international conference on sensor networks, ubiquitous, and trustworthy computing, 2006, vol 1. IEEE, p 8Google Scholar
  48. 48.
    Xue K, Ma C, Hong P, Ding R (2013) A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl 36(1):316–323CrossRefGoogle Scholar
  49. 49.
    Yeh HL, Chen TH, Liu PC, Kim TH, Wei HW (2011) A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 11(5):4767–4779CrossRefGoogle Scholar
  50. 50.
    Yu J, Wang G, Mu Y, Gao W (2014) An efficient generic framework for three-factor authentication with provably secure instantiation. IEEE Trans Inf Forensics Secur 9(12):2302–2313CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2017

Authors and Affiliations

  • AmirHosein Adavoudi-Jolfaei
    • 1
    • 2
  • Maede Ashouri-Talouki
    • 1
    • 2
    Email author
  • Seyed Farhad Aghili
    • 1
    • 2
  1. 1.Department of Information Technology Engineering, Faculty of Computer EngineeringUniversity of IsfahanIsfahanIran
  2. 2.Department of Information Technology Engineering, Faculty of Computer EngineeringUniversity of IsfahanIsfahanIran

Personalised recommendations