Skip to main content
SpringerLink
Log in

A Secure and Efficient User Anonymity-Preserving Three-Factor Authentication Protocol for Large-Scale Distributed Wireless Sensor Networks

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Critical applications in wireless sensor network (WSN) are real-time based applications. Therefore, users are generally interested in accessing real-time information. This is possible, if the users (called the external parties) are allowed to access the real-time data directly from the sensor nodes inside WSN and not from the base station. The sensory information from nodes are gathered periodically by the base station and so, the gathered information may not be real-time. In order to get the real-time information from the sensor nodes, the user needs to be first authorized to the sensor nodes as well as the base station so that the illegal access to nodes do not happen. In this paper, we propose a novel three-factor user authentication scheme suited for distributed WSNs. Our scheme is light-weight, because it only requires the efficient cryptographic hash function, and symmetric key encryption and decryption operations. Further, our scheme is secure against different known attacks which are proved through the rigorous informal and formal security analysis. In addition, we simulate our scheme for the formal security verification using Automated Validation of Internet Security Protocols and Applications tool. The simulation results clearly demonstrate that our scheme is secure against passive and active adversaries.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. AVISPA. Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed on January 2013.

  2. AVISPA. AVISPA Web Tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed on May 2014.

  3. Basin, D., Modersheim, S., & Vigano, L. (2005). OFMC: A symbolic model checker for security protocols. International Journal of Information Security, 4(3), 181–208.

    Article  Google Scholar 

  4. Burnett, A., Byrne, F., Dowling, T., & Duffy, A. (2007). A biometric identity based signature scheme. International Journal of Network Security, 5(3), 317–326.

    Google Scholar 

  5. Chatterjee, S., Das, A. K., & Sing, J. K. (2014). An enhanced access control scheme in wireless sensor networks. Ad Hoc & Sensor Wireless Networks, 21(1–2), 121–149.

    Google Scholar 

  6. Chen, T.-H., & Shih, W.-K. (2010). A robust mutual authentication protocol for wireless sensor networks. ETRI Journal, 32(5), 704–712.

    Article  Google Scholar 

  7. Chuang, Y.-H., & Tseng, Y.-M. (2010). An efficient dynamic group key agreement protocol for imbalanced wireless networks. International Journal of Network Management, 20(4), 167–180.

    Google Scholar 

  8. Das, A. K. (2011). Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security, 5(3), 145–151.

    Article  Google Scholar 

  9. Das, A. K. (2012). A random key establishment scheme for multi-phase deployment in large-scale distributed sensor networks. International Journal of Information Security, 11(3), 189–211.

    Article  Google Scholar 

  10. Das, A. K. (2013). A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Networking Science, 2(1–2), 12–27.

    Article  Google Scholar 

  11. Das, A. K., Chatterjee, S., & Sing, J. K. (2013). A novel efficient access control scheme for large-scale distributed wireless sensor networks. International Journal of Foundations of Computer Science, 24(5), 625–653.

    Article  MATH  MathSciNet  Google Scholar 

  12. Das, A. K., Chatterjee, S., & Sing, J. K. (2013). Formal security verification of a dynamic password-based user authentication scheme for hierarchical wireless sensor networks. In: International Symposium on Security in Computing and Communications (SSCC 2013), Communications in Computer and Information Science Series (CCIS). (Vol. 377, pp. 243–254).

  13. Das, A. K., Chatterjee, S., & Sing, J. K. (2014). A New Biometric-Based Remote User Authentication Scheme in Hierarchical Wireless Body Area Sensor Networks. In: Ad Hoc & Sensor Wireless Networks (in press).

  14. Das, A. K., & Goswami, A. (2013). A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(3), 1–16.

    Article  Google Scholar 

  15. Das, A. K., Paul, N. R., & Tripathy, L. (2012). Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Information Sciences, 209(C), 80–92.

    Article  MATH  MathSciNet  Google Scholar 

  16. Das, A. K., Sharma, P., Chatterjee, S., & Sing, J. K. (2012). A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. Journal of Network and Computer Applications, 35(5), 1646–1656.

    Article  Google Scholar 

  17. Das, M. L. (2009). Two-factor user authentication in wireless sensor networks. IEEE Transactions on Wireless Communications, 8(3), 1086–1090.

    Article  Google Scholar 

  18. Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.

    Article  MATH  MathSciNet  Google Scholar 

  19. Dodis, Y., Reyzin, L., & Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Proceedings of the Advances in Cryptology (Eurocrypt’04), LNCS, (Vol. 3027, pp. 523–540).

  20. Fan, R., Ping, L.-D., Fu, J.-Q., & Pan, X.-Z. (2010). A secure and efficient user authentication protocol for two-tier wireless sensor networks. In Second Pacific-Asia conference on circuits, communications and system (PACCS 2010) (pp. 425–428).

  21. He, D., Gao, Y., Chan, S., Chen, C., & Bu, J. (2010). An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc & Sensor Wireless Networks, 10(4), 361–371.

    Google Scholar 

  22. He, D., Kumar, N., Lee, J.-H., & Sherratt, R. S. (2014). Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Transactions on Consumer Electronics, 60(1), 30–37.

    Article  Google Scholar 

  23. Khan, M. K., & Alghathbar, K. (2010). Cryptanalysis and security improvements of two-factor user authentication in wireless sensor networks. Sensors, 10(3), 2450–2459.

    Article  Google Scholar 

  24. Li, C.-T., & Hwang, M.-S. (2010). An efficient biometric-based remote authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.

    Article  Google Scholar 

  25. Li, X., Niu, J.-W., Ma, J., Wang, W.-D., & Liu, C.-L. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34(1), 73–79.

    Article  MATH  Google Scholar 

  26. Nyang, D. H., & Lee, M.-K. (2009). Improvement of Das’s two-factor authentication protocol in wireless sensor networks. In Cryptology ePrint Archive, Report 2009/631.

  27. Odelu, V., Das, A. K., & Goswami, A. (2013). An effective and secure key-management scheme for hierarchical access control in E-medicine system. Journal of Medical Systems, 37(2), 1–18.

    Article  Google Scholar 

  28. Odelu, V., Das, A. K., & Goswami, A. (2014). A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Information Sciences, 269(C), 270–285.

    Article  MathSciNet  Google Scholar 

  29. Rivest, R. L., Shamir, A., & Adleman, L. M. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.

    Article  MATH  MathSciNet  Google Scholar 

  30. Sarkar, P. (2010). A simple and generic construction of authenticated encryption with associated data. ACM Transactions on Information and System Security, 13(4), 33.

    Article  Google Scholar 

  31. Secure Hash Standard. FIPS PUB 180–1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce, April 1995.

  32. Stallings, W. (2003). Cryptography and Network Security: Principles and Practices (3rd ed.). Pearson Education India . Gaithersburg, USA.

  33. Stinson, D. R. (2006). Some observations on the theory of cryptographic hash functions. Designs, Codes and Cryptography, 38(2), 259–277.

    Article  MATH  MathSciNet  Google Scholar 

  34. Tan, Z. (2014). A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. Journal of Medical Systems, 38(3), 1–9.

    Article  Google Scholar 

  35. Vaidya, B., Makrakis, D., & Mouftah, H. T. (2010). Improved two-factor user authentication in wireless sensor networks. In: Second international workshop on network assurance and security services in ubiquitous environments (pp. 600–606).

  36. von Oheimb, D. (2005). The high-level protocol specification language HLPSL developed in the EU project AVISPA. In: Proceedings of APPSEM 2005 Workshop.

  37. Wang, D., & Wang, P. (2014) Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Networks (in press). doi:10.1016/j.adhoc.2014.03.003.

  38. Watro, R., Kong, D., Cuti, S., Gardiner, C., Lynn, C., & Kruus, P. (2004, October). Tinypk: Securing sensor networks with public key technology. In: Proceedings of the 2nd ACM workshop on security of ad hoc and sensor networks, SASN 2004, Washington, DC, USA (pp. 59–64).

  39. Wong, K., Zheng, Y., Cao, J., & Wang, S. (2006). A dynamic user authentication scheme for wireless sensor networks. In: Proceedings of IEEE international conference on sensor networks, ubiquitous, and trustworthy computing, IEEE Computer Society (pp. 244–251).

  40. Yuan, J., Jiang, C., & Jiang, Z. (2010). A biometric-based user authentication for wireless sensor networks. Wuhan University Journal of Natural Sciences, 15(3), 272–276.

    Article  Google Scholar 

Download references

Acknowledgments

The author would like to acknowledge the many helpful suggestions of the anonymous reviewers and the Editor, which have improved the content and the presentation of this paper.

Author information

Authors and Affiliations

  1. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India

    Ashok Kumar Das

Authors
  1. Ashok Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashok Kumar Das.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Das, A.K. A Secure and Efficient User Anonymity-Preserving Three-Factor Authentication Protocol for Large-Scale Distributed Wireless Sensor Networks. Wireless Pers Commun 82, 1377–1404 (2015). https://doi.org/10.1007/s11277-015-2288-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-015-2288-3

Keywords

Search

Navigation