Skip to main content
SpringerLink
Log in

Lightweight and anonymous three-factor authentication and access control scheme for real-time applications in wireless sensor networks

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Wireless sensor networks (WSNs) play an important role and support a variety of real time applications, such as healthcare monitoring, military surveillance, vehicular tracking and, so on. Secure and real time information accessing from the sensor nodes in these applications is very important. Because wireless sensor nodes are limited in computing and communication capabilities and data storage, it is very crucial to design an effective and secure lightweight authentication and key agreement scheme. Recently, Gope et al. proposed a realistic lightweight anonymous authentication scheme in WSNs and claimed that their scheme satisfied all security concerns in these networks. However, we show that in their scheme the adversary can obtain the session key between the user and the sensor node. In order to fix this drawback, we propose an improved three-factor authentication scheme which is more suitable than Gope et al.’s scheme and also provides more desired security properties such as three-factor authentication and access control. Through the informal analysis, we show that our scheme is secure against various known attacks including the attack found in Gope et al.’s scheme. Furthermore, we have demonstrated the validity of our proposed scheme using the BAN logic. As compared with the previous authentication schemes, the proposed scheme is not only more secure but also enough practical and competitive with existing schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Amin R, Islam SH, Biswas G, Khan MK, Leng L, Kumar N (2016) Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput Netw 101:42–62

    Article  Google Scholar 

  2. Anastasi G, Conti M, Di Francesco M, Passarella A (2009) Energy conservation in wireless sensor networks: a survey. Ad Hoc Netw 7(3):537–568

    Article  Google Scholar 

  3. Arasteh S, Aghili SF, Mala H (2016) A new lightweight authentication and key agreement protocol for internet of things. In: 2016 13th international iranian society of cryptology conference on information security and cryptology (ISCISC). IEEE, pp 52–59

  4. Armando A, Basin D, Boichut Y, Chevalier Y, Compagna L, Cuéllar J, Drielsma PH, Héam PC, Kouchnarenko O, Mantovani J et al (2005) The AVISPA tool for the automated validation of internet security protocols and applications. In: International conference on computer aided verification. Springer, pp 281– 285

  5. Blanchet B (2014) Automatic verification of security protocols in the symbolic model: the verifier proverif. In: Foundations of security analysis and design VII. Springer, pp 54–87

  6. Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Transactions on Computer Systems (TOCS) 8(1):18–36

    Article  MATH  Google Scholar 

  7. Chang CC, Le HD (2016) A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366

    Article  MathSciNet  Google Scholar 

  8. Chen TH, Shih WK (2010) A robust mutual authentication protocol for wireless sensor networks. ETRI journal 32(5):704–712

    Article  Google Scholar 

  9. Das AK (2015) A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. Int J Commun Syst 30(1):1–25

    Google Scholar 

  10. Das AK (2015) A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. Wirel Pers Commun 82(3):1377–1404

    Article  Google Scholar 

  11. Das AK (2016) A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-peer Networking and Applications 9(1):223–244

    Article  Google Scholar 

  12. Das AK, Chatterjee S, Sing JK (2015) A new biometric-based remote user authentication scheme in hierarchical wireless body area sensor networks. Adhoc & Sensor Wireless Networks 28:21–256

    Google Scholar 

  13. Das AK, Sharma P, Chatterjee S, Sing JK (2012) A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. J Netw Comput Appl 35(5):1646–1656

    Article  Google Scholar 

  14. Das ML (2009) Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun 8(3):1086–1090

    Article  Google Scholar 

  15. Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654

    Article  MathSciNet  MATH  Google Scholar 

  16. Diffie W, Oorschot PC, Wiener MJ (1992) Authentication and authenticated key exchanges. Des Codes Crypt 2(2):107–125

    Article  MathSciNet  Google Scholar 

  17. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MathSciNet  MATH  Google Scholar 

  18. Ekici E, Gu Y, Bozdag D (2006) Mobility-based communication in wireless sensor networks. IEEE Commun Mag 44(7):56

    Article  Google Scholar 

  19. Fan R, He DJ, Pan XZ et al (2011) An efficient and dos-resistant user authentication scheme for two-tiered wireless sensor networks. Journal of Zhejiang University SCIENCE C 12(7):550–560

    Article  Google Scholar 

  20. Fan R, Ping LD, Fu JQ, Pan XZ (2010) A secure and efficient user authentication protocol for two-tiered wireless sensor networks. In: 2010 second pacific-asia conference on circuits, communications and system (PACCS), vol 1. IEEE, pp 425–428

  21. Gong L, Needham R, Yahalom R (1990) Reasoning about belief in cryptographic protocols. In: 1990 IEEE computer society symposium on research in security and privacy, 1990. Proceedings. IEEE, pp 234–248

  22. Gope P, Hwang T (2015) A realistic lightweight authentication protocol preserving strong anonymity for securing rfid system. Comput Secur 55:271–280

    Article  Google Scholar 

  23. Gope P, Hwang T (2016) Lightweight and energy-efficient mutual authentication and key agreement scheme with user anonymity for secure communication in global mobility networks. IEEE Syst J 10(4):1370–1379

    Article  Google Scholar 

  24. Gope P, Hwang T (2016) A realistic lightweight anonymous authentication protocol for securing real-time application data access in wireless sensor networks. IEEE Trans Ind Electron 63(11):7124–7132

    Article  Google Scholar 

  25. He D, Gao Y, Chan S, Chen C, Bu J (2010) An enhanced two-factor user authentication scheme in wireless sensor networks. Ad hoc & Sensor Wireless Networks 10(4):361–371

    Google Scholar 

  26. He D, Kumar N, Lee JH, Sherratt R (2014) Enhanced three-factor security protocol for consumer usb mass storage devices. IEEE Trans Consum Electron 60(1):30–37

    Article  Google Scholar 

  27. Huang HF, Chang YF, Liu CH (2010) Enhancement of two-factor user authentication in wireless sensor networks. In: 2010 sixth international conference on intelligent information hiding and multimedia signal processing (IIH-MSP). IEEE, pp 27–30

  28. Huang X, Xiang Y, Chonka A, Zhou J, Deng RH (2011) A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans Parallel Distrib Syst 22(8):1390–1397

    Article  Google Scholar 

  29. Jiang Q, Ma J, Lu X, Tian Y (2015) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Networking and Applications 8(6):1070–1081

    Article  Google Scholar 

  30. Karl H, Willig A (2007) Protocols and architectures for wireless sensor networks. Wiley, New York

    Google Scholar 

  31. Khan MK, Alghathbar K (2010) Cryptanalysis and security improvements of two-factor user authentication in wireless sensor networks. Sensors 10(3):2450–2459

    Article  Google Scholar 

  32. Kumar P, Choudhury AJ, Sain M, Lee SG, Lee HJ (2011) Ruasn: a robust user authentication framework for wireless sensor networks. Sensors 11(5):5020–5046

    Article  Google Scholar 

  33. Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5

    Article  Google Scholar 

  34. Li X, Niu JW, Ma J, Wang WD, Liu CL (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 34(1):73–79

    Article  Google Scholar 

  35. Lloyd EL, Xue G (2007) Relay node placement in wireless sensor networks. IEEE Trans Comput 56(1):134–138

    Article  MathSciNet  MATH  Google Scholar 

  36. Nyang D, Lee MK (2009) Improvement of das’s two-factor authentication protocol in wireless sensor networks. IACR Cryptology ePrint Archive 2009:631

    Google Scholar 

  37. Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inform Sci 269:270–285

    Article  MathSciNet  MATH  Google Scholar 

  38. Qi J, Zhuo M, Jianfeng M, Guangsong L (2012) Security enhancement of robust user authentication framework for wireless sensor networks. China Communications 9(10):103–111

    Google Scholar 

  39. Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126

    Article  MathSciNet  MATH  Google Scholar 

  40. Sun DZ, Li JX, Feng ZY, Cao ZF, Xu GQ (2013) On the security and improvement of a two-factor user authentication scheme in wireless sensor networks. Pers Ubiquit Comput 17(5):895–905

    Article  Google Scholar 

  41. Tan Z (2014) A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J Med Syst 38(3):16

    Article  Google Scholar 

  42. Vaidya B, Makrakis D, Mouftah H (2016) Two-factor mutual authentication with key agreement in wireless sensor networks. Security and Communication Networks 9(2):171–183

    Article  Google Scholar 

  43. Vaidya B, Makrakis D, Mouftah HT (2010) Improved two-factor user authentication in wireless sensor networks. In: 2010 IEEE 6th international conference on wireless and mobile computing, networking and communications (wimob). IEEE, pp 600–606

  44. Wang CH, Lin CY (2011) An efficient delegation-based roaming payment protocol against denial of service attacks. In: 2011 international conference on electronics, communications and control (ICECC). IEEE, pp 4136–4140

  45. Wang D, Wang P (2014) On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions. Comput Netw 73:41–57

    Article  Google Scholar 

  46. Watro R, Kong D, Cuti SF, Gardiner C, Lynn C, Kruus P (2004) Tinypk: securing sensor networks with public key technology. In: Proceedings of the 2nd ACM workshop on security of ad hoc and sensor networks. ACM, pp 59–64

  47. Wong KH, Zheng Y, Cao J, Wang S (2006) A dynamic user authentication scheme for wireless sensor networks. In: IEEE international conference on sensor networks, ubiquitous, and trustworthy computing, 2006, vol 1. IEEE, p 8

  48. Xue K, Ma C, Hong P, Ding R (2013) A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl 36(1):316–323

    Article  Google Scholar 

  49. Yeh HL, Chen TH, Liu PC, Kim TH, Wei HW (2011) A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 11(5):4767–4779

    Article  Google Scholar 

  50. Yu J, Wang G, Mu Y, Gao W (2014) An efficient generic framework for three-factor authentication with provably secure instantiation. IEEE Trans Inf Forensics Secur 9(12):2302–2313

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology Engineering, Faculty of Computer Engineering, University of Isfahan, Isfahan, Iran

    AmirHosein Adavoudi-Jolfaei, Maede Ashouri-Talouki & Seyed Farhad Aghili

  2. Department of Information Technology Engineering, Faculty of Computer Engineering, University of Isfahan, Hezar Jerib St., Isfahan, 81746-73441, Iran

    AmirHosein Adavoudi-Jolfaei, Maede Ashouri-Talouki & Seyed Farhad Aghili

Authors
  1. AmirHosein Adavoudi-Jolfaei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maede Ashouri-Talouki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seyed Farhad Aghili
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maede Ashouri-Talouki.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Adavoudi-Jolfaei, A., Ashouri-Talouki, M. & Aghili, S.F. Lightweight and anonymous three-factor authentication and access control scheme for real-time applications in wireless sensor networks. Peer-to-Peer Netw. Appl. 12, 43–59 (2019). https://doi.org/10.1007/s12083-017-0627-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-017-0627-8

Keywords

Search

Navigation